SSL_CTX_add_extra_chain_cert - add or clear extra chain certificates
#include <openssl/ssl.h> long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
OpenSSL SSL_CTX_add_extra_chain_cert(3openssl)
NAME
SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or
clear extra chain certificates
SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
DESCRIPTION
SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra
chain certificates associated with ctx. Several certificates can be
added one after another.
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
associated with ctx.
These functions are implemented as macros.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | library/security/openssl |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
NOTES
When sending a certificate chain, extra chain certificates are sent in
order following the end entity certificate.
If no chain is specified, the library will try to complete the chain
from the available CA certificates in the trusted CA storage, see
SSL_CTX_load_verify_locations(3).
The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be
freed by the library when the SSL_CTX is destroyed. An application
should not free the x509 object.
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
https://www.openssl.org/source/openssl-1.0.2ze.tar.gz.
Further information about this software can be found on the open source
community website at https://www.openssl.org/.
RESTRICTIONS
Only one set of extra chain certificates can be specified per SSL_CTX
structure. Different chains for different certificates (for example if
both RSA and DSA certificates are specified by the same server) or
different SSL structures with the same parent SSL_CTX cannot be
specified using this function. For more flexibility functions such as
SSL_add1_chain_cert() should be used instead.
RETURN VALUES
SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs()
return 1 on success and 0 for failure. Check out the error stack to
find out the reason for failure.
SEE ALSO
ssl(3), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3),
SSL_CTX_load_verify_locations(3) SSL_CTX_set0_chain(3)
SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3)
SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3)
SSL_add0_chain_cert(3) SSL_add1_chain_cert(3)
SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)
1.0.2ze 2022-05-03
SSL_CTX_add_extra_chain_cert(3openssl)