diff options
author | Jeffrey Walton <noloader@gmail.com> | 2014-06-27 16:33:06 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-27 16:44:14 +0100 |
commit | 121f386ec7a5384cfd4c0bb0f86e9ddd02c69a6e (patch) | |
tree | 744688c3a8f821c84101731cc0aafc4c6c0ac009 /doc/ssl | |
parent | 9fb10cfe6b9f0408d9de613c5ed7bf5c2530f5e5 (diff) |
Clarify docs.
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
Add restrictions section present in other branches.
(cherry picked from commit 86cac6d3b25342ff17a2b6564f7592fd7c6829e8)
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod index ee28f5ccc3..5955ee1cb4 100644 --- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod @@ -24,6 +24,16 @@ the library will try to complete the chain from the available CA certificates in the trusted CA storage, see L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. +The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object. + +=head1 RESTRICTIONS + +Only one set of extra chain certificates can be specified per SSL_CTX +structure. Different chains for different certificates (for example if both +RSA and DSA certificates are specified by the same server) or different SSL +structures with the same parent SSL_CTX cannot be specified using this +function. + =head1 RETURN VALUES SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the |