Update the *use_certificate* docs

Note that calling the *use_certificate* functions will replace any existing certificate of the same type. The same thing applies for private keys. Fixes #2147 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6093) (cherry picked from commit db747425b0caae12e73c680799b57bdfcc72dbb4)
author: Matt Caswell <matt@openssl.org> 2018-04-26 14:05:40 +0100
committer: Matt Caswell <matt@openssl.org> 2018-04-26 16:41:54 +0100
commit: aadcf069828431819970421749da64b24b559490 (patch)
tree: 48fe7ea63d5fb89788353ef484462695dd7ed2ad /doc
parent: 165a92dcb1caab4671edad5aea68c8f698f51180 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
index 80321b8580..800423e7de 100644
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -142,6 +142,13 @@ L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
 
+All of the functions to set a new certificate will replace any existing
+certificate of the same type that has already been set. Similarly all of the
+functions to set a new private key will replace any private key that has already
+been set. Applications should call L<SSL_CTX_check_private_key(3)> or
+L<SSL_check_private_key(3)> as appropriate after loading a new certificate and
+private key to confirm that the certificate and key match.
+
 =head1 RETURN VALUES
 
 On success, the functions return 1.
author	Matt Caswell <matt@openssl.org>	2018-04-26 14:05:40 +0100
committer	Matt Caswell <matt@openssl.org>	2018-04-26 16:41:54 +0100
commit	aadcf069828431819970421749da64b24b559490 (patch)
tree	48fe7ea63d5fb89788353ef484462695dd7ed2ad /doc
parent	165a92dcb1caab4671edad5aea68c8f698f51180 (diff)