diff options
Diffstat (limited to 'doc/man3/SSL_CTX_add1_chain_cert.pod')
-rw-r--r-- | doc/man3/SSL_CTX_add1_chain_cert.pod | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod index cd6beb311a..81394f1ad5 100644 --- a/doc/man3/SSL_CTX_add1_chain_cert.pod +++ b/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -52,8 +52,9 @@ SSL_CTX_clear_chain_certs() clears any existing chain associated with the current certificate of B<ctx>. (This is implemented by calling SSL_CTX_set0_chain() with B<sk> set to B<NULL>). -SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally -this uses the chain store or the verify store if the chain store is not set. +SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>. +Normally this uses the chain store +or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT> @@ -63,6 +64,8 @@ sanity checking and rearranging them if necessary), the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification: if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors are cleared from the error queue. +Details of the chain building process are described in +L<openssl-verification-options(1)/Certification Path Building>. Each of these functions operates on the I<current> end entity (i.e. server or client) certificate. This is the last certificate loaded or |