SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear extra chain certificates
#include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
SSL_CTX_add_extra_chain_cert()
adds the certificate x509 to the extra chain
certificates associated with ctx. Several certificates can be added one
after another.
SSL_CTX_clear_extra_chain_certs()
clears all extra chain certificates
associated with ctx.
These functions are implemented as macros.
When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate.
If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations.
The x509 certificate provided to SSL_CTX_add_extra_chain_cert()
will be
freed by the library when the SSL_CTX is destroyed. An application
should not free the x509 object.
Only one set of extra chain certificates can be specified per SSL_CTX
structure. Different chains for different certificates (for example if both
RSA and DSA certificates are specified by the same server) or different SSL
structures with the same parent SSL_CTX cannot be specified using this
function. For more flexibility functions such as SSL_add1_chain_cert()
should
be used instead.
SSL_CTX_add_extra_chain_cert()
and SSL_CTX_clear_extra_chain_certs()
return
1 on success and 0 for failure. Check out the error stack to find out the
reason for failure.
ssl, SSL_CTX_use_certificate, SSL_CTX_set_client_cert_cb, SSL_CTX_load_verify_locations SSL_CTX_set0_chain SSL_CTX_set1_chain SSL_CTX_add0_chain_cert SSL_CTX_add1_chain_cert SSL_set0_chain SSL_set1_chain SSL_add0_chain_cert SSL_add1_chain_cert SSL_CTX_build_cert_chain SSL_build_cert_chain