GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SSL_CTX_ADD1_CHAIN_CERT(3) FreeBSD Library Functions Manual SSL_CTX_ADD1_CHAIN_CERT(3)

SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certsextra chain certificate processing

#include <openssl/ssl.h>

int
SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);

int
SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);

int
SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *cert);

int
SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *cert);

int
SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **chain);

int
SSL_CTX_clear_chain_certs(SSL_CTX *ctx);

int
SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain);

int
SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain);

int
SSL_add0_chain_cert(SSL *ssl, X509 *cert);

int
SSL_add1_chain_cert(SSL *ssl, X509 *cert);

int
SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **chain);

int
SSL_clear_chain_certs(SSL *ssl);

() and () set the certificate chain associated with the current certificate of ctx to chain. The chain is not supposed to include the current certificate itself.

() and () append the single certificate cert to the chain associated with the current certificate of ctx.

() retrieves the chain associated with the current certificate of ctx.

() clears the existing chain associated with the current certificate of ctx, if any. This is equivalent to calling SSL_CTX_set0_chain() with chain set to NULL.

Each of these functions operates on the end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding ctx structure, for example using SSL_CTX_use_certificate(3).

(), (), (), (), (), and () are similar except that they operate on the ssl connection.

The functions containing a in their name increment the reference count of the supplied certificate or chain, so it must be freed at some point after the operation. Those containing a do not increment reference counts and the supplied certificate or chain must not be freed after the operation.

The chains associated with an SSL_CTX structure are copied to the new SSL structure when SSL_new(3) is called. Existing SSL structures are not affected by any chains subsequently changed in the parent SSL_CTX.

One chain can be set for each key type supported by a server. So, for example, an RSA and an ECDSA certificate can have different chains.

If any certificates are added using these functions, no certificates added using SSL_CTX_add_extra_chain_cert(3) will be used.

These functions return 1 for success or 0 for failure.

ssl(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_use_certificate(3)

These functions first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 6.5.

January 18, 2025 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.