In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ provided

the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
author: schwarze <> 2020-01-02 09:09:16 +0000
committer: schwarze <> 2020-01-02 09:09:16 +0000
commit: c4e16f535822a087101ec35b3a7951a777beebd0 (patch)
tree: 1e950dfaf2db4a7c2cf06e70a0e397591448ab8e
parent: d7e8782493bda5a46e15fb13e492e89970fed909 (diff)
download: openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.tar.gz
openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.tar.bz2
openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.zip
1 files changed, 21 insertions, 4 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index a6d869b335..4c731309e4 100644
--- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.6 2019/04/05 18:29:43 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.7 2020/01/02 09:09:16 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
@@ -50,11 +50,12 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: January 2 2020 $
 .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
 .Os
 .Sh NAME
 .Nm SSL_CTX_add_extra_chain_cert ,
+.Nm SSL_CTX_get_extra_chain_certs_only ,
 .Nm SSL_CTX_get_extra_chain_certs ,
 .Nm SSL_CTX_clear_extra_chain_certs
 .Nd add, retrieve, and clear extra chain certificates
@@ -63,6 +64,8 @@
 .Ft long
 .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
 .Ft long
+.Fn SSL_CTX_get_extra_chain_certs_only "SSL_CTX *ctx" "STACK_OF(X509) **certs"
+.Ft long
 .Fn SSL_CTX_get_extra_chain_certs "SSL_CTX *ctx" "STACK_OF(X509) **certs"
 .Ft long
 .Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx"
@@ -74,10 +77,20 @@ to the extra chain certificates associated with
 .Fa ctx .
 Several certificates can be added one after another.
 .Pp
-.Fn SSL_CTX_get_extra_chain_certs
+.Fn SSL_CTX_get_extra_chain_certs_only
 retrieves an internal pointer to the stack of extra chain certificates
 associated with
-.Fa ctx .
+.Fa ctx ,
+or set
+.Pf * Fa certs
+to
+.Dv NULL
+if there are none.
+.Pp
+.Fn SSL_CTX_get_extra_chain_certs
+does the same except that it retrieves an internal pointer
+to the chain associated with the certificate
+if there are no extra chain certificates.
 .Pp
 .Fn SSL_CTX_clear_extra_chain_certs
 clears all extra chain certificates associated with
@@ -123,6 +136,10 @@ and
 .Fn SSL_CTX_clear_extra_chain_certs
 first appeared in OpenSSL 1.0.1 and have been available since
 .Ox 5.3 .
+.Pp
+.Fn SSL_CTX_get_extra_chain_certs_only
+first appeared in OpenSSL 1.0.2 and has been available since
+.Ox 6.7 .
 .Sh CAVEATS
 Certificates added with
 .Fn SSL_CTX_add_extra_chain_cert
author	schwarze <>	2020-01-02 09:09:16 +0000
committer	schwarze <>	2020-01-02 09:09:16 +0000
commit	c4e16f535822a087101ec35b3a7951a777beebd0 (patch)
tree	1e950dfaf2db4a7c2cf06e70a0e397591448ab8e
parent	d7e8782493bda5a46e15fb13e492e89970fed909 (diff)
download	openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.tar.gz openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.tar.bz2 openbsd-c4e16f535822a087101ec35b3a7951a777beebd0.zip