Recommend SSL_CTX_add1_chain_cert(3) rather than

SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license.
author: schwarze <> 2019-04-09 22:01:50 +0000
committer: schwarze <> 2019-04-09 22:01:50 +0000
commit: 725560f8660d40321b5c2f8964b9eb5081895c1e (patch)
tree: 9c8bc8ea7e786eaa7b74c133024baec4ba4f1dfd /src/lib
parent: 300484bb54cad650ccea32001690a1c5d562dea6 (diff)
download: openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.tar.gz
openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.tar.bz2
openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.zip
1 files changed, 11 insertions, 12 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3
index 900a42da7d..9959330283 100644
--- a/src/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,5 +1,6 @@
-.\"     $OpenBSD: SSL_CTX_use_certificate.3,v 1.10 2019/04/05 18:29:43 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.11 2019/04/09 22:01:50 schwarze Exp $
-.\"     OpenSSL e248596b Apr 8 22:49:57 2005 +0000
+.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
+.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project.
@@ -49,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: April 9 2019 $
 .Dt SSL_CTX_USE_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -334,10 +335,10 @@ They merely compare the public materials (e.g. exponent and modulus of
 an RSA key) and/or key parameters (e.g. EC params of an EC key) of a
 key pair.
 .Sh NOTES
-The internal certificate store of OpenSSL can hold two private key/certificate
+The internal certificate store of OpenSSL can hold several private
-pairs at a time:
+key/certificate pairs at a time.
-one key/certificate of type RSA and one key/certificate of type DSA.
+The certificate used depends on the cipher selected.
-The certificate used depends on the cipher select, see also
+See also
 .Xr SSL_CTX_set_cipher_list 3 .
 .Pp
 When reading certificates and private keys from file, files of type
@@ -354,11 +355,8 @@ can contain more than one item.
 .Fn SSL_CTX_use_certificate_chain_file
 adds the first certificate found in the file to the certificate store.
 The other certificates are added to the store of chain certificates using
-.Xr SSL_CTX_add_extra_chain_cert 3 .
+.Xr SSL_CTX_add1_chain_cert 3 .
-There exists only one extra chain store, so that the same chain is appended
+It is recommended to use the
-to both types of certificates, RSA and DSA!
-If it is not intended to use both type of certificate at the same time,
-it is recommended to use the
 .Fn SSL_CTX_use_certificate_chain_file
 instead of the
 .Fn SSL_CTX_use_certificate_file
@@ -388,6 +386,7 @@ Otherwise check out the error stack to find out the reason.
 .Xr SSL_CTX_add_extra_chain_cert 3 ,
 .Xr SSL_CTX_load_verify_locations 3 ,
 .Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_client_CA_list 3 ,
 .Xr SSL_CTX_set_client_cert_cb 3 ,
 .Xr SSL_CTX_set_default_passwd_cb 3 ,
 .Xr SSL_new 3 ,
author	schwarze <>	2019-04-09 22:01:50 +0000
committer	schwarze <>	2019-04-09 22:01:50 +0000
commit	725560f8660d40321b5c2f8964b9eb5081895c1e (patch)
tree	9c8bc8ea7e786eaa7b74c133024baec4ba4f1dfd /src/lib
parent	300484bb54cad650ccea32001690a1c5d562dea6 (diff)
download	openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.tar.gz openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.tar.bz2 openbsd-725560f8660d40321b5c2f8964b9eb5081895c1e.zip