From c4e16f535822a087101ec35b3a7951a777beebd0 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Thu, 2 Jan 2020 09:09:16 +0000 Subject: In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ provided the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@ --- src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 | 25 +++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index a6d869b335..4c731309e4 100644 --- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.6 2019/04/05 18:29:43 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.7 2020/01/02 09:09:16 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke and @@ -50,11 +50,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 5 2019 $ +.Dd $Mdocdate: January 2 2020 $ .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 .Os .Sh NAME .Nm SSL_CTX_add_extra_chain_cert , +.Nm SSL_CTX_get_extra_chain_certs_only , .Nm SSL_CTX_get_extra_chain_certs , .Nm SSL_CTX_clear_extra_chain_certs .Nd add, retrieve, and clear extra chain certificates @@ -63,6 +64,8 @@ .Ft long .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509" .Ft long +.Fn SSL_CTX_get_extra_chain_certs_only "SSL_CTX *ctx" "STACK_OF(X509) **certs" +.Ft long .Fn SSL_CTX_get_extra_chain_certs "SSL_CTX *ctx" "STACK_OF(X509) **certs" .Ft long .Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx" @@ -74,10 +77,20 @@ to the extra chain certificates associated with .Fa ctx . Several certificates can be added one after another. .Pp -.Fn SSL_CTX_get_extra_chain_certs +.Fn SSL_CTX_get_extra_chain_certs_only retrieves an internal pointer to the stack of extra chain certificates associated with -.Fa ctx . +.Fa ctx , +or set +.Pf * Fa certs +to +.Dv NULL +if there are none. +.Pp +.Fn SSL_CTX_get_extra_chain_certs +does the same except that it retrieves an internal pointer +to the chain associated with the certificate +if there are no extra chain certificates. .Pp .Fn SSL_CTX_clear_extra_chain_certs clears all extra chain certificates associated with @@ -123,6 +136,10 @@ and .Fn SSL_CTX_clear_extra_chain_certs first appeared in OpenSSL 1.0.1 and have been available since .Ox 5.3 . +.Pp +.Fn SSL_CTX_get_extra_chain_certs_only +first appeared in OpenSSL 1.0.2 and has been available since +.Ox 6.7 . .Sh CAVEATS Certificates added with .Fn SSL_CTX_add_extra_chain_cert -- cgit v1.2.3-55-g6feb