diff options
author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2019-04-09 22:01:51 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2019-04-09 22:01:51 +0000 |
commit | 11a564e909360219908f5872d7b84a175d37875e (patch) | |
tree | e22817a96b8dd8577392408b19a1636a3a41681a /lib/libssl/man/SSL_CTX_use_certificate.3 | |
parent | c8a0c20e8c3c4166d9b8bc95cff1cef4600205da (diff) |
Recommend SSL_CTX_add1_chain_cert(3) rather than
SSL_CTX_add_extra_chain_cert(3).
From Dr. Stephen Henson <steve at openssl dot org>
via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000
which is still under a free license.
Diffstat (limited to 'lib/libssl/man/SSL_CTX_use_certificate.3')
-rw-r--r-- | lib/libssl/man/SSL_CTX_use_certificate.3 | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/lib/libssl/man/SSL_CTX_use_certificate.3 b/lib/libssl/man/SSL_CTX_use_certificate.3 index 900a42da7d1..9959330283b 100644 --- a/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.10 2019/04/05 18:29:43 schwarze Exp $ -.\" OpenSSL e248596b Apr 8 22:49:57 2005 +0000 +.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.11 2019/04/09 22:01:50 schwarze Exp $ +.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000 +.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project. @@ -49,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 5 2019 $ +.Dd $Mdocdate: April 9 2019 $ .Dt SSL_CTX_USE_CERTIFICATE 3 .Os .Sh NAME @@ -334,10 +335,10 @@ They merely compare the public materials (e.g. exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. .Sh NOTES -The internal certificate store of OpenSSL can hold two private key/certificate -pairs at a time: -one key/certificate of type RSA and one key/certificate of type DSA. -The certificate used depends on the cipher select, see also +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. +The certificate used depends on the cipher selected. +See also .Xr SSL_CTX_set_cipher_list 3 . .Pp When reading certificates and private keys from file, files of type @@ -354,11 +355,8 @@ can contain more than one item. .Fn SSL_CTX_use_certificate_chain_file adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using -.Xr SSL_CTX_add_extra_chain_cert 3 . -There exists only one extra chain store, so that the same chain is appended -to both types of certificates, RSA and DSA! -If it is not intended to use both type of certificate at the same time, -it is recommended to use the +.Xr SSL_CTX_add1_chain_cert 3 . +It is recommended to use the .Fn SSL_CTX_use_certificate_chain_file instead of the .Fn SSL_CTX_use_certificate_file @@ -388,6 +386,7 @@ Otherwise check out the error stack to find out the reason. .Xr SSL_CTX_add_extra_chain_cert 3 , .Xr SSL_CTX_load_verify_locations 3 , .Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_client_CA_list 3 , .Xr SSL_CTX_set_client_cert_cb 3 , .Xr SSL_CTX_set_default_passwd_cb 3 , .Xr SSL_new 3 , |