summaryrefslogtreecommitdiff
path: root/lib/libssl/man/SSL_CTX_use_certificate.3
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@cvs.openbsd.org>2019-04-09 22:01:51 +0000
committerIngo Schwarze <schwarze@cvs.openbsd.org>2019-04-09 22:01:51 +0000
commit11a564e909360219908f5872d7b84a175d37875e (patch)
treee22817a96b8dd8577392408b19a1636a3a41681a /lib/libssl/man/SSL_CTX_use_certificate.3
parentc8a0c20e8c3c4166d9b8bc95cff1cef4600205da (diff)
Recommend SSL_CTX_add1_chain_cert(3) rather than
SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license.
Diffstat (limited to 'lib/libssl/man/SSL_CTX_use_certificate.3')
-rw-r--r--lib/libssl/man/SSL_CTX_use_certificate.323
1 files changed, 11 insertions, 12 deletions
diff --git a/lib/libssl/man/SSL_CTX_use_certificate.3 b/lib/libssl/man/SSL_CTX_use_certificate.3
index 900a42da7d1..9959330283b 100644
--- a/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,5 +1,6 @@
-.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.10 2019/04/05 18:29:43 schwarze Exp $
-.\" OpenSSL e248596b Apr 8 22:49:57 2005 +0000
+.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.11 2019/04/09 22:01:50 schwarze Exp $
+.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
+.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
.\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project.
@@ -49,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: April 9 2019 $
.Dt SSL_CTX_USE_CERTIFICATE 3
.Os
.Sh NAME
@@ -334,10 +335,10 @@ They merely compare the public materials (e.g. exponent and modulus of
an RSA key) and/or key parameters (e.g. EC params of an EC key) of a
key pair.
.Sh NOTES
-The internal certificate store of OpenSSL can hold two private key/certificate
-pairs at a time:
-one key/certificate of type RSA and one key/certificate of type DSA.
-The certificate used depends on the cipher select, see also
+The internal certificate store of OpenSSL can hold several private
+key/certificate pairs at a time.
+The certificate used depends on the cipher selected.
+See also
.Xr SSL_CTX_set_cipher_list 3 .
.Pp
When reading certificates and private keys from file, files of type
@@ -354,11 +355,8 @@ can contain more than one item.
.Fn SSL_CTX_use_certificate_chain_file
adds the first certificate found in the file to the certificate store.
The other certificates are added to the store of chain certificates using
-.Xr SSL_CTX_add_extra_chain_cert 3 .
-There exists only one extra chain store, so that the same chain is appended
-to both types of certificates, RSA and DSA!
-If it is not intended to use both type of certificate at the same time,
-it is recommended to use the
+.Xr SSL_CTX_add1_chain_cert 3 .
+It is recommended to use the
.Fn SSL_CTX_use_certificate_chain_file
instead of the
.Fn SSL_CTX_use_certificate_file
@@ -388,6 +386,7 @@ Otherwise check out the error stack to find out the reason.
.Xr SSL_CTX_add_extra_chain_cert 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_client_CA_list 3 ,
.Xr SSL_CTX_set_client_cert_cb 3 ,
.Xr SSL_CTX_set_default_passwd_cb 3 ,
.Xr SSL_new 3 ,