Recommend SSL_CTX_add1_chain_cert(3) rather than

SSL_CTX_add_extra_chain_cert(3).
From Dr. Stephen Henson <steve at openssl dot org>
via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000
which is still under a free license.

1 files changed, 11 insertions, 12 deletions

diff --git a/lib/libssl/man/SSL_CTX_use_certificate.3 b/lib/libssl/man/SSL_CTX_use_certificate.3
index 900a42da7d1..9959330283b 100644
--- a/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,5 +1,6 @@
-.\"	$OpenBSD: SSL_CTX_use_certificate.3,v 1.10 2019/04/05 18:29:43 schwarze Exp $
-.\"	OpenSSL e248596b Apr 8 22:49:57 2005 +0000
+.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.11 2019/04/09 22:01:50 schwarze Exp $
+.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
+.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project.
@@ -49,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: April 9 2019 $
 .Dt SSL_CTX_USE_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -334,10 +335,10 @@ They merely compare the public materials (e.g. exponent and modulus of
 an RSA key) and/or key parameters (e.g. EC params of an EC key) of a
 key pair.
 .Sh NOTES
-The internal certificate store of OpenSSL can hold two private key/certificate
-pairs at a time:
-one key/certificate of type RSA and one key/certificate of type DSA.
-The certificate used depends on the cipher select, see also
+The internal certificate store of OpenSSL can hold several private
+key/certificate pairs at a time.
+The certificate used depends on the cipher selected.
+See also
 .Xr SSL_CTX_set_cipher_list 3 .
 .Pp
 When reading certificates and private keys from file, files of type
@@ -354,11 +355,8 @@ can contain more than one item.
 .Fn SSL_CTX_use_certificate_chain_file
 adds the first certificate found in the file to the certificate store.
 The other certificates are added to the store of chain certificates using
-.Xr SSL_CTX_add_extra_chain_cert 3 .
-There exists only one extra chain store, so that the same chain is appended
-to both types of certificates, RSA and DSA!
-If it is not intended to use both type of certificate at the same time,
-it is recommended to use the
+.Xr SSL_CTX_add1_chain_cert 3 .
+It is recommended to use the
 .Fn SSL_CTX_use_certificate_chain_file
 instead of the
 .Fn SSL_CTX_use_certificate_file
@@ -388,6 +386,7 @@ Otherwise check out the error stack to find out the reason.
 .Xr SSL_CTX_add_extra_chain_cert 3 ,
 .Xr SSL_CTX_load_verify_locations 3 ,
 .Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_client_CA_list 3 ,
 .Xr SSL_CTX_set_client_cert_cb 3 ,
 .Xr SSL_CTX_set_default_passwd_cb 3 ,
 .Xr SSL_new 3 ,