1 files changed, 61 insertions, 6 deletions

diff --git a/lib/libssl/man/SSL_get_peer_cert_chain.3 b/lib/libssl/man/SSL_get_peer_cert_chain.3
index bf5d04f3cf1..0fd44f7c2a8 100644
--- a/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ b/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -1,12 +1,60 @@
+.\"	$OpenBSD: SSL_get_peer_cert_chain.3,v 1.2 2016/12/03 09:13:20 schwarze Exp $
+.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
 .\"
-.\"	$OpenBSD: SSL_get_peer_cert_chain.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" Copyright (c) 2000, 2005, 2014, 2016 The OpenSSL Project.
+.\" All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 3 2016 $
 .Dt SSL_GET_PEER_CERT_CHAIN 3
 .Os
 .Sh NAME
 .Nm SSL_get_peer_cert_chain
-.Nd get the X509 certificate chain of the peer
+.Nd get the X509 certificate chain sent by the peer
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft STACK_OF(X509) *
@@ -23,11 +71,18 @@ separately using
 If the peer did not present a certificate,
 .Dv NULL
 is returned.
-.Sh NOTES
-The peer certificate chain is not necessarily available after reusing a
-session, in which case a
+.Pp
+.Fn SSL_get_peer_chain
+returns the peer chain as sent by the peer: it only consists of
+certificates the peer has sent (in the order the peer has sent them)
+and it is not a verified chain.
+.Pp
+If the session is resumed, peers do not send certificates, so a
 .Dv NULL
 pointer is returned.
+Applications can call
+.Fn SSL_session_reused
+to determine whether a session is resumed.
 .Pp
 The reference count of the
 .Dv STACK_OF Ns Po Vt X509 Pc