Clarify ordering of certificates when using certificate chains

author Lutz Jänicke <jaenicke@openssl.org>

Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)

committer Lutz Jänicke <jaenicke@openssl.org>

Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)
author Lutz Jänicke <jaenicke@openssl.org>
Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)
committer Lutz Jänicke <jaenicke@openssl.org>
Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod

index b8868f18bfc163e4a47e165857ca23ca86d4a071..ea2faba3ecca7de2c21335982207c09c6d058882 100644 (file)
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -68,7 +68,9 @@ should be preferred.
  
  SSL_CTX_use_certificate_chain_file() loads a certificate chain from 
  B<file> into B<ctx>. The certificates must be in PEM format and must
-be sorted starting with the certificate to the highest level (root CA).
+be sorted starting with the subject's certificate (actual client or server
+certificate), followed by intermediate CA certificates if applicable, and
+ending at the highest level (root) CA.
  There is no corresponding function working on a single SSL object.
  
  SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
author	Lutz Jänicke <jaenicke@openssl.org>
	Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)
committer	Lutz Jänicke <jaenicke@openssl.org>
	Fri, 30 May 2003 07:45:07 +0000 (07:45 +0000)