From dc703d6b469f1b186483a55b59013fbaca2228fd Mon Sep 17 00:00:00 2001
From: Antoine Salon <asalon@vmware.com>
Date: Tue, 16 Oct 2018 09:07:00 -0700
Subject: [PATCH] SSL extra chain certificates doc

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
---
 doc/man3/SSL_CTX_add_extra_chain_cert.pod | 18 +++++++++++++++---
 doc/man7/ssl.pod                          |  4 ++++
 util/private.num                          |  2 ++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/doc/man3/SSL_CTX_add_extra_chain_cert.pod b/doc/man3/SSL_CTX_add_extra_chain_cert.pod
index 05d17f8b0f..6e429c31bd 100644
--- a/doc/man3/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/man3/SSL_CTX_add_extra_chain_cert.pod
@@ -2,14 +2,19 @@
 
 =head1 NAME
 
-SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
-extra chain certificates
+SSL_CTX_add_extra_chain_cert,
+SSL_CTX_get_extra_chain_certs,
+SSL_CTX_get_extra_chain_certs_only,
+SSL_CTX_clear_extra_chain_certs
+- add, get or clear extra chain certificates
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
  long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
  long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
 
 =head1 DESCRIPTION
@@ -18,6 +23,13 @@ SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
 certificates associated with B<ctx>. Several certificates can be added one
 after another.
 
+SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
+associated with B<ctx>, or the chain associated with the current certificate
+of B<ctx> if the extra chain is empty.
+
+SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
+associated with B<ctx>.
+
 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
 associated with B<ctx>.
 
@@ -70,7 +82,7 @@ L<SSL_build_cert_chain(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod
index d439860b5b..6cc1c4bcff 100644
--- a/doc/man7/ssl.pod
+++ b/doc/man7/ssl.pod
@@ -254,6 +254,10 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
 
+=item long B<SSL_CTX_get_extra_chain_certs>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
+=item long B<SSL_CTX_get_extra_chain_certs_only>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
 =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
 
 =item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
diff --git a/util/private.num b/util/private.num
index c5f34314f1..4a0ed292ec 100644
--- a/util/private.num
+++ b/util/private.num
@@ -324,6 +324,8 @@ SSL_CTX_disable_ct                      define
 SSL_CTX_generate_session_ticket_fn      define
 SSL_CTX_get0_chain_certs                define
 SSL_CTX_get_default_read_ahead          define
+SSL_CTX_get_extra_chain_certs           define
+SSL_CTX_get_extra_chain_certs_only      define
 SSL_CTX_get_max_cert_list               define
 SSL_CTX_get_max_proto_version           define
 SSL_CTX_get_min_proto_version           define
-- 
2.25.1