diff options
Diffstat (limited to 'doc/ssl/SSL_CTX_load_verify_locations.pod')
| -rw-r--r-- | doc/ssl/SSL_CTX_load_verify_locations.pod | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod index aeeee1a3be..8e11606dad 100644 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -46,7 +46,7 @@ is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the B<c_rehash> utility to create the necessary links. -The certificates in B<CAfile> are only looked up when required, e.g. when +The certificates in B<CApath> are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. @@ -62,6 +62,9 @@ matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure. +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from B<CAfile>/B<CApath>. + =head1 WARNINGS If several CA certificates matching the name, key identifier, and serial |