Update chain building function.

to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to

to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to

use all existing chain certificates only to build the chain (effectively

use all existing chain certificates only to build the chain (effectively

sanity checking and rearranging them if necessary), the flag

sanity checking and rearranging them if necessary), the flag

B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification.

B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification:

if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors

are cleared from the error queue.

Each of these functions operates on the I<current> end entity

Each of these functions operates on the I<current> end entity

(i.e. server or client) certificate. This is the last certificate loaded or

(i.e. server or client) certificate. This is the last certificate loaded or

SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain()

SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain()

with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them.

with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them.

Applications can issue non fatal warnings when checking chains by setting

the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS> and checking the return

value.

Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more

Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more

efficient than the automatic chain building as it is only performed once.

efficient than the automatic chain building as it is only performed once.

Automatic chain building is performed on each new session.

Automatic chain building is performed on each new session.

no server certificate is used because the ciphersuites is anonymous and 0

no server certificate is used because the ciphersuites is anonymous and 0

for failure.

for failure.

SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success

and 0 for failure. If the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> and

a verification error occurs then 2 is returned.

All other functions return 1 for success and 0 for failure.

All other functions return 1 for success and 0 for failure.

=head1 SEE ALSO

=head1 SEE ALSO

#define SSL_BUILD_CHAIN_FLAG_CHECK		0x4

#define SSL_BUILD_CHAIN_FLAG_CHECK		0x4

/* Ignore verification errors */

/* Ignore verification errors */

#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR	0x8

#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR	0x8

/* Clear verification errors from queue */

#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR	0x10

/* Flags returned by SSL_check_chain */

/* Flags returned by SSL_check_chain */

/* Certificate can be used with this session */

/* Certificate can be used with this session */

	i = X509_verify_cert(&xs_ctx);

	i = X509_verify_cert(&xs_ctx);

	if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)

	if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)

		{

		{

		if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)

			ERR_clear_error();

			ERR_clear_error();

		i = 1;

		i = 1;

		rv = 2;

		}

		}

	if (i > 0)

	if (i > 0)

		chain = X509_STORE_CTX_get1_chain(&xs_ctx);

		chain = X509_STORE_CTX_get1_chain(&xs_ctx);

			}

			}

		}

		}

	cpk->chain = chain;

	cpk->chain = chain;

	if (rv == 0)

		rv = 1;

		rv = 1;

	err:

	err:

	if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)

	if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)