Clarify ordering of certificates when using certificate chains

author: Lutz Jänicke <jaenicke@openssl.org> 2003-05-30 07:45:50 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2003-05-30 07:45:50 +0000
commit: f50b911a3fa825291d944723d7ed089a281bbeec (patch)
tree: 8378d27eb1f87e45ef0ffd19320a3cf4ae9e8fd8 /doc
parent: 2a948bd3069b4645eb926656d480c84322ddfd79 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
index b8868f18bf..ea2faba3ec 100644
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -68,7 +68,9 @@ should be preferred.
 
 SSL_CTX_use_certificate_chain_file() loads a certificate chain from 
 B<file> into B<ctx>. The certificates must be in PEM format and must
-be sorted starting with the certificate to the highest level (root CA).
+be sorted starting with the subject's certificate (actual client or server
+certificate), followed by intermediate CA certificates if applicable, and
+ending at the highest level (root) CA.
 There is no corresponding function working on a single SSL object.
 
 SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
author	Lutz Jänicke <jaenicke@openssl.org>	2003-05-30 07:45:50 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2003-05-30 07:45:50 +0000
commit	f50b911a3fa825291d944723d7ed089a281bbeec (patch)
tree	8378d27eb1f87e45ef0ffd19320a3cf4ae9e8fd8 /doc
parent	2a948bd3069b4645eb926656d480c84322ddfd79 (diff)