path: root/docs/nng_tls_config_ca_chain.adoc

= nng_tls_config_ca_chain(3)
:doctype: manpage
:manmanual: nng
:mansource: nng
:manvolnum: 3
:copyright: Copyright 2018 mailto:info@staysail.tech[Staysail Systems, Inc.] + \
            Copyright 2018 mailto:info@capitar.com[Capitar IT Group BV] + \
            {blank} + \
            This document is supplied under the terms of the \
            https://opensource.org/licenses/MIT[MIT License].

== NAME

nng_tls_config_ca_chain - configure certificate authority certificate chain

== SYNOPSIS

[source, c]
-----------
#include <nng/nng.h>

int nng_tls_config_ca_cert(nni_tls_config *cfg, const char *chain,
    const char *crl);
-----------

== DESCRIPTION

The `nng_tls_config_ca_chain()` function configures a certificate or
certificate chain to be used when validating peers using the configuration
_cfg_.

NOTE: Certificates *must* be configured when using the authentication mode
`NNG_TLS_AUTH_MODE_REQUIRED`.

TIP: This function may be called multiple times, to add additional chains
to a configuration, without affecting those added previously.

The certificates located in _chain_ must be a zero-terminated C string in
https://tools.ietf.org/html/rfc7468[PEM] format.  Multiple certificates may
appear concatenated together, with the leaf certificate listed first.
together.

The _crl_ may be `NULL`, or may also be a C string containing a PEM format
certificate revocation list for the associated authority.

== RETURN VALUES

This function returns 0 on success, and non-zero otherwise.

== ERRORS

`NNG_ENOMEM`:: Insufficient memory is available.
`NNG_EBUSY`:: The configuration _cfg_ is already in use, and cannot be modified.
`NNG_EINVAL`:: An invalid _chain_ or _crl_ was supplied.

== SEE ALSO

<<nng_strerror#,nng_strerror(3)>>,
<<nng_tls_config_alloc#,nng_tls_config_alloc(3)>>,
<<nng_tls_config_auth_mode#,nng_tls_config_auth_mode(3)>>,
<<nng_tls_config_ca_file#,nng_tls_config_ca_file(3)>>,
<<nng#,nng(7)>>

== COPYRIGHT

{copyright}