lib-ssl-iostream: Add comment about verifying certs in callbacks

author Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 25 Feb 2019 15:22:57 +0000 (17:22 +0200)

committer Ville Savolainen <ville.savolainen@dovecot.fi>

Thu, 21 Mar 2019 08:02:56 +0000 (10:02 +0200)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 25 Feb 2019 15:22:57 +0000 (17:22 +0200)
committer Ville Savolainen <ville.savolainen@dovecot.fi>
Thu, 21 Mar 2019 08:02:56 +0000 (10:02 +0200)
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h

index bee2c572ca3b644a55b75e8bf0f1a5bba61416ad..f8cfa5152554a684afde0b28e05f7af20f2fa8d9 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -76,7 +76,12 @@ int ssl_iostream_handshake(struct ssl_iostream *ssl_io);
  /* Call the given callback when SSL handshake finishes. The callback must
     verify whether the certificate and its hostname is valid. If there is no
     callback, the default is to use ssl_iostream_check_cert_validity() with the
-   same host as given to io_stream_create_ssl_client() */
+   same host as given to io_stream_create_ssl_client()
+
+   Before the callback is called, certificate is only checked for issuer
+   and validity period. You should call ssl_iostream_check_cert_validity()
+   in your callback.
+*/
  void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
                                          ssl_iostream_handshake_callback_t *callback,
                                          void *context);
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 25 Feb 2019 15:22:57 +0000 (17:22 +0200)
committer	Ville Savolainen <ville.savolainen@dovecot.fi>
	Thu, 21 Mar 2019 08:02:56 +0000 (10:02 +0200)