x509_trust.c: add documenting comment for obj_trust()

author Dr. David von Oheimb <dev@ddvo.net>

Mon, 9 Dec 2024 21:02:58 +0000 (22:02 +0100)

committer Tomas Mraz <tomas@openssl.org>

Tue, 9 Sep 2025 07:50:05 +0000 (09:50 +0200)
author Dr. David von Oheimb <dev@ddvo.net>
Mon, 9 Dec 2024 21:02:58 +0000 (22:02 +0100)
committer Tomas Mraz <tomas@openssl.org>
Tue, 9 Sep 2025 07:50:05 +0000 (09:50 +0200)
diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c

index 1a4345f2fec0a24450f245c33b49ef5e2a8a7296..986d05a60a9f0bba0dd291cc7802ec0c9d0b1b00 100644 (file)
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -247,6 +247,13 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
          return X509_TRUST_UNTRUSTED;
  }
  
+/*
+ * |id| is the NID of the extended key usage (EKU) to check for certificate |x|.
+ * Return X509_TRUST_REJECTED if negative trust attributes of |x| prevents it.
+ * Return X509_TRUST_TRUSTED if positive trust attributes of |x| accepts it.
+ * If |flags| includes X509_TRUST_OK_ANY_EKU then anyEKU serves as wildcard.
+ * Return X509_TRUST_UNTRUSTED if no clear decision has been reached here.
+ */
  static int obj_trust(int id, X509 *x, int flags)
  {
      X509_CERT_AUX *ax = x->aux;
author	Dr. David von Oheimb <dev@ddvo.net>
	Mon, 9 Dec 2024 21:02:58 +0000 (22:02 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 9 Sep 2025 07:50:05 +0000 (09:50 +0200)