From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 25 Feb 2019 16:07:45 +0000 (+0200)
Subject: lib-ssl-iostream: Add comment about using ssl_iostream_check_cert_validity
X-Git-Tag: 2.3.6~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=02da1c34f5ffa8f34ed4d344e1a39e78a41613e8;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Add comment about using ssl_iostream_check_cert_validity
---

diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index f8cfa51525..7ef4ef003b 100644
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -100,6 +100,16 @@ bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io);
+/* Checks certificate validity based, also performs name checking. Called by
+   default in handshake, unless handshake callback is set with
+   ssl_iostream_check_cert_validity().
+
+   Host should be set as the name you want to validate the certificate name(s)
+   against. Usually this is the host name you connected to.
+
+   This function is same as calling ssl_iostream_has_valid_client_cert()
+   and ssl_iostream_cert_match_name().
+ */
 int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,
 				     const char *host, const char **error_r);
 /* Returns TRUE if the given name matches the SSL stream's certificate.