From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 25 Feb 2019 15:22:57 +0000 (+0200)
Subject: lib-ssl-iostream: Add comment about verifying certs in callbacks
X-Git-Tag: 2.3.6~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1bf07f309c94ed70030acf759a032a22d6f22b66;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Add comment about verifying certs in callbacks
---

diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index bee2c572ca..f8cfa51525 100644
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -76,7 +76,12 @@ int ssl_iostream_handshake(struct ssl_iostream *ssl_io);
 /* Call the given callback when SSL handshake finishes. The callback must
    verify whether the certificate and its hostname is valid. If there is no
    callback, the default is to use ssl_iostream_check_cert_validity() with the
-   same host as given to io_stream_create_ssl_client() */
+   same host as given to io_stream_create_ssl_client()
+
+   Before the callback is called, certificate is only checked for issuer
+   and validity period. You should call ssl_iostream_check_cert_validity()
+   in your callback.
+*/
 void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
 					 ssl_iostream_handshake_callback_t *callback,
 					 void *context);