]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c48fda) | patch
SSL_CTX_set_cert_verify_callback.pod: various corrections and clarifications
authorDr. David von Oheimb <dev@ddvo.net>
Fri, 22 Jan 2021 21:34:56 +0000 (22:34 +0100)
committerDr. David von Oheimb <dev@ddvo.net>
Wed, 21 Jul 2021 09:44:14 +0000 (11:44 +0200)
commitee11462d31e0f05bc75264ab40bf90ae55cb1d7c
tree4549f8ccb20c55896706570ae98582e3c10292eatree
parent0c48fda8d38ab91356c725e00ebcbbcad9ef0302commit | diff
SSL_CTX_set_cert_verify_callback.pod: various corrections and clarifications

- Make clear the callback is called whenever a peer certificate has been received,
  which is independent of the verification mode.
- Make clear that a return value > 1 always leads to handshake failure.
- Make clear that in server mode also return values <= 0 lead to handshake failure.
- For client mode replace the incorrect formulation "if B<SSL_VERIFY_PEER> is set"
  by what is actually implemented: "if the verification mode is not B<SSL_VERIFY_NONE>".
- Refer to X509_STORE_CTX_set_error() rather than to internal error variable.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)
doc/man3/SSL_CTX_set_cert_verify_callback.pod diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git