From: Tobias Nießen <tniessen@tnie.de>
Date: Mon, 17 Jan 2022 15:31:39 +0000 (+0000)
Subject: Clarify flags argument of X509_check_ip
X-Git-Tag: openssl-3.2.0-alpha1~3044
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d280fe016a98b57d488f42fd3941bcd61407c5a;p=thirdparty%2Fopenssl.git

Clarify flags argument of X509_check_ip

Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)
---

diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod
index 9002fb22e61..1edf725a51b 100644
--- a/doc/man3/X509_check_host.pod
+++ b/doc/man3/X509_check_host.pod
@@ -62,7 +62,8 @@ X509_check_ip() checks if the certificate matches a specified IPv4 or
 IPv6 address.  The B<address> array is in binary format, in network
 byte order.  The length is either 4 (IPv4) or 16 (IPv6).  Only
 explicitly marked addresses in the certificates are considered; IP
-addresses stored in DNS names and Common Names are ignored.
+addresses stored in DNS names and Common Names are ignored. There are
+currently no B<flags> that would affect the behavior of this call.
 
 X509_check_ip_asc() is similar, except that the NUL-terminated
 string B<address> is first converted to the internal representation.