diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-03-07 15:46:58 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-03-14 09:42:54 +0100 |
commit | 38514791b6b8459a98aac4f39e196183cd6332d8 (patch) | |
tree | 61fdae210a31d3dd878ed83dc8e1c353f73f22b0 /CHANGES.md | |
parent | 2722d7482feef2033d27e7ce25394fa4abb8558c (diff) | |
download | openssl-new-38514791b6b8459a98aac4f39e196183cd6332d8.tar.gz |
Replace handling of negative verification result with SSL_set_retry_verify()
Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.
Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.
Fixes #17568
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)
(cherry picked from commit dfb39f73132edf56daaad189e6791d1bdb57c4db)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 990442f171..b569b1c1c5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -48,6 +48,12 @@ breaking changes, and mappings for the large list of deprecated functions. *Darshan Sen* + * The negative return value handling of the certificate verification callback + was reverted. The replacement is to set the verification retry state with + the SSL_set_retry_verify() function. + + *Tomáš Mráz* + ### Changes between 3.0.0 and 3.0.1 [14 Dec 2021] * Fixed invalid handling of X509_verify_cert() internal errors in libssl |