diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-02-08 08:17:23 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-02-09 15:18:19 +0100 |
commit | 990a15fe73b059d78d06c351e902115a30f02e70 (patch) | |
tree | 9f2511df3a838cd4a643e8fb5661014d9854eb79 /doc/man3/X509_STORE_CTX_get_error.pod | |
parent | 579262af1442e4126677495b3a488490f2c3f082 (diff) | |
download | openssl-new-990a15fe73b059d78d06c351e902115a30f02e70.tar.gz |
x509_vfy: Clarify relevance of ctx->error also on successful verification
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14127)
Diffstat (limited to 'doc/man3/X509_STORE_CTX_get_error.pod')
-rw-r--r-- | doc/man3/X509_STORE_CTX_get_error.pod | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 479b02503b..91e65f4af6 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -31,8 +31,10 @@ These functions are typically called after certificate or chain verification using L<X509_verify_cert(3)> or L<X509_STORE_CTX_verify(3)> has indicated an error or in a verification callback to determine the nature of an error. -X509_STORE_CTX_get_error() returns the error code of B<ctx>, see -the B<ERROR CODES> section for a full description of all error codes. +X509_STORE_CTX_get_error() returns the error code of I<ctx>. +See the L</ERROR CODES> section for a full description of all error codes. +It may return a code != X509_V_OK even if X509_verify_cert() did not indicate +an error, likely because a verification callback function has waived the error. X509_STORE_CTX_set_error() sets the error code of I<ctx> to I<s>. For example it might be used in a verification callback to set an error based on additional |