add note about retrieving error stack

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21220) (cherry picked from commit a7c54dde5189f11c046f638e5aaf2004aee34202)
author: Vladimír Kotal <vladimir.kotal@oracle.com> 2023-06-16 11:22:24 +0200
committer: Pauli <pauli@openssl.org> 2023-06-26 08:04:54 +1000
commit: 86b2886240056d73767d2a3f1d25058b2bd371fc (patch)
tree: 3a31e4e190a0bb3d747d663d4f2e72d4288ef258 /doc
parent: 6aefd64455a9fac0a11c69c2630a5a85f10f5b21 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/man3/SSL_get_verify_result.pod b/doc/man3/SSL_get_verify_result.pod
index ac37408748..ab13e912b1 100644
--- a/doc/man3/SSL_get_verify_result.pod
+++ b/doc/man3/SSL_get_verify_result.pod
@@ -22,6 +22,13 @@ of a certificate can fail because of many reasons at the same time. Only
 the last verification error that occurred during the processing is available
 from SSL_get_verify_result().
 
+Sometimes there can be a sequence of errors leading to the verification
+failure as reported by SSL_get_verify_result().
+To get the errors, it is necessary to setup a verify callback via
+L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
+from the error stack there, because once L<SSL_connect(3)> returns,
+these errors may no longer be available.
+
 The verification result is part of the established session and is restored
 when a session is reused.
author	Vladimír Kotal <vladimir.kotal@oracle.com>	2023-06-16 11:22:24 +0200
committer	Pauli <pauli@openssl.org>	2023-06-26 08:04:54 +1000
commit	86b2886240056d73767d2a3f1d25058b2bd371fc (patch)
tree	3a31e4e190a0bb3d747d663d4f2e72d4288ef258 /doc
parent	6aefd64455a9fac0a11c69c2630a5a85f10f5b21 (diff)