diff options
author | VladimĂr Kotal <vladimir.kotal@oracle.com> | 2023-06-16 11:22:24 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-26 08:04:33 +1000 |
commit | a6f46005413b49265aa91b2e00930a17b494df78 (patch) | |
tree | 3fef0ce2b7d1be71cfac5101b0e97357c7407f44 /doc | |
parent | 30d5465e54ca586a21b8e3576eaa0e59b86583f1 (diff) |
add note about retrieving error stack
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21220)
(cherry picked from commit a7c54dde5189f11c046f638e5aaf2004aee34202)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_get_verify_result.pod | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/man3/SSL_get_verify_result.pod b/doc/man3/SSL_get_verify_result.pod index ac37408748..ab13e912b1 100644 --- a/doc/man3/SSL_get_verify_result.pod +++ b/doc/man3/SSL_get_verify_result.pod @@ -22,6 +22,13 @@ of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from SSL_get_verify_result(). +Sometimes there can be a sequence of errors leading to the verification +failure as reported by SSL_get_verify_result(). +To get the errors, it is necessary to setup a verify callback via +L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors +from the error stack there, because once L<SSL_connect(3)> returns, +these errors may no longer be available. + The verification result is part of the established session and is restored when a session is reused. |