Comments.

3 files changed, 7 insertions, 2 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 498cd9faba..fbe4f667fa 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -413,7 +413,7 @@ struct ssl_ctx_st
 
 	/* if defined, these override the X509_verify_cert() calls */
 /**/	int (*app_verify_callback)();
-/**/	char *app_verify_arg; /* never used */
+/**/	char *app_verify_arg; /* never used; should be void * */
 
 	/* default values to use in SSL structures */
 /**/	struct cert_st /* CERT */ *cert;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index b33658f017..6d2511f76c 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -426,7 +426,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		(char *)s);
 
 	if (s->ctx->app_verify_callback != NULL)
-		i=s->ctx->app_verify_callback(&ctx);
+		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else
 		{
 #ifndef NO_X509_VERIFY
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d99c7d943c..e192fc4cac 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1142,6 +1142,11 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
 	{
+	/* now
+	 *     int (*cb)(X509_STORE_CTX *),
+	 * but should be
+	 *     int (*cb)(X509_STORE_CTX *, void *arg)
+	 */
 	ctx->app_verify_callback=cb;
 	ctx->app_verify_arg=arg; /* never used */
 	}