Replace handling of negative verification result with SSL_set_retry_verify()

Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
author: Tomas Mraz <tomas@openssl.org> 2022-03-07 15:46:58 +0100
committer: Tomas Mraz <tomas@openssl.org> 2022-03-14 09:39:03 +0100
commit: dfb39f73132edf56daaad189e6791d1bdb57c4db (patch)
tree: 0b6e37d9fa5a263906d4ca4b6ceef0a14632ff18 /util
parent: 7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/util/other.syms b/util/other.syms
index 82766810f1..3eaafee3a8 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -677,3 +677,4 @@ EVP_PKEY_security_bits                  define
 EVP_PKEY_size                           define
 EVP_PKEY_id                             define
 EVP_PKEY_base_id                        define
+SSL_set_retry_verify                    define
author	Tomas Mraz <tomas@openssl.org>	2022-03-07 15:46:58 +0100
committer	Tomas Mraz <tomas@openssl.org>	2022-03-14 09:39:03 +0100
commit	dfb39f73132edf56daaad189e6791d1bdb57c4db (patch)
tree	0b6e37d9fa5a263906d4ca4b6ceef0a14632ff18 /util
parent	7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa (diff)