[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Mon Jan 9 21:19:44 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  3dca6ca0df0facedabcc5d9733b304e507f796db (commit)
       via  0d3020caefb93653b6cbbe0533f77c46e625f269 (commit)
      from  75f12d7cbffcaa31cc8ff5c7fee02e614785632a (commit)


- Log -----------------------------------------------------------------
commit 3dca6ca0df0facedabcc5d9733b304e507f796db
Author: Rich Salz <rsalz at openssl.org>
Date:   Sun Jan 8 12:50:52 2017 -0500

    Rename "verify_cb" to SSL_verify_cb
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2151)
    (cherry picked from commit 3adc41dd22080c4161d8a2af98d7b29fdbb11915)

commit 0d3020caefb93653b6cbbe0533f77c46e625f269
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Dec 27 15:00:06 2016 -0500

    Doc nits: callback function typedefs
    
    Enhance find-doc-nits to be better about finding typedefs for
    callback functions.  Fix all nits it now finds.  Added some new
    typedef names to ssl.h some of which were documented but did not
    exist
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2151)
    (cherry picked from commit 121677b4875b08df99a48d20ab5c26f54782f21d)

-----------------------------------------------------------------------

Summary of changes:
 doc/crypto/BIO_ctrl.pod                      |   5 +-
 doc/crypto/BIO_set_callback.pod              | 140 ++++++++++++++++++++++-----
 doc/crypto/EVP_PKEY_keygen.pod               |   6 +-
 doc/crypto/X509_STORE_CTX_new.pod            |  20 +---
 doc/crypto/X509_STORE_CTX_set_verify_cb.pod  |  10 +-
 doc/crypto/X509_STORE_set_verify_cb_func.pod |   8 +-
 doc/ssl/SSL_CTX_set_generate_session_id.pod  |   6 +-
 doc/ssl/SSL_CTX_set_verify.pod               |  15 +--
 doc/ssl/SSL_extension_supported.pod          |   3 +-
 include/openssl/ssl.h                        |  14 +--
 util/find-doc-nits.pl                        |   9 +-
 11 files changed, 166 insertions(+), 70 deletions(-)

diff --git a/doc/crypto/BIO_ctrl.pod b/doc/crypto/BIO_ctrl.pod
index 17dc6ed..a098946 100644
--- a/doc/crypto/BIO_ctrl.pod
+++ b/doc/crypto/BIO_ctrl.pod
@@ -5,7 +5,8 @@
 BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
 BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
 BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
-BIO_get_info_callback, BIO_set_info_callback - BIO control operations
+BIO_get_info_callback, BIO_set_info_callback, bio_info_cb
+- BIO control operations
 
 =head1 SYNOPSIS
 
@@ -94,7 +95,7 @@ return the amount of pending data.
 =head1 NOTES
 
 BIO_flush(), because it can write data may return 0 or -1 indicating
-that the call should be retried later in a similar manner to BIO_write().
+that the call should be retried later in a similar manner to BIO_write_ex().
 The BIO_should_retry() call should be used and appropriate action taken
 is the call fails.
 
diff --git a/doc/crypto/BIO_set_callback.pod b/doc/crypto/BIO_set_callback.pod
index 113b416..ed395fa 100644
--- a/doc/crypto/BIO_set_callback.pod
+++ b/doc/crypto/BIO_set_callback.pod
@@ -2,17 +2,24 @@
 
 =head1 NAME
 
-BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
-BIO_debug_callback - BIO callback functions
+BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback,
+BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback,
+BIO_callback_fn_ex, BIO_callback_fn
+- BIO callback functions
 
 =head1 SYNOPSIS
 
  #include <openssl/bio.h>
 
-
+ typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                    size_t len, int argi,
+                                    long argl, int ret, size_t *processed);
  typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
                                  long argl, long ret);
 
+ void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+ BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+
  void BIO_set_callback(BIO *b, BIO_callack_fn cb);
  BIO_callack_fn BIO_get_callback(BIO *b);
  void BIO_set_callback_arg(BIO *b, char *arg);
@@ -23,10 +30,15 @@ BIO_debug_callback - BIO callback functions
 
 =head1 DESCRIPTION
 
-BIO_set_callback() and BIO_get_callback() set and retrieve the BIO callback,
-they are both macros. The callback is called during most high level BIO
-operations. It can be used for debugging purposes to trace operations on
-a BIO or to modify its operation.
+BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO
+callback. The callback is called during most high level BIO operations. It can
+be used for debugging purposes to trace operations on a BIO or to modify its
+operation.
+
+BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO
+callback. New code should not use these functions, but they are retained for
+backwards compatbility. Any callback set via BIO_set_callback_ex() will get
+called in preference to any set by BIO_set_callback().
 
 BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
 used to set and retrieve an argument for use in the callback.
@@ -36,8 +48,9 @@ out information relating to each BIO operation. If the callback
 argument is set it is interpreted as a BIO to send the information
 to, otherwise stderr is used.
 
-BIO_callback_fn() is the type of the callback function. The meaning of each
-argument is described below:
+BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn()
+is the type of the old format callback function. The meaning of each argument
+is described below:
 
 =over
 
@@ -51,11 +64,22 @@ B<oper> is set to the operation being performed. For some operations
 the callback is called twice, once before and once after the actual
 operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
 
+=item B<len>
+
+The length of the data requested to be read or written. This is only useful if
+B<oper> is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.
+
 =item B<argp> B<argi> B<argl>
 
 The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
 the value of B<oper>, that is the operation being performed.
 
+=item B<processed>
+
+B<processed> is a pointer to a location which will be updated with the amount of
+data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE,
+BIO_CB_GETS and BIO_CB_PUTS.
+
 =item B<ret>
 
 B<ret> is the return value that would be returned to the
@@ -80,37 +104,103 @@ function that is called.
 
 =item B<BIO_free(b)>
 
-callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) is called before the
-free operation.
+ callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
+
+or
+
+ callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
+
+is called before the free operation.
+
+=item B<BIO_read_ex(b, data, dlen, readbytes)>
+
+ callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, readbytes)
 
-=item B<BIO_read(b, out, outl)>
+or
+
+ callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
+
+is called before the read and
+
+ callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, readbytes)
+
+or
+
+ callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
 
-callback(b, BIO_CB_READ, out, outl, 0L, 1L) is called before
-the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
 after.
 
-=item B<BIO_write(b, in, inl)>
+=item B<BIO_write(b, data, dlen, written)>
+
+ callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, written)
+
+or
+
+ callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
+
+is called before the write and
+
+ callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, written)
+
+or
+
+ callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
 
-callback(b, BIO_CB_WRITE, in, inl, 0L, 1L) is called before
-the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
 after.
 
-=item B<BIO_gets(b, out, outl)>
+=item B<BIO_gets(b, buf, size)>
+
+ callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
+
+or
+
+ callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
+
+is called before the operation and
+
+ callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, readbytes)
+
+or
+
+ callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
 
-callback(b, BIO_CB_GETS, out, outl, 0L, 1L) is called before
-the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
 after.
 
-=item B<BIO_puts(b, in)>
+=item B<BIO_puts(b, buf)>
+
+ callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+
+or
+
+ callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
+
+is called before the operation and
+
+ callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, written)
+
+or
+
+ callback(b, BIO_CB_WRITE|BIO_CB_RETURN, buf, 0, 0L, retvalue)
 
-callback(b, BIO_CB_WRITE, in, 0, 0L, 1L) is called before
-the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
 after.
 
 =item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
 
-callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) is called before the call and
-callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) after.
+ callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
+
+or
+
+ callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
+
+is called before the call and
+
+ callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
+
+or
+
+ callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
+
+after.
 
 =back
 
diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod
index 5b8b635..ed4a3e1 100644
--- a/doc/crypto/EVP_PKEY_keygen.pod
+++ b/doc/crypto/EVP_PKEY_keygen.pod
@@ -5,7 +5,9 @@
 EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
 EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
 EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
-EVP_PKEY_CTX_get_app_data - key and parameter generation functions
+EVP_PKEY_CTX_get_app_data,
+EVP_PKEY_gen_cb
+- key and parameter generation functions
 
 =head1 SYNOPSIS
 
@@ -16,7 +18,7 @@ EVP_PKEY_CTX_get_app_data - key and parameter generation functions
  int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 
- typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+ typedef int (*EVP_PKEY_gen_cb)(EVP_PKEY_CTX *ctx);
 
  void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
  EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index bf587a3..0d8ce3b 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -11,8 +11,8 @@ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
 X509_STORE_CTX_get_num_untrusted,
 X509_STORE_CTX_set_default,
 X509_STORE_CTX_set_verify,
-X509_STORE_set_verify,
-X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+X509_STORE_CTX_verify_fn
+- X509_STORE_CTX initialisation
 
 =head1 SYNOPSIS
 
@@ -42,11 +42,8 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
  int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
 
  typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
- X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
 
- void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
-
 =head1 DESCRIPTION
 
 These functions initialise an B<X509_STORE_CTX> structure for subsequent use
@@ -113,12 +110,7 @@ that were used in building the chain following a call to X509_verify_cert().
 
 X509_STORE_CTX_set_verify() provides the capability for overriding the default
 verify function. This function is responsible for verifying chain signatures and
-expiration times. X509_STORE_CTX_get_verify() obtains the current verify
-function being used.
-
-X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify()
-but sets the default verify function to be used by all X509_STORE_CTX objects
-created for this X509_STORE.
+expiration times.
 
 A verify function is defined as an X509_STORE_CTX_verify type which has the
 following signature:
@@ -160,9 +152,6 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 used.
 
-X509_STORE_CTX_get_verify() returns the current verify function in use for this
-X509_STORE_CTX.
-
 =head1 SEE ALSO
 
 L<X509_verify_cert(3)>
@@ -172,9 +161,6 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
-X509_STORE_set_verify() was first added to OpenSSL 1.1.0. It was previously
-available as a macro X509_STORE_set_verify_func(). This macro still exists but
-simply calls this function.
 
 =head1 COPYRIGHT
 
diff --git a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
index 266a4c1..3be256d 100644
--- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
@@ -12,9 +12,10 @@ X509_STORE_CTX_get_get_crl,
 X509_STORE_CTX_get_check_revocation,
 X509_STORE_CTX_get_check_issued,
 X509_STORE_CTX_get_get_issuer,
-X509_STORE_CTX_get_verify,
 X509_STORE_CTX_get_verify_cb,
-X509_STORE_CTX_set_verify_cb - get and set verification callback
+X509_STORE_CTX_set_verify_cb,
+X509_STORE_CTX_verify_cb
+- get and set verification callback
 
 =head1 SYNOPSIS
 
@@ -27,7 +28,6 @@ X509_STORE_CTX_set_verify_cb - get and set verification callback
  void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                    X509_STORE_CTX_verify_cb verify_cb);
 
- X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
  X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
  X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
  X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
@@ -66,7 +66,7 @@ be passed to the callback via the B<ex_data> mechanism.
 X509_STORE_CTX_get_verify_cb() returns the value of the current callback
 for the specific B<ctx>.
 
-X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
+X509_STORE_CTX_get_get_issuer(),
 X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
 X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
 X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
@@ -196,7 +196,7 @@ L<X509_STORE_CTX_get_ex_new_index(3)>
 
 =head1 HISTORY
 
-X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
+X509_STORE_CTX_get_get_issuer(),
 X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
 X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
 X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod
index c4f4816..f9fc1b1 100644
--- a/doc/crypto/X509_STORE_set_verify_cb_func.pod
+++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod
@@ -27,7 +27,13 @@ X509_STORE_set_get_issuer,
 X509_STORE_CTX_get_verify,
 X509_STORE_set_verify,
 X509_STORE_get_verify_cb,
-X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
+X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
+X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
+X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn
+X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
+X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn,
+X509_STORE_CTX_verify_cb, X509_STORE_CTX_verify_fn,
 - set verification callback
 
 =head1 SYNOPSIS
diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod
index 515fd25..1b1171f 100644
--- a/doc/ssl/SSL_CTX_set_generate_session_id.pod
+++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id - manipulate generation of SSL session IDs (server only)
+SSL_CTX_set_generate_session_id, SSL_set_generate_session_id,
+SSL_has_matching_session_id, GEN_SESSION_CB
+- manipulate generation of SSL session IDs (server only)
 
 =head1 SYNOPSIS
 
@@ -123,7 +125,7 @@ same id is already in the cache.
 
 =head1 SEE ALSO
 
-L<ssl(3)>, L<SSL_get_version(3)>
+L<ssl(7)>, L<SSL_get_version(3)>
 
 =head1 COPYRIGHT
 
diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
index d2d3d03..ccfe94c 100644
--- a/doc/ssl/SSL_CTX_set_verify.pod
+++ b/doc/ssl/SSL_CTX_set_verify.pod
@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth - set peer certificate verification parameters
+SSL_CTX_set_verify, SSL_set_verify,
+SSL_CTX_set_verify_depth, SSL_set_verify_depth,
+SSL_verify_cb
+- set peer certificate verification parameters
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
- void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                         int (*verify_callback)(int, X509_STORE_CTX *));
- void SSL_set_verify(SSL *s, int mode,
-                     int (*verify_callback)(int, X509_STORE_CTX *));
+ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+ void SSL_set_verify(SSL *s, int mode, SSL_verify_cb verify_callback);
  void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
  void SSL_set_verify_depth(SSL *s, int depth);
 
- int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
+ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
 
 =head1 DESCRIPTION
 
@@ -276,7 +277,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
 
 =head1 SEE ALSO
 
-L<ssl(3)>, L<SSL_new(3)>,
+L<ssl(7)>, L<SSL_new(3)>,
 L<SSL_CTX_get_verify_mode(3)>,
 L<SSL_get_verify_result(3)>,
 L<SSL_CTX_load_verify_locations(3)>,
diff --git a/doc/ssl/SSL_extension_supported.pod b/doc/ssl/SSL_extension_supported.pod
index a56087e..166c35a 100644
--- a/doc/ssl/SSL_extension_supported.pod
+++ b/doc/ssl/SSL_extension_supported.pod
@@ -3,7 +3,8 @@
 =head1 NAME
 
 SSL_extension_supported,
-SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext
+SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext,
+custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb
 - custom TLS extension handling
 
 =head1 SYNOPSIS
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index bab3ee6..8d75d53 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -262,6 +262,9 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
                                     const unsigned char *in,
                                     size_t inlen, int *al, void *parse_arg);
 
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
 /* Allow initial connection to servers that don't support RI */
 # define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
 /* Removed from OpenSSL 0.9.8q and 1.0.0c */
@@ -1342,9 +1345,8 @@ __owur int SSL_set_cipher_list(SSL *s, const char *str);
 void SSL_set_read_ahead(SSL *s, int yes);
 __owur int SSL_get_verify_mode(const SSL *s);
 __owur int SSL_get_verify_depth(const SSL *s);
-__owur int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
-                    int (*callback) (int ok, X509_STORE_CTX *ctx));
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
 void SSL_set_verify_depth(SSL *s, int depth);
 void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
 # ifndef OPENSSL_NO_RSA
@@ -1443,10 +1445,8 @@ __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
 
 __owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 __owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-__owur int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
-                                                        X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*callback) (int, X509_STORE_CTX *));
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
                                       int (*cb) (X509_STORE_CTX *, void *),
diff --git a/util/find-doc-nits.pl b/util/find-doc-nits.pl
index e7f9a47..74bf246 100755
--- a/util/find-doc-nits.pl
+++ b/util/find-doc-nits.pl
@@ -70,7 +70,14 @@ sub name_synopsis()
         my $sym;
         $line =~ s/STACK_OF\([^)]+\)/int/g;
         $line =~ s/__declspec\([^)]+\)//;
-        if ( $line =~ /typedef.* (\S+);/ ) {
+        if ( $line =~ /env (\S*)=/ ) {
+            # environment variable env NAME=...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.*\(\*(\S+)\)\(.*/ ) {
+            # a callback function: typedef ... (*NAME)(...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.* (\S+);/ ) {
+            # a simple typedef: typedef ... NAME;
             $sym = $1;
         } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
             $sym = $1;


More information about the openssl-commits mailing list