[openssl] OpenSSL_1_1_1-stable update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Thu Jul 4 15:02:30 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  78af3f6f95cb8327fb423a609586c3c2b0d9c5f9 (commit)
      from  374cab6390ba005d4a559a3dea2a034af9cb1c09 (commit)


- Log -----------------------------------------------------------------
commit 78af3f6f95cb8327fb423a609586c3c2b0d9c5f9
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue Jul 2 13:32:29 2019 +0200

    Clarify documentation of SSL_CTX_set_verify client side behavior
    
    Fixes #9259
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9291)
    
    (cherry picked from commit e6716f2bb4d9588044820f29a7ced0f06789d6ef)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set_verify.pod | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod
index 21d9ae1..2e5ee79 100644
--- a/doc/man3/SSL_CTX_set_verify.pod
+++ b/doc/man3/SSL_CTX_set_verify.pod
@@ -102,7 +102,7 @@ B<Server mode:> if the client did not return a certificate, the TLS/SSL
 handshake is immediately terminated with a "handshake failure" alert.
 This flag must be used together with SSL_VERIFY_PEER.
 
-B<Client mode:> ignored
+B<Client mode:> ignored (see BUGS)
 
 =item SSL_VERIFY_CLIENT_ONCE
 
@@ -112,7 +112,7 @@ renegotiation or post-authentication if a certificate was requested
 during the initial handshake. This flag must be used together with
 SSL_VERIFY_PEER.
 
-B<Client mode:> ignored
+B<Client mode:> ignored (see BUGS)
 
 =item SSL_VERIFY_POST_HANDSHAKE
 
@@ -123,7 +123,7 @@ to be configured for post-handshake peer verification before the
 handshake occurs. This flag must be used together with
 SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections.
 
-B<Client mode:> ignored
+B<Client mode:> ignored (see BUGS)
 
 =back
 
@@ -203,8 +203,8 @@ message is sent to the client.
 =head1 BUGS
 
 In client mode, it is not checked whether the SSL_VERIFY_PEER flag
-is set, but whether any flags are set. This can lead to
-unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as
+is set, but whether any flags other than SSL_VERIFY_NONE are set. This can
+lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as
 required.
 
 =head1 RETURN VALUES

More information about the openssl-commits mailing list