Skip to content

Commit

Permalink
add note about retrieving error stack
Browse files Browse the repository at this point in the history 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #21220)
  • Loading branch information
@vladak @paulidale
vladak authored and paulidale committed Jun 25, 2023
1 parent 1a27cc3 commit a7c54dd
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions doc/man3/SSL_get_verify_result.pod
View file
Expand Up @@ -22,6 +22,13 @@ of a certificate can fail because of many reasons at the same time. Only
the last verification error that occurred during the processing is available
from SSL_get_verify_result().

Sometimes there can be a sequence of errors leading to the verification
failure as reported by SSL_get_verify_result().
To get the errors, it is necessary to setup a verify callback via
L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
from the error stack there, because once L<SSL_connect(3)> returns,
these errors may no longer be available.

The verification result is part of the established session and is restored
when a session is reused.

Expand Down

0 comments on commit a7c54dd

Please sign in to comment.