Fix BIO_eof() for BIO pairs

[openssl.git] / doc / crypto / X509_check_host.pod

diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
index eab258688a04edf5f4e9dbb24019d80c19a7893d..d35ade8cb918b66f4e964fd456f6e1932a8fb622 100644 (file)
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -70,6 +70,8 @@ flags:
 
 =item B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT>,
 
+=item B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>,
+
 =item B<X509_CHECK_FLAG_NO_WILDCARDS>,
 
 =item B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS>,
@@ -86,6 +88,12 @@ one subject alternative name of the right type (DNS name or email
 address as appropriate); the default is to ignore the subject DN
 when at least one corresponding subject alternative names is present.
 
+The B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> flag causes the function to never
+consider the subject DN even if the certificate contains no subject alternative
+names of the right type (DNS name or email address as appropriate); the default
+is to use the subject DN when no corresponding subject alternative names are
+present.
+
 If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard
 expansion; this only applies to B<X509_check_host>.
 
@@ -126,15 +134,15 @@ DANE support is added to OpenSSL.
 
 =head1 SEE ALSO
 
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<X509_VERIFY_PARAM_set1_host(3)|X509_VERIFY_PARAM_set1_host(3)>,
-L<X509_VERIFY_PARAM_add1_host(3)|X509_VERIFY_PARAM_add1_host(3)>,
-L<X509_VERIFY_PARAM_set1_email(3)|X509_VERIFY_PARAM_set1_email(3)>,
-L<X509_VERIFY_PARAM_set1_ip(3)|X509_VERIFY_PARAM_set1_ip(3)>,
-L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)>
+L<SSL_get_verify_result(3)>,
+L<X509_VERIFY_PARAM_set1_host(3)>,
+L<X509_VERIFY_PARAM_add1_host(3)>,
+L<X509_VERIFY_PARAM_set1_email(3)>,
+L<X509_VERIFY_PARAM_set1_ip(3)>,
+L<X509_VERIFY_PARAM_set1_ipasc(3)>
 
 =head1 HISTORY
 
-These functions were added in OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.0.2.
 
 =cut