returned.
If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
-verified.
+verified, unless CMS_CADES flag is also set.
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
-verified.
+verified, unless CMS_CADES flag is also set.
+
+If B<CMS_CADES> is set, each signer certificate is checked against the
+"ESS signing-certificate" extension added in the signed attributes of the
+signature.
If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
=head1 COPYRIGHT
-Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy