X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FX509_check_host.pod;h=2c692b07570251a2eb9971184d07af273899445d;hp=93848152b5ec1a6b27d599ab54e4949460371f05;hb=3dcbb6c4a395d56dfa561145d89017ff958bb18e;hpb=99d63d4662e16afbeff49f29b48f1c87d5558ed0 diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index 93848152b5..2c692b0757 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -6,7 +6,7 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert =head1 SYNOPSIS - #include + #include int X509_check_host(X509 *, const char *name, size_t namelen, unsigned int flags, char **peername); @@ -93,6 +93,9 @@ consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. +If both B and +B are specified, the latter takes +precedence and the subject DN is not checked for matching names. If set, B disables wildcard expansion; this only applies to B. @@ -128,9 +131,9 @@ NULs. Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling L. Host name -checks are out of scope with the DANE-EE(3) certificate usage, +checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when -DANE support is added to OpenSSL. +DANE support is enabled. =head1 SEE ALSO @@ -147,9 +150,9 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.