add note about retrieving error stack

author Vladimír Kotal <vladimir.kotal@oracle.com>

Fri, 16 Jun 2023 09:22:24 +0000 (11:22 +0200)

committer Pauli <pauli@openssl.org>

Sun, 25 Jun 2023 22:04:33 +0000 (08:04 +1000)
author Vladimír Kotal <vladimir.kotal@oracle.com>
Fri, 16 Jun 2023 09:22:24 +0000 (11:22 +0200)
committer Pauli <pauli@openssl.org>
Sun, 25 Jun 2023 22:04:33 +0000 (08:04 +1000)
diff --git a/doc/man3/SSL_get_verify_result.pod b/doc/man3/SSL_get_verify_result.pod

index ac37408748b25e6e7b16712d9ae9654a6b45d870..ab13e912b11acf38a8cba59b402439903c7997b3 100644 (file)
--- a/doc/man3/SSL_get_verify_result.pod
+++ b/doc/man3/SSL_get_verify_result.pod
@@ -22,6 +22,13 @@ of a certificate can fail because of many reasons at the same time. Only
  the last verification error that occurred during the processing is available
  from SSL_get_verify_result().
  
+Sometimes there can be a sequence of errors leading to the verification
+failure as reported by SSL_get_verify_result().
+To get the errors, it is necessary to setup a verify callback via
+L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
+from the error stack there, because once L<SSL_connect(3)> returns,
+these errors may no longer be available.
+
  The verification result is part of the established session and is restored
  when a session is reused.
author	Vladimír Kotal <vladimir.kotal@oracle.com>
	Fri, 16 Jun 2023 09:22:24 +0000 (11:22 +0200)
committer	Pauli <pauli@openssl.org>
	Sun, 25 Jun 2023 22:04:33 +0000 (08:04 +1000)