B<flags> is an optional set of flags, which can be used to modify the verify
operation.
-CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must
+CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it may only
be called after a successful CMS_verify() operation.
=head1 VERIFY PROCESS
CRLs are used in addition to attempting to look them up in B<store>. If any
chain verify fails an error code is returned.
-Finally the signed content is read (and written to B<out> is it is not NULL)
+Finally the signed content is read (and written to B<out> if it is not NULL)
and the signature's checked.
If all signature's verify correctly then the function is successful.
returned.
If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
-verified.
+verified, unless CMS_CADES flag is also set.
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
-verified.
+verified, unless CMS_CADES flag is also set.
+
+If B<CMS_CADES> is set, each signer certificate is checked against the
+"ESS signing-certificate" extension added in the signed attributes of the
+signature.
If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
is not considered important.
Chain verification should arguably be performed using the signing time rather
-than the current time. However since the signing time is supplied by the
+than the current time. However, since the signing time is supplied by the
signer it cannot be trusted without additional evidence (such as a trusted
timestamp).
=head1 COPYRIGHT
-Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy