These functions configure server hostname checks in the SSL client.
SSL_set1_host() sets the expected DNS hostname to B<name> clearing
-any previously specified host name or names. If B<name> is NULL,
-or the empty string the list of hostnames is cleared, and name
-checks are not performed on the peer certificate. When a non-empty
+any previously specified hostname. If B<name> is NULL
+or the empty string, the list of hostnames is cleared and name
+checks are not performed on the peer certificate. When a nonempty
B<name> is specified, certificate verification automatically checks
the peer hostname via L<X509_check_host(3)> with B<flags> as specified
via SSL_set_hostflags(). Clients that enable DANE TLSA authentication
must not free the return value.
SSL clients are advised to use these functions in preference to
-explicitly calling L<X509_check_host(3)>. Hostname checks are out
+explicitly calling L<X509_check_host(3)>. Hostname checks may be out
of scope with the RFC7671 DANE-EE(3) certificate usage, and the
internal check will be suppressed as appropriate when DANE is
enabled.
matched. Otherwise, it returns the matched peername. To determine
whether verification succeeded call L<SSL_get_verify_result(3)>.
-=head1 EXAMPLE
+=head1 EXAMPLES
Suppose "smtp.example.com" is the MX host of the domain "example.com".
The calls below will arrange to match either the MX hostname or the
=head1 SEE ALSO
+L<ssl(7)>,
L<X509_check_host(3)>,
L<SSL_get_verify_result(3)>.
L<SSL_dane_enable(3)>.
=head1 HISTORY
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.