git.openssl.org Git - openssl.git/commit

author	Tomas Mraz <tomas@openssl.org>
	Mon, 7 Mar 2022 14:46:58 +0000 (15:46 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 14 Mar 2022 08:39:03 +0000 (09:39 +0100)
commit	dfb39f73132edf56daaad189e6791d1bdb57c4db
tree	0b6e37d9fa5a263906d4ca4b6ceef0a14632ff18	tree \| snapshot
parent	7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa	commit \| diff

Replace handling of negative verification result with SSL_set_retry_verify()

Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.

Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.

Fixes #17568

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)

13 files changed:

CHANGES.md		diff \| blob \| history
doc/build.info		diff \| blob \| history
doc/man3/SSL_CTX_set_cert_verify_callback.pod		diff \| blob \| history
doc/man3/SSL_CTX_set_verify.pod		diff \| blob \| history
doc/man3/SSL_set_retry_verify.pod	[new file with mode: 0644]	blob
doc/man3/SSL_want.pod		diff \| blob \| history
doc/man3/X509_verify_cert.pod		diff \| blob \| history
include/openssl/ssl.h.in		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/statem/statem_clnt.c		diff \| blob \| history
test/helpers/handshake.c		diff \| blob \| history
test/sslapitest.c		diff \| blob \| history
util/other.syms		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom