From: Lutz Jänicke <jaenicke@openssl.org>
Date: Thu, 26 Jun 2003 14:03:03 +0000 (+0000)
Subject: Clarify wording of verify_callback() behaviour.
X-Git-Tag: BEN_FIPS_TEST_1~38^2~27
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9d19fbc4fce71a7a5f40314e3d0e25db26f82043;p=oweals%2Fopenssl.git

Clarify wording of verify_callback() behaviour.
---

diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
index d15b2a3a1a..ca8d81b82c 100644
--- a/doc/ssl/SSL_CTX_set_verify.pod
+++ b/doc/ssl/SSL_CTX_set_verify.pod
@@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If
 SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
 the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
 the verification process is continued. If B<verify_callback> always returns
-1, the TLS/SSL handshake will never be terminated because of this application
-experiencing a verification failure. The calling process can however
-retrieve the error code of the last verification error using
+1, the TLS/SSL handshake will not be terminated with respect to verification
+failures and the connection will be established. The calling process can
+however retrieve the error code of the last verification error using
 L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
 own error storage managed by B<verify_callback>.