kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Recommend ex_data for SSL_CTX_set_cert_verify_callback.

Browse Source 
Using the arg parameter does not work well. This is purely an
SSL_CTX-level callback, not an SSL-level one.

Change-Id: Ib968807efbe7dd08e71cea1c4d8034a52c729d45
Reviewed-on: https://boringssl-review.googlesource.com/13629
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-02-05 16:15:43 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent b2ff2623a8
commit 2056f63bdb
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/openssl/ssl.h
View File

@ -2239,9 +2239,8 @@ OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void);
* zero on fatal error. It may use |X509_STORE_CTX_set_error| to set a
* verification result.
*
* The callback may use either the |arg| parameter or
* |SSL_get_ex_data_X509_STORE_CTX_idx| to recover the associated |SSL|
* object. */
* The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| to recover the
* |SSL| object from |store_ctx|. */
OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback(
SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *store_ctx, void *arg),
void *arg);