kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clarify that SSL_get_peer_cert_chain returns the unverified chain.

Browse Source 
This came up and I wasn't sure which it was without source-diving.

Change-Id: Ie659096e0f42a7448f81dfb1006c125d292fd7fd
Reviewed-on: https://boringssl-review.googlesource.com/6354
Reviewed-by: Adam Langley <alangley@gmail.com>
This commit is contained in:
David Benjamin 2015-10-27 02:38:02 -04:00 committed by Adam Langley
parent 05ee4fda1c
commit e93ffa5da7
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/openssl/ssl.h
View File

@ -1212,9 +1212,11 @@ OPENSSL_EXPORT int SSL_in_false_start(const SSL *ssl);
OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl);
/* SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if /* SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if
* unavailable or the peer did not use certificates. For historical reasons, * unavailable or the peer did not use certificates. This is the unverified
* this may not be available if resuming a serialized |SSL_SESSION|. The caller * list of certificates as sent by the peer, not the final chain built during
* does not take ownership of the result. * verification. For historical reasons, this value may not be available if
* resuming a serialized |SSL_SESSION|. The caller does not take ownership of
* the result.
* *
* WARNING: This function behaves differently between client and server. If * WARNING: This function behaves differently between client and server. If
* |ssl| is a server, the returned chain does not include the leaf certificate. * |ssl| is a server, the returned chain does not include the leaf certificate.