commit 915275ba78309dd0dccbda1c0035b840050ba8a1
author Paul Bakker <p.j.bakker@polarssl.org> Fri Sep 28 07:10:55 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Sep 28 07:10:55 2012 +0000
tree 206e7ae24a72ec90f80cf3e7cebb14f3872ce958
parent 819370c7b76e506dcb8f3b8c40658f9c487a64d3

 - Revamped x509_verify() and the SSL f_vrfy callback implementations

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 094a120..c460963 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -397,7 +397,7 @@
     void (*f_dbg)(void *, int, const char *);
     int (*f_recv)(void *, unsigned char *, size_t);
     int (*f_send)(void *, const unsigned char *, size_t);
-    int (*f_vrfy)(void *, x509_cert *, int, int);
+    int (*f_vrfy)(void *, x509_cert *, int, int *);
     int (*f_get_cache)(void *, ssl_session *);
     int (*f_set_cache)(void *, const ssl_session *);
     int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
@@ -601,18 +601,16 @@
 /**
  * \brief          Set the verification callback (Optional).
  *
- *                 If set, the verification callback is called once for every
- *                 certificate in the chain. The verification function has the
- *                 following parameter: (void *parameter, x509_cert certificate,
- *                 int certifcate_depth, int preverify_ok). It should
- *                 return 0 on SUCCESS.
+ *                 If set, the verify callback is called for each
+ *                 certificate in the chain. For implementation
+ *                 information, please see \c x509parse_verify()
  *
  * \param ssl      SSL context
  * \param f_vrfy   verification function
  * \param p_vrfy   verification parameter
  */
 void ssl_set_verify( ssl_context *ssl,
-                     int (*f_vrfy)(void *, x509_cert *, int, int),
+                     int (*f_vrfy)(void *, x509_cert *, int, int *),
                      void *p_vrfy );
 
 /**