Only return VERIFY_FAILED from a single point Everything else is a fatal error. Also improve documentation about that for the vrfy callback.

commit: c386317298520b84260ec6b6615aa86ba1625195 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 26 10:11:49 2017 +0200
committer: Simon Butcher <simon.butcher@arm.com> Fri Jul 28 12:20:48 2017 +0100
tree: 15440edebcdb395672d4649f3c922a4a8805d511
parent: 489939f829ad09dae72731729ea36240f630e49f [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index dee13ea..d44c0f7 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -29,6 +29,9 @@
    * Certificate verification functions now set flags to -1 in case the full
      chain was not verified due to an internal error (including in the verify
      callback) or chain length limitations.
+   * With authmode set to optional, handshake is now aborted if the
+     verification of the peer's certificate failed due to an overlong chain or
+     a fatal error in the vrfy callback.
 
 = mbed TLS 2.1.8 branch released 2017-06-21
commit	c386317298520b84260ec6b6615aa86ba1625195	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Jun 26 10:11:49 2017 +0200
committer	Simon Butcher <simon.butcher@arm.com>	Fri Jul 28 12:20:48 2017 +0100
tree	15440edebcdb395672d4649f3c922a4a8805d511
parent	489939f829ad09dae72731729ea36240f630e49f [diff] [blame]