Improve comments

commit: cdb4dc9393d56c0f34d24e9814dae020c8f663cd [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jul 06 12:16:25 2017 +0200
committer: Simon Butcher <simon.butcher@arm.com> Fri Jul 28 12:20:48 2017 +0100
tree: 793adab8986a66aaa4190b14ebd7553f8bb0f184
parent: 83765655ddcde1073f1831e510ecabc116f4c64f [diff]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 7d2cff1..8cb1923 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -2303,7 +2303,9 @@
     }
 
 exit:
-    /* prevent misuse of the vrfy callback */
+    /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
+     * the SSL module for authmode optional, but non-zero return from the
+     * callback means a fatal error so it shouldn't be ignored */
     if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
         ret = MBEDTLS_ERR_X509_FATAL_ERROR;
 

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9c9cf46..6e8a61d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -1948,6 +1948,8 @@
             -C "! mbedtls_ssl_handshake returned" \
             -S "X509 - Certificate verification failed"
 
+# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
+# default value (8)
 run_test    "Authentication: server max_int chain, client default" \
             "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
                     key_file=data_files/dir-maxpath/09.key" \
commit	cdb4dc9393d56c0f34d24e9814dae020c8f663cd	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Jul 06 12:16:25 2017 +0200
committer	Simon Butcher <simon.butcher@arm.com>	Fri Jul 28 12:20:48 2017 +0100
tree	793adab8986a66aaa4190b14ebd7553f8bb0f184
parent	83765655ddcde1073f1831e510ecabc116f4c64f [diff]