From 1f6433e7473a14bf4263b618d3f0c1e17196a267 Mon Sep 17 00:00:00 2001 From: Mike DePaulo Date: Fri, 10 Jul 2015 08:13:00 -0400 Subject: Update openssl: 1.0.1o -> 1.0.1p --- openssl/doc/crypto/X509_STORE_CTX_new.pod | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'openssl/doc/crypto/X509_STORE_CTX_new.pod') diff --git a/openssl/doc/crypto/X509_STORE_CTX_new.pod b/openssl/doc/crypto/X509_STORE_CTX_new.pod index b17888f14..eb38b0a10 100644 --- a/openssl/doc/crypto/X509_STORE_CTX_new.pod +++ b/openssl/doc/crypto/X509_STORE_CTX_new.pod @@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. X509_STORE_CTX_init() sets up B for a subsequent verification operation. -The trusted certificate store is set to B, the end entity certificate -to be verified is set to B and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B. Any or -all of the B, B and B parameters can be B. +It must be called before each call to X509_verify_cert(), i.e. a B is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B, the end +entity certificate to be verified is set to B and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B. Any or all of the B, B and B parameters can be +B. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates -- cgit v1.2.3