Improve comments

2017-07-06 12:16:25 +02:00 · 2017-07-06 12:16:25 +02:00 · 9107b5fdd3
commit 9107b5fdd3
parent ee98109af5
2 changed files with 5 additions and 1 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2310,7 +2310,9 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
    }

 exit:
-    /* prevent misuse of the vrfy callback */
+    /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
+     * the SSL module for authmode optional, but non-zero return from the
+     * callback means a fatal error so it shouldn't be ignored */
    if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
        ret = MBEDTLS_ERR_X509_FATAL_ERROR;

--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2103,6 +2103,8 @@ run_test    "Authentication: client no cert, ssl3" \
            -C "! mbedtls_ssl_handshake returned" \
            -S "X509 - Certificate verification failed"

+# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
+# default value (8)
 run_test    "Authentication: server max_int chain, client default" \
            "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
                    key_file=data_files/dir-maxpath/09.key" \