Replace handling of negative verification result with SSL_set_retry_verify()
Provide a different mechanism to indicate that the application wants
to retry the verification. The negative result of the callback function
now indicates an error again.
Instead the SSL_set_retry_verify() can be called from the callback
to indicate that the handshake should be suspended.
Fixes #17568
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17825)
diff --git a/doc/build.info b/doc/build.info
index 97e6bd3..4e1db23 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -2547,6 +2547,10 @@
GENERATE[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod
DEPEND[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod
GENERATE[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod
+DEPEND[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod
+GENERATE[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod
+DEPEND[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod
+GENERATE[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod
DEPEND[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod
GENERATE[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod
DEPEND[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod
@@ -3356,6 +3360,7 @@
html/man3/SSL_set_bio.html \
html/man3/SSL_set_connect_state.html \
html/man3/SSL_set_fd.html \
+html/man3/SSL_set_retry_verify.html \
html/man3/SSL_set_session.html \
html/man3/SSL_set_shutdown.html \
html/man3/SSL_set_verify_result.html \
@@ -3948,6 +3953,7 @@
man/man3/SSL_set_bio.3 \
man/man3/SSL_set_connect_state.3 \
man/man3/SSL_set_fd.3 \
+man/man3/SSL_set_retry_verify.3 \
man/man3/SSL_set_session.3 \
man/man3/SSL_set_shutdown.3 \
man/man3/SSL_set_verify_result.3 \
