From cfea3ebd01932a23b9093153cf97d9d41b9a86cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 10 Jul 2017 11:45:47 +0200
Subject: [PATCH] Update doc of return value of verify()

---
 include/polarssl/x509_crt.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index eef7f3afb..d534ad819 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -252,11 +252,13 @@ int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
  * \param f_vrfy   verification function
  * \param p_vrfy   verification parameter
  *
- * \return         0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
- *                 in which case *flags will have one or more BADCERT_XXX or
- *                 BADCRL_XXX flags set,
- *                 or another error in case of a fatal error encountered
- *                 during the verification process.
+ * \return         0 (and flags set to 0) if the chain was verified and valid,
+ *                 POLARSSL_ERR_X509_CERT_VERIFY_FAILED if the chain was verified
+ *                 but found to be invalid, in which case *flags will have one
+ *                 or more BADCERT_XXX or POLARSSL_X509_BADCRL_XXX
+ *                 flags set, or another error (and flags set to 0xffffffff)
+ *                 in case of a fatal error encountered during the
+ *                 verification process.
  */
 int x509_crt_verify( x509_crt *crt,
                      x509_crt *trust_ca,