> Hi,
>
> The documentation for PKCS7_verify says:
>
> PKCS7_verify() returns 1 for a successful verification and
> zero or a
> negative value if an error occurs.
This is correct.
> And in apps/smime.c there is this code:
>
> if (PKCS7_verify(p7, other, store, indata, out, flags))
> BIO_printf(bio_err, "Verification successful\n");
> else
> {
> BIO_printf(bio_err, "Verification failure\n");
> goto end;
> }
This is correct.
> But looking at the code for PKCS7_verify I can't see a case where
> it returns something other than 0 or 1.
This is correct.
> Could either the code or the documentation be fixed?
Neither is broken. The documentation documents the *defined* interface, which
can be a superset of the implemented interface. This permits the implementation
to change without having to change the documentation.
For example, a function that never allocates memory in any current
implementation may still have a "not enough memory to complete this operation"
return value defined. That way, if any future implementation does need to
allocate memory and is unable to, it has something to return.
Failure to allow for such things, even if they are not needed now, constrains
future development. If a future implementation wants to return ten different
error codes to indicate different failure modes, it can currently do so without
breaking any current code that follows the specification.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
