> Hi, > > The documentation for PKCS7_verify says: > > PKCS7_verify() returns 1 for a successful verification and > zero or a > negative value if an error occurs.
This is correct. > And in apps/smime.c there is this code: > > if (PKCS7_verify(p7, other, store, indata, out, flags)) > BIO_printf(bio_err, "Verification successful\n"); > else > { > BIO_printf(bio_err, "Verification failure\n"); > goto end; > } This is correct. > But looking at the code for PKCS7_verify I can't see a case where > it returns something other than 0 or 1. This is correct. > Could either the code or the documentation be fixed? Neither is broken. The documentation documents the *defined* interface, which can be a superset of the implemented interface. This permits the implementation to change without having to change the documentation. For example, a function that never allocates memory in any current implementation may still have a "not enough memory to complete this operation" return value defined. That way, if any future implementation does need to allocate memory and is unable to, it has something to return. Failure to allow for such things, even if they are not needed now, constrains future development. If a future implementation wants to return ten different error codes to indicate different failure modes, it can currently do so without breaking any current code that follows the specification. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org