Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index adaacff..de487ce 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -76,6 +76,7 @@
#define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
+#define POLARSSL_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
/* \} name */
/**
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 24f7c7a..eef7f3a 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -232,7 +232,13 @@
*
* All flags left after returning from the callback
* are also returned to the application. The function should
- * return 0 for anything but a fatal error.
+ * return 0 for anything (including invalid certificates)
+ * other than fatal error, as a non-zero return code
+ * immediately aborts the verification process. For fatal
+ * errors, a specific error code should be used (different
+ * from POLARSSL_ERR_X509_CERT_VERIFY_FAILED which should not
+ * be returned at this point), or POLARSSL_ERR_X509_FATAL_ERROR
+ * can be used if no better code is available.
*
* \note In case verification failed, the results can be displayed
* using \c x509_crt_verify_info()