From f416f6aa9cd97f7a0e135e3983f377e9c20a8d6c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 1 Dec 2022 05:33:55 +0000
Subject: Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated

---
 src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 7a39050c4f..08961eb4d3 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.26 2022/07/13 21:17:03 schwarze Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.27 2022/12/01 05:33:55 tb Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: December 1 2022 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -590,16 +590,10 @@ A side effect of not checking the root CA signature is that disabled or
 unsupported message digests on the root CA are not treated as fatal
 errors.
 .Pp
-The
+The deprecated
 .Dv X509_V_FLAG_CB_ISSUER_CHECK
-flag enables debugging of certificate issuer checks.
-It is
-.Sy not
-needed unless you are logging certificate verification.
-If this flag is set then additional status codes will be sent to the
-verification callback and it
-.Sy must
-be prepared to handle such cases without assuming they are hard errors.
+flag used to enable debugging of certificate issuer checks.
+It is provided for binary backwards compatibility and has no effect.
 .Pp
 When
 .Dv X509_V_FLAG_TRUSTED_FIRST
-- 
cgit v1.2.3-55-g6feb