X509_VERIFY_PARAM_set_flags(3) states that X509_VERIFY_PARAM_set_flags() and X509_VERIFY_PARAM_clear_flags() both "return 1 for success or 0 for failure".
But both those functions always return 1 (unless param is null, in which case they don't return at all but segfault instead -- but none of the other X509_VERIFY_PARAM_* functions (except X509_VERIFY_PARAM_free()) check for that error, so I'm assuming that was a deliberate choice). The trivial diff below amends the man page to reflect reality. Now on to my question: I'm wondering whether it's perhaps worth changing the type of those two functions (plus two undocumented functions that just wrap X509_VERIFY_PARAM_set_flags()) to void instead? That would cause no problems in the base system (see below), although I have no idea whether anything in ports relies on them returning int... In the base system, nothing calls X509_VERIFY_PARAM_clear_flags() at all and X509_VERIFY_PARAM_set_flags() is called only by libtls, openssl(1) & unbound-anchor(8) -- all of which already ignore its return value... ...and from within libcrypto itself by two undocumented wrapper functions X509_STORE_set_flags() & X509_STORE_CTX_set_flags(), both of which also always return 1, and in the base system those are called only from openssl(1), iked(8), isakmpd(8) and one regression test for libssl, all of which already ignore their return values. Index: man/X509_VERIFY_PARAM_set_flags.3 =================================================================== RCS file: /cvs/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3,v retrieving revision 1.5 diff -u -p -r1.5 X509_VERIFY_PARAM_set_flags.3 --- man/X509_VERIFY_PARAM_set_flags.3 6 Jan 2017 21:30:27 -0000 1.5 +++ man/X509_VERIFY_PARAM_set_flags.3 21 Jun 2017 13:29:13 -0000 @@ -183,8 +183,11 @@ sets the maximum verification depth to That is the maximum number of untrusted CA certificates that can appear in a chain. .Sh RETURN VALUES -.Fn X509_VERIFY_PARAM_set_flags , -.Fn X509_VERIFY_PARAM_clear_flags , +.Fn X509_VERIFY_PARAM_set_flags +and +.Fn X509_VERIFY_PARAM_clear_flags +always return 1. +.Pp .Fn X509_VERIFY_PARAM_set_purpose , .Fn X509_VERIFY_PARAM_set_trust , .Fn X509_VERIFY_PARAM_add0_policy ,
