From ff6da2e43eb93fa63fec1db1536cff4e7e1105b4 Mon Sep 17 00:00:00 2001
From: Matthew Flatt <mflatt@racket-lang.org>
Date: Thu, 3 Mar 2011 07:18:51 -0700
Subject: [PATCH] add docs for openssl additions

---
 collects/openssl/mzssl.rkt     |  2 --
 collects/openssl/openssl.scrbl | 22 ++++++++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/collects/openssl/mzssl.rkt b/collects/openssl/mzssl.rkt
index 2d33e767fb..dc0fe13c8f 100644
--- a/collects/openssl/mzssl.rkt
+++ b/collects/openssl/mzssl.rkt
@@ -148,8 +148,6 @@
   (define-ssl SSL_get_verify_result (_SSL* -> _long))
   (define-ssl SSL_get_peer_certificate (_SSL* -> _X509*))
   
-  
-  
   (define-crypto X509_get_subject_name ( _X509* -> _X509_NAME*))
   (define-crypto X509_get_issuer_name ( _X509* -> _X509_NAME*))
   (define-crypto X509_NAME_oneline (_X509_NAME* _bytes _int -> _bytes))
diff --git a/collects/openssl/openssl.scrbl b/collects/openssl/openssl.scrbl
index a4eb3dae2d..9e60cb53ab 100644
--- a/collects/openssl/openssl.scrbl
+++ b/collects/openssl/openssl.scrbl
@@ -363,6 +363,28 @@ You can use the file @filepath{test.pem} of the @filepath{openssl}
 collection for testing purposes where the peer identifies itself using
 @filepath{test.pem}.}
 
+@; ----------------------------------------------------------------------
+@section[#:tag "peer-verif"]{Peer Verification}
+
+@defproc[(ssl-peer-verified? [p ssl-port?]) boolean?]{
+
+Returns @racket[#t] if the peer of SSL port @racket[p] has presented a
+valid and verified certificate, @racket[#f] otherwise.}
+
+@defproc[(ssl-peer-subject-name [p ssl-port?]) (or/c bytes? #f)]{
+
+If @racket[ssl-peer-verified?] would return @racket[#t] for
+@racket[p], the result is a byte string for the subject field of
+the certificate presented by the SSL port's peer, otherwise the result
+is @racket[#f].}
+
+@defproc[(ssl-peer-issuer-name [p ssl-port?]) (or/c bytes? #f)]{
+
+If @racket[ssl-peer-verified?] would return @racket[#t] for
+@racket[p], the result is a byte string for the issuer field of
+the certificate presented by the SSL port's peer, otherwise the result
+is @racket[#f].}
+
 @; ----------------------------------------------------------------------
 
 @section{SHA-1 Hashing}