Comments.

apps/s_client.c

@@ -142,7 +142,7 @@ static void sc_usage(void)
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
-#ifdef APPS_CRLF
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 #endif
 	BIO_printf(bio_err," -quiet        - no s_client output\n");

apps/s_server.c

@@ -169,8 +169,8 @@ static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 static int s_nbio=0;
 #endif
 static int s_nbio_test=0;
-#ifdef APPS_CRLF
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
-	int s_crlf=0;
+int s_crlf=0;
 #endif
 static SSL_CTX *ctx=NULL;
 static int www=0;

ssl/ssl.h

@@ -413,7 +413,7 @@ struct ssl_ctx_st
 
 	/* if defined, these override the X509_verify_cert() calls */
 /**/	int (*app_verify_callback)();
-/**/	char *app_verify_arg; /* never used */
+/**/	char *app_verify_arg; /* never used; should be void * */
 
 	/* default values to use in SSL structures */
 /**/	struct cert_st /* CERT */ *cert;

ssl/ssl_cert.c

@@ -426,7 +426,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		(char *)s);
 
 	if (s->ctx->app_verify_callback != NULL)
-		i=s->ctx->app_verify_callback(&ctx);
+		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else
 		{
 #ifndef NO_X509_VERIFY

ssl/ssl_lib.c

@@ -1142,6 +1142,11 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
 	{
+	/* now
+	 *     int (*cb)(X509_STORE_CTX *),
+	 * but should be
+	 *     int (*cb)(X509_STORE_CTX *, void *arg)
+	 */
 	ctx->app_verify_callback=cb;
 	ctx->app_verify_arg=arg; /* never used */
 	}