From: Matt Caswell <matt@openssl.org>
Date: Wed, 3 May 2017 13:41:43 +0000 (+0100)
Subject: Update serverinfo documentation based on feedback received
X-Git-Tag: OpenSSL_1_1_1-pre1~1602
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6d9d8019bbc02e73ee1fdb5f6ffe3dd6ffcaa9d8;p=oweals%2Fopenssl.git

Update serverinfo documentation based on feedback received

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
---

diff --git a/doc/man3/SSL_CTX_use_serverinfo.pod b/doc/man3/SSL_CTX_use_serverinfo.pod
index a5defb30ee..d35a196ffe 100644
--- a/doc/man3/SSL_CTX_use_serverinfo.pod
+++ b/doc/man3/SSL_CTX_use_serverinfo.pod
@@ -35,7 +35,8 @@ consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then
 length bytes of extension_data. The context and type values have the same
 meaning as for L<SSL_CTX_add_custom_ext(3)>. If serverinfo is being loaded for
 extensions to be added to a Certificate message, then the extension will only
-be added for the first Certificate in the message.
+be added for the first certificate in the message (which is always the
+end-entity certificate).
 
 If B<version> is B<SSL_SERVERINFOV1> then the extensions in the array must
 consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of
@@ -62,7 +63,7 @@ last certificate installed.  If e.g. the last item was a RSA certificate, the
 loaded serverinfo extension data will be loaded for that certificate.  To
 use the serverinfo extension for multiple certificates,
 SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
-each time a certificate is loaded.
+each time a certificate is loaded via a call to SSL_CTX_use_certificate().
 
 =head1 RETURN VALUES