From 6d9d8019bbc02e73ee1fdb5f6ffe3dd6ffcaa9d8 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 3 May 2017 14:41:43 +0100 Subject: [PATCH] Update serverinfo documentation based on feedback received Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3298) --- doc/man3/SSL_CTX_use_serverinfo.pod | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/man3/SSL_CTX_use_serverinfo.pod b/doc/man3/SSL_CTX_use_serverinfo.pod index a5defb30ee..d35a196ffe 100644 --- a/doc/man3/SSL_CTX_use_serverinfo.pod +++ b/doc/man3/SSL_CTX_use_serverinfo.pod @@ -35,7 +35,8 @@ consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for L. If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only -be added for the first Certificate in the message. +be added for the first certificate in the message (which is always the +end-entity certificate). If B is B then the extensions in the array must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of @@ -62,7 +63,7 @@ last certificate installed. If e.g. the last item was a RSA certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, SSL_CTX_use_serverinfo() needs to be called multiple times, once B -each time a certificate is loaded. +each time a certificate is loaded via a call to SSL_CTX_use_certificate(). =head1 RETURN VALUES -- 2.40.0