From 37a3c70c0eba2cecb61b943bb12624871cc2d822 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 1 Sep 2021 14:22:17 -0400 Subject: [PATCH] Reword SSL_get0_ech_name_override documentation. Hopefully it's a little clearer that this may be called whether or not ECH is offered. (And whether or not it's a server.) Bug: 275 Change-Id: I39c8ce5758543a0cfda84652b3fc0a5b9669fd0a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49165 Reviewed-by: Matt Mueller Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/ssl.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 43f510207..996a0f94c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3601,12 +3601,12 @@ OPENSSL_EXPORT int SSL_set1_ech_config_list(SSL *ssl, const uint8_t *ech_config_list, size_t ech_config_list_len); -// SSL_get0_ech_name_override sets |*out_name| and |*out_name_len| to point to a -// buffer containing the ECH public name, if the server rejected ECH, or the -// empty string otherwise. +// SSL_get0_ech_name_override, if |ssl| is a client and the server rejected ECH, +// sets |*out_name| and |*out_name_len| to point to a buffer containing the ECH +// public name. Otherwise, the buffer will be empty. // -// This function should be called during the certificate verification callback -// (see |SSL_CTX_set_custom_verify|) if |ssl| is a client offering ECH. If +// When offering ECH as a client, this function should be called during the +// certificate verification callback (see |SSL_CTX_set_custom_verify|). If // |*out_name_len| is non-zero, the caller should verify the certificate against // the result, interpreted as a DNS name, rather than the true server name. In // this case, the handshake will never succeed and is only used to authenticate