Reword SSL_get0_ech_name_override documentation.

Hopefully it's a little clearer that this may be called whether or not ECH is offered. (And whether or not it's a server.) Bug: 275 Change-Id: I39c8ce5758543a0cfda84652b3fc0a5b9669fd0a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49165 Reviewed-by: Matt Mueller <mattm@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
4 years ago · 37a3c70c0e
parent 07b365f63a
commit 37a3c70c0e
1 changed files with 5 additions and 5 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -3601,12 +3601,12 @@ OPENSSL_EXPORT int SSL_set1_ech_config_list(SSL *ssl,
                                            const uint8_t *ech_config_list,
                                            size_t ech_config_list_len);
-// SSL_get0_ech_name_override sets |*out_name| and |*out_name_len| to point to a
+// SSL_get0_ech_name_override, if |ssl| is a client and the server rejected ECH,
-// buffer containing the ECH public name, if the server rejected ECH, or the
+// sets |*out_name| and |*out_name_len| to point to a buffer containing the ECH
-// empty string otherwise.
+// public name. Otherwise, the buffer will be empty.
 //
-// This function should be called during the certificate verification callback
+// When offering ECH as a client, this function should be called during the
-// (see |SSL_CTX_set_custom_verify|) if |ssl| is a client offering ECH. If
+// certificate verification callback (see |SSL_CTX_set_custom_verify|). If
 // |*out_name_len| is non-zero, the caller should verify the certificate against
 // the result, interpreted as a DNS name, rather than the true server name. In
 // this case, the handshake will never succeed and is only used to authenticate