[openssl-dev] "SSL_dane_enable() may be called"
Claus Assmann
ca+ssl-dev at esmtp.org
Sat Jan 16 19:32:51 UTC 2016
On Sat, Jan 16, 2016, Viktor Dukhovni wrote:
> On Sat, Jan 16, 2016 at 04:30:26AM -0800, Claus Assmann wrote:
> > SSL_dane_enable() may be called before the SSL handshake is
> > initiated with L<SSL_connect(3)> to enable DANE for that connection.
> > "may" seems to be a bit confusing here: if you want "to enable DANE
> > for that connection" then you "must" call the function, right?
> Correct. And conversely must not be called, if the intention is
> to not enable DANE. Any suggested improvements of the text.
- simply replace "may" with "must"?
SSL_dane_enable() must be called before the SSL handshake is
initiated with L<SSL_connect(3)> to enable DANE for that connection.
- this might be better:
To enable DANE for a connection SSL_dane_enable() must be called
before the SSL handshake is initiated with L<SSL_connect(3)>.
- or very explicit:
SSL_dane_enable() must be called before the SSL handshake is initiated
with L<SSL_connect(3)> if (and only if) you want to enable DANE for
that connection.
More information about the openssl-dev
mailing list