Merge branch 'tmp-reproducible-sig-doc' into 'master'

doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]

Closes #953

See merge request gnutls/gnutls!1242

1 files changed, 6 insertions, 3 deletions

diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index d8805681a9..386ae3e49f 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -372,9 +372,12 @@ int gnutls_privkey_status(gnutls_privkey_t key);
  * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol.
  * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding.
  * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters.
- *   For RSA-PSS, that means to use empty salt instead of random value. For ECDSA/DSA, it uses the deterministic
- *   construction of random parameter according to RFC 6979. Note that
- *   this only supports the NIST curves and DSA subgroup bits up to 512.
+ *   For RSA-PSS, that means to use empty salt instead of random value. To
+ *   verify a signature created using this flag, the corresponding SPKI needs
+ *   to be set on the public key. Use gnutls_pubkey_set_spki() for that.
+ *   For ECDSA/DSA, it uses the deterministic construction of random parameter
+ *   according to RFC 6979. Note that this only supports the NIST curves and DSA
+ *   subgroup bits up to 512.
  * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically
  *   release it when the structure it was imported is released.
  * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import.