corrected dane doc

2 files changed, 10 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 881bc33fe1..1999403168 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,14 @@ See the end for copying conditions.
 ** certtool: pathlen constraint is now read correctly. Reported by
 Christoph Seitz.
 
+** libdane: Added interfaces to allow initialization of dane_query_t from
+external DNS resolutions, and to allow direct verification of a certificate
+chain against a dane_query_t. Contributed by Christian Grothoff.
+
+** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
+triggered by a DNS server supplying more than 4 DANE records. Report and fix
+by Christian Grothoff.
+
 ** API and ABI modifications:
 dane_verify_crt_raw: Added
 dane_raw_tlsa: Added
diff --git a/libdane/dane.c b/libdane/dane.c
index 01872b519c..4c1dcd11ab 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -246,9 +246,9 @@ void dane_query_deinit(dane_query_t q)
  *             caller must guarantee that the referenced data remains
  *             valid until dane_query_deinit() is called.
  * @dane_data_len: the length n bytes of the dane_data items
- * @param secure true if the result is validated securely, false if
+ * @secure: true if the result is validated securely, false if
  *               validation failed or the domain queried has no security info
- * @param bogus if the result was not secure (secure = 0) due to a security failure,
+ * @bogus: if the result was not secure (secure = 0) due to a security failure,
  *              and the result is due to a security failure, bogus is true.
  *
  *