* src/ne_ssl.h: Update docco for ne_ssl_clicert*_read.

git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1320 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845

1 files changed, 11 insertions, 8 deletions

diff --git a/src/ne_ssl.h b/src/ne_ssl.h
index ed65b49..2184ec8 100644
--- a/src/ne_ssl.h
+++ b/src/ne_ssl.h
@@ -119,16 +119,19 @@ void ne_ssl_cert_free(ne_ssl_certificate *cert);
 /* A client certificate (and private key). */
 typedef struct ne_ssl_client_cert_s ne_ssl_client_cert;
 
-/* Read a client certificate and private key from a PKCS12 file;
- * returns NULL if the file could not be parsed, or otherwise
- * returning a client certificate object. */
+/* Read a client certificate and private key from a PKCS#12-format
+ * file; returns NULL if the file could not be parsed, otherwise
+ * returns a client certificate object. */
 ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename);
 
-/* Read a client certificate from a PKCS12 file which does not have a
- * private key; returns NULL if the file could not be parsed, or
- * otherwise returning a client certificate object.  This can only be
- * used in conjunction with e.g. ne_ssl_set_gnutls_signcb to provide
- * an external signing mechanism. */
+/* Read a client certificate from a PKCS#12-format file which does not
+ * contain a private key; returns NULL if the file could not be
+ * parsed, or otherwise returns a client certificate object.  (Even if
+ * the file does contain a private key, it will be ignored).
+ *
+ * The client cert object returned here must only be passed to
+ * ne_ssl_set_clicert if an external signing callback is also used
+ * (see ne_ssl_set_gnutls_signcb). */
 ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename);
 
 /* Returns the "friendly name" given for the client cert, or NULL if