From fe0120f9fbf08ca937cc95cf409c0d888145fafa Mon Sep 17 00:00:00 2001
From: Diego Fernandez <aiguo.fernandez@gmail.com>
Date: Wed, 11 Oct 2017 23:51:52 -0600
Subject: Improve documentation for passphrase callback (#703)

Address issue #701
---
 doc/api/ssl.rst    | 5 +++--
 src/OpenSSL/SSL.py | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index 6e856ce..d892dbb 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -369,8 +369,9 @@ Context objects have the following methods:
     this, it will be truncated.  Second, a boolean value which will be true if
     the user should be prompted for the passphrase twice and the callback should
     verify that the two values supplied are equal. Third, the value given as the
-    *userdata* parameter to :py:meth:`set_passwd_cb`.  If an error occurs,
-    *callback* should return a false value (e.g. an empty string).
+    *userdata* parameter to :py:meth:`set_passwd_cb`.  The *callback* must return
+    a byte string. If an error occurs, *callback* should return a false value
+    (e.g. an empty string).
 
 
 .. py:method:: Context.set_session_cache_mode(mode)
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 8d94bd8..75d080a 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -695,7 +695,7 @@ class Context(object):
         """
         Set the passphrase callback
 
-        :param callback: The Python callback to use
+        :param callback: The Python callback to use; must return a byte string
         :param userdata: (optional) A Python object which will be given as
                          argument to the callback
         :return: None
-- 
cgit v1.2.1