From: Matt Caswell <matt@openssl.org>
Date: Mon, 31 Mar 2025 14:51:14 +0000 (+0100)
Subject: Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs
X-Git-Tag: openssl-3.2.5~99
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fa0339b485513d4f0cff5477bcfd5067e67d8fa1;p=thirdparty%2Fopenssl.git

Link SSL_get_negotiated_group() and SSL_get0_group_name() in the docs

If you are intereseted in one you might be interested in the other.

Fixes #27137

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)

(cherry picked from commit 9eb21877f5704595a89cd550b1a639df86229b09)
---

diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
index c26ef003063..ecf3200ae4a 100644
--- a/doc/man3/SSL_CTX_set1_curves.pod
+++ b/doc/man3/SSL_CTX_set1_curves.pod
@@ -96,7 +96,9 @@ TLS versions, when a session has been resumed, it always reflects the group
 used for key exchange during the initial handshake (otherwise it is from the
 current, non-resumption, connection).  This can be called by either client or
 server. If the NID for the shared group is unknown then the value is set to the
-bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group.
+bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. See also
+L<SSL_get0_group_name(3)> which returns the name of the negotiated group
+directly and is generally preferred over SSL_get_negotiated_group().
 
 All these functions are implemented as macros.
 
@@ -134,7 +136,8 @@ key exchange, or NID_undef if there was no negotiated group.
 =head1 SEE ALSO
 
 L<ssl(7)>,
-L<SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_get0_group_name(3)>
 
 =head1 HISTORY
 
diff --git a/doc/man3/SSL_get0_group_name.pod b/doc/man3/SSL_get0_group_name.pod
index a96340ae86f..3359d9f8ecd 100644
--- a/doc/man3/SSL_get0_group_name.pod
+++ b/doc/man3/SSL_get0_group_name.pod
@@ -22,14 +22,15 @@ the key agreement of the current TLS session establishment.
 If non-NULL, SSL_get0_group_name() returns the name of the group that was used for
 the key agreement of the current TLS session establishment.
 If SSL_get0_group_name() returns NULL, an error occurred; possibly no TLS session
-has been established.
+has been established. See also L<SSL_get_negotiated_group(3)>.
 
 Note that the return value is valid only during the lifetime of the
 SSL object I<ssl>.
 
 =head1 SEE ALSO
 
-L<ssl(7)>
+L<ssl(7)>,
+L<SSL_get_negotiated_group(3)>
 
 =head1 COPYRIGHT