doc: Clarify SSL_get_SSL_CTX returns internal pointer

Document that the returned pointer is internal, reference count is not
incremented, and should not be freed. Mention SSL_CTX_up_ref() for
callers who need to retain the SSL_CTX.

Fixes #28298

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29767)

diff --git a/doc/man3/SSL_get_SSL_CTX.pod b/doc/man3/SSL_get_SSL_CTX.pod
index 02443c104e86df9c8fe494844def204f4c565d5f..96c0319ab1596c6c163e0ddd74135f1924445ef6 100644 (file)
--- a/doc/man3/SSL_get_SSL_CTX.pod
+++ b/doc/man3/SSL_get_SSL_CTX.pod
@@ -17,7 +17,10 @@ B<ssl> was created with L<SSL_new(3)>.
 
 =head1 RETURN VALUES
 
-The pointer to the SSL_CTX object is returned.
+The pointer to the SSL_CTX object is returned. This is an internal pointer
+and the reference count is not incremented. The returned pointer should not
+be freed. If the caller needs to retain the SSL_CTX for longer than the SSL
+object, it should call L<SSL_CTX_up_ref(3)> to increment the reference count.
 
 =head1 SEE ALSO