From dbc25b841edef66eb03fb66c7690d470b3265e90 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Mon, 9 Dec 2024 22:02:58 +0100
Subject: [PATCH] x509_trust.c: add documenting comment for obj_trust()

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18764)
---
 crypto/x509/x509_trust.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index 1a4345f2fec..986d05a60a9 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -247,6 +247,13 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
         return X509_TRUST_UNTRUSTED;
 }
 
+/*
+ * |id| is the NID of the extended key usage (EKU) to check for certificate |x|.
+ * Return X509_TRUST_REJECTED if negative trust attributes of |x| prevents it.
+ * Return X509_TRUST_TRUSTED if positive trust attributes of |x| accepts it.
+ * If |flags| includes X509_TRUST_OK_ANY_EKU then anyEKU serves as wildcard.
+ * Return X509_TRUST_UNTRUSTED if no clear decision has been reached here.
+ */
 static int obj_trust(int id, X509 *x, int flags)
 {
     X509_CERT_AUX *ax = x->aux;
-- 
2.47.3