dnsdist: Fix comment as suggested by Miod

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 7a18f2f8ad3fee0a0eddc4282235e300bb6b712f..bd247dc17809ffa8920ec8640498d2db9b699853 100644 (file)
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -375,6 +375,9 @@ int libssl_ocsp_stapling_callback(SSL* ssl, const std::map<int, std::string>& oc
   }
 
   const auto ocsp_resp_size = data->second.size();
+  /* the behaviour is alas different in 3.6.0 because of a regression introduced in b1b4b154fd389ac6254d49cfb11aee36c1c51b84:
+     the value passed to SSL_set_tlsext_status_ocsp_resp() is not freed in 3.6.0 as it is in all others OpenSSL versions.
+     See https://github.com/openssl/openssl/issues/28888 */
 #if OPENSSL_VERSION_NUMBER != 0x30600000L
   /* we need to allocate a copy because OpenSSL will free the pointer passed to SSL_set_tlsext_status_ocsp_resp() */
   void* ocsp_resp = OPENSSL_malloc(ocsp_resp_size);
@@ -384,8 +387,7 @@ int libssl_ocsp_stapling_callback(SSL* ssl, const std::map<int, std::string>& oc
 
   memcpy(ocsp_resp, data->second.data(), ocsp_resp_size);
 #else
-  /* no longer freed after b1b4b154fd389ac6254d49cfb11aee36c1c51b84 3.6.0, https://github.com/openssl/openssl/issues/28888 */
-  // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast): the parameter is no longer freed but the parameter is not marked const..
+  // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast): the parameter is not freed in this version (3.6.0, see above) but the parameter is not marked const.
   void* ocsp_resp = const_cast<char*>(data->second.data());
 #endif
   SSL_set_tlsext_status_ocsp_resp(ssl, ocsp_resp, ocsp_resp_size);