Updates in OCSP status response related documentation

gnutls_certificate_set_ocsp_status_request_file2: corrected documentation

This corrects the documented return code in gnutls_certificate_set_ocsp_status_request_file2
and the applicability of gnutls_ocsp_status_request_is_checked.

Resolves: #836

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/lib/ocsp-api.c b/lib/ocsp-api.c
index 7fac5e38658c29760b8b3472f10b358aa234ee4d..685378a696a4acf99eb21e01a298558ebb5f5408 100644 (file)
--- a/lib/ocsp-api.c
+++ b/lib/ocsp-api.c
@@ -361,8 +361,8 @@ static int append_response(gnutls_certificate_credentials_t sc, unsigned idx,
  * If the response is already expired at the time of loading the code
  * %GNUTLS_E_EXPIRED is returned.
  *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
- *   otherwise a negative error code is returned.
+ * Returns: On success, the number of loaded responses is returned,
+ *   otherwise a negative error code.
  *
  * Since: 3.1.3
  **/
@@ -608,6 +608,10 @@ gnutls_certificate_get_ocsp_expiration(gnutls_certificate_credentials_t sc,
  * explicit OCSP validity check on the peer's certificate. Should be called after
  * any of gnutls_certificate_verify_peers*() are called.
  *
+ * This function is always usable on client side, but on server side only
+ * under TLS 1.3, which is the first version of TLS that allows cliend-side OCSP
+ * responses.
+ *
  * Returns: non zero if the response was valid, or a zero if it wasn't sent,
  * or sent and was invalid.
  *