diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ed8bafa75..fc9a1623e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1747,7 +1747,7 @@ /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_cb()` + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure * the set of trusted certificates through a callback instead of a linked * list. @@ -1756,7 +1756,7 @@ * certificates is present and storing them in a linked list isn't efficient * enough, or when the set of trusted certificates changes frequently. * - * See the documentation of `mbedtls_x509_crt_verify_with_cb()` and + * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and * `mbedtls_ssl_conf_ca_cb()` for more information. * * Uncomment to enable trusted certificate callbacks. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 67a24f029..96f014287 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -532,15 +532,15 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, * * \param p_ctx An opaque context passed to the callback. * \param child The certificate for which to search a potential signer. - * This must point to a readable certificate. + * This will point to a readable certificate. * \param candidate_cas The address at which to store the address of the first * entry in the generated linked list of candidate signers. - * This must not be \c NULL. + * This will not be \c NULL. * * \note The callback must only return a non-zero value on a * fatal error. If, in contrast, the search for a potential * signer completes without a single candidate, the - * callback must return \c 0 and get \c *candidate_cas + * callback must return \c 0 and set \c *candidate_cas * to \c NULL. * * \return \c 0 on success. In this case, \c *candidate_cas points