From 8c4ae426c578d53c7afcbcbc178c96a7da3614c2 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Thu, 8 Aug 2013 21:33:18 +0200
Subject: [PATCH] Minor documentation update.

---
 src/tlsproxy.c | 2 +-
 src/verify.c   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index f7b9f27..8b9b6d9 100644
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -375,7 +375,7 @@ static void initialize_gnutls(void) {
     gnutls_datum_t dh_parameters_datum;
 
 /* Recent versions of GnuTLS automatically initialize the cryptography layer
- * in gnutls_global_init(). */
+ * in gnutls_global_init(), including a thread-safe setup. */
 #if GNUTLS_VERSION_NUMBER <= 0x020b00
     gcry_error_t error;
 
diff --git a/src/verify.c b/src/verify.c
index f68d1bb..7031c28 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
             gnutls_strerror(result));
         return -1;
     }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
     if (status & GNUTLS_CERT_REVOKED
             || status & GNUTLS_CERT_SIGNER_NOT_CA
             || status & GNUTLS_CERT_INSECURE_ALGORITHM
-- 
2.43.2