diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5d8c5c00..a539b20d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3069,7 +3069,7 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, // host may use a delegated credential to sign the handshake. Once issued, // credentials can't be revoked. In order to mitigate the damage in case the // credential secret key is compromised, the credential is only valid for a -// short time (days, hours, or even minutes). This library implements draft-02 +// short time (days, hours, or even minutes). This library implements draft-03 // of the protocol spec. // // The extension ID has not been assigned; we're using 0xff02 for the time @@ -3082,7 +3082,7 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, // SSL_set1_delegated_credential configures the delegated credential (DC) that // will be sent to the peer for the current connection. |dc| is the DC in wire // format, and |pkey| or |key_method| is the corresponding private key. -// Currently (as of draft-02), only servers may configure a DC to use in the +// Currently (as of draft-03), only servers may configure a DC to use in the // handshake. // // The DC will only be used if the protocol version is correct and the signature diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc index 1b01e7fe..54df38f7 100644 --- a/ssl/ssl_cert.cc +++ b/ssl/ssl_cert.cc @@ -804,9 +804,7 @@ UniquePtr DC::Parse(CRYPTO_BUFFER *in, uint8_t *out_alert) { // ssl_can_serve_dc returns true if the host has configured a DC that it can // serve in the handshake. Specifically, it checks that a DC has been -// configured, that the DC protocol version is the same as the negotiated -// protocol version, and that the DC signature algorithm is supported by the -// peer. +// configured and that the DC signature algorithm is supported by the peer. static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) { // Check that a DC has been configured. const CERT *cert = hs->config->cert.get();