Commit e55107126a for openssl.org
commit e55107126affad5df9547761dfee5103b4fce6a0
Author: Tomas Mraz <tomas@openssl.foundation>
Date: Fri Apr 3 16:18:52 2026 +0200
Fix documentation of SSL_ech_get1_status() return values
Also do minor formatting cleanups on the man page.
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed Apr 8 09:13:38 2026
(Merged from https://github.com/openssl/openssl/pull/30673)
diff --git a/doc/man3/SSL_set1_echstore.pod b/doc/man3/SSL_set1_echstore.pod
index cd983c4ae9..a67c3e2acf 100644
--- a/doc/man3/SSL_set1_echstore.pod
+++ b/doc/man3/SSL_set1_echstore.pod
@@ -20,7 +20,7 @@ SSL_CTX_ech_set_callback,SSL_set1_ech_config_list
=head1 SYNOPSIS
- #include <openssl/ech.h>
+ #include <openssl/ech.h>
OSSL_ECHSTORE *OSSL_ECHSTORE_new(OSSL_LIB_CTX *libctx, const char *propq);
void OSSL_ECHSTORE_free(OSSL_ECHSTORE *es);
@@ -293,9 +293,9 @@ Some externally visible limits:
=item B<OSSL_ECH_MAX_ALPN_LEN> 255, maximum overall length of an ALPN
-=item B< OSSL_ECH_OUTERS_MAX> 20, maximum number of extensions compressed via outer-exts
+=item B<OSSL_ECH_OUTERS_MAX> 20, maximum number of extensions compressed via outer-exts
-=item B< OSSL_ECH_ALLEXTS_MAX> 32, maximum total number of extensions allowed
+=item B<OSSL_ECH_ALLEXTS_MAX> 32, maximum total number of extensions allowed
=back
@@ -309,34 +309,6 @@ ECH version - the only supported version is 0xfe0d currently.
=back
-Return codes from SSL_ech_get_status
-
-=over 4
-
-=item B<SSL_ECH_STATUS_BACKEND> 4, ECH backend: saw an ech_is_inner
-
-=item B<SSL_ECH_STATUS_GREASE_ECH> 3, GREASEd and got an ECH in return
-
-=item B<SSL_ECH_STATUS_GREASE> 2, ECH GREASE happened
-
-=item B<SSL_ECH_STATUS_SUCCESS> 1, Success
-
-=item B<SSL_ECH_STATUS_FAILED> 0, Some internal or protocol error
-
-=item B<SSL_ECH_STATUS_BAD_CALL> -100, Some in/out arguments were NULL
-
-=item B<SSL_ECH_STATUS_NOT_TRIED> -101, ECH wasn't attempted
-
-=item B<SSL_ECH_STATUS_BAD_NAME> -102, ECH ok but server or client cert bad
-
-=item B<SSL_ECH_STATUS_NOT_CONFIGURED> -103, ECH wasn't configured
-
-=item B<SSL_ECH_STATUS_FAILED_ECH> -105, We tried, failed and got an ECH, from a verified name
-
-=item B<SSL_ECH_STATUS_FAILED_ECH_BAD_NAME> -106, We tried, failed and got an ECH, from a bad name
-
-=back
-
Values for I<for_retry>
=over 4
@@ -380,11 +352,39 @@ OSSL_ECHSTORE_set1_key_and_read_pem(), OSSL_ECHSTORE_read_pem(),
OSSL_ECHSTORE_num_keys(), OSSL_ECHSTORE_num_entries(),
OSSL_ECHSTORE_flush_keys(), SSL_CTX_set1_echstore(),
SSL_ech_set_server_names(), SSL_ech_set_outer_server_name(),
-SSL_ech_set_outer_alpn_protos(), SSL_ech_get1_status(),
+SSL_ech_set_outer_alpn_protos(),
SSL_ech_set_grease_suite(), SSL_ech_set_grease_type(),
SSL_ech_get_retry_config() and SSL_CTX_ech_set1_outer_alpn_protos() all return
zero on error and one on success.
+SSL_ech_get1_status() returns one of the following values:
+
+=over 4
+
+=item B<SSL_ECH_STATUS_BACKEND> 4, ECH backend: saw an ech_is_inner
+
+=item B<SSL_ECH_STATUS_GREASE_ECH> 3, GREASEd and got an ECH in return
+
+=item B<SSL_ECH_STATUS_GREASE> 2, ECH GREASE happened
+
+=item B<SSL_ECH_STATUS_SUCCESS> 1, Success
+
+=item B<SSL_ECH_STATUS_FAILED> 0, Some internal or protocol error
+
+=item B<SSL_ECH_STATUS_BAD_CALL> -100, Some in/out arguments were NULL
+
+=item B<SSL_ECH_STATUS_NOT_TRIED> -101, ECH wasn't attempted
+
+=item B<SSL_ECH_STATUS_BAD_NAME> -102, ECH ok but server or client cert bad
+
+=item B<SSL_ECH_STATUS_NOT_CONFIGURED> -103, ECH wasn't configured
+
+=item B<SSL_ECH_STATUS_FAILED_ECH> -105, We tried, failed and got an ECH, from a verified name
+
+=item B<SSL_ECH_STATUS_FAILED_ECH_BAD_NAME> -106, We tried, failed and got an ECH, from a bad name
+
+=back
+
SSL_ech_set_callback(), SSL_CTX_ech_set_callback(), OSSL_ECHSTORE_free() have
no return value.