From 279e66f76ac3e66f20f0af4cd6de214879797d08 Mon Sep 17 00:00:00 2001
From: EasySec <easy.sec@free.fr>
Date: Wed, 13 Apr 2022 13:02:44 +0200
Subject: [PATCH] doc: Clarify that calling SSL_set_session(ssl, NULL) is a
 correct use case.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18101)

(cherry picked from commit e763b1861fb2a138371464b7d3996dbde85ff5e8)
---
 doc/man3/SSL_set_session.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man3/SSL_set_session.pod b/doc/man3/SSL_set_session.pod
index c3eca2565a..f1c0193bf3 100644
--- a/doc/man3/SSL_set_session.pod
+++ b/doc/man3/SSL_set_session.pod
@@ -21,7 +21,8 @@ with the L<SSL_session_reused(3)> call.
 
 If there is already a session set inside B<ssl> (because it was set with
 SSL_set_session() before or because the same B<ssl> was already used for
-a connection), SSL_SESSION_free() will be called for that session. If that old
+a connection), SSL_SESSION_free() will be called for that session.
+This is also the case when B<session> is a NULL pointer. If that old
 session is still B<open>, it is considered bad and will be removed from the
 session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
 not called for the connection (or at least L<SSL_set_shutdown(3)> was used to
-- 
2.34.1