Not sure about this one... seems to be needed to make 64 bit release

[openssl.git] / doc / ssl / SSL_CTX_set_default_passwd_cb.pod

diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
index a5343a1cf398069cf0bfbac52f00341c46ec4d3f..2b87f01ca15f3b408a7fb95026aa7fb34675bb3f 100644 (file)
--- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -40,6 +40,12 @@ then keep it in memory and use it several times. In the last case, the
 password could be stored into the B<userdata> storage and the
 pem_passwd_cb() only returns the password already stored.
 
+When asking for the password interactively, pem_passwd_cb() can use
+B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
+In this case the password dialog may ask for the same password twice
+for comparison in order to catch typos, that would make decryption
+impossible.
+
 Other items in PEM formatting (certificates) can also be encrypted, it is
 however not usual, as certificate information is considered public.