From 88f3570fe48ac1e3eea8efa7040f62a24978dc0d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 23 Nov 2022 16:35:10 -0800
Subject: [PATCH] OCSP/CRL

Added comments for the usage of OCSP_WANT_READ used with the CRL I/O
callback.
---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index a738dd7c8..9d636f5a1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13482,6 +13482,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 ret = CheckCertCRL(SSL_CM(ssl)->crl,
                                         args->dCert);
                             #ifdef WOLFSSL_NONBLOCK_OCSP
+                                /* The CRL lookup I/O callback is using the
+                                 * same WOULD_BLOCK error code as OCSP's I/O
+                                 * callback, and it is enabling it using the
+                                 * same flag. */
                                 if (ret == OCSP_WANT_READ) {
                                     args->lastErr = ret;
                                     goto exit_ppc;
@@ -13852,6 +13856,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         WOLFSSL_MSG("Doing Leaf CRL check");
                         ret = CheckCertCRL(SSL_CM(ssl)->crl, args->dCert);
                     #ifdef WOLFSSL_NONBLOCK_OCSP
+                        /* The CRL lookup I/O callback is using the
+                         * same WOULD_BLOCK error code as OCSP's I/O
+                         * callback, and it is enabling it using the
+                         * same flag. */
                         if (ret == OCSP_WANT_READ) {
                             goto exit_ppc;
                         }