From 9dc2c27e3db60f6126f8c5d8645dd9f3310d0316 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Mon, 4 Jul 2022 14:31:24 +0200
Subject: [PATCH] Expand wolfDTLS_SetChGoodCb() docs

---
 doc/dox_comments/header_files/ssl.h | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index ad21ba203..729626be3 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -1638,7 +1638,19 @@ int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd)
 /*!
     \ingroup Setup
 
-    \brief Allows setting a callback for DTLS client hello "good".
+    \brief Allows setting a callback for a correctly processed and verified DTLS
+           client hello. When using a cookie exchange mechanism (either the
+           HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie
+           extension in DTLS 1.3) this callback is called after the cookie
+           exchange has succeeded. This is useful to use one WOLFSSL object as
+           the listener for new connections and being able to isolate the
+           WOLFSSL object once the ClientHello is verified (either through a
+           cookie exchange or just checking if the ClientHello had the correct
+           format).
+           DTLS 1.2:
+           https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
+           DTLS 1.3:
+           https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2
 
     \return SSL_SUCCESS upon success.
     \return BAD_FUNC_ARG upon failure.