CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support

Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html
Reported-by: Oliver Graute

2 files changed, 26 insertions, 13 deletions

diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE.3 b/docs/libcurl/opts/CURLOPT_SSLENGINE.3
index 0874a2150..d0c48a4b2 100644
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE.3
@@ -30,9 +30,6 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE, char *id);
 .SH DESCRIPTION
 Pass a pointer to a zero terminated string as parameter. It will be used as
 the identifier for the crypto engine you want to use for your private key.
-
-If the crypto device cannot be loaded, \fICURLE_SSL_ENGINE_NOTFOUND\fP is
-returned.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
@@ -40,9 +37,19 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-If built TLS enabled.
+Only if the SSL backend is OpenSSL built with engine support.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK - Engine found.
+
+CURLE_SSL_ENGINE_NOTFOUND - Engine not found, or OpenSSL was not built with
+engine support.
+
+CURLE_SSL_ENGINE_INITFAILED - Engine found but initialization failed.
+
+CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend.
+
+CURLE_UNKNOWN_OPTION - Option not recognized.
+
+CURLE_OUT_OF_MEMORY - Insufficient heap space.
 .SH "SEE ALSO"
 .BR CURLOPT_SSLENGINE_DEFAULT "(3), " CURLOPT_SSLKEY "(3), "
diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
index 27dc738e2..2fe7aed10 100644
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
@@ -28,11 +28,10 @@ CURLOPT_SSLENGINE_DEFAULT \- make SSL engine default
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE_DEFAULT, long val);
 .SH DESCRIPTION
-Pass a long set to 1 as parameter. Sets the actual crypto engine as the
-default for (asymmetric) crypto operations.
+Pass a long set to 1 to make the already specified crypto engine the default
+for (asymmetric) crypto operations.
 
-If the crypto device cannot be set, \fICURLE_SSL_ENGINE_SETFAILED\fP is
-returned.
+This option has no effect unless set after \fICURLOPT_SSLENGINE\fP.
 .SH DEFAULT
 None
 .SH PROTOCOLS
@@ -40,9 +39,16 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-If built TLS enabled.
+Only if the SSL backend is OpenSSL built with engine support.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK - Engine set as default.
+
+CURLE_SSL_ENGINE_SETFAILED - Engine could not be set as default.
+
+CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend.
+
+CURLE_UNKNOWN_OPTION - Option not recognized.
+
+CURLE_OUT_OF_MEMORY - Insufficient heap space.
 .SH "SEE ALSO"
 .BR CURLOPT_SSLENGINE "(3), " CURLOPT_SSLCERT "(3), "