From dc25a9751266c1b0c512665b4be3c3b4b88d4fcf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 Aug 2018 08:30:57 +0200
Subject: CURLOPT_SSL_CTX_FUNCTION.3: this can cause unintended connectionc
 reuse [ci skip]

Added a warning!
---
 docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
index 3a54ef36c..779ee7812 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -57,6 +57,11 @@ To use this properly, a non-trivial amount of knowledge of your SSL library is
 necessary. For example, you can use this function to call library-specific
 callbacks to add additional validation code for certificates, and even to
 change the actual URI of an HTTPS request.
+
+WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application
+to reach in and modify SSL details in the connection without libcurl itself
+knowing anything about it, which then sunsequently can lead to libcurl
+unknowingly reusing SSL connections with different properties.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-- 
cgit v1.2.1