From 428d3c2b1ce6ceba588027acae4d08380b24c974 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 23 Mar 2017 11:34:07 +0100
Subject: doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 NEWS                            |  1 +
 lib/includes/gnutls/gnutls.h.in | 11 +++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 9fc2b1060a..a4f1fdc801 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ See the end for copying conditions.
 ** API and ABI modifications:
 gnutls_x509_crt_set_flags: Added
 gnutls_x509_crt_check_ip: Added
+GNUTLS_DT_IP_ADDRESS: Added
 GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
 GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
 GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 31a1fdcbe2..289be64fc0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1,6 +1,6 @@
 /* -*- c -*-
  * Copyright (C) 2000-2016 Free Software Foundation, Inc.
- * Copyright (C) 2015-2016 Red Hat, Inc.
+ * Copyright (C) 2015-2017 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -1416,10 +1416,13 @@ void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certifi
  * gnutls_vdata_types_t:
  * @GNUTLS_DT_UNKNOWN: Unknown data type.
  * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be 
- *   matched using the RFC6125 rules.
- * @GNUTLS_DT_IP_ADDRESS: The data contain a raw IP address (4 or 16 bytes) - since 3.6.0
+ *   matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will
+ *   be marched against the IPAddress Alternative name, unless the verification flag %GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
+ *   is specified.
+ * @GNUTLS_DT_IP_ADDRESS: The data contain a raw IP address (4 or 16 bytes). If will be matched
+ *   against the IPAddress Alternative name; option available since 3.6.0.
  * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be
- *   matched against the RFC822Name field of the certificate, or the EMAIL DN component if the
+ *   matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the
  *   former isn't available. Prior to matching the email address will be converted to ACE
  *   (ASCII-compatible-encoding).
  * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched
-- 
cgit v1.2.1