From d41c785d695de4b5f2d947aa507a6a0ae41a8936 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Tue, 30 Dec 2008 13:02:02 +0000
Subject: Document dead code.

---
 ssl/s23_clnt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index cc6c527f19..0912528f89 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -368,6 +368,10 @@ static int ssl23_client_hello(SSL *s)
 				ch_len=SSL2_MAX_CHALLENGE_LENGTH;
 
 			/* write out sslv2 challenge */
+			/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
+			   because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
+			   or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
+			   check in for futurproofing */
 			if (SSL3_RANDOM_SIZE < ch_len)
 				i=SSL3_RANDOM_SIZE;
 			else
@@ -544,6 +548,10 @@ static int ssl23_get_server_hello(SSL *s)
 			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
 
 		/* write out sslv2 challenge */
+		/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
+		   it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
+		   SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
+		   futurproofing */
 		i=(SSL3_RANDOM_SIZE < ch_len)
 			?SSL3_RANDOM_SIZE:ch_len;
 		s->s2->challenge_length=i;
-- 
cgit v1.2.3