From edd139fe37cf75666ee14a21c8f0a3bb00e9bc23 Mon Sep 17 00:00:00 2001
From: Rushil Mehra <rmehra@cloudflare.com>
Date: Thu, 1 Aug 2024 14:27:19 -0700
Subject: [PATCH] Document `SslCurve::nid()`

---
 boring/src/ssl/mod.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 52887b44..a79cf656 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -750,6 +750,13 @@ impl SslCurve {
 
     // We need to allow dead_code here because `SslRef::set_curves` is conditionally compiled
     // against the absence of the `kx-safe-default` feature and thus this function is never used.
+    //
+    // **NOTE**: This function only exists because the version of boringssl we currently use does
+    // not expose SSL_CTX_set1_group_ids. Because `SslRef::curve()` returns the public SSL_CURVE id
+    // as opposed to the internal NID, but `SslContextBuilder::set_curves()` requires the internal
+    // NID, we need this mapping in place to avoid breaking changes to the public API. Once the
+    // underlying boringssl version is upgraded, this should be removed in favor of the new
+    // SSL_CTX_set1_group_ids API.
     #[allow(dead_code)]
     fn nid(&self) -> Option<c_int> {
         match self.0 {