Fix NETSCAPE_SPKI_get_pubkey documentation. I got that wrong. It passes ownership to the caller. It calls X509_PUBKEY_get which bumps the refcount. Change-Id: I46b7eabcf56f68bb1f745bc2f64091640e97c0bf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44084 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: 5656fec512a8dfd2833fbf47b6aaa76364c26fad [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Nov 13 18:04:27 2020 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Nov 17 23:58:07 2020 +0000
tree: a2546ea6b659fc363a1dad2cc142044cd947f26b
parent: 53bbb1803640d51b25036fa5406d8a9f8252f618 [diff]
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 7fd3a27..a75442f 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -697,9 +697,8 @@
 OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
 
 // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
-// |EVP_PKEY|, or NULL on error. The resulting pointer is non-owning and valid
-// until |spki| is released or mutated. The caller should take a reference with
-// |EVP_PKEY_up_ref| to extend the lifetime.
+// |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
+// pointer and must call |EVP_PKEY_free| when done.
 OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
 
 // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
commit	5656fec512a8dfd2833fbf47b6aaa76364c26fad	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Nov 13 18:04:27 2020 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Nov 17 23:58:07 2020 +0000
tree	a2546ea6b659fc363a1dad2cc142044cd947f26b
parent	53bbb1803640d51b25036fa5406d8a9f8252f618 [diff]