2 files changed, 9 insertions, 3 deletions

diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h
index 2618f57..9c2d56a 100644
--- a/net/base/ssl_connection_status_flags.h
+++ b/net/base/ssl_connection_status_flags.h
@@ -19,7 +19,11 @@ enum {
 
   // We fell back to SSLv3 for this connection.
   SSL_CONNECTION_SSL3_FALLBACK = 1 << 18,
-  // The server doesn't support the renegotiation_info extension.
+
+  // The server doesn't support the renegotiation_info extension. If this bit
+  // is not set then either the extension isn't supported, or we don't have any
+  // knowledge either way. (The latter case will occur when we use an SSL
+  // library that doesn't report it, like SChannel.)
   SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
 
   // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h
index 280b497..7c14163 100644
--- a/net/base/ssl_info.h
+++ b/net/base/ssl_info.h
@@ -45,8 +45,10 @@ class SSLInfo {
   // -1 means the security strength is unknown.
   int security_bits;
 
-  // Bitmask of information about the SSL connection itself. See
-  // ssl_connection_status_flags.h for values.
+  // Information about the SSL connection itself. See
+  // ssl_connection_status_flags.h for values. The ciphersuite and compression
+  // in use are encoded within.
+  // TODO(agl): also encode the protocol version used.
   int connection_status;
 };