From a15986844e3ebd71efb7b8183733dd661ce75768 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 6 Jul 2019 19:11:36 -0400
Subject: prevaricate more about anyextendedkeyusage (#4939)

---
 docs/x509/reference.rst | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 38901c7c..7156ab8c 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -2895,7 +2895,12 @@ instances. The following common OIDs are available as constants.
         .. versionadded:: 2.0
 
         Corresponds to the dotted string ``"2.5.29.37.0"``. This is used to
-        denote that a certificate may be used for _any_ purposes.
+        denote that a certificate may be used for _any_ purposes. However,
+        :rfc:`5280` additionally notes that applications that require the
+        presence of a particular purpose _MAY_ reject certificates that include
+        the ``anyExtendedKeyUsage`` OID but not the particular OID expected for
+        the application. Therefore, the presence of this OID does not mean a
+        given application will accept the certificate for all purposes.
 
 
 .. class:: AuthorityInformationAccessOID
-- 
cgit v1.2.3