From 101c311c1c757a9654dbf078abd911cf5324d0a6 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Mon, 20 Jun 2016 20:21:19 -0400
Subject: Rewrite a comment. (#3004)

d2i_AutoPrivateKey is less useful than we thought
---
 src/cryptography/hazmat/backends/openssl/backend.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 7343fdb0..9c0af350 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1078,10 +1078,10 @@ class Backend(object):
                 self._handle_key_loading_error()
 
     def load_der_private_key(self, data, password):
-        # OpenSSL has a function called d2i_AutoPrivateKey that can simplify
-        # this. Unfortunately it doesn't properly support PKCS8 on OpenSSL
-        # 0.9.8 so we can't use it. Instead we sequentially try to load it 2
-        # different ways. First we'll try to load it as a traditional key
+        # OpenSSL has a function called d2i_AutoPrivateKey that in theory
+        # handles this automatically, however it doesn't handle encrypted
+        # private keys. Instead we try to load the key two different ways.
+        # First we'll try to load it as a traditional key.
         bio_data = self._bytes_to_bio(data)
         key = self._evp_pkey_from_der_traditional_key(bio_data, password)
         if key:
-- 
cgit v1.2.3