From 2f93a0e6bb584b6a6a5f9d5586d9454dffda5c3c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 30 Mar 2026 23:11:38 +0200
Subject: [PATCH] CURLOPT_SSL_CTX_FUNCTION.md: expand on effects connection
 reuse

Closes #21164
---
 docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md
index 0536f3c7b3..f0460e5357 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md
@@ -70,6 +70,13 @@ anything about it, which then subsequently can lead to libcurl unknowingly
 reusing SSL connections with different properties. To remedy this you may set
 CURLOPT_FORBID_REUSE(3) from the callback function.
 
+A connection that is set up with this callback can be put in the connection
+pool by libcurl and then reused in following transfers without the callback
+being called. The connection may even be selected from the pool to be used for
+transfers not using this callback. If the callback should only be valid for
+the specific transfer the callback verifies, it should be marked unsuitable
+for reuse with CURLOPT_FORBID_REUSE(3).
+
 If you are using DNS-over-HTTPS (DoH) via CURLOPT_DOH_URL(3) then this
 callback is also called for those transfers and the curl handle is set to an
 internal handle. **This behavior is subject to change.** We recommend setting