From 90dfe2f91261f7181e093e3a659cdea41d5c5cfe Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 21 Mar 2023 20:45:35 -0400
Subject: [PATCH] Document the horror show

---
 boring/src/x509/mod.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs
index b48655c7..e58c9efd 100644
--- a/boring/src/x509/mod.rs
+++ b/boring/src/x509/mod.rs
@@ -748,6 +748,9 @@ impl X509Extension {
     /// Some extension types, such as `subjectAlternativeName`, require an `X509v3Context` to be
     /// provided.
     ///
+    /// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL
+    /// mini-language that can read arbitrary files.
+    ///
     /// See the extension module for builder types which will construct certain common extensions.
     pub fn new(
         conf: Option<&ConfRef>,
@@ -791,6 +794,9 @@ impl X509Extension {
     /// Some extension types, such as `nid::SUBJECT_ALTERNATIVE_NAME`, require an `X509v3Context` to
     /// be provided.
     ///
+    /// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL
+    /// mini-language that can read arbitrary files.
+    ///
     /// See the extension module for builder types which will construct certain common extensions.
     pub fn new_nid(
         conf: Option<&ConfRef>,