2 files changed, 9 insertions, 1 deletions

diff --git a/doc/man3/SSL_CTX_set0_CA_list.pod b/doc/man3/SSL_CTX_set0_CA_list.pod
index 618bd73e04..37a4cee9ca 100644
--- a/doc/man3/SSL_CTX_set0_CA_list.pod
+++ b/doc/man3/SSL_CTX_set0_CA_list.pod
@@ -48,7 +48,10 @@ has sent.
 =head1 NOTES
 
 These functions are generalised versions of the client authentication
-CA list functions such as L<SSL_CTX_set_client_CA_list(3)>.
+CA list functions such as L<SSL_CTX_set_client_CA_list(3)>. If both these
+and L<SSL_CTX_set_client_CA_list(3)> or similar functions are used, then the
+latter functions take priority on the server side (they are ignored on the
+client side).
 
 For TLS versions before 1.3 the list of CA names is only sent from the server
 to client when requesting a client certificate. So any list of CA names set
diff --git a/doc/man3/SSL_CTX_set_client_CA_list.pod b/doc/man3/SSL_CTX_set_client_CA_list.pod
index 76fd65e6fc..e23999aaae 100644
--- a/doc/man3/SSL_CTX_set_client_CA_list.pod
+++ b/doc/man3/SSL_CTX_set_client_CA_list.pod
@@ -34,6 +34,11 @@ the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
 
 =head1 NOTES
 
+These functions are similar to L<SSL_CTX_set0_CA_list(3)> and similar functions
+but only have an effect on the server side. These functions are present for
+backwards compatibility. L<SSL_CTX_set0_CA_list(3)> and similar functions should
+be used in preference.
+
 When a TLS/SSL server requests a client certificate (see
 B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
 it will accept certificates, to the client.