Document that SSL_PRIVATE_KEY_METHOD should configure signing prefs.

Otherwise BoringSSL may select one the private key does not support.

Change-Id: Ia0a57657bd6dedaa6653c23cc850bb6b6fa8f219
Reviewed-by: Adam Langley <>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ed5e64f..82e1da8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1219,6 +1219,11 @@
 // key hooks. This is used to off-load signing operations to a custom,
 // potentially asynchronous, backend. Metadata about the key such as the type
 // and size are parsed out of the certificate.
+// Callers that use this structure should additionally call
+// |SSL_set_signing_algorithm_prefs| or |SSL_CTX_set_signing_algorithm_prefs|
+// with the private key's capabilities. This ensures BoringSSL will select a
+// suitable signature algorithm for the private key.
 struct ssl_private_key_method_st {
   // sign signs the message |in| in using the specified signature algorithm. On
   // success, it returns |ssl_private_key_success| and writes at most |max_out|