Address review comments

Author: julek-wolfssl

doc/dox_comments/header_files/asn_public.h

@@ -3378,15 +3378,20 @@ int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer,
     \brief Retrieves the subject name from a decoded certificate.
 
     This function copies the subject name string from a DecodedCert
-    structure into the provided buffer. If buf is NULL, the required
-    buffer size is returned in bufSz and LENGTH_ONLY_E is returned.
+    structure into the provided buffer. The string uses a one-line
+    distinguished name format with "/" delimiters
+    (e.g. "/C=US/O=Org/CN=example.com"). The output is NOT
+    NUL-terminated; the caller should append a NUL byte if needed.
+    If buf is NULL, the required buffer size is returned
+    in bufSz and LENGTH_ONLY_E is returned.
 
     \param cert   Pointer to the DecodedCert (must have been parsed).
     \param buf    Output buffer to receive the subject name string,
                   or NULL to query the required size.
     \param bufSz  Pointer to the buffer size. On input, the available
                   buffer size. On output, the number of bytes written
-                  or the required size if buf is NULL.
+                  (excluding any NUL terminator) or the required size
+                  if buf is NULL.
 
     \return 0 on success.
     \return LENGTH_ONLY_E when buf is NULL (bufSz contains required size).
@@ -3407,15 +3412,20 @@ int wc_GetDecodedCertSubject(const struct DecodedCert* cert,
     \brief Retrieves the issuer name from a decoded certificate.
 
     This function copies the issuer name string from a DecodedCert
-    structure into the provided buffer. If buf is NULL, the required
-    buffer size is returned in bufSz and LENGTH_ONLY_E is returned.
+    structure into the provided buffer. The string uses a one-line
+    distinguished name format with "/" delimiters
+    (e.g. "/C=US/O=Org/CN=example.com"). The output is NOT
+    NUL-terminated; the caller should append a NUL byte if needed.
+    If buf is NULL, the required buffer size is returned
+    in bufSz and LENGTH_ONLY_E is returned.
 
     \param cert   Pointer to the DecodedCert (must have been parsed).
     \param buf    Output buffer to receive the issuer name string,
                   or NULL to query the required size.
     \param bufSz  Pointer to the buffer size. On input, the available
                   buffer size. On output, the number of bytes written
-                  or the required size if buf is NULL.
+                  (excluding any NUL terminator) or the required size
+                  if buf is NULL.
 
     \return 0 on success.
     \return LENGTH_ONLY_E when buf is NULL (bufSz contains required size).

doc/dox_comments/header_files/ocsp.h

@@ -74,8 +74,9 @@ OcspRequest* wc_OcspRequest_new(void* heap);
     \brief Frees an OcspRequest structure.
 
     This function releases all resources associated with an OcspRequest
-    that was allocated with wc_OcspRequest_new(). It calls the internal
-    FreeOcspRequest() before freeing the structure itself.
+    that was allocated with wc_OcspRequest_new(). It frees any internal
+    allocations associated with the request before freeing the structure
+    itself.
 
     \param request  Pointer to the OcspRequest to free. May be NULL,
                     in which case this function is a no-op.
@@ -161,8 +162,9 @@ OcspResponse* wc_OcspResponse_new(void* heap);
     \brief Frees an OcspResponse structure.
 
     This function releases all resources associated with an OcspResponse
-    that was allocated with wc_OcspResponse_new(). It calls the internal
-    FreeOcspResponse() before freeing the structure itself.
+    that was allocated with wc_OcspResponse_new(). It frees any internal
+    allocations associated with the response before freeing the structure
+    itself.
 
     \param response  Pointer to the OcspResponse to free. May be NULL,
                      in which case this function is a no-op.
@@ -281,8 +283,14 @@ int wc_OcspResponder_AddSigner(OcspResponder* responder,
     Requires HAVE_OCSP_RESPONDER to be defined.
 
     \param responder        Pointer to the OcspResponder.
-    \param caSubject        The subject name string of the issuing CA.
-    \param caSubjectSz      Length of the caSubject string.
+    \param caSubject        The issuing CA subject name in the one-line
+                            distinguished name format used internally by
+                            the library (e.g. "/C=US/O=Org/CN=CA"). To
+                            avoid mismatches,
+                            obtain this value from wc_GetDecodedCertSubject()
+                            rather than constructing the string manually.
+    \param caSubjectSz      Length of the caSubject string in bytes,
+                            not including any NUL terminator.
     \param serial           Pointer to the certificate serial number bytes.
     \param serialSz         Size of the serial number in bytes.
     \param status           Certificate status: CERT_GOOD, CERT_REVOKED,