clarify comments

include/aws/io/tls_channel_handler.h

@@ -235,9 +235,8 @@ struct aws_tls_ctx_options {
     struct aws_byte_buf pkcs12_password;
 
     /**
-     * When adding items to the keychain, SecItem allows the setting of attributes
-     * that control various options and settings related to access of the items. This
-     * struct contains the various attributes we currently support.
+     * The settings we expose controls to when adding items to the keychain using
+     * SecItem are contained within this struct.
      */
     struct aws_secitem_options *secitem_options;
 

source/channel_bootstrap.c

@@ -652,9 +652,9 @@ static void s_attempt_connection(struct aws_task *task, void *arg, enum aws_task
         goto socket_init_failed;
     }
 
-    /* SecItem TLS negotiation requires access to stored SecItem identity during connect call
-     * and host_name for server verification. We make shallow copies here that will outlive
-     * usage of the underlying data. */
+    /* Apple Network Framework TLS negotiation requires access to the stored SecItem identity
+     * and host_name. We make pointer copies here. The objects contained within the pointers
+     * will outlive the nw_connection's access to them. */
     if (task_data->args->channel_data.use_tls) {
         outgoing_socket->options.tls_ctx = task_data->args->channel_data.tls_options.ctx;
         outgoing_socket->options.host_name = task_data->args->host_name;