From ec073b0ea62ef3211479cbda7ff730cbefeac0b1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 5 Apr 2026 17:01:06 +0200
Subject: [PATCH] CURLOPT_SOCKS5_AUTH.md: an access property

Reported-by: Cutiapreta on hackerone
---
 docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md
index 826fc4c1f2..7ff97484df 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md
+++ b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md
@@ -33,6 +33,15 @@ authentication, *CURLAUTH_GSSAPI*, which allows GSS-API authentication, and
 *CURLAUTH_NONE*, which allows no authentication. Set the actual username and
 password with the CURLOPT_PROXYUSERPWD(3) option.
 
+The specific socks authentication method is an *access property*, it does not
+change the security context. This means that this option changes how the
+connection and access to the proxy happens when a connection is setup, but it
+does not affect which proxy connections libcurl can reuse. libcurl may reuse a
+connection that was set up with a different socks authentication method. Proxy
+connection reuse still depends on other properties matching, such as the
+protocol, proxy hostname, port number, credentials and other settings that
+affect the connection.
+
 # DEFAULT
 
 CURLAUTH_BASIC | CURLAUTH_GSSAPI