Improve some comments, fix some typos
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index f4bc746..b7fd9e0 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -287,7 +287,7 @@
* chaining up to those CAs will be trusted, and (2)
* self-signed end-entity certificates to be trusted (for
* specific peers you know) - in that case, the self-signed
- * certificate doens't need to have the CA bit set.
+ * certificate doesn't need to have the CA bit set.
*
* \param crt a certificate (chain) to be verified
* \param trust_ca the list of trusted CAs (see note above)
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 28f1378..234c3e3f 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -6,9 +6,10 @@
#
# Purpose
#
-# To test the code dependencies on individual PK algs in each test suite. This
-# is a verification step to ensure we don't ship test suites that do not work
-# for some build options.
+# To test the code dependencies on individual PK algs (those that can be used
+# from the PK layer, so currently signature and encryption but not key
+# exchange) in each test suite. This is a verification step to ensure we don't
+# ship test suites that do not work for some build options.
#
# The process is:
# for each possible PK alg
@@ -38,6 +39,8 @@
my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p';
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` );
+# Some algorithms can't be disabled on their own as others depend on them, so
+# we list those reverse-dependencies here to keep check_config.h happy.
my %algs = (
'MBEDTLS_ECDSA_C' => [],
'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'],