Update comments

ext/puma_http11/mini_ssl.c

@@ -804,6 +804,10 @@ void Init_mini_ssl(VALUE puma) {
 
   rb_define_method(eng, "init?", engine_init, 0);
 
+  /* @!attribute [r] peercert
+   * Returns `nil` when `MiniSSL::Context#verify_mode` is set to `VERIFY_NONE`.
+   * @return [String, nil] DER encoded cert
+   */
   rb_define_method(eng, "peercert", engine_peercert, 0);
 
   rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0);

lib/puma/minissl.rb

@@ -184,6 +184,11 @@ def peeraddr
         @socket.peeraddr
       end
 
+      # OpenSSL is loaded in `MiniSSL::ContextBuilder` when
+      # `MiniSSL::Context#verify_mode` is not `VERIFY_NONE`.
+      # When `VERIFY_NONE`, `MiniSSL::Engine#peercert` is nil, regardless of
+      # whether the client sends a cert.
+      # @return [OpenSSL::X509::Certificate, nil]
       # @!attribute [r] peercert
       def peercert
         return @peercert if @peercert

lib/puma/minissl/context_builder.rb

@@ -52,7 +52,7 @@ def context
               log_writer.error "Please specify the SSL ca via 'ca='"
             end
             # needed for Puma::MiniSSL::Socket#peercert, env['puma.peercert']
-            require 'openssl' unless Object.const_defined? :OpenSSL
+            require 'openssl'
           end
 
           ctx.ca = params['ca'] if params['ca']