diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 143056f6a..a7fecedfd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2179,8 +2179,8 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
 
                 ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len);
 
-                // Return unconditionally here until we handle the record size limit correctly.
-                // Once handled correctly, only return in case of errors.
+                /* TODO: Return unconditionally here until we handle the record size limit correctly.
+                 *            Once handled correctly, only return in case of errors. */
                 return ret;
 
                 break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 75854fc6a..669a90a9b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1568,7 +1568,8 @@ int mbedtls_ssl_tls13_check_received_extension(
 }
 
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
-/* From RFC 8449:
+/* RFC 8449, section 4:
+ *
  * The ExtensionData of the "record_size_limit" extension is
  * RecordSizeLimit:
  *     uint16 RecordSizeLimit;
@@ -1578,10 +1579,14 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                   const unsigned char *buf,
                                                   const unsigned char *end)
 {
+    const unsigned char *p = buf;
+    uint16_t record_size_limit;
     const size_t extension_data_len = end - buf;
+
     if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
         MBEDTLS_SSL_DEBUG_MSG(2,
-                              ("record_size_limit extension has invalid length: %zu Bytes",
+                              ("record_size_limit extension has invalid length: %"
+                               MBEDTLS_PRINTF_SIZET " Bytes",
                                extension_data_len));
 
         MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -1590,15 +1595,12 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
         return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
-    const unsigned char *p = buf;
-    uint16_t record_size_limit;
-
     MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
     record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
 
-    /* RFC 8449 section 4
+    /* RFC 8449, section 4
      *
      * Endpoints MUST NOT send a "record_size_limit" extension with a value
      * smaller than 64.  An endpoint MUST treat receipt of a smaller value
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 1e1462c30..bccf9abec 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1591,8 +1591,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 
                 ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end);
 
-                // Return unconditionally here until we handle the record size limit correctly.
-                // Once handled correctly, only return in case of errors.
+                /* TODO: Return unconditionally here until we handle the record size limit correctly.
+                 *            Once handled correctly, only return in case of errors. */
                 return ret;
 
                 break;