Clarify a point in the documentation

commit: 27716cc1da66fbf98f212428998e7d8488eccb4e [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jun 17 11:49:39 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jun 17 14:27:38 2015 +0200
tree: 1f7f41132c1a1ebfed1ab75769cb787fce9a999d
parent: b541da6ef394d1da303a7408821c100a56a27bc2 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 318ca46..c1fca19 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1517,7 +1517,15 @@
  *                 use. The server can override our preference order.
  *
  *                 Both sides: limits the set of curves used by peer to the
- *                 listed curves for any use (ECDH(E), certificates).
+ *                 listed curves for any use ECDHE and the end-entity
+ *                 certificate.
+ *
+ * \note           This has no influence on which curve are allowed inside the
+ *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+ *                 for that. For example, if the peer's certificate chain is
+ *                 EE -> CA_int -> CA_root, then the allowed curves for EE are
+ *                 controlled by \c mbedtls_ssl_conf_curves() but for CA_int
+ *                 and CA_root it's \c mbedtls_ssl_conf_cert_profile().
  *
  * \param conf     SSL configuration
  * \param curves   Ordered list of allowed curves,
commit	27716cc1da66fbf98f212428998e7d8488eccb4e	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Jun 17 11:49:39 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Jun 17 14:27:38 2015 +0200
tree	1f7f41132c1a1ebfed1ab75769cb787fce9a999d
parent	b541da6ef394d1da303a7408821c100a56a27bc2 [diff] [blame]