Clarify documentation of ssl_set_own_cert() fixes #507

commit: 162f682db30b48051f02ca7bb621b191a2519bfc [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 25 13:24:21 2018 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Oct 29 11:12:27 2018 +0100
tree: e78a54f1fa8dba21d80ca839622e3334a0ea19d6
parent: 4acdf6dea87e868d7381a4d792099a4acb2288d1 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d98e5ed..1e8998a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1408,6 +1408,14 @@
  *
  * \note           On client, only the first call has any effect.
  *
+ * \note           The provided \p pk_key needs to match the public key in the
+ *                 first certificate in \p own_cert, or all handshakes using
+ *                 that certificate will fail. It is your responsibility
+ *                 to ensure that; this function will not perform any check.
+ *                 You may use mbedtls_pk_check_pair() in order to perform
+ *                 this check yourself, but be aware that this function can
+ *                 be computationally expensive on some key types.
+ *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
commit	162f682db30b48051f02ca7bb621b191a2519bfc	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Oct 25 13:24:21 2018 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Oct 29 11:12:27 2018 +0100
tree	e78a54f1fa8dba21d80ca839622e3334a0ea19d6
parent	4acdf6dea87e868d7381a4d792099a4acb2288d1 [diff] [blame]