Change wording in documentation of PSK configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 57d2085..3fab9f8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2693,20 +2693,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/**
- * \brief Configure one or more pre-shared keys (PSKs) and their
+ * \brief Configure pre-shared keys (PSKs) and their
* identities to be used in PSK-based ciphersuites.
*
- * This function may be called multiple times to attempt
- * to register multiple PSKs. The number of supported PSKs
- * is version-specific (see below for the current limit).
- * Once the limit is reached, this function fails, maintaining
- * the PSKs previously configured and ignoring the excess request.
- * This behavior is in contrast to Mbed TLS 2.x, where later
- * invocations would overwrite the effect of earlier calls.
- *
- * \note Currently, the library supports only support a single PSK,
- * but this limit is not part of the API and may change in
- * future minor versions.
+ * Only one PSK can be registered, through either
+ * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+ * If you attempt to register more than one PSK, this function
+ * fails, though this may change in future versions, which
+ * may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@@ -2727,8 +2721,7 @@
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
- * can be configured. In this case, the SSL configuration
- * remains usable, but the PSK has not been configured.
+ * can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
@@ -2740,17 +2733,11 @@
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
*
- * This function may be called multiple times to attempt
- * to register multiple PSKs. The number of supported PSKs
- * is version-specific (see below for the current limit).
- * Once the limit is reached, this function fails, maintaining
- * the PSKs previously configured and ignoring the excess request.
- * This behavior is in contrast to Mbed TLS 2.x, where later
- * invocations would overwrite the effect of earlier calls.
- *
- * \note Currently, the library supports only support a single PSK,
- * but this limit is not part of the API and may change in
- * future minor versions.
+ * Only one PSK can be registered, through either
+ * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+ * If you attempt to register more than one PSK, this function
+ * fails, though this may change in future versions, which
+ * may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@@ -2776,8 +2763,7 @@
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
- * can be configured. In this case, the SSL configuration
- * remains usable, but the PSK has not been configured.
+ * can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,