commit 29d7d4da2ff5b95c8fdb8af7c76f4b349e10a5b6
author Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 10 23:51:58 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 10 23:51:58 2018 +0100
tree d865f12595bc4ae13c286985575744254360a4a3
parent 1bf6123fca97a9a35c2f403ab0c96495f9580db6
parent 9c4f4038ddbf0b3999649385846a0b66623b6cbc

Merge remote-tracking branch 'upstream-public/pr/936' into development-proposed

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 68fb6f5..dd72d5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,7 @@
    * Remove support for the library reference configuration for picocoin.
    * MD functions deprecated in 2.7.0 are no longer inline, to provide
      a migration path for those depending on the library's ABI.
+   * Clarify the documentation of mbedtls_ssl_setup.
 
 = mbed TLS 2.7.0 branch released 2018-02-03
 

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 51e843a..5ee9e9d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -971,8 +971,13 @@
  * \note           No copy of the configuration context is made, it can be
  *                 shared by many mbedtls_ssl_context structures.
  *
- * \warning        Modifying the conf structure after it has been used in this
- *                 function is unsupported!
+ * \warning        The conf structure will be accessed during the session.
+ *                 It must not be modified or freed as long as the session
+ *                 is active.
+ *
+ * \warning        This function must be called exactly once per context.
+ *                 Calling mbedtls_ssl_setup again is not supported, even
+ *                 if no session is active.
  *
  * \param ssl      SSL context
  * \param conf     SSL configuration to use