Clarify documentation of ssl_set_own_cert() fixes #507

commit: 3aed597830ede432071618bdb664a69feb94ac89 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 25 13:24:21 2018 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Oct 29 11:13:26 2018 +0100
tree: 49eadf76cb2f2c9eacfc339e1aeffdc671c60f70
parent: e2a6f01f3f6c80891d44d87740cee43605acfd32 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c6e4532..02d66ac 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1618,6 +1618,14 @@
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
  *
+ * \note           The provided \p pk_key needs to match the public key in the
+ *                 first certificate in \p own_cert, or all handshakes using
+ *                 that certificate will fail. It is your responsibility
+ *                 to ensure that; this function will not perform any check.
+ *                 You may use mbedtls_pk_check_pair() in order to perform
+ *                 this check yourself, but be aware that this function can
+ *                 be computationally expensive on some key types.
+ *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
commit	3aed597830ede432071618bdb664a69feb94ac89	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Oct 25 13:24:21 2018 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Oct 29 11:13:26 2018 +0100
tree	49eadf76cb2f2c9eacfc339e1aeffdc671c60f70
parent	e2a6f01f3f6c80891d44d87740cee43605acfd32 [diff] [blame]