Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed
diff --git a/ChangeLog b/ChangeLog
index 51ad727..372d801 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Changes
+ * Clarify the documentation of mbedtls_ssl_setup.
+
= mbed TLS 2.7.1 branch released 2018-02-23
Default behavior changes
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 51e843a..5ee9e9d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -971,8 +971,13 @@
* \note No copy of the configuration context is made, it can be
* shared by many mbedtls_ssl_context structures.
*
- * \warning Modifying the conf structure after it has been used in this
- * function is unsupported!
+ * \warning The conf structure will be accessed during the session.
+ * It must not be modified or freed as long as the session
+ * is active.
+ *
+ * \warning This function must be called exactly once per context.
+ * Calling mbedtls_ssl_setup again is not supported, even
+ * if no session is active.
*
* \param ssl SSL context
* \param conf SSL configuration to use