Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa6d232..5acdbd5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1628,6 +1628,13 @@
  *                     progress, this function will attempt to complete
  *                     the handshake first.
  *
+ * \note               If CID extensions have been exchanged but both client
+ *                     and server chose to use an empty CID, this function
+ *                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+ *                     (the rationale for this is that the resulting
+ *                     communication is the same as if the CID extensions
+ *                     hadn't been used).
+ *
  * \return            \c 0 on success.
  * \return            A negative error code on failure.
  */