Make ssl_set_curves() work client-side too.

commit: cd49f76898446c6766886d4eb6614531b9e4c7ad [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Feb 04 15:14:13 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 06 10:28:38 2014 +0100
tree: e612098cbdeea532e7f1dc7965ca854ddc9c6514
parent: ac7194133ec165bccf56dc614321bc3012f8184e [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 3ab3629..f93abef 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -1162,14 +1162,19 @@
 #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
     defined(POLARSSL_SSL_SET_CURVES)
 /**
- * \brief          Set the allowed ECDH curves.
+ * \brief          Set the allowed curves in order of preference.
  *                 (Default: all defined curves.)
  *
- *                 The sequence of the curves in the list also determines the
- *                 handshake curve preference.
+ *                 On server: this only affects selection of the ECDHE curve;
+ *                 the curves used for ECDH and ECDSA are determined by the
+ *                 list of available certificates instead.
+ *
+ *                 On client: this affects the list of curves offered for any
+ *                 use. The server can override our preferences.
  *
  * \param ssl      SSL context
- * \param curves   Zero terminated list of the allowed ECDH curves
+ * \param curves   Ordered list of allowed curves,
+ *                 terminated by POLARSSL_ECP_DP_NONE.
  */
 void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
 #endif
commit	cd49f76898446c6766886d4eb6614531b9e4c7ad	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Feb 04 15:14:13 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Feb 06 10:28:38 2014 +0100
tree	e612098cbdeea532e7f1dc7965ca854ddc9c6514
parent	ac7194133ec165bccf56dc614321bc3012f8184e [diff] [blame]