Clarify documentation of ssl_set_own_cert() fixes #507

commit: d8e3a1ef665082f314cc000f77804dfe17c85782 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 25 13:24:21 2018 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Oct 29 09:52:10 2018 +0100
tree: 12c9057d913f29105652acab632d4370b5598660
parent: c774e329390293b4f3cafadea86b3feb5579e36f [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 83849a5..78db69e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -2043,6 +2043,14 @@
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
  *
+ * \note           The provided \p pk_key needs to match the public key in the
+ *                 first certificate in \p own_cert, or all handshakes using
+ *                 that certificate will fail. It is your responsibility
+ *                 to ensure that; this function will not perform any check.
+ *                 You may use mbedtls_pk_check_pair() in order to perform
+ *                 this check yourself, but be aware that this function can
+ *                 be computationally expensive on some key types.
+ *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
commit	d8e3a1ef665082f314cc000f77804dfe17c85782	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Oct 25 13:24:21 2018 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Oct 29 09:52:10 2018 +0100
tree	12c9057d913f29105652acab632d4370b5598660
parent	c774e329390293b4f3cafadea86b3feb5579e36f [diff] [blame]