diff options
author | Hanno Becker <hanno.becker@arm.com> | 2019-02-25 10:13:43 +0000 |
---|---|---|
committer | Hanno Becker <hanno.becker@arm.com> | 2019-02-26 14:38:09 +0000 |
commit | 958efeb48161e42942a1cdd6b144488663f894e4 (patch) | |
tree | ffdd5d72c96db462a3e7e81b5530b89701238515 | |
parent | fd7f298c6a460fa391e769b7d91ee312af592a6b (diff) | |
download | mbedtls-958efeb48161e42942a1cdd6b144488663f894e4.zip mbedtls-958efeb48161e42942a1cdd6b144488663f894e4.tar.gz mbedtls-958efeb48161e42942a1cdd6b144488663f894e4.tar.bz2 |
Improve documentation of mbedtls_ssl_get_peer_cert()
-rw-r--r-- | include/mbedtls/ssl.h | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dad8ebd..6e23379 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2998,20 +2998,16 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); /** * \brief Return the peer certificate from the current connection. * - * For ciphersuites not using certificate-based peer - * authentication (such as PSK-based ciphersuites), no - * peer certificate is available, and this function returns - * \c NULL. - * * \param ssl The SSL context to use. This must be initialized and setup. * - * \return The current peer certificate, or \c NULL if - * none is available, which might be because the chosen - * ciphersuite does not use peer certificates, or because - * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled. - * If this functions does not return \c NULL, the returned - * certificate is owned by the SSL context and valid only - * until the next call to the SSL API. + * \return The current peer certificate, if available. + * The returned certificate is owned by the SSL context and + * is valid only until the next call to the SSL API. + * \return \c NULL if no peer certificate is available. This might + * be because the chosen ciphersuite doesn't use CRTs + * (PSK-based ciphersuites, for example), or because + * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, + * allowing the stack to free the peer's CRT to save memory. * * \note For one-time inspection of the peer's certificate during * the handshake, consider registering an X.509 CRT verification |