From 958efeb48161e42942a1cdd6b144488663f894e4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 25 Feb 2019 10:13:43 +0000 Subject: Improve documentation of mbedtls_ssl_get_peer_cert() --- include/mbedtls/ssl.h | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dad8ebd..6e23379 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2998,20 +2998,16 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); /** * \brief Return the peer certificate from the current connection. * - * For ciphersuites not using certificate-based peer - * authentication (such as PSK-based ciphersuites), no - * peer certificate is available, and this function returns - * \c NULL. - * * \param ssl The SSL context to use. This must be initialized and setup. * - * \return The current peer certificate, or \c NULL if - * none is available, which might be because the chosen - * ciphersuite does not use peer certificates, or because - * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled. - * If this functions does not return \c NULL, the returned - * certificate is owned by the SSL context and valid only - * until the next call to the SSL API. + * \return The current peer certificate, if available. + * The returned certificate is owned by the SSL context and + * is valid only until the next call to the SSL API. + * \return \c NULL if no peer certificate is available. This might + * be because the chosen ciphersuite doesn't use CRTs + * (PSK-based ciphersuites, for example), or because + * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, + * allowing the stack to free the peer's CRT to save memory. * * \note For one-time inspection of the peer's certificate during * the handshake, consider registering an X.509 CRT verification -- cgit v1.1