Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs

2019-05-03 12:54:52 +01:00 · 2019-05-03 12:54:52 +01:00 · cb063f5a5b
commit cb063f5a5b
parent f885d3bba2
2 changed files with 11 additions and 5 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1548,6 +1548,13 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
 *                     progress, this function will attempt to complete
 *                     the handshake first.
 *
+ * \note               If CID extensions have been exchanged but both client
+ *                     and server chose to use an empty CID, this function
+ *                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+ *                     (the rationale for this is that the resulting
+ *                     communication is the same as if the CID extensions
+ *                     hadn't been used).
+ *
 * \return            \c 0 on success.
 * \return            A negative error code on failure.
 */