From 254530f2e01a025ea4fae74d9a3864d5a3309305 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 17 May 2017 18:59:53 +0300 Subject: [PATCH] Documentation error in `mbedtls_ssl_get_session` Fix Documentation error in `mbedtls_ssl_get_session`. This function supports deep copying of the session, and the peer certificate is not lost anymore, Resolves #926 --- ChangeLog | 7 +++++++ include/mbedtls/ssl.h | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 588b833e82..f5c1789192 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Remove wrong documentation for `mbedtls_ssl_get_session`. + This API has deep copy of the session, and the peer + certificate is not lost. #926 + = mbed TLS 2.1.13 branch released 2018-06-18 Bugfix diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8573283647..8e234ef34e 100755 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2081,7 +2081,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * \brief Save session in order to resume it later (client-side only) * Session data is copied to presented session structure. * - * \warning Currently, peer certificate is lost in the operation. * * \param ssl SSL context * \param session session context @@ -2091,6 +2090,11 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or * arguments are otherwise invalid * + * \note Only the server certificate is copied, and not the chain + * but this is not a problem because the result of the chain + * verification is stored in `verify_result` and can be checked + * with \c mbedtls_ssl_get_verify_result() + * * \sa mbedtls_ssl_set_session() */ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );