Documentation error in mbedtls_ssl_get_session

Fix Documentation error in `mbedtls_ssl_get_session`. This function supports deep copying of the session, and the peer certificate is not lost anymore, Resolves #926
2017-05-17 18:59:53 +03:00 · 2017-05-17 18:59:53 +03:00 · 5ffc220f16
commit 5ffc220f16
parent 1ab9b57148
2 changed files with 8 additions and 1 deletions
--- a/3
+++ b/3
@ -18,6 +18,9 @@ Bugfix
     return value. Found by @davidwu2000. #839
   * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
     Philippe Antoine. Fixes #1623.
+   * Remove wrong documentation for `mbedtls_ssl_get_session`.
+     This API has deep copy of the session, and the peer
+     certificate is not lost. #926

 Changes
   * Change the shebang line in Perl scripts to look up perl in the PATH.
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -2737,7 +2737,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
 * \brief          Save session in order to resume it later (client-side only)
 *                 Session data is copied to presented session structure.
 *
- * \warning        Currently, peer certificate is lost in the operation.
 *
 * \param ssl      SSL context
 * \param session  session context
@ -2747,6 +2746,11 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
 *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
 *                 arguments are otherwise invalid
 *
+ * \note           Only the server certificate is copied, and not the chain
+ *                 but this is not a problem because the result of the chain
+ *                 verification is stored in `verify_result` and can be checked
+ *                 with \c mbedtls_ssl_get_verify_result()
+ *
 * \sa             mbedtls_ssl_set_session()
 */
 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );