From 5ffc220f16bd1c30c9f7f48708b657629aebd128 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 17 May 2017 18:59:53 +0300 Subject: [PATCH] Documentation error in `mbedtls_ssl_get_session` Fix Documentation error in `mbedtls_ssl_get_session`. This function supports deep copying of the session, and the peer certificate is not lost anymore, Resolves #926 --- ChangeLog | 3 +++ include/mbedtls/ssl.h | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 44533d2ae..10f07736d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ Bugfix return value. Found by @davidwu2000. #839 * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber, Philippe Antoine. Fixes #1623. + * Remove wrong documentation for `mbedtls_ssl_get_session`. + This API has deep copy of the session, and the peer + certificate is not lost. #926 Changes * Change the shebang line in Perl scripts to look up perl in the PATH. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 39b7f290a..ac9a3f3ce 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2737,7 +2737,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * \brief Save session in order to resume it later (client-side only) * Session data is copied to presented session structure. * - * \warning Currently, peer certificate is lost in the operation. * * \param ssl SSL context * \param session session context @@ -2747,6 +2746,11 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or * arguments are otherwise invalid * + * \note Only the server certificate is copied, and not the chain + * but this is not a problem because the result of the chain + * verification is stored in `verify_result` and can be checked + * with \c mbedtls_ssl_get_verify_result() + * * \sa mbedtls_ssl_set_session() */ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );