From 907e95aa2033c6f62e86ab123e8806e05912e21a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 23 Jan 2020 15:51:40 +0100
Subject: [PATCH] Clarify that what we're dropping is pkcs11-helper support

The PKCS11 module does not directly interface with PKCS#11 (also known
as Cryptoki), but with the pkcs11-helper library.
---
 ChangeLog                | 5 +++--
 include/mbedtls/config.h | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 12836ed3c..852bd5beb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS X.X.X branch released XXXX-XX-XX
 
 New deprecations
-   * Deprecate MBEDTLS_PKCS11_C that enables the wrapper for PKCS#11 smartcard
-     support.
+   * Deprecate for MBEDTLS_PKCS11_C, the wrapper around the pkcs11-helper
+     library which allows TLS authentication to use keys stored in a
+     PKCS#11 token such as a smartcard.
 
 Bugfix
    * Allow loading symlinked certificates. Fixes #3005. Reported and fixed
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 62f544647..0983d0fd6 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2812,7 +2812,7 @@
 /**
  * \def MBEDTLS_PKCS11_C
  *
- * Enable wrapper for PKCS#11 smartcard support.
+ * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
  *
  * \deprecated This option is deprecated and will be removed in a future
  *             version of Mbed TLS.