Merge remote-tracking branch 'public/pr/2134' into development-restricted

This commit is contained in:
Simon Butcher 2018-12-20 12:34:44 +00:00
commit 6df8c53cd4
2 changed files with 10 additions and 0 deletions

View File

@ -77,6 +77,8 @@ Bugfix
on some toolchains. Reported by phoenixmcallister. Fixes #2170. on some toolchains. Reported by phoenixmcallister. Fixes #2170.
* Fix double initialization of ECC hardware that made some accelerators * Fix double initialization of ECC hardware that made some accelerators
hang. hang.
* Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
of check for certificate/key matching. Reported by Attila Molnar, #507.
= mbed TLS 2.14.0 branch released 2018-11-19 = mbed TLS 2.14.0 branch released 2018-11-19

View File

@ -2044,6 +2044,14 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
* whether it matches those preferences - the server can then * whether it matches those preferences - the server can then
* decide what it wants to do with it. * decide what it wants to do with it.
* *
* \note The provided \p pk_key needs to match the public key in the
* first certificate in \p own_cert, or all handshakes using
* that certificate will fail. It is your responsibility
* to ensure that; this function will not perform any check.
* You may use mbedtls_pk_check_pair() in order to perform
* this check yourself, but be aware that this function can
* be computationally expensive on some key types.
*
* \param conf SSL configuration * \param conf SSL configuration
* \param own_cert own public certificate chain * \param own_cert own public certificate chain
* \param pk_key own private key * \param pk_key own private key