ssl: ignore CertificateRequest's content for real - document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI.

commit: d1b7f2b8cfd8b8751d701970ef1601bc91dfc28e [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Feb 24 14:13:22 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Wed Mar 09 19:32:09 2016 +0000
tree: 39df686a90b97aa154313007d018b81d7e73e154
parent: 56e9ae2bf28ae8ca2e2cb792310272d75e2daf64 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b778255..24d5678 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1594,7 +1594,12 @@
  *                 adequate, preference is given to the one set by the first
  *                 call to this function, then second, etc.
  *
- * \note           On client, only the first call has any effect.
+ * \note           On client, only the first call has any effect. That is,
+ *                 only one client certificate can be provisioned. The
+ *                 server's preferences in its CertficateRequest message will
+ *                 be ignored and our only cert will be sent regardless of
+ *                 whether it matches those preferences - the server can then
+ *                 decide what it wants to do with it.
  *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
commit	d1b7f2b8cfd8b8751d701970ef1601bc91dfc28e	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Feb 24 14:13:22 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Wed Mar 09 19:32:09 2016 +0000
tree	39df686a90b97aa154313007d018b81d7e73e154
parent	56e9ae2bf28ae8ca2e2cb792310272d75e2daf64 [diff] [blame]