Merge remote-tracking branch 'public/pr/2152' into mbedtls-2.1-proposed
diff --git a/ChangeLog b/ChangeLog
index e6df8fb..88a3d3a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,8 @@
* Change the use of Windows threading to use Microsoft Visual C++ runtime
calls, rather than Win32 API calls directly. This is necessary to avoid
conflict with C runtime usage. Found and fixed by irwir.
+ * Improve documentation of mbedtls_ssl_get_verify_result().
+ Fixes #517 reported by github-monoculture.
= mbed TLS 2.1.15 branch released 2018-08-31
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d98e5ed..1fe8d8c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1998,13 +1998,14 @@
/**
* \brief Return the result of the certificate verification
*
- * \param ssl SSL context
+ * \param ssl The SSL context to use.
*
- * \return 0 if successful,
- * -1 if result is not available (eg because the handshake was
- * aborted too early), or
- * a combination of BADCERT_xxx and BADCRL_xxx flags, see
- * x509.h
+ * \return \c 0 if the certificate verification was successful.
+ * \return \c -1u if the result is not available. This may happen
+ * e.g. if the handshake aborts early, or a verification
+ * callback returned a fatal error.
+ * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+ * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
*/
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );