commit af18faca22b86be7fbc63749004ca93133d3a81d
author Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 10 23:52:22 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Sat Mar 10 23:52:22 2018 +0100
tree d6150a918d0126df737fed0b8c353a7899569429
parent 7fded85f43f3ee6421df8c5613ec1e2de8f70524
parent 01dcea7f167c9e93fa8f27ad01d8c6fa108557cf

Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 895c4ec..a9e31e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,9 @@
      daniel in the Mbed TLS forum. #1351
    * Fix Windows x64 builds with the included mbedTLS.sln file. #1347
 
+Changes
+   * Clarified the documentation of mbedtls_ssl_setup.
+
 = mbed TLS 2.1.10 branch released 2018-02-03
 
 Security

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 12a98eb..ce6e08b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -839,8 +839,13 @@
  * \note           No copy of the configuration context is made, it can be
  *                 shared by many mbedtls_ssl_context structures.
  *
- * \warning        Modifying the conf structure after is has been used in this
- *                 function is unsupported!
+ * \warning        The conf structure will be accessed during the session.
+ *                 It must not be modified or freed as long as the session
+ *                 is active.
+ *
+ * \warning        This function must be called exactly once per context.
+ *                 Calling mbedtls_ssl_setup again is not supported, even
+ *                 if no session is active.
  *
  * \param ssl      SSL context
  * \param conf     SSL configuration to use