Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa6d232..5acdbd5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1628,6 +1628,13 @@
* progress, this function will attempt to complete
* the handshake first.
*
+ * \note If CID extensions have been exchanged but both client
+ * and server chose to use an empty CID, this function
+ * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+ * (the rationale for this is that the resulting
+ * communication is the same as if the CID extensions
+ * hadn't been used).
+ *
* \return \c 0 on success.
* \return A negative error code on failure.
*/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a0f9584..5cb15f5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -165,11 +165,10 @@
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- /* What shall we report if we have exchanged if both client
- * and server have used the CID extension, but negotiated
- * empty CIDs? This is indistinguishable from not using the
- * CID extension in the first place, and we're reporting
- * MBEDTLS_SSL_CID_DISABLED in this case. */
+ /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
+ * were used, but client and server requested the empty CID.
+ * This is indistinguishable from not using the CID extension
+ * in the first place. */
if( ssl->transform_in->in_cid_len == 0 &&
ssl->transform_in->out_cid_len == 0 )
{