commit ce00ac4a29b8a096c2e9158e571ee4c4c1273f32
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Feb 12 23:35:54 2025 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Feb 13 21:24:01 2025 +0100
tree 55f3d94c8829c1f94e5ab4a1ad3e2738e5cbcf37
parent e61852e4d2fabe9f37d38242050f26e8508ad8ec

Update the documentation of ssl->hostname

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 42fffbf..a7bfd7b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1884,8 +1884,16 @@
      * User settings
      */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    char *MBEDTLS_PRIVATE(hostname);             /*!< expected peer CN for verification
-                                                    (and SNI if available)                 */
+    /** Expected peer CN for verification.
+     *
+     * Also used on clients for SNI,
+     * and for TLS 1.3 session resumption using tickets.
+     *
+     * If this is \p NULL, the peer name verification is skipped,
+     * the server_name extension is not sent, and the server name is ignored
+     * in TLS 1.3 session resumption using tickets.
+     */
+    char *MBEDTLS_PRIVATE(hostname);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_ALPN)