Enhance documentation of ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
Also, adapt ChangeLog.
diff --git a/ChangeLog b/ChangeLog
index a3171d7..d5ed6ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 1.3.22 branch released 2017-xx-xx
+
+Bugfix
+ * Fix memory leak in ssl_set_hostname() when called multiple times.
+ Found by projectgus and jethrogb, #836.
+
= mbed TLS 1.3.21 branch released 2017-08-10
Security
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 4a01bbf..9a3fb8a 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -1398,15 +1398,23 @@
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/**
- * \brief Set hostname for ServerName TLS extension
- * (client-side only)
- *
+ * \brief Set or reset the hostname to check against the received
+ * server certificate. It sets the ServerName TLS extension,
+ * too, if that extension is enabled. (client-side only)
*
* \param ssl SSL context
- * \param hostname the server hostname
+ * \param hostname the server hostname, may be NULL to clear hostname
*
- * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
- */
+ * \note Maximum hostname length SSL_MAX_HOST_NAME_LEN.
+ *
+ * \return 0 if successful, POLARSSL_ERR_SSL_MALLOC_FAILED on
+ * allocation failure, POLARSSL_ERR_BAD_INPUT_DATA on
+ * too long input hostname.
+ *
+ * \note Hostname set to the one provided on success (cleared
+ * when NULL). On allocation failure hostname is cleared.
+ * On too long input failure, old hostname is unchanged.
+*/
int ssl_set_hostname( ssl_context *ssl, const char *hostname );
/**