Improve documentation about HelloVerifyRequest

parent 398b206f
......@@ -1141,7 +1141,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
* \brief Register callbacks for DTLS cookies
* (Server only. DTLS only.)
*
* Default: dummy callbacks that fail, to force you to
* Default: dummy callbacks that fail, in order to force you to
* register working callbacks (and initialize their context).
*
* To disable HelloVerifyRequest, register NULL callbacks.
......@@ -1151,6 +1151,10 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
* Only disable if you known this can't happen in your
* particular environment.
*
* \note See comments on \c mbedtls_ssl_handshake() about handling
* the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
* on the first handshake attempt when this is enabled.
*
* \param conf SSL configuration
* \param f_cookie_write Cookie write callback
* \param f_cookie_check Cookie check callback
......@@ -1980,6 +1984,13 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
*
* \return 0 if successful, MBEDTLS_ERR_SSL_WANT_READ,
* MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code.
*
* \note If this function returns non-zero, then the ssl context
* becomes unusable, and you should either free it or call
* \c mbedtls_ssl_session_reset() on it before re-using it.
* If DTLS is in use, then you may choose to handle
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
* purposes, but you still need to reset/free the context.
*/
int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment