mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 20:25:38 +00:00
Clarify a point in the documentation
This commit is contained in:
parent
b541da6ef3
commit
27716cc1da
|
@ -1517,7 +1517,15 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
* use. The server can override our preference order.
|
||||
*
|
||||
* Both sides: limits the set of curves used by peer to the
|
||||
* listed curves for any use (ECDH(E), certificates).
|
||||
* listed curves for any use ECDHE and the end-entity
|
||||
* certificate.
|
||||
*
|
||||
* \note This has no influence on which curve are allowed inside the
|
||||
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
|
||||
* for that. For example, if the peer's certificate chain is
|
||||
* EE -> CA_int -> CA_root, then the allowed curves for EE are
|
||||
* controlled by \c mbedtls_ssl_conf_curves() but for CA_int
|
||||
* and CA_root it's \c mbedtls_ssl_conf_cert_profile().
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param curves Ordered list of allowed curves,
|
||||
|
|
|
@ -301,6 +301,10 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
|||
* \note Same as \c mbedtls_x509_crt_verify(), but with explicit
|
||||
* security profile.
|
||||
*
|
||||
* \note The restrictions on keys (RSA minimum size, allowed curves
|
||||
* for ECDSA) only applys to (intermediate) CAs, not to the
|
||||
* end-entity certificate.
|
||||
*
|
||||
* \param crt a certificate to be verified
|
||||
* \param trust_ca the trusted CA chain
|
||||
* \param ca_crl the CRL chain for trusted CA's
|
||||
|
|
Loading…
Reference in a new issue