Merge remote-tracking branch 'public/pr/2153' into mbedtls-2.7-restricted-proposed

2025-11-04 08:15:10 +00:00 · 2018-11-07 13:32:53 +00:00 · 2018-11-07 13:32:53 +00:00 · a5c0071cd2
parent b7d2d5c933 0b0753c588
commit a5c0071cd2
2 changed files with 9 additions and 6 deletions
--- a/2
+++ b/2
@ -41,6 +41,8 @@ Changes
   * Change the use of Windows threading to use Microsoft Visual C++ runtime
     calls, rather than Win32 API calls directly. This is necessary to avoid
     conflict with C runtime usage. Found and fixed by irwir.
+   * Improve documentation of mbedtls_ssl_get_verify_result().
+     Fixes #517 reported by github-monoculture.

 = mbed TLS 2.7.6 branch released 2018-08-31

--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -2287,13 +2287,14 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
 /**
 * \brief          Return the result of the certificate verification
 *
- * \param ssl      SSL context
+ * \param ssl      The SSL context to use.
 *
- * \return         0 if successful,
- *                 -1 if result is not available (eg because the handshake was
- *                 aborted too early), or
- *                 a combination of BADCERT_xxx and BADCRL_xxx flags, see
- *                 x509.h
+ * \return         \c 0 if the certificate verification was successful.
+ * \return         \c -1u if the result is not available. This may happen
+ *                 e.g. if the handshake aborts early, or a verification
+ *                 callback returned a fatal error.
+ * \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+ *                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
 */
 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );