From 79ad28661e139fce25911554c1fd8e4f81dcc126 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 29 Apr 2019 11:15:43 +0200
Subject: [PATCH 1/4] Reword ssl_conf_max_frag_len documentation for clarity

---
 include/mbedtls/ssl.h | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5593a5282..9f444133f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2106,12 +2106,23 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
- * \brief          Set the maximum fragment length to emit and/or negotiate
- *                 (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ * \brief          Set the maximum fragment length to emit and/or negotiate.
+ *                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+ *                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
  *                 (Server: set maximum fragment length to emit,
- *                 usually negotiated by the client during handshake
+ *                 usually negotiated by the client during handshake)
  *                 (Client: set maximum fragment length to emit *and*
  *                 negotiate with the server during handshake)
+ *                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+ *
+ * \note           On the client side, the maximum fragment length extension
+ *                 *will not* be used, unless the maximum fragment length has
+ *                 been set via this function to a value different than
+ *                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+ *
+ * \note           This sets the maximum length for a record's payload,
+ *                 excluding record overhead that will be added to it, see
+ *                 \c mbedtls_ssl_get_record_expansion().
  *
  * \param conf     SSL configuration
  * \param mfl_code Code for maximum fragment length (allowed values:

From 5b001e07a8fe2e8623b0b0c59a5875eb417267b6 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 29 Apr 2019 12:58:53 +0200
Subject: [PATCH 2/4] Update change log

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ea73951b8..72ae982fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,8 @@ Changes
      Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
    * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
      Contributed by Peter Kolbus (Garmin).
+   * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
+     improve clarity. Fixes #2258.
 
 = mbed TLS 2.7.10 branch released 2019-03-19
 

From 2dd69e1c05b0d914b692d32f6cf47eb1a4eea8db Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Tue, 30 Apr 2019 12:32:11 +0200
Subject: [PATCH 3/4] Backport a doxygen note from development for
 `mbedtls_ssl_conf_max_frag_len()`

---
 include/mbedtls/ssl.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9f444133f..da0c5ca20 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2115,6 +2115,10 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 negotiate with the server during handshake)
  *                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
  *
+ * \note           With TLS, this currently only affects ApplicationData (sent
+ *                 with \c mbedtls_ssl_read()), not handshake messages.
+ *                 With DTLS, this affects both ApplicationData and handshake.
+ *
  * \note           On the client side, the maximum fragment length extension
  *                 *will not* be used, unless the maximum fragment length has
  *                 been set via this function to a value different than

From 8aed8e1612ae2b638988620c3e11497dcb796bdf Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Fri, 10 May 2019 15:09:21 +0200
Subject: [PATCH 4/4] Adjust backport's documentation to account for missing
 features

---
 include/mbedtls/ssl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index da0c5ca20..5fd6969da 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2107,8 +2107,8 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Set the maximum fragment length to emit and/or negotiate.
- *                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
- *                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
+ *                 (Typical: #MBEDTLS_SSL_MAX_CONTENT_LEN, by default that is
+ *                 set to `2^14` bytes)
  *                 (Server: set maximum fragment length to emit,
  *                 usually negotiated by the client during handshake)
  *                 (Client: set maximum fragment length to emit *and*