Merge remote-tracking branch 'public/pr/2145' into mbedtls-2.1

Author: simonbutcher

ChangeLog

@@ -15,6 +15,8 @@ Bugfix
    * Add explicit integer to enumeration type casts to example program
      programs/pkey/gen_key which previously led to compilation failure
      on some toolchains. Reported by phoenixmcallister. Fixes #2170.
+   * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
+     of check for certificate/key matching. Reported by Attila Molnar, #507.
 
 = mbed TLS 2.1.17 branch released 2018-11-30
 

include/mbedtls/ssl.h

@@ -1408,6 +1408,14 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
  *
  * \note           On client, only the first call has any effect.
  *
+ * \note           The provided \p pk_key needs to match the public key in the
+ *                 first certificate in \p own_cert, or all handshakes using
+ *                 that certificate will fail. It is your responsibility
+ *                 to ensure that; this function will not perform any check.
+ *                 You may use mbedtls_pk_check_pair() in order to perform
+ *                 this check yourself, but be aware that this function can
+ *                 be computationally expensive on some key types.
+ *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
  * \param pk_key   own private key