Add note about not implementing PSK id_hint
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4212bb0..b778255 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1614,6 +1614,11 @@
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
+ * \note Currently clients can only register one pre-shared key.
+ * In other words, the servers' idendity hint is ignored.
+ * Please contact us if you need ability to set multiple PSKs
+ * on clients and select one based on the identity hint.
+ *
* \param conf SSL configuration
* \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4452169..1d22d15 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1981,8 +1981,11 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- // TODO: Retrieve PSK identity hint and callback to app
- //
+ /*
+ * Note: we currently ignore the PKS identity hint, as we only allow one
+ * PSK to be provisionned on the client. This could be changed later if
+ * someone needs that feature.
+ */
*p += len;
ret = 0;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6b5b461..6bd0b59 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2718,7 +2718,8 @@
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
- /* TODO: Support identity hints */
+ /* Note: we don't support identity hints, until someone asks
+ * for them. */
*(p++) = 0x00;
*(p++) = 0x00;
