From: Nikos Mavrogiannopoulos Date: Sat, 11 Jan 2014 10:25:35 +0000 (+0100) Subject: doc update X-Git-Tag: gnutls_3_3_0pre0~363 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3372dbd9214cdcc1a5e894309faeca06535be5d5;p=thirdparty%2Fgnutls.git doc update --- diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index d5332920e3..cbf03261d8 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1797,10 +1797,14 @@ int ret; * only password based security, and the same password for all * operations, are supported. * - * PKCS#12 file may contain many keys and/or certificates, and there - * is no way to identify which key/certificate pair you want. You - * should make sure the PKCS#12 file only contain one key/certificate - * pair and/or one CRL. + * PKCS#12 file may contain many keys and/or certificates, and this + * function will try to auto-detect based on the key ID the certificate + * and key pair to use. If the PKCS#12 file contain the issuer of + * the selected certificate, it will be appended to the certificate + * to form a chain. + * + * If more than one private keys are stored in the PKCS#12 file, + * then only one key will be read (and it is undefined which one). * * It is believed that the limitations of this function is acceptable * for most usage, and that any more flexibility would introduce @@ -1848,10 +1852,14 @@ int * only password based security, and the same password for all * operations, are supported. * - * PKCS#12 file may contain many keys and/or certificates, and there - * is no way to identify which key/certificate pair you want. You - * should make sure the PKCS#12 file only contain one key/certificate - * pair and/or one CRL. + * PKCS#12 file may contain many keys and/or certificates, and this + * function will try to auto-detect based on the key ID the certificate + * and key pair to use. If the PKCS#12 file contain the issuer of + * the selected certificate, it will be appended to the certificate + * to form a chain. + * + * If more than one private keys are stored in the PKCS#12 file, + * then only one key will be read (and it is undefined which one). * * It is believed that the limitations of this function is acceptable * for most usage, and that any more flexibility would introduce