From dda375c3c1edfa32793c51c5a07e2c61d1b05cc1 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 13 Nov 2017 08:45:09 +0100
Subject: doc: document the GNUTLS_E_NO_COMMON_KEY_SHARE usage

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/ext/key_share.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index d3ca155e27..411b10e9bf 100644
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -547,7 +547,20 @@ key_share_recv_params(gnutls_session_t session,
 		}
 
 		if (used_share == 0) {
-			/* we signal for hello-retry-request */
+			/* we utilize GNUTLS_E_NO_COMMON_KEY_SHARE for:
+			 * 1. signal for hello-retry-request in the handshake
+			 *    layer during first client hello parsing (server side - here).
+			 *    This does not result to error code being
+			 *    propagated to app layer.
+			 * 2. Propagate to application error code that no
+			 *    common key share was found after an HRR was
+			 *    received (client side)
+			 * 3. Propagate to application error code that no
+			 *    common key share was found after an HRR was
+			 *    sent (server side).
+			 * In cases (2,3) the error is translated to illegal
+			 * parameter alert.
+			 */
 			return gnutls_assert_val(GNUTLS_E_NO_COMMON_KEY_SHARE);
 		}
 
-- 
cgit v1.2.1