From 9bbb1340c37a4a3b3a8477b058077a38d77230f7 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sat, 23 Nov 2024 14:29:07 -0800
Subject: tls: add a mutual authentication test

Also, make it clearer that TLS keys and certificates can only
be set once on a configuration.  (mbedTLS makes this confusing!)

This mutual test is only fully validated on mbed, because wolfSSL
seems to not properly validate this in many configurations.
---
 docs/ref/migrate/nng1.md | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'docs/ref/migrate')

diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
index 2b305b75..cb7bc539 100644
--- a/docs/ref/migrate/nng1.md
+++ b/docs/ref/migrate/nng1.md
@@ -60,6 +60,13 @@ Support for very old TLS versions 1.0 and 1.1 is removed.
 Further, the `NNG_TLS_1_0` and `NNG_TLS_1_1` constants are also removed.
 Applications should use `NNG_TLS_1_2` or even `NNG_TLS_1_3` instead.
 
+## Only One TLS Key/Cert Per Configuration
+
+The ability to configure multiple keys and certificates for a given TLS configuration object is removed.
+(The [`nng_tls_config_own_cert`] will return [`NNG_EBUSY`] if it has already been called for the configuration.)
+The intended purpose was to support alternative cryptographic algorithms, but this is not necessary, was never
+used, and was error prone.
+
 ## Support for Local Addresses in Dial URLs Removed
 
 NNG 1.x had an undocumented ability to specify the local address to bind
-- 
cgit v1.2.3-70-g09d2