From 543caa7ec4f765241ef85b5157fdfa2d6e2825ae Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:16:12 +0100
Subject: [PATCH] Re-add note

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5305425e7b..9cba94e9b3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3364,6 +3364,10 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
 /**
  * \brief          Set the X.509 security profile used for verification
  *
+ * \note           The restrictions are enforced for all certificates in the
+ *                 chain. However, signatures in the handshake are not covered
+ *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+ *
  * \param conf     SSL configuration
  * \param profile  Profile to use
  */