From ac97c61d1a633b412a36644482d9b5bbe738f2ac Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Tue, 24 Oct 2023 18:56:58 +0530
Subject: [PATCH] docs: add section about periodic sync of the certificate
 bundle

---
 docs/en/api-reference/protocols/esp_crt_bundle.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/en/api-reference/protocols/esp_crt_bundle.rst b/docs/en/api-reference/protocols/esp_crt_bundle.rst
index e4c92ee622..88e343ab40 100644
--- a/docs/en/api-reference/protocols/esp_crt_bundle.rst
+++ b/docs/en/api-reference/protocols/esp_crt_bundle.rst
@@ -76,6 +76,11 @@ Updating the Certificate Bundle
 The bundle is embedded into the app and can be updated along with the app by an OTA update. If you want to include a more up-to-date bundle than the bundle currently included in ESP-IDF, then the certificate list can be downloaded from Mozilla as described in :ref:`updating_bundle`.
 
 
+Periodic Sync
+-------------
+
+The bundle is kept updated by periodic sync with the Mozilla's NSS root certificate store. The deprecated certs from the upstream bundle are added to deprecated list (for compatibility reasons) in ESP-IDF minor or patch release. If required, the deprecated certs can be added to the default bundle by enabling :ref:`CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEPRECATED_LIST`. The deprecated certs shall be removed (reset) on the next major ESP-IDF release.
+
 Application Examples
 --------------------