From 802b67bced2ff82ff9c50f5a000d0f4d273403ff Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 8 Nov 2022 00:05:53 -0500 Subject: [PATCH] Update tls_connection_set_verify() documentation to verify_peer=2 This new value was added to verify peer certificate if it is provided, but not reject the TLS handshake if no peer certificate is provided. Signed-off-by: Glenn Strauss --- src/crypto/tls.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 7a2ee32df..7bed1830a 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -353,7 +353,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl, * tls_connection_set_verify - Set certificate verification options * @tls_ctx: TLS context data from tls_init() * @conn: Connection context data from tls_connection_init() - * @verify_peer: 1 = verify peer certificate + * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer + * certificate (require it to be provided), 2 = verify peer certificate if + * provided * @flags: Connection flags (TLS_CONN_*) * @session_ctx: Session caching context or %NULL to use default * @session_ctx_len: Length of @session_ctx in bytes.