Update tls_connection_set_verify() documentation to verify_peer=2

This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss 2022-11-08 00:05:53 -05:00 committed by Jouni Malinen
parent 0202b97741
commit 802b67bced

View file

@ -353,7 +353,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl,
* tls_connection_set_verify - Set certificate verification options * tls_connection_set_verify - Set certificate verification options
* @tls_ctx: TLS context data from tls_init() * @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init() * @conn: Connection context data from tls_connection_init()
* @verify_peer: 1 = verify peer certificate * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer
* certificate (require it to be provided), 2 = verify peer certificate if
* provided
* @flags: Connection flags (TLS_CONN_*) * @flags: Connection flags (TLS_CONN_*)
* @session_ctx: Session caching context or %NULL to use default * @session_ctx: Session caching context or %NULL to use default
* @session_ctx_len: Length of @session_ctx in bytes. * @session_ctx_len: Length of @session_ctx in bytes.