Update tls_connection_set_verify() documentation to verify_peer=2

This new value was added to verify peer certificate if it is provided, but not reject the TLS handshake if no peer certificate is provided. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-08 00:05:53 -05:00 · 2022-11-08 00:05:53 -05:00 · 802b67bced
commit 802b67bced
parent 0202b97741
1 changed files with 3 additions and 1 deletions
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@ -353,7 +353,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl,
 * tls_connection_set_verify - Set certificate verification options
 * @tls_ctx: TLS context data from tls_init()
 * @conn: Connection context data from tls_connection_init()
- * @verify_peer: 1 = verify peer certificate
+ * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer
+ *	certificate (require it to be provided), 2 = verify peer certificate if
+ *	provided
 * @flags: Connection flags (TLS_CONN_*)
 * @session_ctx: Session caching context or %NULL to use default
 * @session_ctx_len: Length of @session_ctx in bytes.