Commit 92b142a6 authored by Filippo Valsorda's avatar Filippo Valsorda Committed by Adam Langley

crypto/tls: document VerifyPeerCertificate behavior in relation to ClientAuth

Change-Id: I3ff478912a5a178492d544d2f4ee9cc7570d9acc
Reviewed-on: https://go-review.googlesource.com/84475Reviewed-by: 's avatarFilippo Valsorda <hi@filippo.io>
Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
parent 38c561cb
...@@ -406,8 +406,9 @@ type Config struct { ...@@ -406,8 +406,9 @@ type Config struct {
// //
// If normal verification fails then the handshake will abort before // If normal verification fails then the handshake will abort before
// considering this callback. If normal verification is disabled by // considering this callback. If normal verification is disabled by
// setting InsecureSkipVerify then this callback will be considered but // setting InsecureSkipVerify, or (for a server) when ClientAuth is
// the verifiedChains argument will always be nil. // RequestClientCert or RequireAnyClientCert, then this callback will
// be considered but the verifiedChains argument will always be nil.
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// RootCAs defines the set of root certificate authorities // RootCAs defines the set of root certificate authorities
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment