crypto/tls: document VerifyPeerCertificate behavior in relation to ClientAuth
Change-Id: I3ff478912a5a178492d544d2f4ee9cc7570d9acc Reviewed-on: https://go-review.googlesource.com/84475 Reviewed-by: Filippo Valsorda <hi@filippo.io> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
d3da622def
commit
2e765efc88
@ -483,8 +483,9 @@ type Config struct {
|
|||||||
//
|
//
|
||||||
// If normal verification fails then the handshake will abort before
|
// If normal verification fails then the handshake will abort before
|
||||||
// considering this callback. If normal verification is disabled by
|
// considering this callback. If normal verification is disabled by
|
||||||
// setting InsecureSkipVerify then this callback will be considered but
|
// setting InsecureSkipVerify, or (for a server) when ClientAuth is
|
||||||
// the verifiedChains argument will always be nil.
|
// RequestClientCert or RequireAnyClientCert, then this callback will
|
||||||
|
// be considered but the verifiedChains argument will always be nil.
|
||||||
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
||||||
|
|
||||||
// RootCAs defines the set of root certificate authorities
|
// RootCAs defines the set of root certificate authorities
|
||||||
|
Loading…
Reference in New Issue
Block a user