crypto/tls: document VerifyPeerCertificate behavior in relation to ClientAuth
Change-Id: I3ff478912a5a178492d544d2f4ee9cc7570d9acc Reviewed-on: https://go-review.googlesource.com/84475 Reviewed-by: Filippo Valsorda <hi@filippo.io> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
d3da622def
commit
2e765efc88
@ -483,8 +483,9 @@ type Config struct {
|
||||
//
|
||||
// If normal verification fails then the handshake will abort before
|
||||
// considering this callback. If normal verification is disabled by
|
||||
// setting InsecureSkipVerify then this callback will be considered but
|
||||
// the verifiedChains argument will always be nil.
|
||||
// setting InsecureSkipVerify, or (for a server) when ClientAuth is
|
||||
// RequestClientCert or RequireAnyClientCert, then this callback will
|
||||
// be considered but the verifiedChains argument will always be nil.
|
||||
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
||||
|
||||
// RootCAs defines the set of root certificate authorities
|
||||
|
Loading…
Reference in New Issue
Block a user