crypto/tls: document the ClientAuthType consts

Fixes #34023

Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c
Reviewed-on: https://go-review.googlesource.com/c/go/+/264027
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index e4f18bf5ebf8875122f79a73e1ba40e99d9f1984..66d2c005a7cf6bb402dcb0c7e0ddd370247af664 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -294,10 +294,26 @@ func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, le
 type ClientAuthType int
 
 const (
+       // NoClientCert indicates that no client certificate should be requested
+       // during the handshake, and if any certificates are sent they will not
+       // be verified.
        NoClientCert ClientAuthType = iota
+       // RequestClientCert indicates that a client certificate should be requested
+       // during the handshake, but does not require that the client send any
+       // certificates.
        RequestClientCert
+       // RequireAnyClientCert indicates that a client certificate should be requested
+       // during the handshake, and that at least one certificate is required to be
+       // sent by the client, but that certificate is not required to be valid.
        RequireAnyClientCert
+       // VerifyClientCertIfGiven indicates that a client certificate should be requested
+       // during the handshake, but does not require that the client sends a
+       // certificate. If the client does send a certificate it is required to be
+       // valid.
        VerifyClientCertIfGiven
+       // RequireAndVerifyClientCert indicates that a client certificate should be requested
+       // during the handshake, and that at least one valid certificate is required
+       // to be sent by the client.
        RequireAndVerifyClientCert
 )