crypto/tls: document VerifyPeerCertificate behavior in relation to ClientAuth

author Filippo Valsorda <hi@filippo.io>

Sat, 16 Dec 2017 13:35:52 +0000 (09:35 -0400)

committer Adam Langley <agl@golang.org>

Sun, 31 Dec 2017 22:37:29 +0000 (22:37 +0000)
author Filippo Valsorda <hi@filippo.io>
Sat, 16 Dec 2017 13:35:52 +0000 (09:35 -0400)
committer Adam Langley <agl@golang.org>
Sun, 31 Dec 2017 22:37:29 +0000 (22:37 +0000)
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go

index d4b0286b85392946c8641c18cf355a94b14545e3..646b107958ac4c7fdf83199f7bef8eecf1db1ef5 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -406,8 +406,9 @@ type Config struct {
         //
         // If normal verification fails then the handshake will abort before
         // considering this callback. If normal verification is disabled by
-       // setting InsecureSkipVerify then this callback will be considered but
-       // the verifiedChains argument will always be nil.
+       // setting InsecureSkipVerify, or (for a server) when ClientAuth is
+       // RequestClientCert or RequireAnyClientCert, then this callback will
+       // be considered but the verifiedChains argument will always be nil.
         VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
  
         // RootCAs defines the set of root certificate authorities
author	Filippo Valsorda <hi@filippo.io>
	Sat, 16 Dec 2017 13:35:52 +0000 (09:35 -0400)
committer	Adam Langley <agl@golang.org>
	Sun, 31 Dec 2017 22:37:29 +0000 (22:37 +0000)