From: Roland Shoemaker Date: Wed, 21 Oct 2020 17:59:22 +0000 (-0700) Subject: crypto/tls: document the ClientAuthType consts X-Git-Tag: go1.16beta1~468 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=5d3666e1a48d0976718c75dddc2ef0232be835d8;p=gostls13.git crypto/tls: document the ClientAuthType consts Fixes #34023 Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c Reviewed-on: https://go-review.googlesource.com/c/go/+/264027 Trust: Roland Shoemaker Reviewed-by: Katie Hockman --- diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index e4f18bf5eb..66d2c005a7 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -294,10 +294,26 @@ func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, le type ClientAuthType int const ( + // NoClientCert indicates that no client certificate should be requested + // during the handshake, and if any certificates are sent they will not + // be verified. NoClientCert ClientAuthType = iota + // RequestClientCert indicates that a client certificate should be requested + // during the handshake, but does not require that the client send any + // certificates. RequestClientCert + // RequireAnyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one certificate is required to be + // sent by the client, but that certificate is not required to be valid. RequireAnyClientCert + // VerifyClientCertIfGiven indicates that a client certificate should be requested + // during the handshake, but does not require that the client sends a + // certificate. If the client does send a certificate it is required to be + // valid. VerifyClientCertIfGiven + // RequireAndVerifyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one valid certificate is required + // to be sent by the client. RequireAndVerifyClientCert )