X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FSSL_CTX_set_verify.pod;fp=doc%2Fman3%2FSSL_CTX_set_verify.pod;h=173f006eb65a4b0c2f3deb32930bcce9ba1c2598;hp=716554793311efb9fd92b0be8ca5bcb0614d82a3;hb=32097b33bdff520d149ad6c8a11bd344e4ef764b;hpb=756510c102885005c2fc31eb01e3a6b95f8ed985 diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 7165547933..173f006eb6 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -7,7 +7,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, -SSL_force_post_handshake_auth +SSL_set_post_handshake_auth - set peer certificate verification parameters =head1 SYNOPSIS @@ -24,7 +24,7 @@ SSL_force_post_handshake_auth void SSL_set_verify_depth(SSL *ssl, int depth); int SSL_verify_client_post_handshake(SSL *ssl); - void SSL_force_post_handshake_auth(SSL *ssl); + void SSL_set_post_handshake_auth(SSL *ssl, int val); =head1 DESCRIPTION @@ -48,11 +48,12 @@ verification that shall be allowed for B. SSL_set_verify_depth() sets the maximum B for the certificate chain verification that shall be allowed for B. -SSL_force_post_handshake_auth() forces the Post-Handshake Authentication -extension to be added to the ClientHello regardless of certificate configuration -at the time of the initial handshake, such that post-handshake authentication -can be requested by the server. A certificate callback will need to be set via -SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization. +SSL_set_post_handshake_auth() enables the Post-Handshake Authentication +extension to be added to the ClientHello such that post-handshake authentication +can be requested by the server. If B is 0 then the extension is not sent, +otherwise it is. By default the extension is not sent. A certificate callback +will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is +provided at initialization. SSL_verify_client_post_handshake() causes a CertificateRequest message to be sent by a server on the given B connection. The SSL_VERIFY_PEER flag must @@ -341,7 +342,7 @@ L =head1 HISTORY The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() -and SSL_force_post_handshake_auth() functions were added in OpenSSL 1.1.1. +and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT