aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_server.h
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2013-02-28 11:39:55 +0100
committerMartin Willi <martin@revosec.ch>2013-02-28 16:46:08 +0100
commit2de481e32b95c558b96237c25a15bf2baa375e93 (patch)
treeab8ddcd59c677b5426c9e826ced48f540c061d9b /src/libtls/tls_server.h
parent2ae0c9e6181421fc589798c64276a6310f13f1a2 (diff)
downloadstrongswan-2de481e32b95c558b96237c25a15bf2baa375e93.tar.bz2
strongswan-2de481e32b95c558b96237c25a15bf2baa375e93.tar.xz
Delegate tls_t.get_{peer,server}_id to handshake layer
This allows to get updated peer identities if the peer can't authenticate, or does when it is optional.
Diffstat (limited to 'src/libtls/tls_server.h')
-rw-r--r--src/libtls/tls_server.h7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/libtls/tls_server.h b/src/libtls/tls_server.h
index 6289dc8eb..d6b8de153 100644
--- a/src/libtls/tls_server.h
+++ b/src/libtls/tls_server.h
@@ -42,11 +42,16 @@ struct tls_server_t {
/**
* Create a tls_server instance.
*
+ * If a peer identity is given, the client must authenticate with a valid
+ * certificate for this identity, or the connection fails. If peer is NULL,
+ * but the client authenticates nonetheless, the authenticated identity
+ * gets returned by tls_handshake_t.get_peer_id().
+ *
* @param tls TLS stack
* @param crypto TLS crypto helper
* @param alert TLS alert handler
* @param server server identity
- * @param peer peer identity
+ * @param peer peer identity, or NULL
*/
tls_server_t *tls_server_create(tls_t *tls,
tls_crypto_t *crypto, tls_alert_t *alert,