diff options
author | Martin Willi <martin@revosec.ch> | 2013-02-28 11:39:55 +0100 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2013-02-28 16:46:08 +0100 |
commit | 2de481e32b95c558b96237c25a15bf2baa375e93 (patch) | |
tree | ab8ddcd59c677b5426c9e826ced48f540c061d9b /src/libtls/tls_server.h | |
parent | 2ae0c9e6181421fc589798c64276a6310f13f1a2 (diff) | |
download | strongswan-2de481e32b95c558b96237c25a15bf2baa375e93.tar.bz2 strongswan-2de481e32b95c558b96237c25a15bf2baa375e93.tar.xz |
Delegate tls_t.get_{peer,server}_id to handshake layer
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
Diffstat (limited to 'src/libtls/tls_server.h')
-rw-r--r-- | src/libtls/tls_server.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/libtls/tls_server.h b/src/libtls/tls_server.h index 6289dc8eb..d6b8de153 100644 --- a/src/libtls/tls_server.h +++ b/src/libtls/tls_server.h @@ -42,11 +42,16 @@ struct tls_server_t { /** * Create a tls_server instance. * + * If a peer identity is given, the client must authenticate with a valid + * certificate for this identity, or the connection fails. If peer is NULL, + * but the client authenticates nonetheless, the authenticated identity + * gets returned by tls_handshake_t.get_peer_id(). + * * @param tls TLS stack * @param crypto TLS crypto helper * @param alert TLS alert handler * @param server server identity - * @param peer peer identity + * @param peer peer identity, or NULL */ tls_server_t *tls_server_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert, |