From 2de481e32b95c558b96237c25a15bf2baa375e93 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 28 Feb 2013 11:39:55 +0100 Subject: Delegate tls_t.get_{peer,server}_id to handshake layer This allows to get updated peer identities if the peer can't authenticate, or does when it is optional. --- src/libtls/tls_server.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/libtls/tls_server.h') diff --git a/src/libtls/tls_server.h b/src/libtls/tls_server.h index 6289dc8eb..d6b8de153 100644 --- a/src/libtls/tls_server.h +++ b/src/libtls/tls_server.h @@ -42,11 +42,16 @@ struct tls_server_t { /** * Create a tls_server instance. * + * If a peer identity is given, the client must authenticate with a valid + * certificate for this identity, or the connection fails. If peer is NULL, + * but the client authenticates nonetheless, the authenticated identity + * gets returned by tls_handshake_t.get_peer_id(). + * * @param tls TLS stack * @param crypto TLS crypto helper * @param alert TLS alert handler * @param server server identity - * @param peer peer identity + * @param peer peer identity, or NULL */ tls_server_t *tls_server_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert, -- cgit v1.2.3