diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-04-17 13:18:56 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-04-17 13:18:56 +0000 |
commit | 197322455d61829572d1792da03e4d0750d5638a (patch) | |
tree | 9f88bccd3f0c969a3a7e07c62c848df26e592975 /doc | |
parent | 4f19a0672ba358fbfa1877c60c1ae02ea35ba1e1 (diff) | |
download | openssl-197322455d61829572d1792da03e4d0750d5638a.tar.gz |
Clarify request of client certificates. This is a FAQ.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_get_peer_certificate.pod | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod index 1102c7fba9..18d1db5183 100644 --- a/doc/ssl/SSL_get_peer_certificate.pod +++ b/doc/ssl/SSL_get_peer_certificate.pod @@ -17,6 +17,12 @@ peer presented. If the peer did not present a certificate, NULL is returned. =head1 NOTES +Due to the protocol definition, a TLS/SSL server will always send a +certificate, if present. A client will only send a certificate when +explicitely requested to do so by the server (see +L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher +is used, no certificates are sent. + That a certificate is returned does not indicate information about the verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> to check the verification state. @@ -43,6 +49,7 @@ The return value points to the certificate presented by the peer. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> +L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, +L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> =cut |