From b58dbf2808b04fbfd8eeb918861a3dc34226c434 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 8 Nov 2022 00:05:53 -0500 Subject: [PATCH] Update tls_connection_set_verify() documentation to verify_peer=2 This new value was added to verify peer certificate if it is provided, but not reject the TLS handshake if no peer certificate is provided. Signed-off-by: Glenn Strauss --- components/wpa_supplicant/src/crypto/tls.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/src/crypto/tls.h b/components/wpa_supplicant/src/crypto/tls.h index eb86937390..872047ccba 100644 --- a/components/wpa_supplicant/src/crypto/tls.h +++ b/components/wpa_supplicant/src/crypto/tls.h @@ -356,7 +356,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl, * tls_connection_set_verify - Set certificate verification options * @tls_ctx: TLS context data from tls_init() * @conn: Connection context data from tls_connection_init() - * @verify_peer: 1 = verify peer certificate + * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer + * certificate (require it to be provided), 2 = verify peer certificate if + * provided * @flags: Connection flags (TLS_CONN_*) * @session_ctx: Session caching context or %NULL to use default * @session_ctx_len: Length of @session_ctx in bytes.