From da13dfcb1f0cfae82f448873c15cb01fd78639aa Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Tue, 23 Aug 2022 14:57:07 +0000 Subject: Do not require optional certificates XD Signed-off-by: Laurent Bercot --- doc/s6-tlsd-io.html | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'doc/s6-tlsd-io.html') diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html index f21d487..a026664 100644 --- a/doc/s6-tlsd-io.html +++ b/doc/s6-tlsd-io.html @@ -210,10 +210,14 @@ no effect. and break the connection when receiving a local EOF.
  • -s : transmit EOF by half-closing the TCP connection without using close_notify. This is the default.
  • -
  • -Y : Require an optional client certificate.
  • -
  • -y : Require a mandatory client certificate. +
  • -Y : Request an client certificate. +The certificate is optional: if the client gives none, the connection +proceeds.
  • +
  • -y : Request a client certificate. +The certificate is mandatory: if the client gives none, the handshake +fails. The default, with neither the -Y nor the -y option, -is not to require a client certificate at all.
  • +is not to request a client certificate at all.
  • -K kimeout : if the peer fails to send data for kimeout milliseconds during the handshake, close the connection. The default is 0, which means infinite timeout -- cgit v1.3.1