document client side certificate verification functionality.

ok jsing@

1 files changed, 16 insertions, 2 deletions

diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3
index 62f52e4331b..01c931bb419 100644
--- a/lib/libtls/tls_init.3
+++ b/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $
+.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -106,6 +106,10 @@
 .Fn tls_config_insecure_noverifyname "struct tls_config *config"
 .Ft "void"
 .Fn tls_config_verify "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_verify_client "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_verify_client_optional "struct tls_config *config"
 .Ft "uint8_t *"
 .Fn tls_load_file "const char *file" "size_t *len" "char *password"
 .Ft "struct tls *"
@@ -322,7 +326,7 @@ clears any secret keys from memory.
 .Fn tls_config_insecure_noverifycert
 disables certificate verification.
 Be extremely careful when using this option.
-.Em (Client)
+.Em (Client and server) 
 .It
 .Fn tls_config_insecure_noverifyname
 disables server name verification.
@@ -333,6 +337,16 @@ Be careful when using this option.
 reenables server name and certificate verification.
 .Em (Client)
 .It
+.Fn tls_config_verify_client
+enables client certificate verification, requiring the client to send
+a certificate.
+.Em (Server)
+.It
+.Fn tls_config_verify_client_opional
+enables client certificate verification, without requiring the client
+to send a certificate.
+.Em (Server)
+.It
 .Fn tls_load_file
 loads a certificate or key from disk into memory to be loaded with
 .Fn tls_config_set_ca_mem ,