ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH

author Ondřej Kuzník <ondra@mistotebe.net>

Fri, 11 Feb 2022 13:58:05 +0000 (13:58 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Fri, 18 Feb 2022 23:20:09 +0000 (23:20 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Fri, 11 Feb 2022 13:58:05 +0000 (13:58 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Fri, 18 Feb 2022 23:20:09 +0000 (23:20 +0000)
diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3

index f08cd01bddc15950527b91baa810fd860b9b58f1..d841f252c912ff49a2965a3d04a1c1d3d774824c 100644 (file)
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -873,6 +873,17 @@ must be
  .BR "char **" ,
  and its contents need to be freed by the caller using
  .BR ldap_memfree (3).
+.TP
+.B LDAP_OPT_X_TLS_PEERKEY_HASH
+Sets the (public) key that the application expects the peer to be using.
+.B invalue
+must be
+.BR "const char *"
+containing the base64 encoding of the expected peer's key or in the format
+.B "<hashalg>:<peerkey hash base64 encoded>"
+where as a TLS session is established, the library will hash the peer's key
+with the provided hash algorithm and compare it with value provided and will
+only allow the session to continue if they match.
  .SH ERRORS
  On success, the functions return
  .BR LDAP_OPT_SUCCESS ,
author	Ondřej Kuzník <ondra@mistotebe.net>
	Fri, 11 Feb 2022 13:58:05 +0000 (13:58 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Fri, 18 Feb 2022 23:20:09 +0000 (23:20 +0000)