Update tls_connection_set_verify() documentation to verify_peer=2

This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 7a2ee32dfa7f7bdb6d276f8f498d1fbee22dab33..7bed1830ab5972fb770dca10237a9d1613f16ac2 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -353,7 +353,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl,
  * tls_connection_set_verify - Set certificate verification options
  * @tls_ctx: TLS context data from tls_init()
  * @conn: Connection context data from tls_connection_init()
- * @verify_peer: 1 = verify peer certificate
+ * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer
+ *     certificate (require it to be provided), 2 = verify peer certificate if
+ *     provided
  * @flags: Connection flags (TLS_CONN_*)
  * @session_ctx: Session caching context or %NULL to use default
  * @session_ctx_len: Length of @session_ctx in bytes.