From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Fri, 11 Feb 2022 13:58:05 +0000 (+0000)
Subject: ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH
X-Git-Tag: OPENLDAP_REL_ENG_2_5_12~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=680affe6fc9a3058b6db03247524e5dc47adcf53;p=thirdparty%2Fopenldap.git

ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH
---

diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index f08cd01bdd..d841f252c9 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -873,6 +873,17 @@ must be
 .BR "char **" ,
 and its contents need to be freed by the caller using
 .BR ldap_memfree (3).
+.TP
+.B LDAP_OPT_X_TLS_PEERKEY_HASH
+Sets the (public) key that the application expects the peer to be using.
+.B invalue
+must be
+.BR "const char *"
+containing the base64 encoding of the expected peer's key or in the format
+.B "<hashalg>:<peerkey hash base64 encoded>"
+where as a TLS session is established, the library will hash the peer's key
+with the provided hash algorithm and compare it with value provided and will
+only allow the session to continue if they match.
 .SH ERRORS
 On success, the functions return
 .BR LDAP_OPT_SUCCESS ,