From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Mon, 21 Feb 2022 10:21:04 +0000 (+0000)
Subject: ITS#8753 Improve LDAP_OPT_X_TLS_PEERKEY_HASH documentation further
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c5159a90480a6c63ee6f978eac93aa425f71eaa;p=thirdparty%2Fopenldap.git

ITS#8753 Improve LDAP_OPT_X_TLS_PEERKEY_HASH documentation further
---

diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index 4f0f710972..9f79be2628 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -890,7 +890,11 @@ containing the base64 encoding of the expected peer's key or in the format
 .B "<hashalg>:<peerkey hash base64 encoded>"
 where as a TLS session is established, the library will hash the peer's key
 with the provided hash algorithm and compare it with value provided and will
-only allow the session to continue if they match.
+only allow the session to continue if they match. This happens regardless of
+certificate checking strategy. The list of supported
+.B hashalg
+values depends on the crypto library used, check its documentation to get
+a list.
 .SH ERRORS
 On success, the functions return
 .BR LDAP_OPT_SUCCESS ,