From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Mon, 21 Feb 2022 10:21:04 +0000 (+0000)
Subject: ITS#8753 Improve LDAP_OPT_X_TLS_PEERKEY_HASH documentation further
X-Git-Tag: OPENLDAP_REL_ENG_2_5_12~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcf368d626861ee2fd7abbb6cdddc915081f331b;p=thirdparty%2Fopenldap.git

ITS#8753 Improve LDAP_OPT_X_TLS_PEERKEY_HASH documentation further
---

diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index 3b7b9dd966..3477f02c61 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -889,7 +889,11 @@ containing the base64 encoding of the expected peer's key or in the format
 .B "<hashalg>:<peerkey hash base64 encoded>"
 where as a TLS session is established, the library will hash the peer's key
 with the provided hash algorithm and compare it with value provided and will
-only allow the session to continue if they match.
+only allow the session to continue if they match. This happens regardless of
+certificate checking strategy. The list of supported
+.B hashalg
+values depends on the crypto library used, check its documentation to get
+a list.
 .SH ERRORS
 On success, the functions return
 .BR LDAP_OPT_SUCCESS ,