From bcf368d626861ee2fd7abbb6cdddc915081f331b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Mon, 21 Feb 2022 10:21:04 +0000 Subject: [PATCH] ITS#8753 Improve LDAP_OPT_X_TLS_PEERKEY_HASH documentation further --- doc/man/man3/ldap_get_option.3 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3 index 3b7b9dd966..3477f02c61 100644 --- a/doc/man/man3/ldap_get_option.3 +++ b/doc/man/man3/ldap_get_option.3 @@ -889,7 +889,11 @@ containing the base64 encoding of the expected peer's key or in the format .B ":" where as a TLS session is established, the library will hash the peer's key with the provided hash algorithm and compare it with value provided and will -only allow the session to continue if they match. +only allow the session to continue if they match. This happens regardless of +certificate checking strategy. The list of supported +.B hashalg +values depends on the crypto library used, check its documentation to get +a list. .SH ERRORS On success, the functions return .BR LDAP_OPT_SUCCESS , -- 2.47.2