crypto/tls: document the ClientAuthType consts

Fixes #34023 Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c Reviewed-on: https://go-review.googlesource.com/c/go/+/264027 Trust: Roland Shoemaker <roland@golang.org> Reviewed-by: Katie Hockman <katie@golang.org>
2025-04-04 12:37:35 +03:00 · 2020-10-21 10:59:22 -07:00 · 2020-10-21 10:59:22 -07:00 · 1c9c9d4b7e
commit 1c9c9d4b7e
parent 5a1335436d
1 changed files with 16 additions and 0 deletions
--- a/common.go
+++ b/common.go
@ -294,10 +294,26 @@ func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, le
 type ClientAuthType int

 const (
+	// NoClientCert indicates that no client certificate should be requested
+	// during the handshake, and if any certificates are sent they will not
+	// be verified.
 	NoClientCert ClientAuthType = iota
+	// RequestClientCert indicates that a client certificate should be requested
+	// during the handshake, but does not require that the client send any
+	// certificates.
 	RequestClientCert
+	// RequireAnyClientCert indicates that a client certificate should be requested
+	// during the handshake, and that at least one certificate is required to be
+	// sent by the client, but that certificate is not required to be valid.
 	RequireAnyClientCert
+	// VerifyClientCertIfGiven indicates that a client certificate should be requested
+	// during the handshake, but does not require that the client sends a
+	// certificate. If the client does send a certificate it is required to be
+	// valid.
 	VerifyClientCertIfGiven
+	// RequireAndVerifyClientCert indicates that a client certificate should be requested
+	// during the handshake, and that at least one valid certificate is required
+	// to be sent by the client.
 	RequireAndVerifyClientCert
 )