Implemented RFC7250 certificate type negotiation extensions.

Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
author: Tom Vrancken <dev@tomvrancken.nl> 2018-08-15 18:29:32 +0200
committer: Tom Vrancken <dev@tomvrancken.nl> 2018-08-20 17:08:01 +0200
commit: 07180a416731749883234f931ac18831ff38abbb (patch)
tree: 0b9d13b9ad394477d566f01ba8e279c33711cc7c /doc/cha-gtls-app.texi
parent: a42db538c3f01aa76e2c1a2affc39237840c2522 (diff)
download: gnutls-07180a416731749883234f931ac18831ff38abbb.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8fd31b2add..9a4cf29933 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1292,6 +1292,18 @@ Catch all which enables all curves from NORMAL priority is CURVE-ALL. Note
 that the CURVE keyword is kept for backwards compatibility only, for new
 applications see the GROUP keyword above.
 
+@item Certificate types @tab
+Certificate type negotitation must be explicitly enabled via the
+GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+Certificate types can be given in a symmetric fashion (i.e. the same for
+both client and server) or, as of GnuTLS 3.6.4, in an asymmetric fashion
+(i.e. different for the client than for the server).
+
+Currently supported types are:
+CTYPE-X509 or CTYPE-X.509. Catch all is CTYPE-ALL.
+CTYPE-CLI-X509 or CTYPE-CLI-X.509, CTYPE-SRV-X509 or CTYPE-SRV-X.509.
+Catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL.
+
 @end multitable
 @caption{The supported algorithm keywords in priority strings.}
 @end float
author	Tom Vrancken <dev@tomvrancken.nl>	2018-08-15 18:29:32 +0200
committer	Tom Vrancken <dev@tomvrancken.nl>	2018-08-20 17:08:01 +0200
commit	07180a416731749883234f931ac18831ff38abbb (patch)
tree	0b9d13b9ad394477d566f01ba8e279c33711cc7c /doc/cha-gtls-app.texi
parent	a42db538c3f01aa76e2c1a2affc39237840c2522 (diff)
download	gnutls-07180a416731749883234f931ac18831ff38abbb.tar.gz