From 07180a416731749883234f931ac18831ff38abbb Mon Sep 17 00:00:00 2001
From: Tom Vrancken <dev@tomvrancken.nl>
Date: Wed, 15 Aug 2018 18:29:32 +0200
Subject: Implemented RFC7250 certificate type negotiation extensions.

Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
---
 doc/cha-gtls-app.texi | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'doc/cha-gtls-app.texi')

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8fd31b2add..9a4cf29933 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1292,6 +1292,18 @@ Catch all which enables all curves from NORMAL priority is CURVE-ALL. Note
 that the CURVE keyword is kept for backwards compatibility only, for new
 applications see the GROUP keyword above.
 
+@item Certificate types @tab
+Certificate type negotitation must be explicitly enabled via the
+GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+Certificate types can be given in a symmetric fashion (i.e. the same for
+both client and server) or, as of GnuTLS 3.6.4, in an asymmetric fashion
+(i.e. different for the client than for the server).
+
+Currently supported types are:
+CTYPE-X509 or CTYPE-X.509. Catch all is CTYPE-ALL.
+CTYPE-CLI-X509 or CTYPE-CLI-X.509, CTYPE-SRV-X509 or CTYPE-SRV-X.509.
+Catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL.
+
 @end multitable
 @caption{The supported algorithm keywords in priority strings.}
 @end float
-- 
cgit v1.2.1