summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod')
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod9
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod b/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
index 1102c7f..18d1db5 100644
--- a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
+++ b/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
@@ -17,6 +17,12 @@ peer presented. If the peer did not present a certificate, NULL is returned.
=head1 NOTES
+Due to the protocol definition, a TLS/SSL server will always send a
+certificate, if present. A client will only send a certificate when
+explicitely requested to do so by the server (see
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
+is used, no certificates are sent.
+
That a certificate is returned does not indicate information about the
verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
to check the verification state.
@@ -43,6 +49,7 @@ The return value points to the certificate presented by the peer.
=head1 SEE ALSO
-L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
=cut
OpenPOWER on IntegriCloud