crypto/tls: document VerifyPeerCertificate behavior in relation to ClientAuth

Change-Id: I3ff478912a5a178492d544d2f4ee9cc7570d9acc Reviewed-on: https://go-review.googlesource.com/84475 Reviewed-by: Filippo Valsorda <hi@filippo.io> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
author: Filippo Valsorda <hi@filippo.io> 2017-12-16 09:35:52 -0400
committer: Adam Langley <agl@golang.org> 2017-12-31 22:37:29 +0000
commit: 92b142a653afb8bd43bc172b08f667591c89ff3e (patch)
tree: c87f3339aa998cc3664f6f8c28e56dd038f672ac
parent: 38c561cb2caa8019e44059e2be71c909ceef30a6 (diff)
download: go-92b142a653afb8bd43bc172b08f667591c89ff3e.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index d4b0286b85..646b107958 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -406,8 +406,9 @@ type Config struct {
 	//
 	// If normal verification fails then the handshake will abort before
 	// considering this callback. If normal verification is disabled by
-	// setting InsecureSkipVerify then this callback will be considered but
-	// the verifiedChains argument will always be nil.
+	// setting InsecureSkipVerify, or (for a server) when ClientAuth is
+	// RequestClientCert or RequireAnyClientCert, then this callback will
+	// be considered but the verifiedChains argument will always be nil.
 	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
 
 	// RootCAs defines the set of root certificate authorities
author	Filippo Valsorda <hi@filippo.io>	2017-12-16 09:35:52 -0400
committer	Adam Langley <agl@golang.org>	2017-12-31 22:37:29 +0000
commit	92b142a653afb8bd43bc172b08f667591c89ff3e (patch)
tree	c87f3339aa998cc3664f6f8c28e56dd038f672ac
parent	38c561cb2caa8019e44059e2be71c909ceef30a6 (diff)
download	go-92b142a653afb8bd43bc172b08f667591c89ff3e.tar.xz