Clarify use of |SSL_VERIFY_FAIL_IF_NO_PEER_CERT| flag. Change-Id: I819a5b565e4380f3d816a2e4a68572935c612eae Signed-off-by: Piotr Sikora <piotrsikora@google.com> Reviewed-on: https://boringssl-review.googlesource.com/17564 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 06a6ed0170cc4e655e5655588e7c8e82c7fe28c5 [log] [tgz]
author: Piotr Sikora <piotrsikora@google.com> Tue Jul 04 06:10:37 2017 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Jul 05 16:05:03 2017 +0000
tree: f513c01c9a6fa47c309ce3ccee976b1cf883f065
parent: a93bc1124c00b1ac0a68ea5cb14b158d6c8366e1 [diff]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index b5f1c57..3b91e00 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2167,8 +2167,8 @@
 #define SSL_VERIFY_PEER 0x01
 
 /* SSL_VERIFY_FAIL_IF_NO_PEER_CERT configures a server to reject connections if
- * the client declines to send a certificate. Otherwise |SSL_VERIFY_PEER| still
- * allows anonymous clients. */
+ * the client declines to send a certificate. This flag must be used together
+ * with |SSL_VERIFY_PEER|, otherwise it won't work. */
 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
 
 /* SSL_VERIFY_PEER_IF_NO_OBC configures a server to request a client certificate
commit	06a6ed0170cc4e655e5655588e7c8e82c7fe28c5	[log] [tgz]
author	Piotr Sikora <piotrsikora@google.com>	Tue Jul 04 06:10:37 2017 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Jul 05 16:05:03 2017 +0000
tree	f513c01c9a6fa47c309ce3ccee976b1cf883f065
parent	a93bc1124c00b1ac0a68ea5cb14b158d6c8366e1 [diff]