From da13dfcb1f0cfae82f448873c15cb01fd78639aa Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Tue, 23 Aug 2022 14:57:07 +0000
Subject:  Do not require optional certificates XD

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 doc/s6-tlsd-io.html   | 10 +++++++---
 doc/s6-tlsd.html      |  6 +++---
 doc/s6-ucspitlsd.html |  6 +++---
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index f21d487..a026664 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -210,10 +210,14 @@ no effect. </li>
 and break the connection when receiving a local EOF. </li>
  <li> <tt>-s</tt>&nbsp;: transmit EOF by half-closing the TCP
 connection without using <tt>close_notify</tt>. This is the default. </li>
- <li> <tt>-Y</tt>&nbsp;: Require an optional client certificate. </li>
- <li> <tt>-y</tt>&nbsp;: Require a mandatory client certificate.
+ <li> <tt>-Y</tt>&nbsp;: Request an client certificate.
+The certificate is optional: if the client gives none, the connection
+proceeds. </li>
+ <li> <tt>-y</tt>&nbsp;: Request a client certificate.
+The certificate is mandatory: if the client gives none, the handshake
+fails.
 The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option,
-is not to require a client certificate at all. </li>
+is not to request a client certificate at all. </li>
  <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
 to send data for <em>kimeout</em> milliseconds during the handshake,
 close the connection. The default is 0, which means infinite timeout
diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html
index c1c6a59..cbaa5c8 100644
--- a/doc/s6-tlsd.html
+++ b/doc/s6-tlsd.html
@@ -140,10 +140,10 @@ before execing <em>prog...</em>. This is the default. </li>
 and break the connection when <em>prog</em> sends EOF. </li>
  <li> <tt>-s</tt>&nbsp;: transmit EOF by half-closing the TCP
 connection without using <tt>close_notify</tt>. This is the default. </li>
- <li> <tt>-Y</tt>&nbsp;: Require an optional client certificate. </li>
- <li> <tt>-y</tt>&nbsp;: Require a mandatory client certificate.
+ <li> <tt>-Y</tt>&nbsp;: Request an optional client certificate. </li>
+ <li> <tt>-y</tt>&nbsp;: Request a mandatory client certificate.
 The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option,
-is not to require a client certificate at all. </li>
+is not to request a client certificate at all. </li>
  <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
 to send data for <em>kimeout</em> milliseconds during the handshake,
 close the connection. The default is 0, which means infinite timeout
diff --git a/doc/s6-ucspitlsd.html b/doc/s6-ucspitlsd.html
index cb53389..8488942 100644
--- a/doc/s6-ucspitlsd.html
+++ b/doc/s6-ucspitlsd.html
@@ -146,10 +146,10 @@ before execing <em>prog...</em>. This is the default. </li>
 and break the connection when <em>prog</em> sends EOF. </li>
  <li> <tt>-s</tt>&nbsp;: transmit EOF by half-closing the TCP
 connection without using <tt>close_notify</tt>. This is the default. </li>
- <li> <tt>-Y</tt>&nbsp;: Require an optional client certificate. </li>
- <li> <tt>-y</tt>&nbsp;: Require a mandatory client certificate.
+ <li> <tt>-Y</tt>&nbsp;: Request an optional client certificate. </li>
+ <li> <tt>-y</tt>&nbsp;: Request a mandatory client certificate.
 The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option,
-is not to require a client certificate at all. </li>
+is not to request a client certificate at all. </li>
  <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: close the connection if
 the handshake takes more than <em>kimeout</em> milliseconds to complete.
 The default is 0, which means infinite timeout: let the handshake complete
-- 
cgit v1.2.3