From 6780eee3e0dbe37640f72ed1e37a95c506e23f8c Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Tue, 18 May 2021 11:19:19 +0000
Subject:  Prepare for 2.4.2.0; implement client certificates with bearssl

 Also send a bit more environment with libtls
---
 doc/s6-tlsd-io.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'doc/s6-tlsd-io.html')

diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 807c982..29f75c3 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -188,8 +188,10 @@ no effect. </li>
 and break the connection when receiving a local EOF. </li>
  <li> <tt>-s</tt>&nbsp;: transmit EOF by half-closing the TCP
 connection without using <tt>close_notify</tt>. This is the default. </li>
- <li> <tt>-Y</tt>&nbsp;: Do not send a client certificate. This is the default. </li>
- <li> <tt>-y</tt>&nbsp;: Send a client certificate. </li>
+ <li> <tt>-Y</tt>&nbsp;: Require an optional client certificate. </li>
+ <li> <tt>-y</tt>&nbsp;: Require a mandatory client certificate.
+The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option,
+is not to require a client certificate at all. </li>
  <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
 to send data for <em>kimeout</em> milliseconds during the handshake,
 close the connection. The default is 0, which means infinite timeout
-- 
cgit v1.2.3