From: Neel Goyal <ngoyal@fb.com>
Date: Mon, 1 Feb 2016 13:52:01 +0000 (-0800)
Subject: Comments for SSLVerifyPeerEnum
X-Git-Tag: deprecate-dynamic-initializer~117
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=760795a253919a83cedb4e47c1b46620f2c0d624;p=folly.git

Comments for SSLVerifyPeerEnum

Summary:
Document what the enum settings mean since they can be
somewhat confusing.

Reviewed By: shamdor-fb

Differential Revision: D2882929

fb-gh-sync-id: 74ec30132bf5d2dce42f51a0b7b30cf2fae12dbf
---

diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index b6742bcc..538e41d5 100644
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -77,10 +77,22 @@ class SSLContext {
      TLSv1
   };
 
-  enum SSLVerifyPeerEnum{
+  /**
+   * Defines the way that peers are verified.
+   **/
+  enum SSLVerifyPeerEnum {
+    // Used by AsyncSSLSocket to delegate to the SSLContext's setting
     USE_CTX,
+    // For server side - request a client certificate and verify the
+    // certificate if it is sent.  Does not fail if the client does not present
+    // a certificate.
+    // For client side - validates the server certificate or fails.
     VERIFY,
+    // For server side - same as VERIFY but will fail if no certificate
+    // is sent.
+    // For client side - same as VERIFY.
     VERIFY_REQ_CLIENT_CERT,
+    // No verification is done for both server and client side.
     NO_VERIFY
   };