pub type Type = u32;
Expand description
Used to declare what type of client certificate authentication to use.
A s2n_connection will enforce client certificate authentication (mTLS) differently based on
the s2n_cert_auth_type
and s2n_mode
(client/server) of the connection, as described below.
Server behavior:
- None (default): Will not request client authentication.
- Optional: Request the client’s certificate and validate it. If no certificate is received then no validation is performed.
- Required: Request the client’s certificate and validate it. Abort the handshake if a client certificate is not received.
Client behavior:
- None: Abort the handshake if the server requests client authentication.
- Optional (default): Sends the client certificate if the server requests client authentication. No certificate is sent if the application hasn’t provided a certificate.
- Required: Send the client certificate. Abort the handshake if the server doesn’t request client authentication or if the application hasn’t provided a certificate.