Comments for SSLVerifyPeerEnum

Summary:
Document what the enum settings mean since they can be
somewhat confusing.

Reviewed By: shamdor-fb

Differential Revision: D2882929

fb-gh-sync-id: 74ec30132bf5d2dce42f51a0b7b30cf2fae12dbf

diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index b6742bcc16a47dbe8c86977468992a9560d112ef..538e41d5c3862ef61b372a355f84c1e3599dd91c 100644 (file)
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -77,10 +77,22 @@ class SSLContext {
      TLSv1
   };
 
-  enum SSLVerifyPeerEnum{
+  /**
+   * Defines the way that peers are verified.
+   **/
+  enum SSLVerifyPeerEnum {
+    // Used by AsyncSSLSocket to delegate to the SSLContext's setting
     USE_CTX,
+    // For server side - request a client certificate and verify the
+    // certificate if it is sent.  Does not fail if the client does not present
+    // a certificate.
+    // For client side - validates the server certificate or fails.
     VERIFY,
+    // For server side - same as VERIFY but will fail if no certificate
+    // is sent.
+    // For client side - same as VERIFY.
     VERIFY_REQ_CLIENT_CERT,
+    // No verification is done for both server and client side.
     NO_VERIFY
   };