doc: clarified re-handshake details under TLS1.2 server

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-04-23 10:07:32 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-05-04 11:38:50 +0200
commit: fcd805e42c55024efab0e3b5e92d04c59c687930 (patch)
tree: 55e8a3058d75b5d56f705f1e73c4919c44536675 /doc/cha-gtls-app.texi
parent: a55d3f831e91ff7c358d1f634814724a0c0252e7 (diff)
download: gnutls-fcd805e42c55024efab0e3b5e92d04c59c687930.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 811f84db6c..c775f4b2c1 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1788,7 +1788,11 @@ A server which wants to instruct the client to re-authenticate, should call
 @funcref{gnutls_rehandshake} and wait for the client to re-authenticate.
 It is recommended to only request re-handshake when safe renegotiation is
 enabled for that session (see @funcref{gnutls_safe_renegotiation_status} and
-the discussion in @ref{Safe renegotiation}).
+the discussion in @ref{Safe renegotiation}). A server could also encounter
+the GNUTLS_E_REHANDSHAKE error code while receiving data. That indicates
+a client-initiated re-handshake request. In that case the server could
+ignore that request, perform handshake (unsafe when done generally), or
+even drop the connection.
 
 @showfuncdesc{gnutls_rehandshake}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-04-23 10:07:32 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-05-04 11:38:50 +0200
commit	fcd805e42c55024efab0e3b5e92d04c59c687930 (patch)
tree	55e8a3058d75b5d56f705f1e73c4919c44536675 /doc/cha-gtls-app.texi
parent	a55d3f831e91ff7c358d1f634814724a0c0252e7 (diff)
download	gnutls-fcd805e42c55024efab0e3b5e92d04c59c687930.tar.gz