added docs for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION and WOLFSSL_SYS_C…

…A_CERTS
wolfSSL · Oct 19, 2023 · ec03a1e · ec03a1e
1 parent f2bcd7a
commit ec03a1e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/wolfSSL/src/chapter02.md b/wolfSSL/src/chapter02.md
@@ -596,6 +596,14 @@ Will choose a hash algorithm that matches the ephemeral ECDHE key size or the ne
 
 Allows CA's to be presented by peer, but not part of a valid chain. Default wolfSSL behavior is to require validation of all presented peer certificates. This also allows loading intermediate CA's as trusted and ignoring no signer failures for CA's up the chain to root. The alternate certificate chain mode only requires that the peer certificate validate to a trusted CA.
 
+#### WOLFSSL_SYS_CA_CERTS
+
+Allows wolfSSL to use trusted system CA certificates for verification when [`wolfSSL_CTX_load_system_CA_certs()`](group__CertsKeys.html#function-wolfssl_ctx_load_system_ca_certs) is called, either by loading them into wolfSSL certificate manager, or by invoking system authentication APIs. See [`wolfSSL_CTX_load_system_CA_certs()`](group__CertsKeys.html#function-wolfssl_ctx_load_system_ca_certs) for more details. This preprocessor macro is automatically set by the `--enable-sys-ca-certs` configure option.
+
+#### WOLFSSL_APPLE_NATIVE_CERT_VERIFICATION
+
+Enables the use of Apple's native trust APIs when authenticating TLS peer certificates. Requires [WOLFSSL_SYS_CA_CERTS](#WOLFSSL_SYS_CA_CERTS) to be defined. This macro does not need to be set by the user if building with `configure` or `CMake`.
+
 #### WOLFSSL_CUSTOM_CURVES
 
 Allow non-standard curves. Includes the curve "a" variable in calculation. Additional curve types can be enabled using [`HAVE_ECC_SECPR2`](#have_ecc_secpr2), [`HAVE_ECC_SECPR3`](#have_ecc_secpr3), [`HAVE_ECC_BRAINPOOL`](#have_ecc_brainpool) and [`HAVE_ECC_KOBLITZ`](#have_ecc_koblitz).
@@ -2059,6 +2067,9 @@ Use of the WOLF_CRYPTO_CB_ONLY_* options requires disabling the examples. See [`
 
 Suppresses the binary jitter (timestamps and other non-functional metadata) to allow generation of bitwise-identical binary packages with identical hashes.
 
+### `--enable-sys-ca-certs`
+Allows wolfSSL to use trusted system CA certificates for verification when [`wolfSSL_CTX_load_system_CA_certs()`](group__CertsKeys.html#function-wolfssl_ctx_load_system_ca_certs) is called, either by loading them into wolfSSL certificate manager, or by invoking system authentication APIs. See [`wolfSSL_CTX_load_system_CA_certs()`](group__CertsKeys.html#function-wolfssl_ctx_load_system_ca_certs) for more details.
+
 ## Special Math Optimization Flags
 
 ### `--enable-fastmath`