docs: add documentation for TLS client authentication settings

docs/configuration/shared/tls.md

@@ -12,6 +12,9 @@
   "certificate_path": "",
   "key": [],
   "key_path": "",
+  "clientAuth": false,
+  "clientCA": [],
+  "clientCA_path": "",
   "acme": {
     "domain": [],
     "data_directory": "",
@@ -64,8 +67,13 @@
   "min_version": "",
   "max_version": "",
   "cipher_suites": [],
-  "certificate": "",
+  "certificate": [],
   "certificate_path": "",
+  "clientAuth": false,
+  "client_key": [],
+  "client_key_path": "",
+  "client_certificate": [],
+  "client_certificate_path": "",
   "ech": {
     "enabled": false,
     "pq_signature_schemes_enabled": false,
@@ -189,6 +197,46 @@ The server private key line array, in PEM format.
 
 The path to the server private key, in PEM format.
 
+#### clientAuth
+
+Enable TLS Client Authentication
+
+#### clientCA
+
+==Server only==
+
+The server's client CA Certificate line array, in PEM format.
+
+#### clientCA_path
+
+==Server only==
+
+The path to the server's client CA certificate, in PEM format.
+
+#### client_certificate
+
+==Client only==
+
+The client certificate line array, in PEM format.
+
+#### certificate_path
+
+==Client only==
+
+The path to the client certificate, in PEM format.
+
+#### client_key
+
+==Client only==
+
+The client private key line array, in PEM format.
+
+#### client_key_path
+
+==Client only==
+
+The path to the client private, in PEM format.
+
 ## Custom TLS support
 
 !!! info "QUIC support"
@@ -245,7 +293,7 @@ It is recommended to match the parameters of `sing-box generate ech-keypair`.
 
 Disables adaptive sizing of TLS records.
 
-When true, the largest possible TLS record size is always used.  
+When true, the largest possible TLS record size is always used.
 When false, the size of TLS records may be adjusted in an attempt to improve latency.
 
 #### key
@@ -405,4 +453,4 @@ Check disabled if empty.
 
 ### Reload
 
-For server configuration, certificate, key and ECH key will be automatically reloaded if modified.
+For server configuration, certificate, key and ECH key will be automatically reloaded if modified.

docs/configuration/shared/tls.zh.md

@@ -12,6 +12,9 @@
   "certificate_path": "",
   "key": [],
   "key_path": "",
+  "clientAuth": false,
+  "clientCA": [],
+  "clientCA_path": "",
   "acme": {
     "domain": [],
     "data_directory": "",
@@ -66,9 +69,14 @@
   "cipher_suites": [],
   "certificate": [],
   "certificate_path": "",
+  "clientAuth": false,
+  "client_key": [],
+  "client_key_path": "",
+  "client_certificate": [],
+  "client_certificate_path": "",
   "ech": {
     "enabled": false,
-    "pq_signature_schemes_enabled": false,
+    "pqignature_schemes_enabled": false,
     "dynamic_record_sizing_disabled": false,
     "config": [],
     "config_path": ""
@@ -189,6 +197,46 @@ TLS 版本值：
 
 服务器 PEM 私钥路径。
 
+#### clientAuth
+
+启用客户端验证
+
+#### clientCA 
+
+==仅服务器==
+
+服务器 PEM 验证客户端 CA 证书行数组
+
+#### clientCA_path
+
+==仅服务器==
+
+服务器 PEM 验证客户端 CA 证书路径
+
+#### client_certificate
+
+==仅客户端==
+
+客户端 PEM 证书行数组。
+
+#### certificate_path
+
+==仅客户端==
+
+客户端 PEM 证书路径。
+
+#### client_key
+
+==仅客户端==
+
+客户端 PEM 私钥行数组。
+
+#### client_key_path
+
+==仅客户端==
+
+客户端 PEM 私钥路径。
+
 #### utls
 
 ==仅客户端==
@@ -394,4 +442,4 @@ ACME DNS01 验证字段。如果配置，将禁用其他验证方法。
 
 ### 重载
 
-对于服务器配置，如果修改，证书和密钥将自动重新加载。
+对于服务器配置，如果修改，证书和密钥将自动重新加载。