docs: add documentation for TLS client authentication settings

2025-06-13 21:54:13 +08:00 · 2023-11-26 00:18:29 +08:00 · 2023-11-26 00:18:29 +08:00 · 20088dc78f
commit 20088dc78f
parent 737f47858a
2 changed files with 101 additions and 5 deletions
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@ -12,6 +12,9 @@
  "certificate_path": "",
  "key": [],
  "key_path": "",
+  "clientAuth": false,
+  "clientCA": [],
+  "clientCA_path": "",
  "acme": {
    "domain": [],
    "data_directory": "",
@ -64,8 +67,13 @@
  "min_version": "",
  "max_version": "",
  "cipher_suites": [],
-  "certificate": "",
+  "certificate": [],
  "certificate_path": "",
+  "clientAuth": false,
+  "client_key": [],
+  "client_key_path": "",
+  "client_certificate": [],
+  "client_certificate_path": "",
  "ech": {
    "enabled": false,
    "pq_signature_schemes_enabled": false,
@ -189,6 +197,46 @@ The server private key line array, in PEM format.

 The path to the server private key, in PEM format.

+#### clientAuth
+
+Enable TLS Client Authentication
+
+#### clientCA
+
+==Server only==
+
+The server's client CA Certificate line array, in PEM format.
+
+#### clientCA_path
+
+==Server only==
+
+The path to the server's client CA certificate, in PEM format.
+
+#### client_certificate
+
+==Client only==
+
+The client certificate line array, in PEM format.
+
+#### certificate_path
+
+==Client only==
+
+The path to the client certificate, in PEM format.
+
+#### client_key
+
+==Client only==
+
+The client private key line array, in PEM format.
+
+#### client_key_path
+
+==Client only==
+
+The path to the client private, in PEM format.
+
 ## Custom TLS support

 !!! info "QUIC support"
@ -245,7 +293,7 @@ It is recommended to match the parameters of `sing-box generate ech-keypair`.

 Disables adaptive sizing of TLS records.

-When true, the largest possible TLS record size is always used.  
+When true, the largest possible TLS record size is always used.
 When false, the size of TLS records may be adjusted in an attempt to improve latency.

 #### key
@ -405,4 +453,4 @@ Check disabled if empty.

 ### Reload

-For server configuration, certificate, key and ECH key will be automatically reloaded if modified.
+For server configuration, certificate, key and ECH key will be automatically reloaded if modified.
--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@ -12,6 +12,9 @@
  "certificate_path": "",
  "key": [],
  "key_path": "",
+  "clientAuth": false,
+  "clientCA": [],
+  "clientCA_path": "",
  "acme": {
    "domain": [],
    "data_directory": "",
@ -66,9 +69,14 @@
  "cipher_suites": [],
  "certificate": [],
  "certificate_path": "",
+  "clientAuth": false,
+  "client_key": [],
+  "client_key_path": "",
+  "client_certificate": [],
+  "client_certificate_path": "",
  "ech": {
    "enabled": false,
-    "pq_signature_schemes_enabled": false,
+    "pqignature_schemes_enabled": false,
    "dynamic_record_sizing_disabled": false,
    "config": [],
    "config_path": ""
@ -189,6 +197,46 @@ TLS 版本值：

 服务器 PEM 私钥路径。

+#### clientAuth
+
+启用客户端验证
+
+#### clientCA 
+
+==仅服务器==
+
+服务器 PEM 验证客户端 CA 证书行数组
+
+#### clientCA_path
+
+==仅服务器==
+
+服务器 PEM 验证客户端 CA 证书路径
+
+#### client_certificate
+
+==仅客户端==
+
+客户端 PEM 证书行数组。
+
+#### certificate_path
+
+==仅客户端==
+
+客户端 PEM 证书路径。
+
+#### client_key
+
+==仅客户端==
+
+客户端 PEM 私钥行数组。
+
+#### client_key_path
+
+==仅客户端==
+
+客户端 PEM 私钥路径。
+
 #### utls

 ==仅客户端==
@ -394,4 +442,4 @@ ACME DNS01 验证字段。如果配置，将禁用其他验证方法。

 ### 重载

-对于服务器配置，如果修改，证书和密钥将自动重新加载。
+对于服务器配置，如果修改，证书和密钥将自动重新加载。