From 3bf7b817f69f33d304b0fcccda500ee5a3494671 Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Sat, 28 Aug 2021 08:21:29 +0100
Subject: [PATCH] Update docs

---
 docs/README.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/docs/README.md b/docs/README.md
index 5cf22551..6d817026 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -1073,7 +1073,7 @@ is that there is no QoS in unsubscribe request.
 
 ## TLS
 
-### mg\_tls\_init()
+### struct mg\_tls\_opts
 
 ```c
 struct mg_tls_opts {
@@ -1083,6 +1083,28 @@ struct mg_tls_opts {
   const char *ciphers;   // Cipher list
   struct mg_str srvname; // If not empty, enables server name verification
 };
+```
+
+TLS initialisation structure:
+- `ca` - Certificate Authority. Can be a filename, or a string. Used to verify
+  a certificate that other end sends to us. If NULL, then certificate checking
+  is disabled
+- `cert` - our own certificate. Can be a filename, or a string. If NULL, then
+  we don't authenticate with the other peer
+- `certkey` - a key for a `cert`. Sometimes, a certificate and its key are
+  bundled in a single .pem file, in which case the values for `cert` and
+  `certkey` could be the same
+- `ciphers` - a list of allowed ciphers
+- `srvname` - enable server name verification
+
+
+NOTE: if both `ca` and `cert` are set, then so-called two-way TLS is enabled,
+when both sides authenticate with each other. Usually, server-side connections
+set both `ca` and `cert`, whilst client-side - only `ca`.
+
+### mg\_tls\_init()
+
+```c
 int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts);
 ```