From 06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 5 Oct 2025 16:51:15 -0700
Subject: fixes #2173 New TLS cert API - replaces the properties for CN and
 ALTNAMES.

This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN
properties, and gives a bit more access to the certificate, as well as
direct access to the raw DER form, which should allow use in other APIs.
---
 docs/ref/migrate/nng1.md | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'docs/ref/migrate')

diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
index 5b85c41d..df062efd 100644
--- a/docs/ref/migrate/nng1.md
+++ b/docs/ref/migrate/nng1.md
@@ -156,6 +156,15 @@ The ability to configure multiple keys and certificates for a given TLS configur
 The intended purpose was to support alternative cryptographic algorithms, but this is not necessary, was never
 used, and was error prone.
 
+## TLS Peer Certificate APIs Replaced
+
+The `NNG_OPT_TLS_PEER_CN` and `NNG_OPT_TLS_PEER_ALT_NAMES` properties have been removed.
+They are replaced with functions like [`nng_pipe_peer_cert`], [`nng_stream_peer_cert`],
+and [`nng_http_peer_cert`] which return a new `nng_tls_cert` object.
+
+This object supports methods to get additional information about the certificate, as well
+as to obtain the raw DER content so that it can be imported for use in other APIs.
+
 ## Support for Local Addresses in Dial URLs Removed
 
 NNG 1.x had an undocumented ability to specify the local address to bind
-- 
cgit v1.2.3-70-g09d2