Add some documentation for CA certificate validation (#1176)

cceckman-at-fastly · web-flow · commit b5fa57e02fa9 · 2025-04-11T12:35:59.000-07:00
diff --git a/types/backend.d.ts b/types/backend.d.ts
@@ -66,6 +66,15 @@ declare module 'fastly:backend' {
     betweenBytesTimeout?: number;
     /**
      * Whether or not to require TLS for connections to this backend.
+     *
+     * When using TLS, Fastly checks the validity of the backend's certificate, and fails the connection if the certificate is invalid.
+     * This check is not optional: an invalid certificate will cause the backend connection to fail (but read on).
+     *
+     * By default, the validity check does not require that the certificate hostname matches the hostname of your request.
+     * You can use {@link BackendConfiguration.certificateHostname} to request a check of the certificate hostname.
+     *
+     * By default, certificate validity uses a set of public certificate authorities.
+     * You can specify an alternative CA using {@link caCertificate}.
      */
     useSSL?: boolean;
     /**
@@ -93,6 +102,8 @@ declare module 'fastly:backend' {
     /**
      * The CA certificate to use when checking the validity of the backend.
      *
+     * If not provided (default), the backend's certificate is validated using a set of public root CAs.
+     *
      * @throws {TypeError} Throws a TypeError if the value is an empty string.
      */
     caCertificate?: string;
@@ -187,6 +198,8 @@ declare module 'fastly:backend' {
     /**
      * Define the hostname that the server certificate should declare.
      *
+     * If not set (default), the server certificate may present any hostname.
+     *
      * @throws {TypeError} Throws a TypeError if the value is an empty string.
      */
     certificateHostname?: string;
