Add documentation for client_allowed_sans (#4706)

* Add documentation for client_allowed_sans.

Signed-off-by: Shyukri Shyukriev <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Ben Kochie <[email protected]>

---------

Signed-off-by: Shyukri Shyukriev <[email protected]>
Signed-off-by: Ben Kochie <[email protected]>
Co-authored-by: Ben Kochie <[email protected]>

Author: goat-ssh

docs/https.md

@@ -44,6 +44,13 @@ tls_server_config:
   # CA certificate for client certificate authentication to the server.
   [ client_ca_file: <filename> ]
 
+  # Verify that the client certificate has a Subject Alternate Name (SAN)
+  # which is an exact match to an entry in this list, else terminate the
+  # connection. SAN match can be one or multiple of the following: DNS,
+  # IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate.
+  [ client_allowed_sans:
+    [ - <string> ] ]
+
   # Minimum TLS version that is acceptable.
   [ min_version: <string> | default = "TLS12" ]