var _ClientAuthType_index = [...]uint8{0, 12, 29, 49, 72, 98}

func (i ClientAuthType) String() string {
	if i < 0 || i >= ClientAuthType(len(_ClientAuthType_index)-1) {
		return "ClientAuthType(" + strconv.FormatInt(int64(i), 10) + ")"
	}
	return _ClientAuthType_name[_ClientAuthType_index[i]:_ClientAuthType_index[i+1]]

	return cs.ekm(label, context, length)
}

// ClientAuthType declares the policy the server will follow for
// TLS Client Authentication.
type ClientAuthType int

const (
	// NoClientCert indicates that no client certificate should be requested
	// during the handshake, and if any certificates are sent they will not
	// be verified.
	NoClientCert ClientAuthType = iota

pkg crypto/tls, method (*Dialer) Dial(string, string) (net.Conn, error)
pkg crypto/tls, method (*Dialer) DialContext(context.Context, string, string) (net.Conn, error)
pkg crypto/tls, method (ClientAuthType) String() string
pkg crypto/tls, method (CurveID) String() string
pkg crypto/tls, method (SignatureScheme) String() string
pkg crypto/tls, type Config struct, VerifyConnection func(ConnectionState) error

	TLS     struct {
		Enable        bool               `json:"enable"`
		RootCAs       *x509.CertPool     `json:"-"`
		SkipVerify    bool               `json:"skipVerify"`
		ClientAuth    tls.ClientAuthType `json:"clientAuth"`
		ClientTLSCert string             `json:"clientTLSCert"`
		ClientTLSKey  string             `json:"clientTLSKey"`
	} `json:"tls"`
	SASL struct {
		Enable    bool   `json:"enable"`

	TLS        struct {
		Enable        bool               `json:"enable"`
		RootCAs       *x509.CertPool     `json:"-"`
		SkipVerify    bool               `json:"skipVerify"`
		ClientAuth    tls.ClientAuthType `json:"clientAuth"`
		ClientTLSCert string             `json:"clientTLSCert"`
		ClientTLSKey  string             `json:"clientTLSKey"`
	} `json:"tls"`
	SASL struct {
		Enable    bool   `json:"enable"`

		kafkaArgs.TLS.Enable = getCfgVal(EnvKafkaTLS, k, kv.Get(KafkaTLS)) == config.EnableOn
		kafkaArgs.TLS.SkipVerify = getCfgVal(EnvKafkaTLSSkipVerify, k, kv.Get(KafkaTLSSkipVerify)) == config.EnableOn
		kafkaArgs.TLS.ClientAuth = tls.ClientAuthType(clientAuth)

		kafkaArgs.TLS.ClientTLSCert = getCfgVal(EnvKafkaClientTLSCert, k, kv.Get(KafkaClientTLSCert))
		kafkaArgs.TLS.ClientTLSKey = getCfgVal(EnvKafkaClientTLSKey, k, kv.Get(KafkaClientTLSKey))

		kafkaArgs.TLS.Enable = env.Get(tlsEnableEnv, kv.Get(target.KafkaTLS)) == config.EnableOn
		kafkaArgs.TLS.SkipVerify = env.Get(tlsSkipVerifyEnv, kv.Get(target.KafkaTLSSkipVerify)) == config.EnableOn
		kafkaArgs.TLS.ClientAuth = tls.ClientAuthType(clientAuth)

		kafkaArgs.TLS.ClientTLSCert = env.Get(tlsClientTLSCertEnv, kv.Get(target.KafkaClientTLSCert))
		kafkaArgs.TLS.ClientTLSKey = env.Get(tlsClientTLSKeyEnv, kv.Get(target.KafkaClientTLSKey))

}

func testVerifyCertificates(t *testing.T, version uint16) {
	tests := []struct {
		name string

		InsecureSkipVerify bool
		ClientAuth         ClientAuthType
		ClientCertificates bool
	}{
		{
			name: "defaults",
		},
		{
			name:               "InsecureSkipVerify",
			InsecureSkipVerify: true,
		},
		{

		{"(*QUICConn).SetTransportParameters", Method, 21},
		{"(*QUICConn).Start", Method, 21},
		{"(*SessionState).Bytes", Method, 21},
		{"(AlertError).Error", Method, 21},
		{"(ClientAuthType).String", Method, 15},
		{"(CurveID).String", Method, 15},
		{"(QUICEncryptionLevel).String", Method, 21},
		{"(RecordHeaderError).Error", Method, 6},
		{"(SignatureScheme).String", Method, 15},

pkg crypto/subtle, func ConstantTimeSelect(int, int, int) int
pkg crypto/tls, const NoClientCert ClientAuthType
pkg crypto/tls, const RequestClientCert ClientAuthType
pkg crypto/tls, const RequireAndVerifyClientCert ClientAuthType
pkg crypto/tls, const RequireAnyClientCert ClientAuthType
pkg crypto/tls, const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16
pkg crypto/tls, const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16