The structure used for defining the PKI setup data to be used. More...
#include <coap_dtls.h>
Collaboration diagram for coap_dtls_pki_t:Data Fields | |
| uint8_t | version |
| uint8_t | verify_peer_cert |
| Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct. More... | |
| uint8_t | check_common_ca |
| 1 if peer cert is to be signed by the same CA as the local cert More... | |
| uint8_t | allow_self_signed |
| 1 if self-signed certs are allowed. More... | |
| uint8_t | allow_expired_certs |
| 1 if expired certs are allowed More... | |
| uint8_t | cert_chain_validation |
| 1 if to check cert_chain_verify_depth More... | |
| uint8_t | cert_chain_verify_depth |
| recommended depth is 3 More... | |
| uint8_t | check_cert_revocation |
| 1 if revocation checks wanted More... | |
| uint8_t | allow_no_crl |
| 1 ignore if CRL not there More... | |
| uint8_t | allow_expired_crl |
| 1 if expired crl is allowed More... | |
| uint8_t | allow_bad_md_hash |
| 1 if unsupported MD hashes are allowed More... | |
| uint8_t | allow_short_rsa_length |
| 1 if small RSA keysizes are allowed More... | |
| uint8_t | is_rpk_not_cert |
| 1 is RPK instead of Public Certificate. More... | |
| uint8_t | reserved [3] |
| Reserved - must be set to 0 for future compatibility. More... | |
| coap_dtls_cn_callback_t | validate_cn_call_back |
| CN check callback function. More... | |
| void * | cn_call_back_arg |
| Passed in to the CN callback function. More... | |
| coap_dtls_pki_sni_callback_t | validate_sni_call_back |
| SNI check callback function. More... | |
| void * | sni_call_back_arg |
| Passed in to the sni callback function. More... | |
| coap_dtls_security_setup_t | additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup. More... | |
| char * | client_sni |
| If not NULL, SNI to use in client TLS setup. More... | |
| coap_dtls_key_t | pki_key |
| PKI key definition. More... | |
Detailed Description
The structure used for defining the PKI setup data to be used.
Definition at line 244 of file coap_dtls.h.
Field Documentation
◆ additional_tls_setup_call_back
| coap_dtls_security_setup_t coap_dtls_pki_t::additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup.
Definition at line 295 of file coap_dtls.h.
◆ allow_bad_md_hash
| uint8_t coap_dtls_pki_t::allow_bad_md_hash |
1 if unsupported MD hashes are allowed
Definition at line 260 of file coap_dtls.h.
◆ allow_expired_certs
| uint8_t coap_dtls_pki_t::allow_expired_certs |
1 if expired certs are allowed
Definition at line 254 of file coap_dtls.h.
◆ allow_expired_crl
| uint8_t coap_dtls_pki_t::allow_expired_crl |
1 if expired crl is allowed
Definition at line 259 of file coap_dtls.h.
◆ allow_no_crl
| uint8_t coap_dtls_pki_t::allow_no_crl |
1 ignore if CRL not there
Definition at line 258 of file coap_dtls.h.
◆ allow_self_signed
| uint8_t coap_dtls_pki_t::allow_self_signed |
1 if self-signed certs are allowed.
Ignored if check_common_ca set
Definition at line 252 of file coap_dtls.h.
◆ allow_short_rsa_length
| uint8_t coap_dtls_pki_t::allow_short_rsa_length |
1 if small RSA keysizes are allowed
Definition at line 261 of file coap_dtls.h.
◆ cert_chain_validation
| uint8_t coap_dtls_pki_t::cert_chain_validation |
1 if to check cert_chain_verify_depth
Definition at line 255 of file coap_dtls.h.
◆ cert_chain_verify_depth
| uint8_t coap_dtls_pki_t::cert_chain_verify_depth |
recommended depth is 3
Definition at line 256 of file coap_dtls.h.
◆ check_cert_revocation
| uint8_t coap_dtls_pki_t::check_cert_revocation |
1 if revocation checks wanted
Definition at line 257 of file coap_dtls.h.
◆ check_common_ca
| uint8_t coap_dtls_pki_t::check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert
Definition at line 250 of file coap_dtls.h.
◆ client_sni
| char* coap_dtls_pki_t::client_sni |
If not NULL, SNI to use in client TLS setup.
Owned by the client app and must remain valid during the call to coap_new_client_session_pki()
Definition at line 297 of file coap_dtls.h.
◆ cn_call_back_arg
| void* coap_dtls_pki_t::cn_call_back_arg |
Passed in to the CN callback function.
Definition at line 280 of file coap_dtls.h.
◆ is_rpk_not_cert
| uint8_t coap_dtls_pki_t::is_rpk_not_cert |
1 is RPK instead of Public Certificate.
If set, PKI key format type cannot be COAP_PKI_KEY_PEM
Definition at line 262 of file coap_dtls.h.
◆ pki_key
| coap_dtls_key_t coap_dtls_pki_t::pki_key |
PKI key definition.
Definition at line 301 of file coap_dtls.h.
◆ reserved
| uint8_t coap_dtls_pki_t::reserved[3] |
Reserved - must be set to 0 for future compatibility.
Definition at line 265 of file coap_dtls.h.
◆ sni_call_back_arg
| void* coap_dtls_pki_t::sni_call_back_arg |
Passed in to the sni callback function.
Definition at line 288 of file coap_dtls.h.
◆ validate_cn_call_back
| coap_dtls_cn_callback_t coap_dtls_pki_t::validate_cn_call_back |
CN check callback function.
If not NULL, is called when the TLS connection has passed the configured TLS options above for the application to verify if the CN is valid.
Definition at line 279 of file coap_dtls.h.
◆ validate_sni_call_back
| coap_dtls_pki_sni_callback_t coap_dtls_pki_t::validate_sni_call_back |
SNI check callback function.
If not NULL, called if the SNI is not previously seen and prior to sending a certificate set back to the client so that the appropriate certificate set can be used based on the requesting SNI.
Definition at line 287 of file coap_dtls.h.
◆ verify_peer_cert
| uint8_t coap_dtls_pki_t::verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
1 if peer cert is to be verified
Definition at line 249 of file coap_dtls.h.
◆ version
| uint8_t coap_dtls_pki_t::version |
Definition at line 245 of file coap_dtls.h.
The documentation for this struct was generated from the following file:
