libcoap  4.3.0
coap_dtls_pki_t Struct Reference

The structure used for defining the PKI setup data to be used. More...

#include <coap_dtls.h>

+ Collaboration diagram for coap_dtls_pki_t:

Data Fields

uint8_t version
 
uint8_t verify_peer_cert
 Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct. More...
 
uint8_t check_common_ca
 1 if peer cert is to be signed by the same CA as the local cert More...
 
uint8_t allow_self_signed
 1 if self-signed certs are allowed. More...
 
uint8_t allow_expired_certs
 1 if expired certs are allowed More...
 
uint8_t cert_chain_validation
 1 if to check cert_chain_verify_depth More...
 
uint8_t cert_chain_verify_depth
 recommended depth is 3 More...
 
uint8_t check_cert_revocation
 1 if revocation checks wanted More...
 
uint8_t allow_no_crl
 1 ignore if CRL not there More...
 
uint8_t allow_expired_crl
 1 if expired crl is allowed More...
 
uint8_t allow_bad_md_hash
 1 if unsupported MD hashes are allowed More...
 
uint8_t allow_short_rsa_length
 1 if small RSA keysizes are allowed More...
 
uint8_t is_rpk_not_cert
 1 is RPK instead of Public Certificate. More...
 
uint8_t reserved [3]
 Reserved - must be set to 0 for future compatibility. More...
 
coap_dtls_cn_callback_t validate_cn_call_back
 CN check callback function. More...
 
void * cn_call_back_arg
 Passed in to the CN callback function. More...
 
coap_dtls_pki_sni_callback_t validate_sni_call_back
 SNI check callback function. More...
 
void * sni_call_back_arg
 Passed in to the sni callback function. More...
 
coap_dtls_security_setup_t additional_tls_setup_call_back
 Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup. More...
 
char * client_sni
 If not NULL, SNI to use in client TLS setup. More...
 
coap_dtls_key_t pki_key
 PKI key definition. More...
 

Detailed Description

The structure used for defining the PKI setup data to be used.

Definition at line 244 of file coap_dtls.h.

Field Documentation

◆ additional_tls_setup_call_back

coap_dtls_security_setup_t coap_dtls_pki_t::additional_tls_setup_call_back

Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup.

Definition at line 295 of file coap_dtls.h.

◆ allow_bad_md_hash

uint8_t coap_dtls_pki_t::allow_bad_md_hash

1 if unsupported MD hashes are allowed

Definition at line 260 of file coap_dtls.h.

◆ allow_expired_certs

uint8_t coap_dtls_pki_t::allow_expired_certs

1 if expired certs are allowed

Definition at line 254 of file coap_dtls.h.

◆ allow_expired_crl

uint8_t coap_dtls_pki_t::allow_expired_crl

1 if expired crl is allowed

Definition at line 259 of file coap_dtls.h.

◆ allow_no_crl

uint8_t coap_dtls_pki_t::allow_no_crl

1 ignore if CRL not there

Definition at line 258 of file coap_dtls.h.

◆ allow_self_signed

uint8_t coap_dtls_pki_t::allow_self_signed

1 if self-signed certs are allowed.

Ignored if check_common_ca set

Definition at line 252 of file coap_dtls.h.

◆ allow_short_rsa_length

uint8_t coap_dtls_pki_t::allow_short_rsa_length

1 if small RSA keysizes are allowed

Definition at line 261 of file coap_dtls.h.

◆ cert_chain_validation

uint8_t coap_dtls_pki_t::cert_chain_validation

1 if to check cert_chain_verify_depth

Definition at line 255 of file coap_dtls.h.

◆ cert_chain_verify_depth

uint8_t coap_dtls_pki_t::cert_chain_verify_depth

recommended depth is 3

Definition at line 256 of file coap_dtls.h.

◆ check_cert_revocation

uint8_t coap_dtls_pki_t::check_cert_revocation

1 if revocation checks wanted

Definition at line 257 of file coap_dtls.h.

◆ check_common_ca

uint8_t coap_dtls_pki_t::check_common_ca

1 if peer cert is to be signed by the same CA as the local cert

Definition at line 250 of file coap_dtls.h.

◆ client_sni

char* coap_dtls_pki_t::client_sni

If not NULL, SNI to use in client TLS setup.

Owned by the client app and must remain valid during the call to coap_new_client_session_pki()

Definition at line 297 of file coap_dtls.h.

◆ cn_call_back_arg

void* coap_dtls_pki_t::cn_call_back_arg

Passed in to the CN callback function.

Definition at line 280 of file coap_dtls.h.

◆ is_rpk_not_cert

uint8_t coap_dtls_pki_t::is_rpk_not_cert

1 is RPK instead of Public Certificate.

If set, PKI key format type cannot be COAP_PKI_KEY_PEM

Definition at line 262 of file coap_dtls.h.

◆ pki_key

coap_dtls_key_t coap_dtls_pki_t::pki_key

PKI key definition.

Definition at line 301 of file coap_dtls.h.

◆ reserved

uint8_t coap_dtls_pki_t::reserved[3]

Reserved - must be set to 0 for future compatibility.

Definition at line 265 of file coap_dtls.h.

◆ sni_call_back_arg

void* coap_dtls_pki_t::sni_call_back_arg

Passed in to the sni callback function.

Definition at line 288 of file coap_dtls.h.

◆ validate_cn_call_back

coap_dtls_cn_callback_t coap_dtls_pki_t::validate_cn_call_back

CN check callback function.

If not NULL, is called when the TLS connection has passed the configured TLS options above for the application to verify if the CN is valid.

Definition at line 279 of file coap_dtls.h.

◆ validate_sni_call_back

coap_dtls_pki_sni_callback_t coap_dtls_pki_t::validate_sni_call_back

SNI check callback function.

If not NULL, called if the SNI is not previously seen and prior to sending a certificate set back to the client so that the appropriate certificate set can be used based on the requesting SNI.

Definition at line 287 of file coap_dtls.h.

◆ verify_peer_cert

uint8_t coap_dtls_pki_t::verify_peer_cert

Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.

1 if peer cert is to be verified

Definition at line 249 of file coap_dtls.h.

◆ version

uint8_t coap_dtls_pki_t::version

Definition at line 245 of file coap_dtls.h.


The documentation for this struct was generated from the following file: