The structure used for defining the PKI setup data to be used. More...
#include <coap_dtls.h>
Collaboration diagram for coap_dtls_pki_t:Data Fields | |
| uint8_t | version |
| uint8_t | verify_peer_cert |
| Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct. More... | |
| uint8_t | check_common_ca |
| 1 if peer cert is to be signed by the same CA as the local cert More... | |
| uint8_t | allow_self_signed |
| 1 if self-signed certs are allowed. More... | |
| uint8_t | allow_expired_certs |
| 1 if expired certs are allowed More... | |
| uint8_t | cert_chain_validation |
| 1 if to check cert_chain_verify_depth More... | |
| uint8_t | cert_chain_verify_depth |
| recommended depth is 3 More... | |
| uint8_t | check_cert_revocation |
| 1 if revocation checks wanted More... | |
| uint8_t | allow_no_crl |
| 1 ignore if CRL not there More... | |
| uint8_t | allow_expired_crl |
| 1 if expired crl is allowed More... | |
| uint8_t | allow_bad_md_hash |
| 1 if unsupported MD hashes are allowed More... | |
| uint8_t | allow_short_rsa_length |
| 1 if small RSA keysizes are allowed More... | |
| uint8_t | is_rpk_not_cert |
| 1 is RPK instead of Public Certificate. More... | |
| uint8_t | reserved [3] |
| Reserved - must be set to 0 for future compatibility. More... | |
| coap_dtls_cn_callback_t | validate_cn_call_back |
| CN check callback function. More... | |
| void * | cn_call_back_arg |
| Passed in to the CN callback function. More... | |
| coap_dtls_pki_sni_callback_t | validate_sni_call_back |
| SNI check callback function. More... | |
| void * | sni_call_back_arg |
| Passed in to the sni callback function. More... | |
| coap_dtls_security_setup_t | additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup. More... | |
| char * | client_sni |
| If not NULL, SNI to use in client TLS setup. More... | |
| coap_dtls_key_t | pki_key |
| PKI key definition. More... | |
Detailed Description
The structure used for defining the PKI setup data to be used.
Definition at line 256 of file coap_dtls.h.
Field Documentation
◆ additional_tls_setup_call_back
| coap_dtls_security_setup_t coap_dtls_pki_t::additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL, called from within the TLS Client Hello connection setup.
Definition at line 307 of file coap_dtls.h.
◆ allow_bad_md_hash
| uint8_t coap_dtls_pki_t::allow_bad_md_hash |
1 if unsupported MD hashes are allowed
Definition at line 272 of file coap_dtls.h.
◆ allow_expired_certs
| uint8_t coap_dtls_pki_t::allow_expired_certs |
1 if expired certs are allowed
Definition at line 266 of file coap_dtls.h.
◆ allow_expired_crl
| uint8_t coap_dtls_pki_t::allow_expired_crl |
1 if expired crl is allowed
Definition at line 271 of file coap_dtls.h.
◆ allow_no_crl
| uint8_t coap_dtls_pki_t::allow_no_crl |
1 ignore if CRL not there
Definition at line 270 of file coap_dtls.h.
◆ allow_self_signed
| uint8_t coap_dtls_pki_t::allow_self_signed |
1 if self-signed certs are allowed.
Ignored if check_common_ca set
Definition at line 264 of file coap_dtls.h.
◆ allow_short_rsa_length
| uint8_t coap_dtls_pki_t::allow_short_rsa_length |
1 if small RSA keysizes are allowed
Definition at line 273 of file coap_dtls.h.
◆ cert_chain_validation
| uint8_t coap_dtls_pki_t::cert_chain_validation |
1 if to check cert_chain_verify_depth
Definition at line 267 of file coap_dtls.h.
◆ cert_chain_verify_depth
| uint8_t coap_dtls_pki_t::cert_chain_verify_depth |
recommended depth is 3
Definition at line 268 of file coap_dtls.h.
◆ check_cert_revocation
| uint8_t coap_dtls_pki_t::check_cert_revocation |
1 if revocation checks wanted
Definition at line 269 of file coap_dtls.h.
◆ check_common_ca
| uint8_t coap_dtls_pki_t::check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert
Definition at line 262 of file coap_dtls.h.
◆ client_sni
| char* coap_dtls_pki_t::client_sni |
If not NULL, SNI to use in client TLS setup.
Owned by the client app and must remain valid during the call to coap_new_client_session_pki()
Definition at line 309 of file coap_dtls.h.
◆ cn_call_back_arg
| void* coap_dtls_pki_t::cn_call_back_arg |
Passed in to the CN callback function.
Definition at line 292 of file coap_dtls.h.
◆ is_rpk_not_cert
| uint8_t coap_dtls_pki_t::is_rpk_not_cert |
1 is RPK instead of Public Certificate.
If set, PKI key format type cannot be COAP_PKI_KEY_PEM
Definition at line 274 of file coap_dtls.h.
◆ pki_key
| coap_dtls_key_t coap_dtls_pki_t::pki_key |
PKI key definition.
Definition at line 313 of file coap_dtls.h.
◆ reserved
| uint8_t coap_dtls_pki_t::reserved[3] |
Reserved - must be set to 0 for future compatibility.
Definition at line 277 of file coap_dtls.h.
◆ sni_call_back_arg
| void* coap_dtls_pki_t::sni_call_back_arg |
Passed in to the sni callback function.
Definition at line 300 of file coap_dtls.h.
◆ validate_cn_call_back
| coap_dtls_cn_callback_t coap_dtls_pki_t::validate_cn_call_back |
CN check callback function.
If not NULL, is called when the TLS connection has passed the configured TLS options above for the application to verify if the CN is valid.
Definition at line 291 of file coap_dtls.h.
◆ validate_sni_call_back
| coap_dtls_pki_sni_callback_t coap_dtls_pki_t::validate_sni_call_back |
SNI check callback function.
If not NULL, called if the SNI is not previously seen and prior to sending a certificate set back to the client so that the appropriate certificate set can be used based on the requesting SNI.
Definition at line 299 of file coap_dtls.h.
◆ verify_peer_cert
| uint8_t coap_dtls_pki_t::verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
1 if peer cert is to be verified
Definition at line 261 of file coap_dtls.h.
◆ version
| uint8_t coap_dtls_pki_t::version |
Definition at line 257 of file coap_dtls.h.
The documentation for this struct was generated from the following file:
