libcoap 4.3.4
|
The structure used for defining the PKI setup data to be used. More...
#include <coap_dtls.h>
Data Fields | |
uint8_t | version |
uint8_t | verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct. More... | |
uint8_t | check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert More... | |
uint8_t | allow_self_signed |
1 if self-signed certs are allowed. More... | |
uint8_t | allow_expired_certs |
1 if expired certs are allowed More... | |
uint8_t | cert_chain_validation |
1 if to check cert_chain_verify_depth More... | |
uint8_t | cert_chain_verify_depth |
recommended depth is 3 More... | |
uint8_t | check_cert_revocation |
1 if revocation checks wanted More... | |
uint8_t | allow_no_crl |
1 ignore if CRL not there More... | |
uint8_t | allow_expired_crl |
1 if expired crl is allowed More... | |
uint8_t | allow_bad_md_hash |
1 if unsupported MD hashes are allowed More... | |
uint8_t | allow_short_rsa_length |
1 if small RSA keysizes are allowed More... | |
uint8_t | is_rpk_not_cert |
1 is RPK instead of Public Certificate. More... | |
uint8_t | reserved [3] |
Reserved - must be set to 0 for future compatibility. More... | |
coap_dtls_cn_callback_t | validate_cn_call_back |
CN check callback function. More... | |
void * | cn_call_back_arg |
Passed in to the CN callback function. More... | |
coap_dtls_pki_sni_callback_t | validate_sni_call_back |
SNI check callback function. More... | |
void * | sni_call_back_arg |
Passed in to the sni callback function. More... | |
coap_dtls_security_setup_t | additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL , called from within the TLS Client Hello connection setup. More... | |
char * | client_sni |
If not NULL, SNI to use in client TLS setup. More... | |
coap_dtls_key_t | pki_key |
PKI key definition. More... | |
The structure used for defining the PKI setup data to be used.
Definition at line 284 of file coap_dtls.h.
coap_dtls_security_setup_t coap_dtls_pki_t::additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL
, called from within the TLS Client Hello connection setup.
Definition at line 335 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_bad_md_hash |
1 if unsupported MD hashes are allowed
Definition at line 300 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_expired_certs |
1 if expired certs are allowed
Definition at line 294 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_expired_crl |
1 if expired crl is allowed
Definition at line 299 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_no_crl |
1 ignore if CRL not there
Definition at line 298 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_self_signed |
1 if self-signed certs are allowed.
Ignored if check_common_ca set
Definition at line 292 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_short_rsa_length |
1 if small RSA keysizes are allowed
Definition at line 301 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::cert_chain_validation |
1 if to check cert_chain_verify_depth
Definition at line 295 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::cert_chain_verify_depth |
recommended depth is 3
Definition at line 296 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::check_cert_revocation |
1 if revocation checks wanted
Definition at line 297 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert
Definition at line 290 of file coap_dtls.h.
char* coap_dtls_pki_t::client_sni |
If not NULL, SNI to use in client TLS setup.
Owned by the client app and must remain valid during the call to coap_new_client_session_pki()
Definition at line 337 of file coap_dtls.h.
void* coap_dtls_pki_t::cn_call_back_arg |
Passed in to the CN callback function.
Definition at line 320 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::is_rpk_not_cert |
1 is RPK instead of Public Certificate.
If set, PKI key format type cannot be COAP_PKI_KEY_PEM
Definition at line 302 of file coap_dtls.h.
coap_dtls_key_t coap_dtls_pki_t::pki_key |
PKI key definition.
Definition at line 341 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::reserved[3] |
Reserved - must be set to 0 for future compatibility.
Definition at line 305 of file coap_dtls.h.
void* coap_dtls_pki_t::sni_call_back_arg |
Passed in to the sni callback function.
Definition at line 328 of file coap_dtls.h.
coap_dtls_cn_callback_t coap_dtls_pki_t::validate_cn_call_back |
CN check callback function.
If not NULL, is called when the TLS connection has passed the configured TLS options above for the application to verify if the CN is valid.
Definition at line 319 of file coap_dtls.h.
coap_dtls_pki_sni_callback_t coap_dtls_pki_t::validate_sni_call_back |
SNI check callback function.
If not NULL
, called if the SNI is not previously seen and prior to sending a certificate set back to the client so that the appropriate certificate set can be used based on the requesting SNI.
Definition at line 327 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
1 if peer cert is to be verified
Definition at line 289 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::version |
Definition at line 285 of file coap_dtls.h.