libcoap 4.3.5-develop-72190a8
|
The structure used for defining the PKI setup data to be used. More...
#include <coap_dtls.h>
Data Fields | |
uint8_t | version |
uint8_t | verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct. | |
uint8_t | check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert | |
uint8_t | allow_self_signed |
1 if self-signed certs are allowed. | |
uint8_t | allow_expired_certs |
1 if expired certs are allowed | |
uint8_t | cert_chain_validation |
1 if to check cert_chain_verify_depth | |
uint8_t | cert_chain_verify_depth |
recommended depth is 3 | |
uint8_t | check_cert_revocation |
1 if revocation checks wanted | |
uint8_t | allow_no_crl |
1 ignore if CRL not there | |
uint8_t | allow_expired_crl |
1 if expired crl is allowed | |
uint8_t | allow_bad_md_hash |
1 if unsupported MD hashes are allowed | |
uint8_t | allow_short_rsa_length |
1 if small RSA keysizes are allowed | |
uint8_t | is_rpk_not_cert |
1 is RPK instead of Public Certificate. | |
uint8_t | use_cid |
1 if DTLS Connection ID is to be used (Client only, server always enabled) if supported | |
uint8_t | reserved [2] |
Reserved - must be set to 0 for future compatibility. | |
coap_dtls_cn_callback_t | validate_cn_call_back |
CN check callback function. | |
void * | cn_call_back_arg |
Passed in to the CN callback function. | |
coap_dtls_pki_sni_callback_t | validate_sni_call_back |
SNI check callback function. | |
void * | sni_call_back_arg |
Passed in to the sni callback function. | |
coap_dtls_security_setup_t | additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL , called from within the TLS Client Hello connection setup. | |
char * | client_sni |
If not NULL, SNI to use in client TLS setup. | |
coap_dtls_key_t | pki_key |
PKI key definition. | |
The structure used for defining the PKI setup data to be used.
Definition at line 312 of file coap_dtls.h.
coap_dtls_security_setup_t coap_dtls_pki_t::additional_tls_setup_call_back |
Additional Security callback handler that is invoked when libcoap has done the standard, defined validation checks at the TLS level, If not NULL
, called from within the TLS Client Hello connection setup.
Definition at line 366 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_bad_md_hash |
1 if unsupported MD hashes are allowed
Definition at line 328 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_expired_certs |
1 if expired certs are allowed
Definition at line 322 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_expired_crl |
1 if expired crl is allowed
Definition at line 327 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_no_crl |
1 ignore if CRL not there
Definition at line 326 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_self_signed |
1 if self-signed certs are allowed.
Ignored if check_common_ca set
Definition at line 320 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::allow_short_rsa_length |
1 if small RSA keysizes are allowed
Definition at line 329 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::cert_chain_validation |
1 if to check cert_chain_verify_depth
Definition at line 323 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::cert_chain_verify_depth |
recommended depth is 3
Definition at line 324 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::check_cert_revocation |
1 if revocation checks wanted
Definition at line 325 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::check_common_ca |
1 if peer cert is to be signed by the same CA as the local cert
Definition at line 318 of file coap_dtls.h.
char* coap_dtls_pki_t::client_sni |
If not NULL, SNI to use in client TLS setup.
Owned by the client app and must remain valid during the call to coap_new_client_session_pki(). Note: Ignored if literal IPv4 or IPv6 address.
Definition at line 368 of file coap_dtls.h.
void* coap_dtls_pki_t::cn_call_back_arg |
Passed in to the CN callback function.
Definition at line 351 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::is_rpk_not_cert |
1 is RPK instead of Public Certificate.
If set, PKI key format type cannot be COAP_PKI_KEY_PEM
Definition at line 330 of file coap_dtls.h.
coap_dtls_key_t coap_dtls_pki_t::pki_key |
PKI key definition.
Definition at line 373 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::reserved[2] |
Reserved - must be set to 0 for future compatibility.
Definition at line 336 of file coap_dtls.h.
void* coap_dtls_pki_t::sni_call_back_arg |
Passed in to the sni callback function.
Definition at line 359 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::use_cid |
1 if DTLS Connection ID is to be used (Client only, server always enabled) if supported
Definition at line 333 of file coap_dtls.h.
coap_dtls_cn_callback_t coap_dtls_pki_t::validate_cn_call_back |
CN check callback function.
If not NULL, is called when the TLS connection has passed the configured TLS options above for the application to verify if the CN is valid.
Definition at line 350 of file coap_dtls.h.
coap_dtls_pki_sni_callback_t coap_dtls_pki_t::validate_sni_call_back |
SNI check callback function.
If not NULL
, called if the SNI is not previously seen and prior to sending a certificate set back to the client so that the appropriate certificate set can be used based on the requesting SNI.
Definition at line 358 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::verify_peer_cert |
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
1 if peer cert is to be verified
Definition at line 317 of file coap_dtls.h.
uint8_t coap_dtls_pki_t::version |
Definition at line 313 of file coap_dtls.h.