Parameters for TLS connection. More...

#include <tls.h>

Data Fields
const char *	ca_cert

const u8 *	ca_cert_blob

size_t	ca_cert_blob_len

const char *	ca_path

const char *	subject_match

const char *	altsubject_match

const char *	suffix_match

const char *	domain_match

const char *	client_cert

const u8 *	client_cert_blob

size_t	client_cert_blob_len

const char *	private_key

const u8 *	private_key_blob

size_t	private_key_blob_len

const char *	private_key_passwd

const char *	dh_file

const u8 *	dh_blob

size_t	dh_blob_len

int	engine

const char *	engine_id

const char *	pin

const char *	key_id

const char *	cert_id

const char *	ca_cert_id

const char *	openssl_ciphers

unsigned int	flags

const char *	ocsp_stapling_response

Detailed Description

Parameters for TLS connection.

Parameters

ca_cert	File or reference name for CA X.509 certificate in PEM or DER format
ca_cert_blob	ca_cert as inlined data or NULL if not used
ca_cert_blob_len	ca_cert_blob length
ca_path	Path to CA certificates (OpenSSL specific)
subject_match	String to match in the subject of the peer certificate or NULL to allow all subjects
altsubject_match	String to match in the alternative subject of the peer certificate or NULL to allow all alternative subjects
suffix_match	String to suffix match in the dNSName or CN of the peer certificate or NULL to allow all domain names. This may allow subdomains an wildcard certificates. Each domain name label must have a full match.
domain_match	String to match in the dNSName or CN of the peer certificate or NULL to allow all domain names. This requires a full, case-insensitive match.
client_cert	File or reference name for client X.509 certificate in PEM or DER format
client_cert_blob	client_cert as inlined data or NULL if not used
client_cert_blob_len	client_cert_blob length
private_key	File or reference name for client private key in PEM or DER format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY)
private_key_blob	private_key as inlined data or NULL if not used
private_key_blob_len	private_key_blob length
private_key_passwd	Passphrase for decrypted private key, NULL if no passphrase is used.
dh_file	File name for DH/DSA data in PEM format, or NULL if not used
dh_blob	dh_file as inlined data or NULL if not used
dh_blob_len	dh_blob length
engine	1 = use engine (e.g., a smartcard) for private key operations (this is OpenSSL specific for now)
engine_id	engine id string (this is OpenSSL specific for now)
ppin	pointer to the pin variable in the configuration (this is OpenSSL specific for now)
key_id	the private key's id when using engine (this is OpenSSL specific for now)
cert_id	the certificate's id when using engine
ca_cert_id	the CA certificate's id when using engine
openssl_ciphers	OpenSSL cipher configuration
flags	Parameter options (TLS_CONN_*)
ocsp_stapling_response	DER encoded file with cached OCSP stapling response or NULL if OCSP is not enabled

TLS connection parameters to be configured with tls_connection_set_params() and tls_global_set_params().

Certificates and private key can be configured either as a reference name (file path or reference to certificate store) or by providing the same data as a pointer to the data in memory. Only one option will be used for each field.

The documentation for this struct was generated from the following file:

src/crypto/tls.h

Data Fields

Detailed Description