diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-01-11 14:58:09 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-01-16 08:45:11 -0800 |
| commit | bbf012364d9f1482b16c97b8bfd2fd07130446ca (patch) | |
| tree | 2cb45903b0d5aa756d44f27b39a99c318a99a9a2 /docs/libnng.adoc | |
| parent | 18229bbb69423d64d0a1b98bcf4bf3e24fba3aa4 (diff) | |
| download | nng-bbf012364d9f1482b16c97b8bfd2fd07130446ca.tar.gz nng-bbf012364d9f1482b16c97b8bfd2fd07130446ca.tar.bz2 nng-bbf012364d9f1482b16c97b8bfd2fd07130446ca.zip | |
fixes #201 TLS configuration should support files for certificates and keys
This adds support for configuration of TLS websockets using the files
for keys, certificates, and CRLs. Significant changes to the websocket,
TLS, and HTTP layers were made here. We now expect TLS configuration to
be tied to the HTTP layer, and the HTTP code creates default configuration
objects based on the URL supplied. (HTTP dialers and listeners are now
created with a URL rather than a sockaddr, giving them access to the scheme
as well.)
We fixed several bugs affecting TLS validation, and added a test suite
that confirms that validation works as it should. We also fixed an orphaned
socket during HTTP negotiation, responsible for an occasional assertion
error if the http handshake does not complete successfully. Finally several
use-after-free races were closed.
TLS layer changes include reporting of handshake failures using newly
created "standard" error codes for peer authentication and cryptographic
failures.
The use of the '*' wild card in URLs at bind time is no longer supported
for websocket at least.
Documentation updates for all this are in place as well.
Diffstat (limited to 'docs/libnng.adoc')
| -rw-r--r-- | docs/libnng.adoc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/libnng.adoc b/docs/libnng.adoc index d232dfe3..e5fd24ec 100644 --- a/docs/libnng.adoc +++ b/docs/libnng.adoc @@ -161,10 +161,12 @@ The following functions are used to manipulate TLS configuration objects. [cols="1,4"] |=== -| <<nng_tls_config_auth_alloc#nng_tls_config_alloc(3)>>|allocate TLS configuration -| <<nng_tls_config_auth_mode#nng_tls_config_auth_mode(3)>>|set authentication mode +| <<nng_tls_config_auth_alloc#,nng_tls_config_alloc(3)>>|allocate TLS configuration +| <<nng_tls_config_auth_mode#,nng_tls_config_auth_mode(3)>>|set authentication mode | <<nng_tls_config_ca_chain#,nng_tls_config_ca_chain(3)>>|set certificate authority chain -| <<nng_tls_config_own_cert#nng_tls_config_own)cert(3)>>|set own certificate and key +| <<nng_tls_config_ca_file#,nng_tls_config_ca_file(3)>>|load certificate authority from file +| <<nng_tls_config_cert_key_file#,nng_tls_config_cert_key_file_cert(3)>>|load own certificate and key from file +| <<nng_tls_config_own_cert#,nng_tls_config_own_cert(3)>>|set own certificate and key | <<nng_tls_config_free#,nng_tls_config_free(3)>>}free TLS configuration | <<nng_tls_config_server_name#,nng_tls_config_server_name(3)>>|set remote server name |=== |