diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-01-09 18:42:28 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-01-09 18:42:28 -0800 |
| commit | 6dddc0bfcb79615b8be470a5e16918360d57cadb (patch) | |
| tree | 9f12e0db8a343d4f803da1b9420a80ee0a9cc0ee /docs/nng_tls.adoc | |
| parent | 5db0c399e3a2289e5b6dacdec4035a827eb8a16d (diff) | |
| download | nng-6dddc0bfcb79615b8be470a5e16918360d57cadb.tar.gz nng-6dddc0bfcb79615b8be470a5e16918360d57cadb.tar.bz2 nng-6dddc0bfcb79615b8be470a5e16918360d57cadb.zip | |
fixes #186 Suggested API changes for nng TLS certs
Diffstat (limited to 'docs/nng_tls.adoc')
| -rw-r--r-- | docs/nng_tls.adoc | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/docs/nng_tls.adoc b/docs/nng_tls.adoc index 7c7be533..404923aa 100644 --- a/docs/nng_tls.adoc +++ b/docs/nng_tls.adoc @@ -167,68 +167,6 @@ care must be taken not to access it after the endpoint is closed.) Note that configuration object is not modifiable once it has been used in a running TLS stream. -`NNG_OPT_TLS_CA_CERT`:: - -This is a write-only binay object containing a certificate -chain, consisting of one or more X.509 certificates encoded in -either PEM or DER format. These certificates are used to -validate the peer. If multiple certificates are presented, -they must be in the same format. - -`NNG_OPT_TLS_CRL`:: - -This is a write-only CRL (revocation list) in X.509 format, -specifying certificates which may not be used. - -`NNG_OPT_TLS_CERT`:: - -This is an X.509 certificate containing the peers -own public credentials. For servers, this option may be supplied -multiple times, in order to specify multiple certificates -in order to offer different algorithms. Clients can only -have a single certificate. - -`NNG_OPT_TLS_PRIVATE_KEY`:: - -This is an encoded private key, corresponding to the most -recently established certificate. - -`NNG_OPT_TLS_PRIVATE_KEY_PASSWORD`:: - -This is a string (NUL byte terminated) used to decrypt the -most recently supplied private key, if the private key -is encrypted. (If the private key is not encrypted, then -this option need not be supplied.) - -`NNG_OPT_TLS_AUTH_MODE`:: - -This is a write only integer, indicating whether the -peer should be authenticated. It can take one of the -following values: -+ -[cols="1,2"] -|=== - -| `nng_tls_auth_mode_none` -| No authentication of the peer is performed. - -| `nng_tls_auth_mode_optional` -| The peer certificate is checked if presented, but is not required to be valid or present. - -| `nng_tls_auth_mode_required` -| The peer certificate must be present and valid. -|=== -+ -The default is `nng_tls_auth_mode_required` for -clients (meaning the server must present a valid -certificate) and `nng_tls_auth_mode_none` for -servers (meaning any client may connect). -+ -TIP: For TLS client authentication, set this to -`nng_auth_mode_required` and set the value -of `NNG_OPT_TLS_CA_CERT` to a certificate corresponding -to your own Certificate Authority. - `NNG_OPT_TLS_AUTH_VERIFIED`:: This is a read-only boolean option available only for |