diff options
| author | Garrett D'Amore <garrett@damore.org> | 2024-10-27 22:51:29 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2024-10-28 07:06:29 -0700 |
| commit | cbd8c5573ef6816d585d00d63568cf98aa6a97b8 (patch) | |
| tree | 52c2242be427f63dd862394de644394a4bc8c352 /include | |
| parent | ef1cf275eded10ccfe24c44089eb044dd5cd48b4 (diff) | |
| download | nng-cbd8c5573ef6816d585d00d63568cf98aa6a97b8.tar.gz nng-cbd8c5573ef6816d585d00d63568cf98aa6a97b8.tar.bz2 nng-cbd8c5573ef6816d585d00d63568cf98aa6a97b8.zip | |
tls: Remove the individual TLS configuration options
This is a breaking change.
TLS configuration changes are to be made using TLS configuration
objects, and then set on a listener or dialer with NNG_OPT_TLS_CONFIG.
This should be a bit less racy, and allows for simpler code.
Diffstat (limited to 'include')
| -rw-r--r-- | include/nng/nng.h | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/include/nng/nng.h b/include/nng/nng.h index a637723c..41899510 100644 --- a/include/nng/nng.h +++ b/include/nng/nng.h @@ -741,37 +741,6 @@ NNG_DECL nng_listener nng_pipe_listener(nng_pipe); // after the endpoint it is associated with is closed. #define NNG_OPT_TLS_CONFIG "tls-config" -// NNG_OPT_TLS_AUTH_MODE is a write-only integer (int) option that specifies -// whether peer authentication is needed. The option can take one of the -// values of NNG_TLS_AUTH_MODE_NONE, NNG_TLS_AUTH_MODE_OPTIONAL, or -// NNG_TLS_AUTH_MODE_REQUIRED. The default is typically NNG_TLS_AUTH_MODE_NONE -// for listeners, and NNG_TLS_AUTH_MODE_REQUIRED for dialers. If set to -// REQUIRED, then connections will be rejected if the peer cannot be verified. -// If set to OPTIONAL, then a verification step takes place, but the connection -// is still permitted. (The result can be checked with NNG_OPT_TLS_VERIFIED). -#define NNG_OPT_TLS_AUTH_MODE "tls-authmode" - -// NNG_OPT_TLS_CERT_KEY_FILE names a single file that contains a certificate -// and key identifying the endpoint. This is a write-only value. This can be -// set multiple times for different keys/certs corresponding to -// different algorithms on listeners, whereas dialers only support one. The -// file must contain both cert and key as PEM blocks, and the key must -// not be encrypted. (If more flexibility is needed, use the TLS configuration -// directly, via NNG_OPT_TLS_CONFIG.) -#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file" - -// NNG_OPT_TLS_CA_FILE names a single file that contains certificate(s) for a -// CA, and optionally CRLs, which are used to validate the peer's certificate. -// This is a write-only value, but multiple CAs can be loaded by setting this -// multiple times. -#define NNG_OPT_TLS_CA_FILE "tls-ca-file" - -// NNG_OPT_TLS_SERVER_NAME is a write-only string that can typically be -// set on dialers to check the CN of the server for a match. This -// can also affect SNI (server name indication). It usually has no effect -// on listeners. -#define NNG_OPT_TLS_SERVER_NAME "tls-server-name" - // NNG_OPT_TLS_VERIFIED returns a boolean indicating whether the peer has // been verified (true) or not (false). Typically, this is read-only, and // only available for pipes. This option may return incorrect results if |