From 9bbb1340c37a4a3b3a8477b058077a38d77230f7 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 23 Nov 2024 14:29:07 -0800 Subject: tls: add a mutual authentication test Also, make it clearer that TLS keys and certificates can only be set once on a configuration. (mbedTLS makes this confusing!) This mutual test is only fully validated on mbed, because wolfSSL seems to not properly validate this in many configurations. --- docs/man/nng_tls_config_own_cert.3tls.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'docs/man') diff --git a/docs/man/nng_tls_config_own_cert.3tls.adoc b/docs/man/nng_tls_config_own_cert.3tls.adoc index 66027305..814bc94c 100644 --- a/docs/man/nng_tls_config_own_cert.3tls.adoc +++ b/docs/man/nng_tls_config_own_cert.3tls.adoc @@ -18,7 +18,6 @@ nng_tls_config_own_cert - configure own certificate and key [source, c] ---- #include -#include int nng_tls_config_own_cert(nng_tls_config *cfg, const char *cert, const char *key, const char *pass); @@ -38,10 +37,9 @@ have it, and will have to in order to validate this certificate anyway). The _key_ may be encrypted with a password, in which can be supplied in _pass_. The value `NULL` should be supplied for _pass_ if the key is not encrypted. -On servers, it is possible to call this function multiple times for the -same configuration. -This can be useful for specifying different parameters -to be used for different cryptographic algorithms. +This cannot be called more than once for a given TLS configuration. +(Earlier versions of NNG allowed this, but it was never used, brittle, +and the source of confusion.) The certificate located in _cert_ and _key_ must be NUL (`\0`) terminated C strings containing -- cgit v1.2.3-70-g09d2