nng_tls_options - TLS-specific options
#include <nng/nng.h>
#define NNG_OPT_TLS_AUTH_MODE "tls-authmode"
#define NNG_OPT_TLS_CA_FILE "tls-ca-file"
#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file"
#define NNG_OPT_TLS_CONFIG "tls-config"
#define NNG_OPT_TLS_SERVER_NAME "tls-server-name"
#define NNG_OPT_TLS_VERIFIED "tls-verified"
#define NNG_OPT_TLS_PEER_CN "tls-peer-cn"
#define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names"This page documents the various standard options that can be set or retrieved on objects using TLS.
The option names should always be used by their symbolic definitions.
In the following list of options, the name of the option is supplied, along with the data type of the underlying value.
Some options are only meaningful or supported in certain contexts, or may have other access restrictions. An attempt has been made to include details about such restrictions in the description of the option.
NNG_OPT_TLS_AUTH_MODE(int)
Write-only option used to configure the authentication mode used.
See nng_tls_config_auth_mode() for
more details.
NNG_OPT_TLS_CA_FILE(string) Write-only option naming a file containing certificates to
use for peer validation.
See nng_tls_config_ca_file() for more
information.
NNG_OPT_TLS_CERT_KEY_FILE(string) Write-only option naming a file containing the local certificate and
associated private key.
The private key used must be unencrypted.
See nng_tls_config_own_cert() for more
information.
NNG_OPT_TLS_CONFIG(nng_tls_config *)
This option references the underlying
TLS configuration object.
A hold is placed on the underlying
configuration object before returning it.
The caller should release the hold with
nng_tls_config_free() when it no
longer needs the TLS configuration object.
|
| Use this option when more advanced TLS configuration is required. |
NNG_OPT_TLS_SERVER_NAME(string) This write-only option is used to specify the name of the server. When used with a dialer, this potentially configures SNI (server name indication, which is used as a hint by a multihosting server to choose the appropriate certificate to provide) and also is used to validate the name presented in the server’s x509 certificate.
NNG_OPT_TLS_VERIFIED(bool)
This read-only option indicates whether the remote peer has been properly verified using TLS
authentication.
May return incorrect results if peer authentication is disabled.
NNG_OPT_TLS_PEER_CN(string) This read-only option returns the common name of the peer certificate. May return incorrect results if peer authentication is disabled.
NNG_OPT_TLS_PEER_ALT_NAMES(string) This read-only option returns string list with the subject alternative names of the peer certificate. May return incorrect results if peer authentication is disabled.
Generally, the following option values are also available for TLS objects, when appropriate for the context: