|  | MQTT C Client Libraries Internals
    | 
MQTTClient_sslProperties defines the settings to establish an SSL/TLS connection using the OpenSSL library. More...
#include <MQTTClient.h>
| Data Fields | |
| char | struct_id [4] | 
| The eyecatcher for this structure.  More... | |
| int | struct_version | 
| The version number of this structure.  More... | |
| const char * | trustStore | 
| The file in PEM format containing the public digital certificates trusted by the client. | |
| const char * | keyStore | 
| The file in PEM format containing the public certificate chain of the client.  More... | |
| const char * | privateKey | 
| If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key. | |
| const char * | privateKeyPassword | 
| The password to load the client's privateKey if encrypted. | |
| const char * | enabledCipherSuites | 
| The list of cipher suites that the client will present to the server during the SSL handshake.  More... | |
| int | enableServerCertAuth | 
| True/False option to enable verification of the server certificate. | |
| int | sslVersion | 
| The SSL/TLS version to use.  More... | |
| int | verify | 
| Whether to carry out post-connect checks, including that a certificate matches the given host name.  More... | |
| const char * | CApath | 
| From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format.  More... | |
| int(* | ssl_error_cb )(const char *str, size_t len, void *u) | 
| Callback function for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3. | |
| void * | ssl_error_context | 
| Application-specific contex for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3. | |
| unsigned int(* | ssl_psk_cb )(const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len, void *u) | 
| Callback function for setting TLS-PSK options.  More... | |
| void * | ssl_psk_context | 
| Application-specific contex for ssl_psk_cb Exists only if struct_version >= 4. | |
| int | disableDefaultTrustStore | 
| Don't load default SSL CA.  More... | |
| const unsigned char * | protos | 
| The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed, byte strings.  More... | |
| unsigned int | protos_len | 
| The length of the vector protos vector Exists only if struct_version >= 5. | |
MQTTClient_sslProperties defines the settings to establish an SSL/TLS connection using the OpenSSL library.
It covers the following scenarios:
| const char* MQTTClient_SSLOptions::CApath | 
From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format.
Exists only if struct_version >= 2
| int MQTTClient_SSLOptions::disableDefaultTrustStore | 
Don't load default SSL CA.
Should be used together with PSK to make sure regular servers with certificate in place is not accepted. Exists only if struct_version >= 4
| const char* MQTTClient_SSLOptions::enabledCipherSuites | 
The list of cipher suites that the client will present to the server during the SSL handshake.
For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance).
| const char* MQTTClient_SSLOptions::keyStore | 
The file in PEM format containing the public certificate chain of the client.
It may also include the client's private key.
| const unsigned char* MQTTClient_SSLOptions::protos | 
The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed, byte strings.
The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. Check documentation for SSL_CTX_set_alpn_protos Exists only if struct_version >= 5
| unsigned int(* MQTTClient_SSLOptions::ssl_psk_cb) (const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len, void *u) | 
Callback function for setting TLS-PSK options.
Parameters correspond to that of SSL_CTX_set_psk_client_callback, except for u which is the pointer ssl_psk_context. Exists only if struct_version >= 4
| int MQTTClient_SSLOptions::sslVersion | 
The SSL/TLS version to use.
Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1.
| char MQTTClient_SSLOptions::struct_id[4] | 
The eyecatcher for this structure.
Must be MQTS
| int MQTTClient_SSLOptions::struct_version | 
The version number of this structure.
Must be 0, 1, 2, 3, 4 or 5. 0 means no sslVersion 1 means no verify, CApath 2 means no ssl_error_context, ssl_error_cb 3 means no ssl_psk_cb, ssl_psk_context, disableDefaultTrustStore 4 means no protos, protos_len
| int MQTTClient_SSLOptions::verify | 
Whether to carry out post-connect checks, including that a certificate matches the given host name.
Exists only if struct_version >= 2
 1.8.17
 1.8.17