Added more notes / comments on own_cert, trust_ca purposes
This commit is contained in:
parent
e44ec108be
commit
1f9d02dc90
3 changed files with 24 additions and 12 deletions
|
@ -720,20 +720,22 @@ void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
|
||||||
* \brief Set the data required to verify peer certificate
|
* \brief Set the data required to verify peer certificate
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param ca_chain trusted CA chain
|
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
|
||||||
* \param ca_crl trusted CA CRLs
|
* \param ca_crl trusted CA CRLs
|
||||||
* \param peer_cn expected peer CommonName (or NULL)
|
* \param peer_cn expected peer CommonName (or NULL)
|
||||||
*
|
|
||||||
* \note TODO: add two more parameters: depth and crl
|
|
||||||
*/
|
*/
|
||||||
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
||||||
x509_crl *ca_crl, const char *peer_cn );
|
x509_crl *ca_crl, const char *peer_cn );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set own certificate and private key
|
* \brief Set own certificate chain and private key
|
||||||
|
*
|
||||||
|
* Note: own_cert should contain IN order from the bottom
|
||||||
|
* up your certificate chain. The top certificate (self-signed)
|
||||||
|
* can be omitted.
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param own_cert own public certificate
|
* \param own_cert own public certificate chain
|
||||||
* \param rsa_key own private RSA key
|
* \param rsa_key own private RSA key
|
||||||
*/
|
*/
|
||||||
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||||
|
@ -747,8 +749,12 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||||
* of the callback parameters, with the only change being
|
* of the callback parameters, with the only change being
|
||||||
* that the rsa_context * is a void * in the callbacks)
|
* that the rsa_context * is a void * in the callbacks)
|
||||||
*
|
*
|
||||||
|
* Note: own_cert should contain IN order from the bottom
|
||||||
|
* up your certificate chain. The top certificate (self-signed)
|
||||||
|
* can be omitted.
|
||||||
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param own_cert own public certificate
|
* \param own_cert own public certificate chain
|
||||||
* \param rsa_key alternate implementation private RSA key
|
* \param rsa_key alternate implementation private RSA key
|
||||||
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decrypt()
|
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decrypt()
|
||||||
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
|
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
|
||||||
|
|
|
@ -127,9 +127,12 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags )
|
||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" ca_path=%%s default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" crt_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
|
|
|
@ -184,9 +184,12 @@ int my_ciphersuites[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" ca_path=%%s default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" crt_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
|
|
Loading…
Reference in a new issue