NetBurner 3.5.0
PDF Version |
|
See On-board Cert Generation - Simple and other examples in the examples/SSL folder. More...
Classes | |
struct | CertGenData |
Used to store the information that is passed in when enabling onboard generated certificates, as well as the information needed to determine when they need to be regenerated. More... | |
class | CertData |
Functions | |
CertGenReturnCode | SSL_CreateNewSelfSignedCert (CertGenData &pGenData) |
Generates a new self-signed certificate that will be stored on the device. | |
void | EnableOnboardCertificateCreation (CertGenReturnCode(*createCertFunc)(CertGenData &cGenData)=SSL_CreateNewSelfSignedCert) |
Enables the ability for the module to automatically generate self-signed certificates for use in SSL/TLS connections when acting as the server. | |
void | FillInAltNamesASN1 (Cert &TheCert, NBString &altNameString) |
Helper function used to build ASN1 representation of alt names. | |
CertGenReturnCode | CheckAndCreateHalCertAndKey () |
Check for a valid SSL certificate and generate one if not found. | |
CertGenData * | GetDataForCertGen () |
A function to be overridden to pass certificate details to the certificate generator. | |
See On-board Cert Generation - Simple and other examples in the examples/SSL folder.
enum AltNameType_t : char |
#include <certgen.h>
Certificate Generation Alternate Name Types.
Enumerator | |
---|---|
ALT_NAME_TYPE_NONE | None. |
ALT_NAME_TYPE_DNS | DNS Name. |
ALT_NAME_TYPE_IP | IP Address. |
enum CertGenReturnCode : int |
#include <certgen.h>
Certificate Generation Function Return Codes.
enum SslKeyType_t |
#include <certgen.h>
Certificate Generation Key Types.
void EnableOnboardCertificateCreation | ( | CertGenReturnCode(*)(CertGenData &cGenData) | createCertFunc = SSL_CreateNewSelfSignedCert | ) |
#include <certgen.h>
Enables the ability for the module to automatically generate self-signed certificates for use in SSL/TLS connections when acting as the server.
If a certificate is manually loaded on the module prior to the SSL server being intialized, that certificate will be use and nothing will be generated. If a certificate had been previously generated and a new certificate is manually loaded on the device, the newly loaded certificate will be used in place of the automatically generated one, though the automatically generated one will still be availabe on the module.
createCertFunc | Optional parameter to specify a custom create certificate function. |
void FillInAltNamesASN1 | ( | Cert & | TheCert, |
NBString & | altNameString ) |
#include <certgen.h>
Helper function used to build ASN1 representation of alt names.
TheCert | The WolfSSL Cert structure to put the altnames in/onto. |
altNameString | a NBAString holding the comman seperated list of alt names. A single string, with possibly multiple altnames separated by a comma. You can either incude a tag telling the system what kind of AltName it is... So say you wanted : IP:192.168.1.36 and DNS:demo.netburner.com The following strings would both work: "IP:192.168.1.36,DNS:demo.netburner.com" "192.168.1.36,demo.netburner.com" |
or dual interface IP's...
"192.168.1.36,10.1.1.35"
or both V4 and V6.... "IP:fe80::203:f4ff:fe0a:447f,192.168.1.36"
|
extern |
#include <certgen.h>
A function to be overridden to pass certificate details to the certificate generator.
The library provides this function as a weak reference. The values returned by this weak reference are likely wrong for any real application and the user should provide their own function. Applicable for both self signed and ACME certificates generated onboard.
CertGenReturnCode SSL_CreateNewSelfSignedCert | ( | CertGenData & | pGenData | ) |
#include <certgen.h>
Generates a new self-signed certificate that will be stored on the device.
The common name and alternative names used are taken from the parameters passed in.
By default, the certificate is generated using ECC with SECP384R1. This can be changed to an RSA key by undefining ENABLE_ECCKEY_CREATE
in <nndk_install>\libraries\crypto\platform\<module name>\user_settings.h
, and then rebuilding your application. To specify what curve or RSA key length is used in certificate generation, define DEFAULT_KEY_TYPE
as one of the values defined by SslKeyType_t
.
pGenData | A pointer to structure used to hold data for certificate generation |