Paho MQTT C Client Library
Data Fields
MQTTClient_SSLOptions Struct Reference

#include <MQTTClient.h>

Data Fields

char struct_id [4]
 
int struct_version
 
const char * trustStore
 
const char * keyStore
 
const char * privateKey
 
const char * privateKeyPassword
 
const char * enabledCipherSuites
 
int enableServerCertAuth
 
int sslVersion
 
int verify
 
const char * CApath
 
int(* ssl_error_cb )(const char *str, size_t len, void *u)
 
void * ssl_error_context
 
unsigned int(* ssl_psk_cb )(const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len, void *u)
 
void * ssl_psk_context
 
int disableDefaultTrustStore
 
const unsigned char * protos
 
unsigned int protos_len
 

Detailed Description

MQTTClient_sslProperties defines the settings to establish an SSL/TLS connection using the OpenSSL library. It covers the following scenarios:

Field Documentation

◆ struct_id

char struct_id[4]

The eyecatcher for this structure. Must be MQTS

◆ struct_version

int struct_version

The version number of this structure. Must be 0, 1, 2, 3, 4 or 5. 0 means no sslVersion 1 means no verify, CApath 2 means no ssl_error_context, ssl_error_cb 3 means no ssl_psk_cb, ssl_psk_context, disableDefaultTrustStore 4 means no protos, protos_len

◆ trustStore

const char* trustStore

The file in PEM format containing the public digital certificates trusted by the client.

◆ keyStore

const char* keyStore

The file in PEM format containing the public certificate chain of the client. It may also include the client's private key.

◆ privateKey

const char* privateKey

If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key.

◆ privateKeyPassword

const char* privateKeyPassword

The password to load the client's privateKey if encrypted.

◆ enabledCipherSuites

const char* enabledCipherSuites

The list of cipher suites that the client will present to the server during the SSL handshake. For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance).

◆ enableServerCertAuth

int enableServerCertAuth

True/False option to enable verification of the server certificate

◆ sslVersion

int sslVersion

The SSL/TLS version to use. Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1.

◆ verify

int verify

Whether to carry out post-connect checks, including that a certificate matches the given host name. Exists only if struct_version >= 2

◆ CApath

const char* CApath

From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format. Exists only if struct_version >= 2

◆ ssl_error_cb

int(* ssl_error_cb) (const char *str, size_t len, void *u)

Callback function for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3

◆ ssl_error_context

void* ssl_error_context

Application-specific contex for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3

◆ ssl_psk_cb

unsigned int(* ssl_psk_cb) (const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len, void *u)

Callback function for setting TLS-PSK options. Parameters correspond to that of SSL_CTX_set_psk_client_callback, except for u which is the pointer ssl_psk_context. Exists only if struct_version >= 4

◆ ssl_psk_context

void* ssl_psk_context

Application-specific contex for ssl_psk_cb Exists only if struct_version >= 4

◆ disableDefaultTrustStore

int disableDefaultTrustStore

Don't load default SSL CA. Should be used together with PSK to make sure regular servers with certificate in place is not accepted. Exists only if struct_version >= 4

◆ protos

const unsigned char* protos

The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. Check documentation for SSL_CTX_set_alpn_protos Exists only if struct_version >= 5

◆ protos_len

unsigned int protos_len

The length of the vector protos vector Exists only if struct_version >= 5


The documentation for this struct was generated from the following file: