www.beck-ipc.com

@CHIP-RTOS C Library - TCP/IP API


SSL_SessionOpt

Call this function to set SSL session options.

int SSL_SessionOpt(int sessionID, int option, int value,
                   int *error);

Parameters

sessionID

Session ID for SSL session

option

option
    1: Client Authentication
    2: Server Proposals
    3: Skip Certificate Validation

value

option value
    0: disable option (default)
    1: enable option

error

Output parameter:  Failure code, 0 on success.

Return Value

0: Success
-1: failed

Comments

By default, each of these options is disabled.

The Client Authentication option 1 is used to enable client authentication on a SSL server session. It takes effect only if the session is bound to an SSL server socket, in which case, upon receiving the ClientHello message, the SSL server is going to send back a CertificateRequest message along with its own Certificate, ServerHello and ServerHelloDone messages.

The Server Proposals option 2 is used to allow the SSL server to have more control over which cipher suite is used. If this option is disabled (default) on an SSL server session, upon receiving a ClientHello message the SSL server just chooses the first supported cipher suite in this ordered list received from the client. Therefore the client controls the cipher preference. No use is made of the server's proposal list in this case.

When the Server Proposals option is enabled at the server, then the server selects the first cipher from its own cipher suite proposal list that matches a proposal in the ClientHello message.   For example, the Server Proposals option is enabled and the server's ordered cipher suites proposal list is 1,2,3,4. And the client's cipher suites proposal ordered list found in the ClientHello message is 4,3,2. Then the server will select cipher suite 2, based on the server's preferences (and ignoring the client's preference).

Note that both the FTP server and WEB server operate with Server Proposals option 2 selected.

The Skip Certificate Validation option 3 may be used to avoid attempting to trace a received certificate back to its root. A received certificate will be accepted without this root verification when this session option has been selected.

See Also

RTOS API

This library function invokes a RTOS software interrupt. Refer to this RTOS API function's documentation for more details.

Supported since or modified in @CHIP-RTOS version

    SC12SC13SC11SC1x3SC2x
    n/an/an/aV0.91V1.00

Supported by @CHIP-RTOS C Library since version

    CLIB
    V2.02

This API List
List of C Libraries
@CHIP-RTOS Main Index


End of document