Zephyr API 3.6.99
|
Socket options for TLS | |
#define | SOL_TLS 282 |
Protocol level for TLS. | |
#define | TLS_SEC_TAG_LIST 1 |
Socket option to select TLS credentials to use. | |
#define | TLS_HOSTNAME 2 |
Write-only socket option to set hostname. | |
#define | TLS_CIPHERSUITE_LIST 3 |
Socket option to select ciphersuites to use. | |
#define | TLS_CIPHERSUITE_USED 4 |
Read-only socket option to read a ciphersuite chosen during TLS handshake. | |
#define | TLS_PEER_VERIFY 5 |
Write-only socket option to set peer verification level for TLS connection. | |
#define | TLS_DTLS_ROLE 6 |
Write-only socket option to set role for DTLS connection. | |
#define | TLS_ALPN_LIST 7 |
Socket option for setting the supported Application Layer Protocols. | |
#define | TLS_DTLS_HANDSHAKE_TIMEOUT_MIN 8 |
Socket option to set DTLS min handshake timeout. | |
#define | TLS_DTLS_HANDSHAKE_TIMEOUT_MAX 9 |
Socket option to set DTLS max handshake timeout. | |
#define | TLS_CERT_NOCOPY 10 |
Socket option for preventing certificates from being copied to the mbedTLS heap if possible. | |
#define | TLS_NATIVE 11 |
TLS socket option to use with offloading. | |
#define | TLS_SESSION_CACHE 12 |
Socket option to control TLS session caching on a socket. | |
#define | TLS_SESSION_CACHE_PURGE 13 |
Write-only socket option to purge session cache immediately. | |
#define | TLS_DTLS_CID 14 |
Write-only socket option to control DTLS CID. | |
#define | TLS_DTLS_CID_STATUS 15 |
Read-only socket option to get DTLS CID status. | |
#define | TLS_DTLS_CID_VALUE 16 |
Socket option to set or get the value of the DTLS connection ID to be used for the DTLS session. | |
#define | TLS_DTLS_PEER_CID_VALUE 17 |
Read-only socket option to get the value of the DTLS connection ID received from the peer. | |
#define | TLS_DTLS_HANDSHAKE_ON_CONNECT 18 |
Socket option to configure DTLS socket behavior on connect(). | |
#define | TLS_PEER_VERIFY_NONE 0 |
Peer verification disabled. | |
#define | TLS_PEER_VERIFY_OPTIONAL 1 |
Peer verification optional. | |
#define | TLS_PEER_VERIFY_REQUIRED 2 |
Peer verification required. | |
#define | TLS_DTLS_ROLE_CLIENT 0 |
Client role in a DTLS session. | |
#define | TLS_DTLS_ROLE_SERVER 1 |
Server role in a DTLS session. | |
#define | TLS_CERT_NOCOPY_NONE 0 |
Cert duplicated in heap. | |
#define | TLS_CERT_NOCOPY_OPTIONAL 1 |
Cert not copied in heap if DER. | |
#define | TLS_SESSION_CACHE_DISABLED 0 |
Disable TLS session caching. | |
#define | TLS_SESSION_CACHE_ENABLED 1 |
Enable TLS session caching. | |
#define | TLS_DTLS_CID_DISABLED 0 |
CID is disabled | |
#define | TLS_DTLS_CID_SUPPORTED 1 |
CID is supported. | |
#define | TLS_DTLS_CID_ENABLED 2 |
CID is enabled | |
#define | TLS_DTLS_CID_STATUS_DISABLED 0 |
CID is disabled. | |
#define | TLS_DTLS_CID_STATUS_DOWNLINK 1 |
CID is in use by us. | |
#define | TLS_DTLS_CID_STATUS_UPLINK 2 |
CID is in use by peer. | |
#define | TLS_DTLS_CID_STATUS_BIDIRECTIONAL 3 |
CID is in use by us and peer. | |
#define SOL_TLS 282 |
#include <zephyr/net/socket.h>
Protocol level for TLS.
Here, the same socket protocol level for TLS as in Linux was used.
#define TLS_ALPN_LIST 7 |
#include <zephyr/net/socket.h>
Socket option for setting the supported Application Layer Protocols.
It accepts and returns a const char array of NULL terminated strings representing the supported application layer protocols listed during the TLS handshake.
#define TLS_CERT_NOCOPY 10 |
#include <zephyr/net/socket.h>
Socket option for preventing certificates from being copied to the mbedTLS heap if possible.
The option is only effective for DER certificates and is ignored for PEM certificates.
#define TLS_CERT_NOCOPY_NONE 0 |
#include <zephyr/net/socket.h>
Cert duplicated in heap.
#define TLS_CERT_NOCOPY_OPTIONAL 1 |
#include <zephyr/net/socket.h>
Cert not copied in heap if DER.
#define TLS_CIPHERSUITE_LIST 3 |
#include <zephyr/net/socket.h>
Socket option to select ciphersuites to use.
It accepts and returns an array of integers with IANA assigned ciphersuite identifiers. If not set, socket will allow all ciphersuites available in the system (mbedTLS default behavior).
#define TLS_CIPHERSUITE_USED 4 |
#include <zephyr/net/socket.h>
Read-only socket option to read a ciphersuite chosen during TLS handshake.
It returns an integer containing an IANA assigned ciphersuite identifier of chosen ciphersuite.
#define TLS_DTLS_CID 14 |
#include <zephyr/net/socket.h>
Write-only socket option to control DTLS CID.
The option accepts an integer, indicating the setting. Accepted values for the option are: 0, 1 and 2. Effective when set before connecting to the socket.
#define TLS_DTLS_CID_DISABLED 0 |
#include <zephyr/net/socket.h>
CID is disabled
#define TLS_DTLS_CID_ENABLED 2 |
#include <zephyr/net/socket.h>
CID is enabled
#define TLS_DTLS_CID_STATUS 15 |
#include <zephyr/net/socket.h>
Read-only socket option to get DTLS CID status.
The option accepts a pointer to an integer, indicating the setting upon return. Returned values for the option are:
#define TLS_DTLS_CID_STATUS_BIDIRECTIONAL 3 |
#include <zephyr/net/socket.h>
CID is in use by us and peer.
#define TLS_DTLS_CID_STATUS_DISABLED 0 |
#include <zephyr/net/socket.h>
CID is disabled.
#define TLS_DTLS_CID_STATUS_DOWNLINK 1 |
#include <zephyr/net/socket.h>
CID is in use by us.
#define TLS_DTLS_CID_STATUS_UPLINK 2 |
#include <zephyr/net/socket.h>
CID is in use by peer.
#define TLS_DTLS_CID_SUPPORTED 1 |
#include <zephyr/net/socket.h>
CID is supported.
#define TLS_DTLS_CID_VALUE 16 |
#include <zephyr/net/socket.h>
Socket option to set or get the value of the DTLS connection ID to be used for the DTLS session.
The option accepts a byte array, holding the CID value.
#define TLS_DTLS_HANDSHAKE_ON_CONNECT 18 |
#include <zephyr/net/socket.h>
Socket option to configure DTLS socket behavior on connect().
If set, DTLS connect() will execute the handshake with the configured peer. This is the default behavior. Otherwise, DTLS connect() will only configure peer address (as with regular UDP socket) and will not attempt to execute DTLS handshake. The handshake will take place in consecutive send()/recv() call.
#define TLS_DTLS_HANDSHAKE_TIMEOUT_MAX 9 |
#include <zephyr/net/socket.h>
Socket option to set DTLS max handshake timeout.
The timeout starts at min, and upon retransmission the timeout is doubled util max is reached. Min and max arguments are separate options. The time unit is ms.
#define TLS_DTLS_HANDSHAKE_TIMEOUT_MIN 8 |
#include <zephyr/net/socket.h>
Socket option to set DTLS min handshake timeout.
The timeout starts at min, and upon retransmission the timeout is doubled util max is reached. Min and max arguments are separate options. The time unit is ms.
#define TLS_DTLS_PEER_CID_VALUE 17 |
#include <zephyr/net/socket.h>
Read-only socket option to get the value of the DTLS connection ID received from the peer.
The option accepts a pointer to a byte array, holding the CID value upon return. The optlen returned will be 0 if the peer did not provide a connection ID, otherwise will contain the length of the CID value.
#define TLS_DTLS_ROLE 6 |
#include <zephyr/net/socket.h>
Write-only socket option to set role for DTLS connection.
This option is irrelevant for TLS connections, as for them role is selected based on connect()/listen() usage. By default, DTLS will assume client role. This option accepts an integer with a TLS role, compatible with mbedTLS values:
#define TLS_DTLS_ROLE_CLIENT 0 |
#include <zephyr/net/socket.h>
Client role in a DTLS session.
#define TLS_DTLS_ROLE_SERVER 1 |
#include <zephyr/net/socket.h>
Server role in a DTLS session.
#define TLS_HOSTNAME 2 |
#include <zephyr/net/socket.h>
Write-only socket option to set hostname.
It accepts a string containing the hostname (may be NULL to disable hostname verification). By default, hostname check is enforced for TLS clients.
#define TLS_NATIVE 11 |
#include <zephyr/net/socket.h>
TLS socket option to use with offloading.
The option instructs the network stack only to offload underlying TCP/UDP communication. The TLS/DTLS operation is handled by a native TLS/DTLS socket implementation from Zephyr.
Note, that this option is only applicable if socket dispatcher is used (CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER is enabled). In such case, it should be the first socket option set on a newly created socket. After that, the application may use SO_BINDTODEVICE to choose the dedicated network interface for the underlying TCP/UDP socket.
#define TLS_PEER_VERIFY 5 |
#include <zephyr/net/socket.h>
Write-only socket option to set peer verification level for TLS connection.
This option accepts an integer with a peer verification level, compatible with mbedTLS values:
If not set, socket will use mbedTLS defaults (none for servers, required for clients).
#define TLS_PEER_VERIFY_NONE 0 |
#include <zephyr/net/socket.h>
Peer verification disabled.
#define TLS_PEER_VERIFY_OPTIONAL 1 |
#include <zephyr/net/socket.h>
Peer verification optional.
#define TLS_PEER_VERIFY_REQUIRED 2 |
#include <zephyr/net/socket.h>
Peer verification required.
#define TLS_SEC_TAG_LIST 1 |
#include <zephyr/net/socket.h>
Socket option to select TLS credentials to use.
It accepts and returns an array of sec_tag_t that indicate which TLS credentials should be used with specific socket.
#define TLS_SESSION_CACHE 12 |
#include <zephyr/net/socket.h>
Socket option to control TLS session caching on a socket.
Accepted values:
#define TLS_SESSION_CACHE_DISABLED 0 |
#include <zephyr/net/socket.h>
Disable TLS session caching.
#define TLS_SESSION_CACHE_ENABLED 1 |
#include <zephyr/net/socket.h>
Enable TLS session caching.
#define TLS_SESSION_CACHE_PURGE 13 |
#include <zephyr/net/socket.h>
Write-only socket option to purge session cache immediately.
This option accepts any value.