<p>This class stores data required for <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> to use mutual authentication.
<trclass="memdesc:ac5ddf993f7d560581297471593051ea6"><tdclass="mdescLeft"> </td><tdclass="mdescRight">Create mutual authentication parameters from a PEM certificate and private key. <ahref="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">More...</a><br/></td></tr>
<trclass="memdesc:a12e44f4b8340ef7f1dcbbed7649e4bef"><tdclass="mdescLeft"> </td><tdclass="mdescRight">Create mutual authentication parameters from a DER certificate and private key. <ahref="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">More...</a><br/></td></tr>
<divclass="textblock"><p>This class stores data required for <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> to use mutual authentication. </p>
<p>This file contains a simple utility class to store parameters about an SSL Session for reuse later.</p>
<p>TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: <ahref="https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401">https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401</a> . If this struct is provided to <aclass="el"href="class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376"title="Initialize SSLClient with all of the prerequisites needed.">SSLClient::SSLClient</a> via <aclass="el"href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256"title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>, <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> will automatically send a client certificate if one is requested by the server. This will happen for all <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> connections, and may cause issues for websites that do not need mutual authentication—as a result, please only turn on mutual authentication if you are sure it is neccesary.</p>
<p><aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> supports both ECC and RSA client certificates. I recommend using ECC certificates if possible, as <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> will make a copy of both the certificate and the private key in memory, and ECC keys tend to be smaller than RSA ones. </p>
<p>Use this function to create a mutual tls context from a DER client certificate and DER private key. This function will copy the certificate and private key, extract the needed information from the private key, and store both that information and the copied cert into a <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> object. Given the key parsed correctly, you can then use <aclass="el"href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256"title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a> at the begining of your sketch to enable mTLS with <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a>. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> only supports the p256, p384, and p512 curves for ECC.</p>
<p>Because <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_der or key_der is accessible after this function (i.e. you can free them afterwards).</p>
<p>Please note that if the private key is incorrect, this function will not report an error, and instead <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> will fall back to regular TLS when making a connection.</p>
<dlclass="section return"><dt>Returns</dt><dd>An <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> context, to be used with <aclass="el"href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256"title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>. </dd></dl>
<p>Use this function to create a mutual tls context from a PEM client certificate and PEM private key. This function will convert the PEM certificates into DER format (creating a copy in the process), extract the needed information from the private key, and store that information into a <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> object. Given the certifiate and key parsed correctly, you can then use <aclass="el"href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256"title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a> at the begining of your sketch to enable mTLS with <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a>. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> only supports the p256, p384, and p512 curves for ECC.</p>
<p>Because <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_pem or key_pem is accessible after this function (i.e. you can free them afterwards).</p>
<p>Please note that if the certificate or private key are incorrect, this function will not report an error, and instead <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> will fall back to regular TLS when making a connection.</p>
<tr><tdclass="paramname">cert_pem</td><td>A PEM formatted certificate, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. cert_pem supports both LF and CRLF for endlines, but all other constraints on a valid PEM file apply. </td></tr>
<tr><tdclass="paramname">cert_len</td><td>The number of bytes in cert_pem. </td></tr>
<tr><tdclass="paramname">key_pem</td><td>A PEM formatted private key, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. key_pem supports both LF and CRLF for endlines, but all other constraints \ on a valid PEM file apply. </td></tr>
<tr><tdclass="paramname">key_len</td><td>The number of bytes in key_pem </td></tr>
<dlclass="section return"><dt>Returns</dt><dd>An <aclass="el"href="class_s_s_l_client_parameters.html"title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> context, to be used with <aclass="el"href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256"title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>. </dd></dl>
<p>mTLS information used by <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> during authentication </p>
<p>mTLS information used by <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> during authentication </p>
<p>mTLS information used by <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> during authentication </p>
<p>mTLS information used by <aclass="el"href="class_s_s_l_client.html"title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> during authentication </p>
<liclass="footer">Generated by <ahref="https://www.doxygen.org/index.html"><imgclass="footer"src="doxygen.svg"width="104"height="31"alt="doxygen"/></a> 1.9.1 </li>
