lmoskala/SSLClient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Deploying to gh-pages from @ cbb4493876 🚀

Browse source
This commit is contained in:
prototypicalpro 2021-03-21 23:17:23 +00:00
parent 5f730b5f6f
commit 7452a745bf
133 changed files with 819 additions and 712 deletions
Download patch file Download diff file Expand all files Collapse all files

12
md__trust_anchors.html
View file

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.20"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>SSLClient: Trust Anchors</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
@ -34,10 +34,10 @@
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.20 -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search');
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
@ -118,7 +118,7 @@ $(document).ready(function(){initNavTree('md__trust_anchors.html',''); initResiz
<div class="line"> }</div>
<div class="line"> },</div>
<div class="line">};</div>
</div><!-- fragment --><p>A full example of a trust anchor header can be found in <a href="./readme/cert.h">this file</a>. Full documentation for the format of these variables can be found in the <a href="https://bearssl.org/apidoc/structbr__x509__trust__anchor.html">BearSSL documentation for br_x509_trust_anchor</a>.</p>
</div><!-- fragment --><p> A full example of a trust anchor header can be found in <a href="./readme/cert.h">this file</a>. Full documentation for the format of these variables can be found in the <a href="https://bearssl.org/apidoc/structbr__x509__trust__anchor.html">BearSSL documentation for br_x509_trust_anchor</a>.</p>
<h1>Generating Trust Anchors</h1>
<p>Typically a trust anchor header file is generated using <a href="https://bearssl.org/gitweb/?p=BearSSL;a=tree;f=tools;h=0fa053e41d6bf88a28472f3b22dde41b21f14292;hb=dda1f8a0c46e15b4a235163470ff700b2f13dcc5">brssl</a>, a command-line utility included in BearSSL. As it is a fairly involded process to get brssl working, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> provides a number of alternative tools to make the generation process a bit easier.</p>
<p><b>Note:</b> When working with certificates (particularly in complicated mTLS setups), it can easily become confusing which certificate does what. If you aren't sure what certificate to put into the Trust Anchor tool, remember that Trust Anchors <em>only care about the verifying the server</em>: in other words, the certificate that goes into a Trust Anchor generation tool should be the certificate used to generate the server's certificate (usually a CA). Trust Anchors will never contain any information about client certificates, which should be passed into <a href="https://github.com/OPEnSLab-OSU/SSLClient#mtls">SSLClientParams</a> instead.</p>
@ -136,14 +136,14 @@ $(document).ready(function(){initNavTree('md__trust_anchors.html',''); initResiz
<div class="line">// ...</div>
<div class="line">SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);</div>
<div class="line">// ...</div>
</div><!-- fragment --><p>Where <code>yourtrustanchorfile.h</code> contains a generated trust anchor array names <code>TAs</code>, with length <code>TAs_NUM</code>. BearSSL will now automatically use these trust anchors when <code><a class="el" href="class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3" title="Connect over SSL to a host specified by an IP address.">SSLClient::connect</a></code> is called. </p>
</div><!-- fragment --><p> Where <code>yourtrustanchorfile.h</code> contains a generated trust anchor array names <code>TAs</code>, with length <code>TAs_NUM</code>. BearSSL will now automatically use these trust anchors when <code><a class="el" href="class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3" title="Connect over SSL to a host specified by an IP address.">SSLClient::connect</a></code> is called. </p>
</div></div><!-- contents -->
</div><!-- PageDoc -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<ul>
<li class="footer">Generated by <a href="http://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.8.20 </li>
<li class="footer">Generated by <a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
</ul>
</div>
</body>