Hi,
I'm using emSSL with embOS/IP and embOS and i would like to have more informations about some functionnalities of emSSL.
Presently, i'm using this stack as a client and i would like to use the certificate verify API in the structure "SSL_CERITIFCATE_API":
typedef struct SSL_CERITIFCATE_API_tag {
int (*pfVerifyCertificate) (SSL_SESSION *pSession, SSL_TLV *pTLV, SSL_CERTIFICATE_DATA *pCertificate);
int (*pfGetCertificate) (SSL_SESSION *pSession, unsigned Index, const U8 **ppData, unsigned *pDataLen);
int (*pfGetPrivateKey) (SSL_SESSION *pSession, const U8 **ppKey, unsigned *pKeyLen);
} SSL_CERITIFCATE_API;
This verification is necessary because it is now mandatory to verify the server certificate to avoid the "man in the middle attack".
I didn't find any examples how to use this API.
Moreover, the SSL_Connect function doesn't return an error when nothing is set in the VerifyCertificate field.
Is it possible to configure emSSL so that the ssl_connect function does not establish the connection if the certificate verifcation is not correct ( expired, revoked, Bad...)?
Best regards,
Benoitm
I'm using emSSL with embOS/IP and embOS and i would like to have more informations about some functionnalities of emSSL.
Presently, i'm using this stack as a client and i would like to use the certificate verify API in the structure "SSL_CERITIFCATE_API":
typedef struct SSL_CERITIFCATE_API_tag {
int (*pfVerifyCertificate) (SSL_SESSION *pSession, SSL_TLV *pTLV, SSL_CERTIFICATE_DATA *pCertificate);
int (*pfGetCertificate) (SSL_SESSION *pSession, unsigned Index, const U8 **ppData, unsigned *pDataLen);
int (*pfGetPrivateKey) (SSL_SESSION *pSession, const U8 **ppKey, unsigned *pKeyLen);
} SSL_CERITIFCATE_API;
This verification is necessary because it is now mandatory to verify the server certificate to avoid the "man in the middle attack".
I didn't find any examples how to use this API.
Moreover, the SSL_Connect function doesn't return an error when nothing is set in the VerifyCertificate field.
Is it possible to configure emSSL so that the ssl_connect function does not establish the connection if the certificate verifcation is not correct ( expired, revoked, Bad...)?
Best regards,
Benoitm