|
BearSSL
|
Type for the client certificate, if requested by the server. More...
Data Fields | |
| int | auth_type |
| Authentication type. More... | |
| int | hash_id |
| Hash function for computing the CertificateVerify. More... | |
| const br_x509_certificate * | chain |
| Certificate chain to send to the server. More... | |
| size_t | chain_len |
| Certificate chain length (number of certificates). More... | |
Type for the client certificate, if requested by the server.
| int br_ssl_client_certificate::auth_type |
Authentication type.
This is either BR_AUTH_RSA (RSA signature), BR_AUTH_ECDSA (ECDSA signature), or BR_AUTH_ECDH (static ECDH key exchange).
| const br_x509_certificate* br_ssl_client_certificate::chain |
Certificate chain to send to the server.
This is an array of br_x509_certificate objects, each normally containing a DER-encoded certificate. The client code does not try to decode these elements. If there is no chain to send to the server, then this pointer shall be set to NULL.
| size_t br_ssl_client_certificate::chain_len |
Certificate chain length (number of certificates).
If there is no chain to send to the server, then this value shall be set to 0.
| int br_ssl_client_certificate::hash_id |
Hash function for computing the CertificateVerify.
This is the symbolic identifier for the hash function that will be used to produce the hash of handshake messages, to be signed into the CertificateVerify. For full static ECDH (client and server certificates are both EC in the same curve, and static ECDH is used), this value is set to -1.
Take care that with TLS 1.0 and 1.1, that value MUST match the protocol requirements: value must be 0 (MD5+SHA-1) for a RSA signature, or 2 (SHA-1) for an ECDSA signature. Only TLS 1.2 allows for other hash functions.
1.8.13