ove_tls_config_t Struct Reference

TLS session configuration. More...

#include <net_tls.h>

Data Fields
const unsigned char *	ca_cert
size_t	ca_cert_len
const char *	hostname
const unsigned char *	client_cert
size_t	client_cert_len
const unsigned char *	client_key
size_t	client_key_len
int	allow_insecure

Detailed Description

TLS session configuration.

Note

If ca_cert is NULL the peer certificate is not verified, so the session is vulnerable to man-in-the-middle. The handshake refuses this configuration unless allow_insecure is explicitly set to a non-zero value.

Field Documentation

ca_cert

const unsigned char* ove_tls_config_t::ca_cert

PEM or DER CA certificate (NULL to skip verify).

ca_cert_len

size_t ove_tls_config_t::ca_cert_len

Length of ca_cert in bytes (incl. NUL for PEM).

hostname

const char* ove_tls_config_t::hostname

Expected server hostname for SNI/verify (may be NULL).

client_cert

const unsigned char* ove_tls_config_t::client_cert

PEM or DER client certificate for mTLS (NULL to skip).

client_cert_len

size_t ove_tls_config_t::client_cert_len

Length of client_cert in bytes.

client_key

const unsigned char* ove_tls_config_t::client_key

PEM or DER client private key (NULL to skip).

client_key_len

size_t ove_tls_config_t::client_key_len

Length of client_key in bytes.

allow_insecure

int ove_tls_config_t::allow_insecure

Non-zero to allow NULL ca_cert (disables peer verify — do not use in production).

---

The documentation for this struct was generated from the following file:

• include/ove/net_tls.h