NanoSSL client integration
Client integration process overview
This table describes the tasks for integrating NanoSSL client into an application.
NanoSSL client process flow
This diagram shows the NanoSSL client process flow. For more information about the NanoSSL client process flow, see Implement NanoSSL client.

Build TrustCore SDK client sample code
To help with integration of NanoSSL client into devices, a suite of sample code is included in the source distribution (in the ${MSS_SRC_PKG}/src/examples
directory), to quickly build a client and demonstrate its features using the provided NanoSSL cmake
project and build scripts. The following files are provided:
ssl_client_example.c
— Implements a secure, synchronous HTTP client.ssl_example_async_client.c
— Implements a secure, asynchronous HTTP client.ssl_loopback_example.c
— Implements an asynchronous client-server loop-back communication.
Sample code should be used as a reference and modified as required for inclusion into an application’s source code. The sample code may also be used to verify NanoSSL client-server communication.
Note
The moptions.h
file does not need to be updated to generate this build; however, if using a makefile other than the one provided by DigiCert, the following flags need to be added:
__ENABLE_MOCANA_EXAMPLES__
__ENABLE_MOCANA_SSL_CLIENT
The following sections describe tasks that may be performed to generate and run sample NanoSSL Client code:
Generate a sample NanoSSL client
To generate the sample NanoSSL client:
Change to the
projects/nanossl
directory:cd projects/nanossl
Run the following command:
./build.sh --clean --debug --suiteb ssl_client
Generate a TLS v1.3 sample NanoSSL client
To generate the TLS v1.3 sample NanoSSL client:
Change to the
projects/nanossl
directory:cd projects/nanossl
Run the following command to build the NanoSSL library with support for TLS v1.3.
./build.sh --clean --debug --suiteb ssl_client
Disable TLS v1.3 and features
By default, TLS v1.3 is enabled when the NanoSSL client is generated.
To disable TLS v1.3 and features:
Change to the
projects/nanossl
directory:cd projects/nanossl
Run the following command to build the NanoSSL library with TLS v1.3 features disabled:
./build.sh --clean --debug --suiteb ssl_client <disable-feature>
Where
<disable-feature>
may be:--disable-0rtt
: Disables the 0-RTT feature.--disable-psk
: Disables the PSK feature.--disable-tls13
: Disables TLS v1.3.
Verify and run the sample NanoSSL client
If hosting an SSL server, we recommend verifying basic NanoSSL client communications with the SSL server before beginning implementations for custom code using the NanoSSL client sample code.
To verify and run the NanoSSL client sample code:
Start the SSL server.
Open a command shell and start the NanoSSL client.
Run the sample NanoSSL client using the applicable command (i.e., using options for TLS or TLS v1.3) to securely connect via HTTPS to the SSL server, dump debug information to a temporary command prompt window, and then automatically terminate.
For TLS:
./bin/ssl_client <options>
where
<options>
may be:?
— Displays the help.-ssl_ip <IP>
— Specifies the IP address of the SSL server.-ssl_port <ssl port>
— Specifies the port number of the SSL server.-ssl_servername <ssl server name>
— Specifies the SSL server’s name.-ssl_certpath <path to files>
— Specifies the directory path to the certificate files.-ssl_server_cert <cert name>
— Specifies the name of the server certificate.-ssl_client_cert <cert name>
— Specifies the name of the client certificate.-ssl_client_keyblob <blob name>
— Specifies the name of the client key BLOB file.
For TLS v1.3:
./bin/ssl_client <options>
where additional
<options>
include:-ssl_external_psk
— Specifies to use an external PSK for TLS v1.3.-ssl_early_data <early_data>
— Specifies the early data content to be sent.
Implement NanoSSL client
To integrate a NanoSSL client into an application, add calls to TrustCore SDK functions for NanoSSL client initialization, socket and connection management, message processing, and NanoSSL client shutdown, as shown in the ${MSS_SRC_PKG}/src/examples/ssl_client_example.c
sample module.
In particular, the functions and tasks described in the table below should be performed in the order shown, making calls to either the synchronous or asynchronous methods as appropriate. For additional NanoSSL Client process flow information, see NanoSSL client process flow.
Optional NanoSSL client functions
This table lists optional functions that may also be performed: