NanoSSL overview
11 minute read
This documentation describes NanoSSL, its features, important design considerations, and guidance for application programmers incorporating NanoSSL into their devices’ C/C++ application source code.
APIs
NanoSSL is implemented by the following ANSI-C APIs:
- Common code base: Functions common to all TrustCore SDK components; defined in
${MSS_SRC_PKG}/src/common/mocana.h. - Certificate management: Functions for authentication; defined in
${MSS_SRC_PKG}/src/crypto/ca_mgmt.h. - Common SSL code base: Functions common to all NanoSSL clients, both synchronous and asynchronous; defined in
${MSS_SRC_PKG}/src/ssl/ssl.h. - Synchronous client: Functions to implement synchronous communication between a NanoSSL client and an SSL server; defined in
${MSS_SRC_PKG}/src/ssl/ssl.h. - Asynchronous client: Functions to implement asynchronous communication between a NanoSSL client and an SSL server; defined in
${MSS_SRC_PKG}/src/ssl/ssl.h. - Synchronous server: Functions to implement synchronous communication between a NanoSSL server and an SSL client; defined in
${MSS_SRC_PKG}/src/ssl/ssl.h. - Asynchronous server: Functions to implement asynchronous communication between a NanoSSL server and an SSL client; defined in
${MSS_SRC_PKG}/src/ssl/ssl.h.
Compilation flags
This table lists the NanoSSL compilation flags. There is only one required flag for the client and one required flag for the server. The remaining NanoSSL flags are optional for the basic synchronous NanoSSL client or server.
For a complete list of compilation flags and their descriptions, refer to the NanoSSL API Reference.
| Flag | Description |
|---|---|
__ENABLE_MOCANA_SSL_CLIENT__ | Enables TrustCore SDK SSL synchronous client code. Required for NanoSSL client. |
__ENABLE_MOCANA_SSL_SERVER__ | Enables TrustCore SDK SSL synchronous server code. Required for NanoSSL server. |
__DISABLE_MOCANA_SSL_COMMON_NAME_CHECK__ | Disables common name validation during SSL handshaking. Not recommended. |
__DISABLE_SSL_GET_SOCKET_API__ | Disables function that retrieves an original socket ID for a connection instance. |
__DISABLE_SSL_IOCTL_API__ | Disables the IOCTL function, which sets the version number (SSLv3 or TLS v1.0) to use for connection. |
__DISABLE_SSL_IS_SESSION_API__ | Disables function that verifies whether a given connection instance is for a given SSL session. |
__DISABLE_SSL_SESSION_FLAGS_API__ | Disables functions that set SSL flags (inssl.h). |
__ENABLE_MOCANA_DER_CONVERSION__ | Enables DER file support. Allows reading public and private key data from an OpenSSL DER file. |
__ENABLE_MOCANA_EXTRACT_CERT_BLOB__ | Enables bit (raw data) access to a certificate’s subject or issuer data. |
__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__ | Enables access to all common names on a. If disabled, only the certificate’s first common name is accessible. |
__ENABLE_MOCANA_PEM_CONVERSION__ | Enables code that allows OpenSSH and OpenSSL PEM files to be used. |
__ENABLE_MOCANA_SERIALIZE__ | Enables private key serialization and deserialization. |
__ENABLE_MOCANA_SSL_ALERTS__ | Enables SSL/TLS alert support. Required for EAP-TLS, EAP-PEAP, EAP-FAST, and EAP-TTLS methods. |
__ENABLE_MOCANA_SSL_ANON_SUPPORT__ | Enables Anonymous Diffie-Hellman cipher suite support. For SSL only. |
__ENABLE_MOCANA_SSL_ASYNC_API_EXTENSIONS__ | Enables copy-less receive buffer processing. This flag must be defined if EAP-TLS is enabled (by defining the __ENABLE_MOCANA_EAP_TLS__ flag). |
__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__ | Enables TrustCore SDK SSL asynchronous client. For NanoSSL client only. |
__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__ | Enables TrustCore SDK SSL asynchronous server. For NanoSSL server only. |
__ENABLE_MOCANA_SSL_CIPHER_SUITES_SELECT__ | Enables dynamic cipher suite selection through a user callback in the SSL server. |
__ENABLE_MOCANA_SSL_DH_ANON_SUPPORT__ | Enables SSL Diffie-Hellman Anonymous cipher suite support. |
__ENABLE_MOCANA_SSL_DHE_SUPPORT__ | Enables SSL Diffie-Hellman Ephemeral cipher suite support. |
__ENABLE_MOCANA_SSL_DUAL_MODE_API | Enables SSL Diffie-Hellman Ephemeral cipher suite support. |
__ENABLE_MOCANA_SSL_ECDH_ANON_SUPPORT__ | Enables SSL Diffie-Hellman Ephemeral cipher suite support. |
__ENABLE_MOCANA_SSL_ECDH_SUPPORT__ | Enables Elliptic Curve Diffie-Hellman cipher suite support in SSL products. |
__ENABLE_MOCANA_SSL_ECDHE_SUPPORT__ | Enables Ephemeral Elliptic Curve Diffie-Hellman cipher suite support in NanoSSL products. |
__ENABLE_MOCANA_TLS12_UNSECURE_HASH__ | Enables support for SHA1 cipher suites in NanoSSL products. |
__ENABLE_MOCANA_SSL_DSA_SUPPORT____ENABLE_MOCANA_DSA____ENABLE_MOCANA_DSA_ALL_KEYSIZE____VERIFY_DSA_KEY_GENERATION__ | Enables support for DSA in NanoSSL products. |
__ENABLE_MOCANA_CCM____ENABLE_MOCANA_CCM_8__ | Enables support for CCM cipher suite in NanoSSL products. |
__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__ | Enables SSL mutual authentication; may be set for NanoSSH client or server. This flag must be defined to enable setting the SSL_FLAG_REQUIRE_MUTUAL_AUTH runtime flag. |
__ENABLE_MOCANA_SSL_NEW_HANDSHAKE__ | Enables the callback to be activated when a peer that is already successfully performed handshaking asks again. |
__ENABLE_MOCANA_SSL_REHANDSHAKE__ | Enables the SSL re-handshake feature. |
__ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__ | Enables TLS session resumption using session ticket for the NanoSSL Server |
__ENABLE_MOCANA_SSL_PSK_SUPPORT__ | Enables SSL Pre-shared Key support. |
__ENABLE_RFC3576__ | Enables RADIUS extensions for CoA (change of authorization) support. |
__ENABLE_MOCANA_SSL_FIPS__ | Enables the runtime mechanism to enable/disable restrictions to use FIPS-certified ciphers, algorithms, and asymmetric key sizes. |
__ENABLE_MOCANA_DTLS_SRTP____ENABLE_MOCANA_SRTP_PROFILES_SELECT__ | Enables SRTP functionality for NanoSSL products. |
MIN_SSL_MINORVERSION | Macro to set the default TLS minor version. |
__ENABLE_MOCANA_TLS13__ | Enables the TLS v1.3 protocol. |
__ENABLE_MOCANA_PSK_TLS13__ | Enables the PSK feature for the TLS v1.3 protocol. |
__ENABLE_MOCANA_0RTT_TLS13__ | Enables the 0RTT feature for the TLS v1.3 protocol. |
__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__ | Enables the support for heartbeat message exchange as specified in the RFC 6520 |
__ENABLE_MOCANA_TLS13_APPLICATINO_DATA_CALLBACK__ | Enables callbacks for application data in the 0RTT flow. |
Functions
This table lists the NanoSSL API functions and shows whether they are used for synchronous and/or asynchronous clients and/or servers.
| Function | Client | Server |
|---|---|---|
SSL_ASYNC_acceptConnection | ||
SSL_ASYNC_closeConnection | X | |
SSL_ASYNC_connect | X | |
SSL_ASYNC_getRecvBuffer | X | |
SSL_ASYNC_getSendBuffer | X | |
SSL_ASYNC_init | X | |
SSL_ASYNC_initServer | ||
SSL_ASYNC_recvMessage | X | |
SSL_ASYNC_recvMessage2 | X | |
SSL_ASYNC_sendMessage | X | |
SSL_ASYNC_sendMessagePending | X | |
SSL_ASYNC_start | X | |
SSL_acceptConnection | ||
SSL_closeConnection | X | |
SSL_connect | X | |
SSL_enableCiphers | X | X |
SSL_getCipherInfo | X | X |
SSL_getClientSessionInfo | X | X |
SSL_setDNSNames | X | X |
SSL_setServerNameList | X | X |
SSL_getCookie | X | X |
SSL_getInstanceFromSocket | X | X |
SSL_getSessionFlags | X | X |
SSL_getSessionStatus | X | X |
SSL_getSocketId | X | X |
SSL_init | X | |
SSL_initiateRehandshake | X | X |
SSL_ioctl | X | X |
SSL_Settings_Ioctl | X | X |
SSL_isSessionSSL | X | X |
SSL_lookupAlert | X | X |
SSL_negotiateConnection | X | |
SSL_recv | X | |
SSL_recvPending | X | |
SSL_releaseTables | X | X |
SSL_send | X | |
SSL_sendAlert | X | X |
SSL_sendPending | X | |
SSL_setCookie | X | X |
SSL_setSessionFlags | X | X |
SSL_shutdownStack | X | X |
SSL_setMinRSAKeySize | X | X |
SSL_setSha1SigAlg | X | X |
SSL_sslSettings | X | X |
SSL_setFIPSEnabled | X | X |
SSL_populateMutualAuthCertStore | X | X |
SSL_enableHeartbeatSupport | X | X |
SSL_sendHeartbeatMessage | X | X |
Callback functions
The sslSettings structure contains function pointers for the following callback functions, which are fully documented in the NanoSSL API Reference:
- Synchronous/Asynchronous client/server
funcPtrAlertCallbackfuncPtrAlertHandshakeCallbackfuncPtrSSLHandelTimeout
- Synchronous/Asynchronous client
funcPtrChoosePSKfuncPtrMutualAuthCertificateVerify
- Synchronous/Asynchronous server
funcPtrGetClientPSKfuncPtrLookupPSKfuncPtrVersionCallback
- Asynchronous client
funcPtrClientOpenStateCallbackfuncPtrClientRenewalCallbackfuncPtrClientStartTimer
- Asynchronous server
funcPtrOpenStateCallbackfuncPtrRenewalCallbackfuncPtrStartTimer
Enabling NanoSSL and NanoTLS products and features lists the NanoSSL products and features that may be enabled, the flags required to enable them, and their required callback functions that need to be customized and registered. (Both NanoSSL client and server are listed because they share a common code base.)
Setting variables
This table lists the variables that must be set.
| Variable | Description |
|---|---|
sslTimeOutHello | Timeout to wait for a Hello message. The default value is 15000 ms. |
sslTimeOutReceive | Timeout to wait to receive a handshake message. The default value is 15000 ms. |
maxTimerCountForhandShake | Timer to initiate a rehandshake. |
maxByteCount | Number of bytes sent out before initiating a rehandshake. |
Enabling NanoSSL and NanoDTLS products and features
This table lists the NanoSSL products and features that may be enabled, the flags required to enable them, and the required callback functions that must be customized and registered. Both NanoSSL client and server are listed because they share a common code base.
| Feature | Required Flags | Callback Functions |
|---|---|---|
| Synchronous server | __ENABLE_MOCANA_SSL_SERVER__ | Any desired feature’s callbacks, listed in this table. |
| Asynchronous server | __ENABLE_MOCANA_SSL_ASYNC_SERVER_API__ | Plus any desired feature’s callbacks, listed in this table. |
| Synchronous client | __ENABLE_MOCANA_SSL_CLIENT__ | Desired features’ callbacks |
| Asynchronous client | __ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__ | Plus any desired feature’s callbacks, listed in this table. |
| Dual mode | __ENABLE_MOCANA_SSL_DUAL_MODE_API__ | Flags and callbacks listed above in this table for enabling synchronous and asynchronous server and/or client, as well as desired features’ callbacks. |
| Mutual authentication via single certificate | __ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__ | (None) |
| Mutual authentication client CA list | __ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__ | SSL_setClientCertAuthorityCallback(sbyte4 connectionInstance,MSTATUS (*funcPtrClientCertAuthorityCallback) (sbyte4 connectionInstance, SizedBuffer *pCertAuthorities, ubyte4 certAuthorityCount)) |
| PSK support for NanoSSL server | ENABLE_MOCANA_SSL_PSK_SUPPORT | |
| Either ENABLE_MOCANA_SSL_SERVER or ENABLE_MOCANA_SSL_ASYNC_SERVER_API | funcPtrGetHintPSK | |
| funcPtrLookupPSK | ||
| PSK support for NanoSSL client | ENABLE_MOCANA_SSL_PSK_SUPPORT | |
| Either ENABLE_MOCANA_SSL_CLIENT or ENABLE_MOCANA_SSL_ASYNC_CLIENT_API | funcPtrChoosePSK | |
| SSL/TLS alerts | __ENABLE_MOCANA_SSL_ALERTS__ | funcPtrAlertCallback |
| Notification of server re-handshake request | __ENABLE_MOCANA_SSL_NEW_HANDSHAKE__ | funcPtrNewHandshakeCallback |
| RFC 5746: TLS Renegotiation Indication Extension | __ENABLE_MOCANA_SSL_REHANDSHAKE__ | funcPtrClientRehandshakeRequest(applicable to synchronous and asynchronous variants of both NanoSSL client and NanoSSL server) |
| RFC 5077: Session Resumption Using Session Ticket for NanoSSL Server | __ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__ | (None) |
| RFC 6066 for NanoSSL server | ENABLE_RFC6066 | |
| Either ENABLE_MOCANA_SSL_SERVER or ENABLE_MOCANA_SSL_ASYNC_SERVER_API | funcPtrExtensionRequestCallback | |
| SSLv3 support | Define the MIN_SSL_MINORVERSION flag as equal to SSL3_MINORVERSION | (None) |
| Notify on SSL stack timeout and override or reset the timer | None | To override the timeout, set the new timeout value in the *msAdjustedTimevariable. |
| Initiate TLS v1.3 KeyUpdate | __ENABLE_MOCANA_TLS13__ | sbyte4(*funcPtrKeyUpdateRequest)(sbyte4 connectionInstance) |
| Get signature algorithm used | __ENABLE_MOCANA_TLS13__ | SSL_getSignatureAlgo (sbyte4 connectionInstance, ubyte2 *pSigAlg) |
| Initiate post-handshake Authentication | ENABLE_MOCANA_TLS13 | |
| Either ENABLE_MOCANA_SSL_SERVER or ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT | SSL_sendPosthandshakeAuthCertificateRequest(sbyte4 connectionInstance) | |
| Set maximum Early Data Size for generated PSK | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | sbyte4 SSL_setMaxEarlyDataSize(sbyte4 connectionInstance, sbyte4 earlyDataSize) | |
| Set receive early data size | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_TLS13_0RTT | ||
| ENABLE_MOCANA_SSL_SERVER | sbyte4 SSL_setRecvEarlyDataSize(sbyte4 connectionInstance, sbyte4 recvEarlyDataSize) | |
| Set application data to be sent as part of 0RTT flow | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_TLS13_0RTT | ||
| ENABLE_MOCANA_SSL_CLIENT | sbyte4 SSL_setEarlyData(sbyte4 connectionInstance, ubyte* pEarlyData, ubyte4 earlyDataSize) | |
| Set callback to receive early data on server | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_TLS13_0RTT | ||
| ENABLE_MOCANA_SSL_SERVER | sbyte4 SSL_setReceiveApplicationDataCallback(sbyte4 (*funcPtrTLS13ApplicationDataCallback)(sbyte4 connectionInstance, ubyte *pData, ubyte4 dataLen, dataState state)) | |
| Deserialize PSK | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | sbyte4 SSL_deserializePSK(ubyte *pPsk, ubyte4 pskLen, tls13PSK **ppRetPsk) | |
| Serialize PSK | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | sbyte4 SSL_serializePSK(tls13PSK *pPsk, ubyte **ppPsk, ubyte4 *pPskLen) | |
| Set callback to save PSK generated by server | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_SSL_SERVER | SSL_setServerSavePSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, sbyte ServerInfo, ubyte4 serverInfoLen, ubyte* pIdentityPSK, ubyte4 identityLengthPSK, ubyte* pPsk, ubyte4 pskLen)) | |
| Set callback to search PSK | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_SSL_SERVER | SSL_setServerLookupPSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, ubyte pIdentityPSK, ubyte4 identityLengthPSK, ubyte** ppPsk, ubyte4 *pPskLen, intBoolean *pFreeMemory)) | |
| Set callback to delete PSK | ENABLE_MOCANA_TLS13 | |
| ENABLE_MOCANA_TLS13_PSK | ||
| ENABLE_MOCANA_SSL_SERVER | SSL_setServerDeletePSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, sbyte ServerInfo, ubyte4 serverInfoLen, ubyte* pIdentityPSK, ubyte4 identityLengthPSK, ubyte* pPsk)) | |
| Set callbacks to enable SRTP feature | ENABLE_MOCANA_DTLS_SERVER | |
| ENABLE_MOCANA_DTLS_CLIENT | ||
| ENABLE_MOCANA_DTLS_SRTP | ||
| ENABLE_MOCANA_SRTP_PROFILES_SELECT | sbyte4SSL_setSrtpInitCallback(sbyte4(cb)(sbyte4 connectionInstance, peerDescr pChannelDescr, const SrtpProfileInfo pProfile, void keyMaterials, ubyte* mki));sbyte4 SSL_setSrtpEncodeCallback(sbyte4(cb)(sbyte4 connectionInstance, peerDescr pChannelDescr, const sbyte pData, ubyte4 pDataLength, ubyte* encodedData, ubyte4* encodedLength)); | |
| Heartbeat Extension | __ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__ | SSL_enableHeartbeatSupport(sbyte4 connectionInstance, E_HeartbeatExtension value,sbyte4 (*funcPtrHeatbeatMessageCallback)(sbyte4 connectionInstance, sbyte4 status, ubyte heartbeatType));SSL_sendHeartbeatMessage(sbyte4 connectionInstance); |
Session-specific callback function
The SSLSocket structure contains function pointers for callback functions that are associated with a session (i.e., each session may set the function pointers to a different function):
- Synchronous/asynchronous client/server:
funcPtrGetCertAndStatusCallback— Set usingSSL_setCertAndStatusCallback().funcPtrAlpnCallback— Set usingSSL_setAlpnCallback().funcPtrInvalidCertCallback— Set using:MSTATUS SSL_setInvalidCertCallback(sbyte4 connectionInstance, (MSTATUS (*funcPtrInvalidCertCallback)(sbyte4 connectionInstance, MSTATUS validationstatus));Note
This function requires the build flag `__ENABLE_MOCANA_SSL_INVALID_CERTIFICATE_CALLBACK__`. To ignore the certificate error, the callback should return the status `>= 0`.
- Synchronous/asynchronous server:
funcPtrVersionCallback— Set usingSSL_setVersionCallback().
- Synchronous/asynchronous client:
funcPtrVersionCallback— Set usingSSL_setVersionCallback().
This table describes the purpose of these function pointers, which are also fully documented in the NanoSSL API Reference.
| Function Pointer | Description |
|---|---|
funcPtrGetCertAndStatusCallback | Provides the application with the certificate used and the SSL stack’s validation status. The application may then perform additional checks on the certificate and optionally override the SSL stack’s validation. The implementation of this function should return OK to indicate that the certificate is valid, irrespective of the SSL stack’s status. The application may choose to accept the status proposed by the SSL stack. |
funcPtrAlpnCallback | Allows the application to negotiate the application-layer protocols, as per RFC-7301. |
funcPtrInvalidCertCallback | Enables application callback to be notified of an empty certificate (zero length) or invalid certificate received from the client where mutual authentication is enabled. |
funcPtrSSLClientSavePSKCallback | Mechanism to save the PSKs received from the server. |
funcPtrSSLClientRetrievePSKCallback | Mechanism to retrieve PSKs to establish a connection with a particular server. |
funcPtrSSLSendApplicationDataCallback | Allows application to provide early data for 0RTT flow; invoked if early_data was not set during init. |
funcPtrClientCertCallback | Allows the application to provide the client certificate, key, and CA for mutual authentication at run time in the server’s client certificate request; invoked only if the default certificate store does not have the certificate. |
Session-specific settings
Session settings may be applied using the following methods:
SSL_ioctlSSL_setSessionFlags
SSL_ioctl flags
This table lists the flags that may be configured to call the SSL_ioctl function.
| Flag | Description |
|---|---|
SSL_SET_VERSION | Sets the minor version of TLS. |
SSL_SET_MINIMUM_VERSION | Sets the minimum minor version of TLS. |
SSL_SET_SCSV_VERSION | |
SSL_SET_RECV_TIMEOUT | Sets the receive timeout for asynchronous mode. |
DTLS_SET_HANDSHAKE_RETRANSMISSION_TIMER | Sets the time for DTLS handshake retransmission. |
DTLS_SET_PMTU | Sets the MTU for DTLS messages. |
DTLS_USE_SRTP | Sets the SRTP value for DTLS. |
DTLS_SET_HELLO_VERIFIED | Enables acknowledgment that the application received the cookie and verified it. |
SSL_GET_CLIENT_RANDOM | Gets the client’s random number. |
SSL_GET_SERVER_RANDOM | Gets the server’s random number. |
SSL_REQUEST_SESSION_TICKET | Configured on the client only to request a session ticket from the server. |
SSL_PSK_KEY_EXCHANGE_MODE | Sets the PSK key exchange modes on the client. |
SSL_GET_KEY_UPDATE_DATA_TYPE | Gets the status of the KeyUpdate message state. |
SSL_SET_SEND_EARLY_DATA | Sends early_data with the 0RTT flow. |
SSL_GET_MAX_EARLY_DATA | Gets the maximum number of bytes of early data that may be received by the server. |
SSL_SET_MAX_EARLY_DATA | Sets the maximum number of bytes of early data that may be received by the server. |
SSL_GET_EARLY_DATA_STATUS | Gets the status of the early data received. |
SSL_SET_NUM_TICKETS | Sets the number of tickets that the server may send to a client after a connection has been established. |
SSL_GET_NUM_TICKETS | Gets the number of tickets that server sends. |
SSL_setSession flags
This table lists the session authentication flags for the SSL_setSessionFlags API. For more information about this API, refer to the NanoSSL API Reference.
| Flag | Description |
|---|---|
SSL_FLAG_REQUIRE_MUTUAL_AUTH | Enables mutual authentication. |
SSL_FLAG_NO_MUTUAL_AUTH_REQUEST | Disables mutual authentication. |
SSL_FLAG_NO_MUTUAL_AUTH_REPLY | Enables mutual authentication and allows an an empty response from the client to be accepted. |
SSL_FLAG_ENABLE_SEND_EMPTY_FRAME | Enables sending of an empty frame. |
SSL_FLAG_ENABLE_SEND_BUFFER | Enables send of a buffer in asynchronous mode. |
SSL_FLAG_ENABLE_RECV_BUFFER | Enables therecvbuffer in asynchronous mode. |
SSL_FLAG_ENABLE_POST_HANDSHAKE_AUTH | Enables post-handshake authentication. |
SSL_FLAG_ALLOW_INSECURE_REHANDSHAKE | Allows legacy renegotiation. |
Common TrustCore SDK initialization
Applications should perform the common TrustCore SDK initialization and shutdown work, as shown in the ${MSS_SRC_PKG}/src/examples/mocana_example.c sample module. In particular, make the following function calls and perform the following procedures:
MOCANA_initMocana— Initialize the TrustCore SDK common code base (logging, random number generator, and so on).MOCANA_initLog— Optionally, register a callback function to the TrustCore SDK logging system.- Create threads for all required TrustCore SDK component servers (e.g., the NanoSec IKE server).
- Implement a status-checking loop that runs and sleeps as long as an application running flag is true.
MOCANA_freeMocana— Release memory that was allocated byMOCANA_initMocana.
Was this page helpful?
Provide feedback