Function bearssl::br_ssl_server_set_single_ec
[−]
[src]
pub unsafe extern "C" fn br_ssl_server_set_single_ec(
cc: *mut br_ssl_server_context,
chain: *const br_x509_certificate,
chain_len: usize,
sk: *const br_ec_private_key,
allowed_usages: c_uint,
cert_issuer_key_type: c_uint,
iec: *const br_ec_impl,
iecdsa: br_ecdsa_sign
)
\brief Set the server certificate chain and key (single EC case).
This function uses a policy context included in the server context.
It configures use of a single server certificate chain with an EC
private key. The allowed_usages
is a combination of usages, namely
BR_KEYTYPE_KEYX
and/or BR_KEYTYPE_SIGN
; this enables or disables
the corresponding cipher suites (i.e. TLS_ECDH_*
use the EC key for
key exchange, while TLS_ECDHE_ECDSA_*
use the EC key for signatures).
In order to support TLS_ECDH_*
cipher suites (non-ephemeral ECDH),
the algorithm type of the key used by the issuing CA to sign the
server's certificate must be provided, as cert_issuer_key_type
parameter (this value is either BR_KEYTYPE_RSA
or BR_KEYTYPE_EC
).
\param cc server context. \param chain server certificate chain to send. \param chain_len chain length (number of certificates). \param sk server private key (EC). \param allowed_usages allowed private key usages. \param cert_issuer_key_type issuing CA's key type. \param iec EC core implementation. \param iecdsa ECDSA signature implementation ("asn1" format).