[][src]Struct paho_mqtt_sys::MQTTAsync_SSLOptions

#[repr(C)]pub struct MQTTAsync_SSLOptions {
    pub struct_id: [c_char; 4],
    pub struct_version: c_int,
    pub trustStore: *const c_char,
    pub keyStore: *const c_char,
    pub privateKey: *const c_char,
    pub privateKeyPassword: *const c_char,
    pub enabledCipherSuites: *const c_char,
    pub enableServerCertAuth: c_int,
    pub sslVersion: c_int,
    pub verify: c_int,
    pub CApath: *const c_char,
    pub ssl_error_cb: Option<unsafe extern "C" fn(str: *const c_char, len: size_t, u: *mut c_void) -> c_int>,
    pub ssl_error_context: *mut c_void,
    pub ssl_psk_cb: Option<unsafe extern "C" fn(hint: *const c_char, identity: *mut c_char, max_identity_len: c_uint, psk: *mut c_uchar, max_psk_len: c_uint, u: *mut c_void) -> c_uint>,
    pub ssl_psk_context: *mut c_void,
    pub disableDefaultTrustStore: c_int,
}

MQTTAsync_sslProperties defines the settings to establish an SSL/TLS connection using the OpenSSL library. It covers the following scenarios:

  • Server authentication: The client needs the digital certificate of the server. It is included in a store containting trusted material (also known as "trust store").
  • Mutual authentication: Both client and server are authenticated during the SSL handshake. In addition to the digital certificate of the server in a trust store, the client will need its own digital certificate and the private key used to sign its digital certificate stored in a "key store".
  • Anonymous connection: Both client and server do not get authenticated and no credentials are needed to establish an SSL connection. Note that this scenario is not fully secure since it is subject to man-in-the-middle attacks.

Fields

struct_id: [c_char; 4]

The eyecatcher for this structure. Must be MQTS

struct_version: c_int

The version number of this structure. Must be 0, or 1 to enable TLS version selection.

trustStore: *const c_char

The file in PEM format containing the public digital certificates trusted by the client.

keyStore: *const c_char

The file in PEM format containing the public certificate chain of the client. It may also include the client's private key.

privateKey: *const c_char

If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key.

privateKeyPassword: *const c_char

The password to load the client's privateKey if encrypted.

enabledCipherSuites: *const c_char

The list of cipher suites that the client will present to the server during the SSL handshake. For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance).

enableServerCertAuth: c_int

True/False option to enable verification of the server certificate

sslVersion: c_int

The SSL/TLS version to use. Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1.

verify: c_int

Whether to carry out post-connect checks, including that a certificate matches the given host name. Exists only if struct_version >= 2

CApath: *const c_char

From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format. Exists only if struct_version >= 2

ssl_error_cb: Option<unsafe extern "C" fn(str: *const c_char, len: size_t, u: *mut c_void) -> c_int>

Callback function for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3

ssl_error_context: *mut c_void

Application-specific contex for OpenSSL error handler ERR_print_errors_cb Exists only if struct_version >= 3

ssl_psk_cb: Option<unsafe extern "C" fn(hint: *const c_char, identity: *mut c_char, max_identity_len: c_uint, psk: *mut c_uchar, max_psk_len: c_uint, u: *mut c_void) -> c_uint>

Callback function for setting TLS-PSK options. Parameters correspond to that of SSL_CTX_set_psk_client_callback, except for u which is the pointer ssl_psk_context. Exists only if struct_version >= 4

ssl_psk_context: *mut c_void

Application-specific contex for ssl_psk_cb Exists only if struct_version >= 4

disableDefaultTrustStore: c_int

Don't load default SSL CA. Should be used together with PSK to make sure regular servers with certificate in place is not accepted. Exists only if struct_version >= 4

Trait Implementations

impl Clone for MQTTAsync_SSLOptions[src]

impl Copy for MQTTAsync_SSLOptions[src]

impl Debug for MQTTAsync_SSLOptions[src]

impl Default for MQTTAsync_SSLOptions[src]

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.