Function esp_idf_svc::sys::mbedtls_ssl_conf_own_cert

source ·
pub unsafe extern "C" fn mbedtls_ssl_conf_own_cert(
    conf: *mut mbedtls_ssl_config,
    own_cert: *mut mbedtls_x509_crt,
    pk_key: *mut mbedtls_pk_context,
) -> i32
Expand description

\brief Set own certificate chain and private key

\note own_cert should contain in order from the bottom up your certificate chain. The top certificate (self-signed) can be omitted.

\note On server, this function can be called multiple times to provision more than one cert/key pair (eg one ECDSA, one RSA with SHA-256, one RSA with SHA-1). An adequate certificate will be selected according to the client’s advertised capabilities. In case multiple certificates are adequate, preference is given to the one set by the first call to this function, then second, etc.

\note On client, only the first call has any effect. That is, only one client certificate can be provisioned. The server’s preferences in its CertificateRequest message will be ignored and our only cert will be sent regardless of whether it matches those preferences - the server can then decide what it wants to do with it.

\note The provided \p pk_key needs to match the public key in the first certificate in \p own_cert, or all handshakes using that certificate will fail. It is your responsibility to ensure that; this function will not perform any check. You may use mbedtls_pk_check_pair() in order to perform this check yourself, but be aware that this function can be computationally expensive on some key types.

\param conf SSL configuration \param own_cert own public certificate chain \param pk_key own private key

\return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED