Certificates¶
-
class
Certificate
¶ Implemented by SSL adapter to handle certificate operations.
-
class
ValidatorList
: public Vector<Validator>¶ Performs certificate validation.
Validators are created in the application’s session initialisation callback. When the certificate has been received, it is checked against each registered validator in turn until successful. All validators are destroyed during this process.
If there are no validators in the list then the certificate will not be checked and the connection accepted.
-
class
Validator
¶ Base validator class.
Validation is performed by invoking each validator in turn until a successful result is obtained.
Custom validators may either override this class, or use a callback.
Subclassed by Ssl::CallbackValidator, Ssl::FingerprintValidator< FP >
-
union
Fingerprint
¶ - #include <Fingerprints.h>
Various types of fingerprint.
Applications should use the appropriate type to define a fingerprint, for example:
static const Fingerprint::Cert::Sha1 fingerprint PROGMEM = { ... };
Public Types
-
enum
Type
¶ SSL Certificate fingerprint type.
Values:
-
CertSha1
¶ SHA1 Fingerprint of entire certificate.
-
CertSha256
¶ SHA256 Fingerprint of entire certificate.
-
PkiSha256
¶ SHA256 Fingerprint of Public Key Information.
-
-
union
Cert
¶ - #include <Fingerprints.h>
Fingerprints for the entire Certificate.
-
struct
Sha1
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA1 value of the certificate.
The SHA1 hash of the entire certificate. This changes on each certificate renewal so needs to be updated every time the remote server updates its certificate.
Advantages: Takes less time to verify than SHA256
Disadvantages: Likely to change periodically
-
struct
Sha256
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA256 value of the certificate.
Typically displayed in browser certificate information
-
struct
-
union
Pki
¶ - #include <Fingerprints.h>
for the Public Key only
-
struct
Sha256
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA256 value of the Public Key Subject in the certificate.
For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject Public Key Info (which usually only changes when the public key changes) is used.
Advantages: Doesn’t change frequently
Disadvantages: Takes more time (in ms) to verify.
-
struct
-
enum