Certificates

class Certificate

Implemented by SSL adapter to handle certificate operations.

class ValidatorList : public Vector<Validator>

Performs certificate validation.

Validators are created in the application’s session initialisation callback. When the certificate has been received, it is checked against each registered validator in turn until successful. All validators are destroyed during this process.

If there are no validators in the list then the certificate will not be checked and the connection accepted.

class Validator

Base validator class.

Validation is performed by invoking each validator in turn until a successful result is obtained.

Custom validators may either override this class, or use a callback.

Subclassed by Ssl::CallbackValidator, Ssl::FingerprintValidator< FP >

union Ssl::Fingerprint
#include <Fingerprints.h>

Various types of fingerprint.

Applications should use the appropriate type to define a fingerprint, for example:

    static const Fingerprint::Cert::Sha1 fingerprint PROGMEM = { ... };

Public Types

enum Type

SSL Certificate fingerprint type.

Values:

enumerator CertSha1

SHA1 Fingerprint of entire certificate.

enumerator CertSha256

SHA256 Fingerprint of entire certificate.

enumerator PkiSha256

SHA256 Fingerprint of Public Key Information.

Public Members

Cert cert
Pki pki
union Cert
#include <Fingerprints.h>

Fingerprints for the entire Certificate.

Public Members

Sha1 sha1
Sha256 sha256
struct Sha1
#include <Fingerprints.h>

Fingerprint based on the SHA1 value of the certificate.

The SHA1 hash of the entire certificate. This changes on each certificate renewal so needs to be updated every time the remote server updates its certificate.

Advantages: Takes less time to verify than SHA256

Disadvantages: Likely to change periodically

Public Members

Crypto::Sha1::Hash hash

Public Static Attributes

static constexpr Type type = Type::CertSha1
struct Sha256
#include <Fingerprints.h>

Fingerprint based on the SHA256 value of the certificate.

Typically displayed in browser certificate information

Public Members

Crypto::Sha256::Hash hash

Public Static Attributes

static constexpr Type type = Type::CertSha256
union Pki
#include <Fingerprints.h>

for the Public Key only

Public Members

Sha256 sha256
struct Sha256
#include <Fingerprints.h>

Fingerprint based on the SHA256 value of the Public Key Subject in the certificate.

For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject Public Key Info (which usually only changes when the public key changes) is used.

Advantages: Doesn’t change frequently

Disadvantages: Takes more time (in ms) to verify.

Public Members

Crypto::Sha256::Hash hash

Public Static Attributes

static constexpr Type type = Type::PkiSha256
class Types
#include <Fingerprints.h>

Maintains a set of fingerprint types.

Public Functions

inline void add(Type type)
inline void remove(Type type)
inline bool contains(Type type) const

Private Members

uint32_t mask = 0