TLSSocket is a wrapper around TCPSocket for interacting with TLS servers. More...
#include <TLSSocket.h>
Public Types |
Public Member Functions | |
| TLSSocket () | |
| Create an uninitialized socket. More... | |
| ~TLSSocket () override | |
| Destroy the TLSSocket and closes the transport. More... | |
| nsapi_error_t | open (NetworkStack *stack) |
| Opens a socket. More... | |
| void | set_hostname (const char *hostname) |
| Set hostname. More... | |
| nsapi_error_t | set_root_ca_cert (const void *root_ca, size_t len) |
| Sets the certification of Root CA. More... | |
| nsapi_error_t | set_root_ca_cert (const char *root_ca_pem) |
| Sets the certification of Root CA. More... | |
| nsapi_error_t | set_client_cert_key (const void *client_cert, size_t client_cert_len, const void *client_private_key_pem, size_t client_private_key_len) |
| Sets client certificate, and client private key. More... | |
| nsapi_error_t | set_client_cert_key (const char *client_cert_pem, const char *client_private_key_pem) |
| Sets client certificate, and client private key. More... | |
| nsapi_error_t | send (const void *data, nsapi_size_t size) override |
| Send data over a TLS socket. More... | |
| nsapi_size_or_error_t | recv (void *data, nsapi_size_t size) override |
| Receive data over a TLS socket. More... | |
| nsapi_error_t | close () override |
| Closes the socket. More... | |
| nsapi_error_t | connect (const SocketAddress &address=SocketAddress()) override |
| Connect the transport socket and start handshake. More... | |
| nsapi_size_or_error_t | sendto (const SocketAddress &address, const void *data, nsapi_size_t size) override |
| Send a message on a socket. More... | |
| nsapi_size_or_error_t | recvfrom (SocketAddress *address, void *data, nsapi_size_t size) override |
| Receive a data from a socket. More... | |
| nsapi_error_t | bind (const SocketAddress &address) override |
| Bind a specific address to a socket. More... | |
| void | set_blocking (bool blocking) override |
| Set blocking or non-blocking mode of the socket. More... | |
| void | set_timeout (int timeout) override |
| Set timeout on blocking socket operations. More... | |
| void | sigio (mbed::Callback< void()> func) override |
| Register a callback on state change of the socket. More... | |
| nsapi_error_t | setsockopt (int level, int optname, const void *optval, unsigned optlen) override |
| Set socket options. More... | |
| nsapi_error_t | getsockopt (int level, int optname, void *optval, unsigned *optlen) override |
| Get socket options. More... | |
| Socket * | accept (nsapi_error_t *error=NULL) override |
| Accepts a connection on a socket. More... | |
| nsapi_error_t | listen (int backlog=1) override |
| Listen for incoming connections. More... | |
| nsapi_error_t | getpeername (SocketAddress *address) override |
| Get the remote-end peer associated with this socket. More... | |
| mbedtls_x509_crt * | get_own_cert () |
| Get own certificate directly from Mbed TLS. More... | |
| int | set_own_cert (mbedtls_x509_crt *crt) |
| Set own certificate directly to Mbed TLS. More... | |
| mbedtls_x509_crt * | get_ca_chain () |
| Get CA chain structure. More... | |
| void | set_ca_chain (mbedtls_x509_crt *crt) |
| Set CA chain directly to Mbed TLS. More... | |
| mbedtls_ssl_config * | get_ssl_config () |
| Get internal Mbed TLS configuration structure. More... | |
| void | set_ssl_config (mbedtls_ssl_config *conf) |
| Override Mbed TLS configuration. More... | |
| mbedtls_ssl_context * | get_ssl_context () |
| Get internal Mbed TLS context structure. More... | |
TLSSocket is a wrapper around TCPSocket for interacting with TLS servers.
TLSSocket uses the TLSSocketWrapper with internal TCP socket. This is a helper for creating commonly used TLS connections over TCP.
Definition at line 47 of file TLSSocket.h.
|
inherited |
Transport modes.
| Enumerator | |
|---|---|
| TRANSPORT_KEEP | |
| TRANSPORT_CONNECT_AND_CLOSE | |
| TRANSPORT_CONNECT |
Does call only connect() on transport socket. |
| TRANSPORT_CLOSE |
Does call close() on transport socket. |
Definition at line 62 of file TLSSocketWrapper.h.
| TLSSocket | ( | ) |
Create an uninitialized socket.
Must call open to initialize the socket on a network stack.
Definition at line 53 of file TLSSocket.h.
|
overridevirtualinherited |
Accepts a connection on a socket.
The server socket must be bound and set to listen for connections. On a new connection, returns connected network socket to call close() that deallocates the resources. Referencing a returned pointer after a close() call is not allowed and leads to undefined behavior.
By default, accept blocks until incoming connection occurs. If socket is set to non-blocking or times out, error is set to NSAPI_ERROR_WOULD_BLOCK.
| error | Pointer to storage of the error value or NULL. |
Implements Socket.
|
overridevirtualinherited |
Bind a specific address to a socket.
Binding a socket specifies the address and port on which to receive data. If the IP address is zeroed, only the port is bound.
| address | Local address to bind. |
Implements Socket.
|
overridevirtualinherited |
Closes the socket.
Closes any open connection and deallocates any memory associated with the socket. Called from destructor if socket is not closed.
Implements Socket.
|
overridevirtualinherited |
Connect the transport socket and start handshake.
See Socket::connect and start_handshake
Implements Socket.
|
inherited |
Get CA chain structure.
|
inherited |
Get own certificate directly from Mbed TLS.
|
inherited |
Get internal Mbed TLS configuration structure.
|
inherited |
Get internal Mbed TLS context structure.
|
overridevirtualinherited |
Get the remote-end peer associated with this socket.
Copy the remote peer address to a SocketAddress structure pointed by address parameter. Socket must be connected to have a peer address associated.
| address | Pointer to SocketAddress structure. |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_NO_SOCKET | if socket is not connected. |
| NSAPI_ERROR_NO_CONNECTION | if the remote peer was not set. |
Implements Socket.
|
overridevirtualinherited |
Get socket options.
getsockopt() allows an application to retrieve stack-specific options from the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
| level | Stack-specific protocol level or nsapi_socket_level_t. |
| optname | Level-specific option name. |
| optval | Destination for option value. |
| optlen | Length of the option value. |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_NO_SOCKET | if socket is not open. |
| int | Negative error code on failure, see NetworkStack::getsockopt. |
Implements Socket.
|
overridevirtualinherited |
Listen for incoming connections.
Marks the socket as a passive socket that can be used to accept incoming connections.
| backlog | Number of pending connections that can be queued simultaneously, defaults to 1. |
Implements Socket.
| nsapi_error_t open | ( | NetworkStack * | stack | ) |
Opens a socket.
Creates a network socket on the network stack of the given network interface.
| stack | Network stack as target for socket. |
Definition at line 70 of file TLSSocket.h.
|
overridevirtualinherited |
Receive data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes received into the buffer.
| data | Destination buffer for data received from the host. |
| size | Size of the buffer in bytes. |
| int | Number of sent bytes on success |
| NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
| NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
| NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_read. |
Implements Socket.
|
overridevirtualinherited |
Receive a data from a socket.
Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.
If socket is connected, only packets coming from connected peer address are accepted.
By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.
| address | Destination for the source address or NULL |
| data | Destination buffer for datagram received from the host |
| size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtualinherited |
Send data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes sent from the buffer.
| data | Buffer of data to send to the host. |
| size | Size of the buffer in bytes. |
| int | Number of sent bytes on success |
| NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
| NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
| NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_write. |
Implements Socket.
|
overridevirtualinherited |
Send a message on a socket.
The sendto() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.
By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.
| address | Remote address |
| data | Buffer of data to send to the host |
| size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtualinherited |
Set blocking or non-blocking mode of the socket.
Initially all sockets are in blocking mode. In non-blocking mode blocking operations such as send/recv/accept return NSAPI_ERROR_WOULD_BLOCK if they cannot continue.
set_blocking(false) is equivalent to set_timeout(0) set_blocking(true) is equivalent to set_timeout(-1)
| blocking | true for blocking mode, false for non-blocking mode. |
Implements Socket.
|
inherited |
Set CA chain directly to Mbed TLS.
| crt | Mbed TLS X509 certificate chain. |
|
inherited |
Sets client certificate, and client private key.
| client_cert | Client certification in PEM or DER format. |
| client_cert_len | Certificate size including the terminating null byte for PEM data. |
| client_private_key_pem | Client private key in PEM or DER format. |
| client_private_key_len | Key size including the terminating null byte for PEM data |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets client certificate, and client private key.
| client_cert_pem | Client certification in PEM format. |
| client_private_key_pem | Client private key in PEM format. |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Set hostname.
TLSSocket requires hostname used to verify the certificate. If hostname is not given in constructor, this function must be used before starting the TLS handshake.
| hostname | Hostname of the remote host, used for certificate checking. |
|
inherited |
Set own certificate directly to Mbed TLS.
| crt | Mbed TLS X509 certificate chain. |
|
inherited |
Sets the certification of Root CA.
| root_ca | Root CA Certificate in any Mbed TLS-supported format. |
| len | Length of certificate (including terminating 0 for PEM). |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
| NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets the certification of Root CA.
| root_ca_pem | Root CA Certificate in PEM format. |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
| NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Override Mbed TLS configuration.
| conf | Mbed TLS SSL configuration structure. |
|
overridevirtualinherited |
Set timeout on blocking socket operations.
Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK is returned if a blocking operation takes longer than the specified timeout. A timeout of 0 removes the timeout from the socket. A negative value gives the socket an unbounded timeout.
set_timeout(0) is equivalent to set_blocking(false) set_timeout(-1) is equivalent to set_blocking(true)
| timeout | Timeout in milliseconds |
Implements Socket.
|
overridevirtualinherited |
Set socket options.
setsockopt() allows an application to pass stack-specific options to the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
| level | Stack-specific protocol level or nsapi_socket_level_t. |
| optname | Level-specific option name. |
| optval | Option value. |
| optlen | Length of the option value. |
| NSAPI_ERROR_OK | on success. |
| NSAPI_ERROR_NO_SOCKET | if socket is not open. |
| int | Negative error code on failure, see NetworkStack::setsockopt. |
Implements Socket.
|
overridevirtualinherited |
Register a callback on state change of the socket.
The specified callback is called on state changes, such as when the socket can receive/send/accept successfully and when an error occurs. The callback may also be called spuriously without reason.
The callback may be called in an interrupt context and should not perform expensive operations such as receive/send calls.
Note! This is not intended as a replacement for a poll or attach-like asynchronous API, but rather as a building block for constructing such functionality. The exact timing of the registered function is not guaranteed and susceptible to change.
| func | Function to call on state change. |
Implements Socket.
