DTLSSocket
DTLSSocket class hierarchy
DTLSSocket
and DTLSSocketWrapper
implement DTLS stream over the existing Socket
transport. You can find design and implementation details in the Secure Socket page.
To use secure DTLS connections, application use the DTLSSocketWrapper
through the Socket API, so existing applications and libraries are compatible.
DTLSSocketWrapper
inherits TLSSocketWrapper
and uses the same API. The only difference is that it uses timers to keep track of DTLS timeouts. Please see TLSSocket for an example.
DTLSSocket class reference
Public Types |
Public Member Functions | |
DTLSSocket () | |
Create an uninitialized DTLS socket. More... | |
~DTLSSocket () override | |
Destroy the DTLSSocket and closes the transport. More... | |
template<typename S > | |
DTLSSocket (S *stack, const char *hostname=NULL) | |
Create a socket on a network interface. More... | |
nsapi_error_t | open (NetworkStack *stack) |
Opens a socket. More... | |
void | set_hostname (const char *hostname) |
Set hostname. More... | |
nsapi_error_t | set_root_ca_cert (const void *root_ca, size_t len) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_root_ca_cert (const char *root_ca_pem) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_client_cert_key (const void *client_cert, size_t client_cert_len, const void *client_private_key_pem, size_t client_private_key_len) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | set_client_cert_key (const char *client_cert_pem, const char *client_private_key_pem) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | send (const void *data, nsapi_size_t size) override |
Send data over a TLS socket. More... | |
nsapi_size_or_error_t | recv (void *data, nsapi_size_t size) override |
Receive data over a TLS socket. More... | |
nsapi_error_t | close () override |
Closes the socket. More... | |
nsapi_error_t | connect (const SocketAddress &address=SocketAddress()) override |
Connect the transport socket and start handshake. More... | |
nsapi_size_or_error_t | sendto (const SocketAddress &address, const void *data, nsapi_size_t size) override |
Send a message on a socket. More... | |
nsapi_size_or_error_t | recvfrom (SocketAddress *address, void *data, nsapi_size_t size) override |
Receive a data from a socket. More... | |
nsapi_error_t | bind (const SocketAddress &address) override |
Bind a specific address to a socket. More... | |
void | set_blocking (bool blocking) override |
Set blocking or non-blocking mode of the socket. More... | |
void | set_timeout (int timeout) override |
Set timeout on blocking socket operations. More... | |
void | sigio (mbed::Callback< void()> func) override |
Register a callback on state change of the socket. More... | |
nsapi_error_t | setsockopt (int level, int optname, const void *optval, unsigned optlen) override |
Set socket options. More... | |
nsapi_error_t | getsockopt (int level, int optname, void *optval, unsigned *optlen) override |
Get socket options. More... | |
Socket * | accept (nsapi_error_t *error=NULL) override |
Accepts a connection on a socket. More... | |
nsapi_error_t | listen (int backlog=1) override |
Listen for incoming connections. More... | |
nsapi_error_t | getpeername (SocketAddress *address) override |
Get the remote-end peer associated with this socket. More... | |
mbedtls_x509_crt * | get_own_cert () |
Get own certificate directly from Mbed TLS. More... | |
int | set_own_cert (mbedtls_x509_crt *crt) |
Set own certificate directly to Mbed TLS. More... | |
mbedtls_x509_crt * | get_ca_chain () |
Get CA chain structure. More... | |
void | set_ca_chain (mbedtls_x509_crt *crt) |
Set CA chain directly to Mbed TLS. More... | |
mbedtls_ssl_config * | get_ssl_config () |
Get internal Mbed TLS configuration structure. More... | |
void | set_ssl_config (mbedtls_ssl_config *conf) |
Override Mbed TLS configuration. More... | |
mbedtls_ssl_context * | get_ssl_context () |
Get internal Mbed TLS context structure. More... |
DTLSSocket example
Please see the TLSSocket example:
#include "mbed.h"
#include "mbed_trace.h"
#ifndef DEVICE_TRNG
#error "mbed-os-example-tls-socket requires a device which supports TRNG"
#else
const char cert[] = \
"-----BEGIN CERTIFICATE-----\n"
"MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n"
"RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n"
"VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n"
"DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n"
"ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n"
"VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n"
"mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n"
"IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n"
"mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n"
"XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n"
"dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n"
"jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n"
"BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n"
"DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n"
"9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n"
"jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n"
"Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n"
"ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
"R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
"-----END CERTIFICATE-----";
int main(void)
{
char *buffer = new char[256];
nsapi_size_or_error_t result;
nsapi_size_t size;
const char query[] = "GET / HTTP/1.1\r\nHost: ifconfig.io\r\nConnection: close\r\n\r\n";
mbed_trace_init();
printf("TLSSocket Example.\n");
printf("Mbed OS version: %d.%d.%d\n\n", MBED_MAJOR_VERSION, MBED_MINOR_VERSION, MBED_PATCH_VERSION);
NetworkInterface *net = NetworkInterface::get_default_instance();
if (!net) {
printf("Error! No network inteface found.\n");
return 0;
}
printf("Connecting to network\n");
result = net->connect();
if (result != NSAPI_ERROR_OK) {
printf("Error! net->connect() returned: %d\n", result);
return result;
}
printf("Connecting to ifconfig.io\n");
SocketAddress addr;
result = net->gethostbyname("ifconfig.io", &addr);
if (result != NSAPI_ERROR_OK) {
printf("Error! DNS resolution for ifconfig.io failed with %d\n", result);
}
addr.set_port(443);
TLSSocket *socket = new TLSSocket;
result = socket->open(net);
if (result != NSAPI_ERROR_OK) {
printf("Error! socket->open() returned: %d\n", result);
return result;
}
socket->set_hostname("ifconfig.io");
result = socket->set_root_ca_cert(cert);
if (result != NSAPI_ERROR_OK) {
printf("Error: socket->set_root_ca_cert() returned %d\n", result);
return result;
}
result = socket->connect(addr);
if (result != NSAPI_ERROR_OK) {
printf("Error! socket->connect() returned: %d\n", result);
goto DISCONNECT;
}
// Send a simple http request
size = strlen(query);
result = socket->send(query, size);
if (result != size) {
printf("Error! socket->send() returned: %d\n", result);
goto DISCONNECT;
}
// Receieve an HTTP response and print out the response line
while ((result = socket->recv(buffer, 255)) > 0) {
buffer[result] = 0;
printf("%s", buffer);
}
printf("\n");
if (result < 0) {
printf("Error! socket->recv() returned: %d\n", result);
goto DISCONNECT;
}
DISCONNECT:
delete[] buffer;
// Close the socket to return its memory
socket->close();
delete socket;
// Bring down the network interface
net->disconnect();
printf("Done\n");
}
#endif