Mbed TLS v3.6.3
|
#include <ssl.h>
int mbedtls_ssl_context::private_alert_reason |
unsigned char mbedtls_ssl_context::private_alert_type |
const char* mbedtls_ssl_context::private_alpn_chosen |
unsigned mbedtls_ssl_context::private_badmac_seen_or_in_hsfraglen |
Multipurpose field.
in_hslen
).This field is multipurpose in order to preserve the ABI in the Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS and called badmac_seen
.
unsigned char* mbedtls_ssl_context::private_cli_id |
size_t mbedtls_ssl_context::private_cli_id_len |
const mbedtls_ssl_config* mbedtls_ssl_context::private_conf |
unsigned char mbedtls_ssl_context::private_cur_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN] |
uint8_t mbedtls_ssl_context::private_disable_datagram_packing |
mbedtls_ssl_export_keys_t* mbedtls_ssl_context::private_f_export_keys |
mbedtls_ssl_get_timer_t* mbedtls_ssl_context::private_f_get_timer |
mbedtls_ssl_recv_t* mbedtls_ssl_context::private_f_recv |
mbedtls_ssl_recv_timeout_t* mbedtls_ssl_context::private_f_recv_timeout |
mbedtls_ssl_send_t* mbedtls_ssl_context::private_f_send |
mbedtls_ssl_set_timer_t* mbedtls_ssl_context::private_f_set_timer |
int(* mbedtls_ssl_context::private_f_vrfy) (void *, mbedtls_x509_crt *, int, uint32_t *) |
mbedtls_ssl_handshake_params* mbedtls_ssl_context::private_handshake |
char* mbedtls_ssl_context::private_hostname |
Expected peer CN for verification.
Also used on clients for SNI, and for TLS 1.3 session resumption using tickets.
The value of this field can be:
NULL
in a newly initialized or reset context.hostname
argument.NULL
(as opposed to never having been called). See mbedtls_ssl_get_hostname_pointer()
in ssl_tls.c
.If this field contains the value NULL
and the configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is unset, on a TLS client, attempting to verify a server certificate results in the error MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
If this field contains the special value described above, or if the value is NULL
and the configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is set, then the peer name verification is skipped, which may be insecure, especially on a client. Furthermore, on a client, the server_name extension is not sent, and the server name is ignored in TLS 1.3 session resumption using tickets.
unsigned char* mbedtls_ssl_context::private_in_buf |
unsigned char* mbedtls_ssl_context::private_in_cid |
unsigned char* mbedtls_ssl_context::private_in_ctr |
uint16_t mbedtls_ssl_context::private_in_epoch |
unsigned char* mbedtls_ssl_context::private_in_hdr |
size_t mbedtls_ssl_context::private_in_hslen |
unsigned char* mbedtls_ssl_context::private_in_iv |
size_t mbedtls_ssl_context::private_in_left |
unsigned char* mbedtls_ssl_context::private_in_len |
unsigned char* mbedtls_ssl_context::private_in_msg |
size_t mbedtls_ssl_context::private_in_msglen |
int mbedtls_ssl_context::private_in_msgtype |
unsigned char* mbedtls_ssl_context::private_in_offt |
uint64_t mbedtls_ssl_context::private_in_window |
uint64_t mbedtls_ssl_context::private_in_window_top |
int mbedtls_ssl_context::private_keep_current_message |
uint16_t mbedtls_ssl_context::private_mtu |
int mbedtls_ssl_context::private_nb_zero |
uint8_t mbedtls_ssl_context::private_negotiate_cid |
This indicates whether the CID extension should be negotiated in the next handshake or not. Possible values are MBEDTLS_SSL_CID_ENABLED and MBEDTLS_SSL_CID_DISABLED.
size_t mbedtls_ssl_context::private_next_record_offset |
unsigned char* mbedtls_ssl_context::private_out_buf |
unsigned char* mbedtls_ssl_context::private_out_cid |
unsigned char* mbedtls_ssl_context::private_out_ctr |
unsigned char* mbedtls_ssl_context::private_out_hdr |
unsigned char* mbedtls_ssl_context::private_out_iv |
size_t mbedtls_ssl_context::private_out_left |
unsigned char* mbedtls_ssl_context::private_out_len |
unsigned char* mbedtls_ssl_context::private_out_msg |
size_t mbedtls_ssl_context::private_out_msglen |
int mbedtls_ssl_context::private_out_msgtype |
unsigned char mbedtls_ssl_context::private_own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX] |
uint8_t mbedtls_ssl_context::private_own_cid_len |
char mbedtls_ssl_context::private_own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN] |
void* mbedtls_ssl_context::private_p_bio |
void* mbedtls_ssl_context::private_p_export_keys |
void* mbedtls_ssl_context::private_p_timer |
void* mbedtls_ssl_context::private_p_vrfy |
char mbedtls_ssl_context::private_peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN] |
int mbedtls_ssl_context::private_renego_records_seen |
int mbedtls_ssl_context::private_renego_status |
int mbedtls_ssl_context::private_secure_renegotiation |
unsigned char mbedtls_ssl_context::private_send_alert |
mbedtls_ssl_session* mbedtls_ssl_context::private_session |
mbedtls_ssl_session* mbedtls_ssl_context::private_session_in |
mbedtls_ssl_session* mbedtls_ssl_context::private_session_negotiate |
mbedtls_ssl_session* mbedtls_ssl_context::private_session_out |
int mbedtls_ssl_context::private_state |
mbedtls_ssl_protocol_version mbedtls_ssl_context::private_tls_version |
Maximum TLS version to be negotiated, then negotiated TLS version.
It is initialized as the configured maximum TLS version to be negotiated by mbedtls_ssl_setup().
When renegotiating or resuming a session, it is overwritten in the ClientHello writing preparation stage with the previously negotiated TLS version.
On client side, it is updated to the TLS version selected by the server for the handshake when the ServerHello is received.
On server side, it is updated to the TLS version the server selects for the handshake when the ClientHello is received.
mbedtls_ssl_transform* mbedtls_ssl_context::private_transform |
mbedtls_ssl_transform* mbedtls_ssl_context::private_transform_application |
mbedtls_ssl_transform* mbedtls_ssl_context::private_transform_in |
mbedtls_ssl_transform* mbedtls_ssl_context::private_transform_negotiate |
mbedtls_ssl_transform* mbedtls_ssl_context::private_transform_out |
mbedtls_ssl_user_data_t mbedtls_ssl_context::private_user_data |
User data pointer or handle.
The library sets this to 0
when creating a context and does not access it afterwards.
size_t mbedtls_ssl_context::private_verify_data_len |