Options and Features Use
102
SWRU455A – February 2017 – Revised March 2017
Copyright © 2017, Texas Instruments Incorporated
Secure Socket
&dummyVal,
sizeof
(dummyVal));
7.5.5 Set ALPN List
ALPN is a list of application protocols negotiated in the handshake. The client sends the desired ALPN list,
and the server picks one and notifies the client.
The supported protocols are:
•
SL_SECURE_ALPN_H1 – http 1.1
•
SL_SECURE_ALPN_H2 – http 2
•
SL_SECURE_ALPN_H2C – http 2 draft c
•
SL_SECURE_ALPN_H2_14 – http 2 draft 14
•
SL_SECURE_ALPN_H2_16 – http 2 draft 16
•
SL_SECURE_ALPN_FULL_LIST
This list is only available in client mode. The list is not set by default if this option is not used. To retrieve
the selected protocol after the handshake, use sl_GetSockOpt with the
SL_SO_SSL_CONNECTION_PARAMS option. This option should be called before sl_Connect or
sl_Listen.
Example:
SlSockSecureALPN_t alpn;
_i16 status;
alpn.SecureALPN = SL_SECURE_ALPN_H1 | SL_SECURE_ALPN_H2_16;
status = sl_SetSockOpt(SockID,SL_SOL_SOCKET,SL_SO_SECURE_ALPN,&alpn,
sizeof
(SlSockSecureALPN_t));
7.5.6 Set Domain Name for Verification
Set the domain name to verify the desired domain during the SSL handshake. The domain verification is
used to help against “man in the middle attack,” where a third party could buy a fake certificate from the
same root CA that signed the certificate of the server, and redirect the traffic to their server. Besides the
full chain verification, TI recommends checking the domain name as well. This option is only available for
client mode. This option should be called before sl_Connect or sl_Listen.
Example:
_i16 status;
Status = sl_SetSockOpt(SockID, SL_SOL_SOCKET,_SO_SECURE_DOMAIN_NAME_VERIFICATION,
"www.google.com",strlen("www.google.com"));
7.5.7 Upgrade Nonsecured Socket to Secured
When connecting a regular TCP socket to a peer, the TCP socket can be upgraded to an SSL socket by
using the STARTTLS option, depending on the application layer of the other peer. The other peer also
must support such an upgrade. The upgrade is basically the initialization of an SSL handshake between
the peers, while in a connected session.
The most common use case is the SMTP protocol, on port 587. The client connects to an SMTP server,
several packets may transact unencrypted, and then the client initiates a STARTTLS request to the server
(each application protocol has its own STARTTLS byte string, and therefore should be sent by the host
application). At this point the handshake starts with a GO AHEAD message sent by the server, responded
to by a HELLO message from the client.
Calling sl_SetSockOpt with the STARTTLS option triggers the NWP, in client mode, to send the client
HELLO message, and in server mode to wait until the client HELLO message is received. When the
handshake is finished, the user gets a socket asynchronous event which indicates success or failure, and
in case of failure, a specific error code.
Example:
void
slcbSockEvtHdlr(SlSockEvent_t* pSlSockEvent)
{