If a network security module (such as Mocana - NanoSSL) is available, μC/TCP-IP socket security option APIs can be used to secure sockets. The port layer developed for the network security layer is responsible of securing the sockets and applying the security strategy over typical socket programming functions. From an application point of view, the usage of µC/TCP-IP network security manager is very simple. It requires few simple steps depending if the application is a server or a client. Basically, it provides APIs to install the required keying material and to set the secure flag on a specific socket:
- NetSock_CfgSecure()
- NetSock_CfgSecureServerCertKeyInstall()
- NetSock_CfgSecureClientCommonName()
- NetSock_CfgSecureClientTrustCallBack()
The stack must have been configured to support Transport layer security in net_cfg.h, see Transport Layer Security Configuration.
Server Sample
In order to achieve secure handshake connections, some keying material must be installed before performing any secure socket operation. The server needs to install a public key certificare / private key pair to send the the clients that wants to connect. The following example demonstrates how to secure a server using a PEM certificate from a constant buffer.
Client Sample
In order to achieve secure handshake connections, some keying material must be installed before performing any secure socket operation. The server needs to install a public key certificare / private key pair to send the the clients that wants to connect. The following example demonstrates how to secure a server using a PEM certificate from a constant buffer.