msys.tls_params.set

October 5, 2021

Name

msys.tls_params.set — Set a tls parameter string on a per connection basis, overriding if the parameter is already set.

Synopsis

require('msys.tls_params');

msys.tls_params.set(tls_params, "param", "val");

tls_params: mixed
param: string
val: string

Description

This function allows you to set a tls parameter string value on a per connection basis. If a tls parameter is already set in the Momentum configuration, this will override that parameter temporarily.

This should only be used in hooks where the tls parameters are passed as an argument such as get_outbound_tls_parameters and get_inbound_tls_parameters.

The following example shows how to use this function in the get_outbound_tls_parameters hook to override tls parameters in a mutual tls connection.
It is important to note that the use of this hook will reset outbound tls configurations for the current connection.

local core = require("msys.core");
require("msys.tls_params");
local mod = {};

function mod:core_get_outbound_tls_parameters(msg, params)

  -- 0 = no, 1 = ifavailable, 2 = required
  params.use_tls = 2;

  -- The tls_params module is used here for setting all string values from the `ec_ssl_ctx_params` struct
  msys.tls_params.set(params, "certfile", "path/to/cert");
  msys.tls_params.set(params, "keyfile", "psth/to/key");
  
  -- Other valid params that can be set include:
  -- cipherlist
  -- ca
  
end

msys.registerModule("custom_tls_hook", mod);

See Also

get_outbound_tls_parameters, ec_ssl_ctx_params