NAME

       nng_tls_options - TLS-specific options

SYNOPSIS

           #include <nng/nng.h>

           #define NNG_OPT_TLS_AUTH_MODE      "tls-authmode"
           #define NNG_OPT_TLS_CA_FILE        "tls-ca-file"
           #define NNG_OPT_TLS_CERT_KEY_FILE  "tls-cert-key-file"
           #define NNG_OPT_TLS_CONFIG         "tls-config"
           #define NNG_OPT_TLS_SERVER_NAME    "tls-server-name"
           #define NNG_OPT_TLS_VERIFIED       "tls-verified"
           #define NNG_OPT_TLS_PEER_CN        "tls-peer-cn"
           #define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names"

DESCRIPTION

       This page documents the various standard options that can be set or retrieved on objects using TLS.

       The option names should always be used by their symbolic definitions.

       In the following list of options, the name of the option is supplied, along with the data type of the
       underlying value.

       Some options are only meaningful or supported in certain contexts, or may have other access restrictions.
       An attempt has been made to include details about such restrictions in the description of the option.

   TLS Options
           Note

           Options for configuring TLS are deprecated and may not be present in a future release. These options
           are NNG_OPT_TLS_AUTH_MODE, NNG_OPT_TLS_CA_FILE, NNG_OPT_TLS_CERT_KEY_FILE, and
           NNG_OPT_TLS_SERVER_NAME. Applications should switch to using the NNG_OPT_TLS_CONFIG option and
           working with nng_tls_config objects.

       NNG_OPT_TLS_AUTH_MODE
           (int) Write-only option used to configure the authentication mode used. See
           nng_tls_config_auth_mode() for more details.

       NNG_OPT_TLS_CA_FILE
           (string) Write-only option naming a file containing certificates to use for peer validation. See
           nng_tls_config_ca_file() for more information.

       NNG_OPT_TLS_CERT_KEY_FILE
           (string) Write-only option naming a file containing the local certificate and associated private key.
           The private key used must be unencrypted. See nng_tls_config_own_cert() for more information.

       NNG_OPT_TLS_CONFIG
           (nng_tls_config *) This option references the underlying TLS configuration object. A hold is placed
           on the underlying configuration object before returning it.

               Note

               The caller should release the hold with nng_tls_config_free() when it no longer needs the TLS
               configuration object.

       NNG_OPT_TLS_SERVER_NAME
           (string) This write-only option is used to specify the name of the server. When used with a dialer,
           this potentially configures SNI (server name indication, which is used as a hint by a multihosting
           server to choose the appropriate certificate to provide) and also is used to validate the name
           presented in the server’s x509 certificate.

       NNG_OPT_TLS_VERIFIED
           (bool) This read-only option indicates whether the remote peer has been properly verified using TLS
           authentication. May return incorrect results if peer authentication is disabled.

       NNG_OPT_TLS_PEER_CN
           (string) This read-only option returns the common name of the peer certificate. May return incorrect
           results if peer authentication is disabled.

       NNG_OPT_TLS_PEER_ALT_NAMES
           (string) This read-only option returns string list with the subject alternative names of the peer
           certificate. May return incorrect results if peer authentication is disabled.

   Inherited Options
       Generally, the following option values are also available for TLS objects, when appropriate for the
       context:

       •   NNG_OPT_LOCADDR

       •   NNG_OPT_REMADDR

       •   NNG_OPT_TCP_KEEPALIVE

       •   NNG_OPT_TCP_NODELAY

SEE ALSO

       nng_options(5) nng_tcp_options(5) nng_tls_config(5), nng(7)

                                                   2025-04-20                                 NNG_TLS_OPTIONS(5)