Skip to content

File SolidSyslogMbedTlsStream.h

FileList > Interface > SolidSyslogMbedTlsStream.h

Go to the source code of this file

TLS over an injected byte-transport Stream via Mbed TLS, itself a Stream — so a StreamSender speaks TLS to a remote collector without knowing the transport underneath (PosixTcpStream, PlusTcpTcpStream, or any caller-supplied byte Stream). More...

  • #include "ExternC.h"
  • #include "SolidSyslogSleep.h"
  • #include "SolidSyslogTlsHandshakeTimeoutFunction.h"

Classes

Type Name
struct SolidSyslogMbedTlsStreamConfig

Public Functions

Type Name
struct SolidSyslogStream * SolidSyslogMbedTlsStream_Create (const struct SolidSyslogMbedTlsStreamConfig * config)
Draw a TLS stream from the pool over the config's Transport (see the file overview for the handshake and I/O behaviour).
void SolidSyslogMbedTlsStream_Destroy (struct SolidSyslogStream * base)
Release the pool slot; closes the TLS session and the underlying transport if the stream is still open.

Detailed Description

What the stream does through its vtable is the substance:

  • Open first opens the underlying transport, applies the library-owned TLS policy (client mode, TLS 1.2 floor, VERIFY_REQUIRED against the CaChain), installs the peer identity, then drives the handshake to completion. The non-blocking transport means each mbedtls_ssl_handshake may want more I/O; the injected Sleep bridges those polls until the handshake completes, hits a hard error (HANDSHAKE_REJECTED), or the bounded budget expires (HANDSHAKE_TIMEOUT — re-read from GetHandshakeTimeoutMs each attempt, so a runtime-tunable value applies on the next reconnect). A failed Open closes the stream so the sender reconnects on its next pass.
  • Send is all-or-nothing: a short write or any TLS error is taken as an unrecoverable session and closes the stream, so the sender reconnects.
  • Read returns the bytes read, 0 for would-block, or closes the stream on any other TLS return (alert, transport error) — fail-fast, and store-and-forward replays after the reconnect.

Peer identity is set by ServerName (see the config member). All key material is injected as caller-built, caller-owned mbedTLS handles — never file paths or PEM blobs. Coexistence contract: this adapter touches only per-instance ssl_config / ssl_context state and never calls process-global mbedTLS APIs (platform setup/teardown, psa_crypto_init, threading-alt, debug hooks), so it drops into an integrator process that already uses Mbed TLS elsewhere. See docs/integrating-mbedtls.md.

Public Functions Documentation

function SolidSyslogMbedTlsStream_Create

Draw a TLS stream from the pool over the config's Transport (see the file overview for the handshake and I/O behaviour).

struct SolidSyslogStream * SolidSyslogMbedTlsStream_Create (
    const struct SolidSyslogMbedTlsStreamConfig * config
) 

An exhausted pool falls back to the shared NullStream.


function SolidSyslogMbedTlsStream_Destroy

Release the pool slot; closes the TLS session and the underlying transport if the stream is still open.

void SolidSyslogMbedTlsStream_Destroy (
    struct SolidSyslogStream * base
) 



The documentation for this class was generated from the following file Platform/MbedTls/Interface/SolidSyslogMbedTlsStream.h