When negotiating TLS-PSK (pre-shared keys), this function is called with optional identity hint
provided by the server or null
in case of TLS 1.3 where hint
was removed. It will be necessary to provide a custom tls.checkServerIdentity()
for the connection as the default one will try to check hostname/IP of the server against the certificate but that's not applicable for PSK because there won't be a certificate present. More information can be found in the RFC 4279.
method
tls.ConnectionOptions.pskCallback
hint: null | string
@param hint
message sent from the server to help client decide which identity to use during negotiation. Always null
if TLS 1.3 is used.
@returns
Return null
to stop the negotiation process. psk
must be compatible with the selected cipher's digest. identity
must use UTF-8 encoding.