|
libnetconf2
3.5.4
NETCONF server and client library in C.
|
|
libnetconf2
3.5.4
NETCONF server and client library in C.
|
TLS server configuration creation and deletion. More...
Functions | |
| int | nc_server_config_add_tls_ca_cert (const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate. More... | |
| int | nc_server_config_add_tls_ca_cert_truststore_ref (const struct ly_ctx *ctx, const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates. More... | |
| int | nc_server_config_add_tls_client_cert (const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a client's (end-entity) certificate. More... | |
| int | nc_server_config_add_tls_client_cert_truststore_ref (const struct ly_ctx *ctx, const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates. More... | |
| int | nc_server_config_add_tls_ctn (const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a cert-to-name entry. More... | |
| int | nc_server_config_add_tls_endpoint_client_ref (const struct ly_ctx *ctx, const char *endpt_name, const char *referenced_endpt, struct lyd_node **config) |
| Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates. More... | |
| int | nc_server_config_add_tls_keystore_ref (const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate. More... | |
| int | nc_server_config_add_tls_server_cert (const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path, const char *pubkey_path, const char *cert_path, struct lyd_node **config) |
| Creates new YANG configuration data nodes for a server's certificate. More... | |
| int | nc_server_config_del_tls_ca_cert (const char *endpt_name, const char *cert_name, struct lyd_node **config) |
| Deletes a client certificate authority (trust-anchor) certificate from the YANG data. More... | |
| int | nc_server_config_del_tls_ca_cert_truststore_ref (const char *endpt_name, struct lyd_node **config) |
| Deletes a client certificate authority (trust-anchor) certificates truststore reference from the YANG data. More... | |
| int | nc_server_config_del_tls_client_cert (const char *endpt_name, const char *cert_name, struct lyd_node **config) |
| Deletes a client (end-entity) certificate from the YANG data. More... | |
| int | nc_server_config_del_tls_client_cert_truststore_ref (const char *endpt_name, struct lyd_node **config) |
| Deletes a client (end-entity) certificates truststore reference from the YANG data. More... | |
| int | nc_server_config_del_tls_ctn (const char *endpt_name, uint32_t id, struct lyd_node **config) |
| Deletes a cert-to-name entry from the YANG data. More... | |
| int | nc_server_config_del_tls_endpoint_client_ref (const char *endpt_name, struct lyd_node **config) |
| Deletes reference to another TLS endpoint's users from the YANG data. More... | |
| int | nc_server_config_del_tls_keystore_ref (const char *endpt_name, struct lyd_node **config) |
| Deletes a TLS server certificate keystore reference from the YANG data. More... | |
| int | nc_server_config_del_tls_server_cert (const char *endpt_name, struct lyd_node **config) |
| Deletes the server's certificate from the YANG data. More... | |
TLS server configuration creation and deletion.
SSH Server Configuration
| int nc_server_config_add_tls_server_cert | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | privkey_path, | ||
| const char * | pubkey_path, | ||
| const char * | cert_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a server's certificate.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its server certificate will be changed. |
| [in] | privkey_path | Path to the server's PEM encoded private key file. |
| [in] | pubkey_path | Optional path to the server's public key file. If not provided, it will be generated from the private key. |
| [in] | cert_path | Path to the server's certificate file. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_server_cert | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes the server's certificate from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_keystore_ref | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | asym_key_ref, | ||
| const char * | cert_ref, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | asym_key_ref | Name of the asymmetric key pair in the keystore to be referenced. |
| [in] | cert_ref | Name of the certificate, which must belong to the given asymmetric key pair, to be referenced. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_keystore_ref | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes a TLS server certificate keystore reference from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_client_cert | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | cert_name, | ||
| const char * | cert_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a client's (end-entity) certificate.
A client certificate is authenticated if it is an exact match to a configured client certificate.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | cert_name | Arbitrary identifier of the client's certificate. If a client certificate with this identifier already exists, it will be changed. |
| [in] | cert_path | Path to the client's certificate file. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_client_cert | ( | const char * | endpt_name, |
| const char * | cert_name, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a client (end-entity) certificate from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in] | cert_name | Optional name of a certificate to be deleted. If NULL, all of the end-entity certificates on the given endpoint will be deleted. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_client_cert_truststore_ref | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | cert_bag_ref, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | cert_bag_ref | Identifier of the certificate bag in the truststore to be referenced. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_client_cert_truststore_ref | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes a client (end-entity) certificates truststore reference from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_ca_cert | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | cert_name, | ||
| const char * | cert_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
A client certificate is authenticated if it has a valid chain of trust to any configured CA cert. The configured CA cert, up to which the valid chain of trust can be built, does not have to be self-signed (the root CA). That means that the chain may be incomplete, yet the client will be authenticated.
For example assume a certificate chain A <- B <- C, where A is the root CA, then the client certificate C will be authenticated either if solely B is configured, or if both A and B are configured. C will not be authenticated if just A is configured as a CA certificate.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | cert_name | Arbitrary identifier of the certificate authority certificate. If a CA with this identifier already exists, it will be changed. |
| [in] | cert_path | Path to the CA certificate file. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_ca_cert | ( | const char * | endpt_name, |
| const char * | cert_name, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a client certificate authority (trust-anchor) certificate from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in] | cert_name | Optional name of a certificate to be deleted. If NULL, all of the CA certificates on the given endpoint will be deleted. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_ca_cert_truststore_ref | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | cert_bag_ref, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | cert_bag_ref | Identifier of the certificate bag in the truststore to be referenced. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_ca_cert_truststore_ref | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes a client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_endpoint_client_ref | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | referenced_endpt, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates.
Whenever an user tries to connect to the referencing endpoint, all of its certificates will be tried first. If no match is found, the referenced endpoint's configured certificates will be tried. The same applies to cert-to-name entries.
| [in] | ctx | libyang context |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | referenced_endpt | Identifier of an endpoint, which has to exist whenever this data is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_endpoint_client_ref | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes reference to another TLS endpoint's users from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_tls_ctn | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| uint32_t | id, | ||
| const char * | fingerprint, | ||
| NC_TLS_CTN_MAPTYPE | map_type, | ||
| const char * | name, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for a cert-to-name entry.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents will be changed. |
| [in] | id | ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier). |
| [in] | fingerprint | Optional fingerprint of the entry. The fingerprint should always be set, however if it is not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry. |
| [in] | map_type | Mapping username to the certificate option. |
| [in] | name | Username for this cert-to-name entry. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_tls_ctn | ( | const char * | endpt_name, |
| uint32_t | id, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a cert-to-name entry from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in] | id | Optional ID of the CTN entry. If 0, all of the cert-to-name entries on the given endpoint will be deleted. |
| [in,out] | config | Modified configuration YANG data tree. |
1.8.5 
