libnetconf2  1.1.48
NETCONF library for clients and servers
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Client TLS

Client-side settings for TLS connections. More...

Functions

int nc_client_tls_set_cert_key_paths (const char *client_cert, const char *client_key)
 Set client authentication identity - a certificate and a private key. More...
 
void nc_client_tls_get_cert_key_paths (const char **client_cert, const char **client_key)
 Get client authentication identity - a certificate and a private key. More...
 
int nc_client_tls_set_trusted_ca_paths (const char *ca_file, const char *ca_dir)
 Set client trusted CA certificates paths. More...
 
void nc_client_tls_get_trusted_ca_paths (const char **ca_file, const char **ca_dir)
 Get client trusted CA certificates paths. More...
 
int nc_client_tls_set_crl_paths (const char *crl_file, const char *crl_dir)
 Set client Certificate Revocation List paths. More...
 
void nc_client_tls_get_crl_paths (const char **crl_file, const char **crl_dir)
 Get client Certificate Revocation List paths. More...
 
struct nc_session * nc_connect_tls (const char *host, uint16_t port, struct ly_ctx *ctx)
 Connect to the NETCONF server using TLS transport (via libssl) More...
 
struct nc_session * nc_connect_libssl (SSL *tls, struct ly_ctx *ctx)
 Connect to the NETCONF server using the provided TLS (libssl) session. More...
 

Detailed Description

Client-side settings for TLS connections.

Function Documentation

int nc_client_tls_set_cert_key_paths ( const char *  client_cert,
const char *  client_key 
)

Set client authentication identity - a certificate and a private key.

Parameters
[in]client_certPath to the file containing the client certificate.
[in]client_keyPath to the file containing the private key for the client_cert. If NULL, key is expected to be stored with client_cert.
Returns
0 on success, -1 on error.
void nc_client_tls_get_cert_key_paths ( const char **  client_cert,
const char **  client_key 
)

Get client authentication identity - a certificate and a private key.

Parameters
[out]client_certPath to the file containing the client certificate. Can be NULL.
[out]client_keyPath to the file containing the private key for the client_cert. Can be NULL.
int nc_client_tls_set_trusted_ca_paths ( const char *  ca_file,
const char *  ca_dir 
)

Set client trusted CA certificates paths.

Parameters
[in]ca_fileLocation of the CA certificate file used to verify server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
[in]ca_dirLocation of the CA certificates directory used to verify the server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
Returns
0 on success, -1 on error.
void nc_client_tls_get_trusted_ca_paths ( const char **  ca_file,
const char **  ca_dir 
)

Get client trusted CA certificates paths.

Parameters
[out]ca_fileLocation of the CA certificate file used to verify server certificates. Can be NULL.
[out]ca_dirLocation of the CA certificates directory used to verify the server certificates. Can be NULL.
int nc_client_tls_set_crl_paths ( const char *  crl_file,
const char *  crl_dir 
)

Set client Certificate Revocation List paths.

Parameters
[in]crl_fileLocation of the CRL certificate file used to check for revocated certificates.
[in]crl_dirLocation of the CRL certificate directory used to check for revocated certificates.
Returns
0 on success, -1 on error.
void nc_client_tls_get_crl_paths ( const char **  crl_file,
const char **  crl_dir 
)

Get client Certificate Revocation List paths.

Parameters
[out]crl_fileLocation of the CRL certificate file used to check for revocated certificates.
[out]crl_dirLocation of the CRL certificate directory used to check for revocated certificates.
struct nc_session* nc_connect_tls ( const char *  host,
uint16_t  port,
struct ly_ctx *  ctx 
)

Connect to the NETCONF server using TLS transport (via libssl)

TLS session is created with the certificates set using nc_client_tls_* functions, which must be called beforehand! If the caller needs to use specific TLS session properties, they are supposed to use nc_connect_libssl().

Parameters
[in]hostHostname or address (both Ipv4 and IPv6 are accepted) of the target server. 'localhost' is used by default if NULL is specified.
[in]portPort number of the target server. Default value 6513 is used if 0 is specified.
[in]ctxOptional parameter. If set, provides strict YANG context for the session (ignoring what is actually supported by the server side). If not set, YANG context is created for the session using <get-schema> (if supported by the server side) or/and by searching for YANG schemas in the searchpath (see nc_client_schema_searchpath()). In every case except not providing context to connect to a server supporting <get-schema> it is possible that the session context will not include all the models supported by the server.
Returns
Created NETCONF session object or NULL on error.
struct nc_session* nc_connect_libssl ( SSL *  tls,
struct ly_ctx *  ctx 
)

Connect to the NETCONF server using the provided TLS (libssl) session.

The TLS session supplied is expected to be fully connected and authenticated!

Parameters
[in]tlslibssl structure representing the TLS session object.
[in]ctxOptional parameter. If set, provides strict YANG context for the session (ignoring what is actually supported by the server side). If not set, YANG context is created for the session using <get-schema> (if supported by the server side) or/and by searching for YANG schemas in the searchpath (see nc_client_schema_searchpath()). In every case except not providing context to connect to a server supporting <get-schema> it is possible that the session context will not include all the models supported by the server.
Returns
Created NETCONF session object or NULL on error.