Client-side settings for TLS connections.
More...
Client-side settings for TLS connections.
int nc_client_tls_set_cert_key_paths |
( |
const char * |
client_cert, |
|
|
const char * |
client_key |
|
) |
| |
Set client authentication identity - a certificate and a private key.
- Parameters
-
[in] | client_cert | Path to the file containing the client certificate. |
[in] | client_key | Path to the file containing the private key for the client_cert . If NULL, key is expected to be stored with client_cert . |
- Returns
- 0 on success, -1 on error.
void nc_client_tls_get_cert_key_paths |
( |
const char ** |
client_cert, |
|
|
const char ** |
client_key |
|
) |
| |
Get client authentication identity - a certificate and a private key.
- Parameters
-
[out] | client_cert | Path to the file containing the client certificate. Can be NULL. |
[out] | client_key | Path to the file containing the private key for the client_cert . Can be NULL. |
int nc_client_tls_set_trusted_ca_paths |
( |
const char * |
ca_file, |
|
|
const char * |
ca_dir |
|
) |
| |
Set client trusted CA certificates paths.
- Parameters
-
[in] | ca_file | Location of the CA certificate file used to verify server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL. |
[in] | ca_dir | Location of the CA certificates directory used to verify the server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL. |
- Returns
- 0 on success, -1 on error.
void nc_client_tls_get_trusted_ca_paths |
( |
const char ** |
ca_file, |
|
|
const char ** |
ca_dir |
|
) |
| |
Get client trusted CA certificates paths.
- Parameters
-
[out] | ca_file | Location of the CA certificate file used to verify server certificates. Can be NULL. |
[out] | ca_dir | Location of the CA certificates directory used to verify the server certificates. Can be NULL. |
int nc_client_tls_set_crl_paths |
( |
const char * |
crl_file, |
|
|
const char * |
crl_dir |
|
) |
| |
Set client Certificate Revocation List paths.
- Parameters
-
[in] | crl_file | Location of the CRL certificate file used to check for revocated certificates. |
[in] | crl_dir | Location of the CRL certificate directory used to check for revocated certificates. |
- Returns
- 0 on success, -1 on error.
void nc_client_tls_get_crl_paths |
( |
const char ** |
crl_file, |
|
|
const char ** |
crl_dir |
|
) |
| |
Get client Certificate Revocation List paths.
- Parameters
-
[out] | crl_file | Location of the CRL certificate file used to check for revocated certificates. |
[out] | crl_dir | Location of the CRL certificate directory used to check for revocated certificates. |
struct nc_session* nc_connect_tls |
( |
const char * |
host, |
|
|
uint16_t |
port, |
|
|
struct ly_ctx * |
ctx |
|
) |
| |
Connect to the NETCONF server using TLS transport (via libssl)
TLS session is created with the certificates set using nc_client_tls_* functions, which must be called beforehand! If the caller needs to use specific TLS session properties, they are supposed to use nc_connect_libssl().
- Parameters
-
[in] | host | Hostname or address (both Ipv4 and IPv6 are accepted) of the target server. 'localhost' is used by default if NULL is specified. |
[in] | port | Port number of the target server. Default value 6513 is used if 0 is specified. |
[in] | ctx | Optional parameter. If set, provides strict YANG context for the session (ignoring what is actually supported by the server side). If not set, YANG context is created for the session using <get-schema> (if supported by the server side) or/and by searching for YANG schemas in the searchpath (see nc_client_schema_searchpath()). In every case except not providing context to connect to a server supporting <get-schema> it is possible that the session context will not include all the models supported by the server. |
- Returns
- Created NETCONF session object or NULL on error.
struct nc_session* nc_connect_libssl |
( |
SSL * |
tls, |
|
|
struct ly_ctx * |
ctx |
|
) |
| |
Connect to the NETCONF server using the provided TLS (libssl) session.
The TLS session supplied is expected to be fully connected and authenticated!
- Parameters
-
[in] | tls | libssl structure representing the TLS session object. |
[in] | ctx | Optional parameter. If set, provides strict YANG context for the session (ignoring what is actually supported by the server side). If not set, YANG context is created for the session using <get-schema> (if supported by the server side) or/and by searching for YANG schemas in the searchpath (see nc_client_schema_searchpath()). In every case except not providing context to connect to a server supporting <get-schema> it is possible that the session context will not include all the models supported by the server. |
- Returns
- Created NETCONF session object or NULL on error.