Client-side settings for TLS connections.
More...
Client-side settings for TLS connections.
int nc_client_tls_set_cert_key_paths |
( |
const char * |
client_cert, |
|
|
const char * |
client_key |
|
) |
| |
Set client authentication identity - a certificate and a private key.
- Parameters
-
[in] | client_cert | Path to the file containing the client certificate. |
[in] | client_key | Path to the file containing the private key for the client_cert . If NULL, key is expected to be stored with client_cert . |
- Returns
- 0 on success, -1 on error.
void nc_client_tls_get_cert_key_paths |
( |
const char ** |
client_cert, |
|
|
const char ** |
client_key |
|
) |
| |
Get client authentication identity - a certificate and a private key.
- Parameters
-
[out] | client_cert | Path to the file containing the client certificate. Can be NULL. |
[out] | client_key | Path to the file containing the private key for the client_cert . Can be NULL. |
int nc_client_tls_set_trusted_ca_paths |
( |
const char * |
ca_file, |
|
|
const char * |
ca_dir |
|
) |
| |
Set client trusted CA certificates paths.
- Parameters
-
[in] | ca_file | Location of the CA certificate file used to verify server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL. |
[in] | ca_dir | Location of the CA certificates directory used to verify the server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL. |
- Returns
- 0 on success, -1 on error.
void nc_client_tls_get_trusted_ca_paths |
( |
const char ** |
ca_file, |
|
|
const char ** |
ca_dir |
|
) |
| |
Get client trusted CA certificates paths.
- Parameters
-
[out] | ca_file | Location of the CA certificate file used to verify server certificates. Can be NULL. |
[out] | ca_dir | Location of the CA certificates directory used to verify the server certificates. Can be NULL. |
int nc_client_tls_set_crl_paths |
( |
const char * |
crl_file, |
|
|
const char * |
crl_dir |
|
) |
| |
void nc_client_tls_get_crl_paths |
( |
const char ** |
crl_file, |
|
|
const char ** |
crl_dir |
|
) |
| |
struct nc_session* nc_connect_tls |
( |
const char * |
host, |
|
|
uint16_t |
port, |
|
|
struct ly_ctx * |
ctx |
|
) |
| |
Connect to the NETCONF server using TLS transport (via libssl)
TLS session is created with the certificates set using nc_client_tls_* functions, which must be called beforehand! If the caller needs to use specific TLS session properties, they are supposed to use nc_connect_libssl().
- Parameters
-
[in] | host | Hostname or address (both Ipv4 and IPv6 are accepted) of the target server. 'localhost' is used by default if NULL is specified. It is verified by TLS when connecting to it. |
[in] | port | Port number of the target server. Default value 6513 is used if 0 is specified. |
[in,out] | ctx | Optional custom context to use for the session. If not set, a default context is created. Any YANG modules not present in the context and supported by the server are loaded using <get-schema> (if supported) and/or by searching the searchpath (see nc_client_set_schema_searchpath()). |
- Returns
- Created NETCONF session object or NULL on error.
struct nc_session* nc_connect_libssl |
( |
void * |
tls, |
|
|
struct ly_ctx * |
ctx |
|
) |
| |
Deprecated. Should not be needed.