libnetconf2  3.0.17
NETCONF server and client library in C.
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Groups Pages
Functions
Client TLS
Client

Client-side settings for TLS connections. More...

Collaboration diagram for Client TLS:

Functions

void nc_client_tls_get_cert_key_paths (const char **client_cert, const char **client_key)
 Get client authentication identity - a certificate and a private key. More...
 
void nc_client_tls_get_crl_paths (const char **crl_file, const char **crl_dir)
 Get client Certificate Revocation List paths. More...
 
void nc_client_tls_get_trusted_ca_paths (const char **ca_file, const char **ca_dir)
 Get client trusted CA certificates paths. More...
 
int nc_client_tls_set_cert_key_paths (const char *client_cert, const char *client_key)
 Set client authentication identity - a certificate and a private key. More...
 
int nc_client_tls_set_crl_paths (const char *crl_file, const char *crl_dir)
 Set client Certificate Revocation List paths. More...
 
int nc_client_tls_set_trusted_ca_paths (const char *ca_file, const char *ca_dir)
 Set client trusted CA certificates paths. More...
 
struct nc_session * nc_connect_libssl (SSL *tls, struct ly_ctx *ctx)
 Connect to the NETCONF server using the provided TLS (libssl) session. More...
 
struct nc_session * nc_connect_tls (const char *host, uint16_t port, struct ly_ctx *ctx)
 Connect to the NETCONF server using TLS transport (via libssl) More...
 

Detailed Description

Client-side settings for TLS connections.

Function Documentation

int nc_client_tls_set_cert_key_paths ( const char *  client_cert,
const char *  client_key 
)

Set client authentication identity - a certificate and a private key.

Parameters
[in]client_certPath to the file containing the client certificate.
[in]client_keyPath to the file containing the private key for the client_cert. If NULL, key is expected to be stored with client_cert.
Returns
0 on success, -1 on error.
void nc_client_tls_get_cert_key_paths ( const char **  client_cert,
const char **  client_key 
)

Get client authentication identity - a certificate and a private key.

Parameters
[out]client_certPath to the file containing the client certificate. Can be NULL.
[out]client_keyPath to the file containing the private key for the client_cert. Can be NULL.
int nc_client_tls_set_trusted_ca_paths ( const char *  ca_file,
const char *  ca_dir 
)

Set client trusted CA certificates paths.

Parameters
[in]ca_fileLocation of the CA certificate file used to verify server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
[in]ca_dirLocation of the CA certificates directory used to verify the server certificates. For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
Returns
0 on success, -1 on error.
void nc_client_tls_get_trusted_ca_paths ( const char **  ca_file,
const char **  ca_dir 
)

Get client trusted CA certificates paths.

Parameters
[out]ca_fileLocation of the CA certificate file used to verify server certificates. Can be NULL.
[out]ca_dirLocation of the CA certificates directory used to verify the server certificates. Can be NULL.
int nc_client_tls_set_crl_paths ( const char *  crl_file,
const char *  crl_dir 
)

Set client Certificate Revocation List paths.

Parameters
[in]crl_fileLocation of the CRL certificate file used to check for revocated certificates.
[in]crl_dirLocation of the CRL certificate directory used to check for revocated certificates.
Returns
0 on success, -1 on error.
void nc_client_tls_get_crl_paths ( const char **  crl_file,
const char **  crl_dir 
)

Get client Certificate Revocation List paths.

Parameters
[out]crl_fileLocation of the CRL certificate file used to check for revocated certificates.
[out]crl_dirLocation of the CRL certificate directory used to check for revocated certificates.
struct nc_session* nc_connect_tls ( const char *  host,
uint16_t  port,
struct ly_ctx *  ctx 
)

Connect to the NETCONF server using TLS transport (via libssl)

TLS session is created with the certificates set using nc_client_tls_* functions, which must be called beforehand! If the caller needs to use specific TLS session properties, they are supposed to use nc_connect_libssl().

Parameters
[in]hostHostname or address (both Ipv4 and IPv6 are accepted) of the target server. 'localhost' is used by default if NULL is specified. It is verified by TLS when connecting to it.
[in]portPort number of the target server. Default value 6513 is used if 0 is specified.
[in,out]ctxOptional custom context to use for the session. If not set, a default context is created. Any YANG modules not present in the context and supported by the server are loaded using <get-schema> (if supported) and/or by searching the searchpath (see nc_client_set_schema_searchpath()).
Returns
Created NETCONF session object or NULL on error.
struct nc_session* nc_connect_libssl ( SSL *  tls,
struct ly_ctx *  ctx 
)

Connect to the NETCONF server using the provided TLS (libssl) session.

The TLS session supplied is expected to be fully connected and authenticated!

Parameters
[in]tlslibssl structure representing the TLS session object.
[in,out]ctxOptional custom context to use for the session. If not set, a default context is created. Any YANG modules not present in the context and supported by the server are loaded using <get-schema> (if supported) and/or by searching the searchpath (see nc_client_set_schema_searchpath()).
Returns
Created NETCONF session object or NULL on error.