Qpid Proton C API  0.18.0
ssl.h
Go to the documentation of this file.
1 #ifndef PROTON_SSL_H
2 #define PROTON_SSL_H 1
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include <proton/import_export.h>
26 #include <proton/type_compat.h>
27 #include <proton/types.h>
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
81 
85 typedef struct pn_ssl_t pn_ssl_t;
86 
90 typedef enum {
94 
98 typedef enum {
103 
109 PN_EXTERN bool pn_ssl_present( void );
110 
122 PN_EXTERN pn_ssl_domain_t *pn_ssl_domain(pn_ssl_mode_t mode);
123 
130 PN_EXTERN void pn_ssl_domain_free(pn_ssl_domain_t *domain);
131 
156 PN_EXTERN int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain,
157  const char *credential_1,
158  const char *credential_2,
159  const char *password);
160 
177  const char *certificate_db);
178 
195 typedef enum {
201 
226  const pn_ssl_verify_mode_t mode,
227  const char *trusted_CAs);
228 
239 PN_EXTERN int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers);
240 
252 
263 PN_EXTERN pn_ssl_t *pn_ssl(pn_transport_t *transport);
264 
279 PN_EXTERN int pn_ssl_init(pn_ssl_t *ssl,
280  pn_ssl_domain_t *domain,
281  const char *session_id);
282 
296 PN_EXTERN bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size);
297 
304 PN_EXTERN int pn_ssl_get_ssf(pn_ssl_t *ssl);
305 
318 PN_EXTERN bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size);
319 
333 PN_EXTERN pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl);
334 
357 PN_EXTERN int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname);
358 
372 PN_EXTERN int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize);
373 
381 PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);
382 
386 typedef enum {
387  PN_SSL_CERT_SUBJECT_COUNTRY_NAME,
388  PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE,
389  PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY,
390  PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME,
391  PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT,
392  PN_SSL_CERT_SUBJECT_COMMON_NAME
394 
398 typedef enum {
399  PN_SSL_SHA1, /* Produces hash that is 20 bytes long */
400  PN_SSL_SHA256, /* Produces hash that is 32 bytes long */
401  PN_SSL_SHA512, /* Produces hash that is 64 bytes long */
402  PN_SSL_MD5 /* Produces hash that is 16 bytes long */
404 
418 PN_EXTERN int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0,
419  char *fingerprint,
420  size_t fingerprint_length,
421  pn_ssl_hash_alg hash_alg);
422 
435 PN_EXTERN const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field);
436 
441 #ifdef __cplusplus
442 }
443 #endif
444 
445 #endif /* ssl.h */
AMQP and API data types.
int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain, const char *credential_1, const char *credential_2, const char *password)
Set the certificate that identifies the local node to the remote.
int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t fingerprint_length, pn_ssl_hash_alg hash_alg)
Get the fingerprint of the certificate.
int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, const pn_ssl_verify_mode_t mode, const char *trusted_CAs)
Configure the level of verification used on the peer certificate.
const char * pn_ssl_get_remote_subject(pn_ssl_t *ssl)
Get the subject from the peers certificate.
struct pn_transport_t pn_transport_t
A network channel supporting an AMQP connection.
Definition: types.h:431
int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain)
Permit a server to accept connection requests from non-SSL clients.
require valid certificate and matching name
Definition: ssl.h:199
require peer to provide a valid identifying certificate
Definition: ssl.h:197
pn_ssl_cert_subject_subfield
Enumeration identifying the sub fields of the subject field in the ssl certificate.
Definition: ssl.h:386
pn_ssl_verify_mode_t
Determines the level of peer validation.
Definition: ssl.h:195
Session resume state unknown/not supported.
Definition: ssl.h:99
bool pn_ssl_present(void)
Tests for SSL implementation present.
int pn_ssl_init(pn_ssl_t *ssl, pn_ssl_domain_t *domain, const char *session_id)
Initialize an SSL session.
int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain, const char *certificate_db)
Configure the set of trusted CA certificates used by this domain to verify peers. ...
bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the SSL protocol that is currently in use.
pn_ssl_mode_t
Determines the type of SSL endpoint.
Definition: ssl.h:90
int pn_ssl_get_ssf(pn_ssl_t *ssl)
Get the SSF (security strength factor) of the Cipher that is currently in use.
pn_ssl_t * pn_ssl(pn_transport_t *transport)
Create a new SSL session object associated with a transport.
pn_ssl_resume_status_t
Indicates whether an SSL session has been resumed.
Definition: ssl.h:98
int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize)
Access the configured peer identity.
struct pn_ssl_domain_t pn_ssl_domain_t
API for using SSL with the Transport Layer.
Definition: ssl.h:80
Session resumed from previous session.
Definition: ssl.h:101
pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl)
Check whether the state has been resumed.
const char * pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field)
Returns a char pointer that contains the value of the sub field of the subject field in the ssl certi...
struct pn_ssl_t pn_ssl_t
Definition: ssl.h:85
int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers)
Configure the list of permitted ciphers.
void pn_ssl_domain_free(pn_ssl_domain_t *domain)
Release an SSL configuration domain.
bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the Cipher that is currently in use.
Local connection endpoint is an SSL server.
Definition: ssl.h:92
Session renegotiated - not resumed.
Definition: ssl.h:100
pn_ssl_domain_t * pn_ssl_domain(pn_ssl_mode_t mode)
Create an SSL configuration domain.
Local connection endpoint is an SSL client.
Definition: ssl.h:91
pn_ssl_hash_alg
Enumeration identifying hashing algorithm.
Definition: ssl.h:398
internal use only
Definition: ssl.h:196
do not require a certificate nor cipher authorization
Definition: ssl.h:198
int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname)
Set the expected identity of the remote peer.