Qpid Proton C API  0.37.0
ssl.h
Go to the documentation of this file.
1 #ifndef PROTON_SSL_H
2 #define PROTON_SSL_H 1
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include <proton/import_export.h>
26 #include <proton/type_compat.h>
27 #include <proton/types.h>
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
80 typedef struct pn_ssl_domain_t pn_ssl_domain_t;
81 
85 typedef struct pn_ssl_t pn_ssl_t;
86 
90 typedef enum {
91  PN_SSL_MODE_CLIENT = 1,
92  PN_SSL_MODE_SERVER
93 } pn_ssl_mode_t;
94 
98 typedef enum {
99  PN_SSL_RESUME_UNKNOWN,
100  PN_SSL_RESUME_NEW,
101  PN_SSL_RESUME_REUSED
102 } pn_ssl_resume_status_t;
103 
109 PN_EXTERN bool pn_ssl_present( void );
110 
122 PN_EXTERN pn_ssl_domain_t *pn_ssl_domain(pn_ssl_mode_t mode);
123 
130 PN_EXTERN void pn_ssl_domain_free(pn_ssl_domain_t *domain);
131 
156 PN_EXTERN int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain,
157  const char *credential_1,
158  const char *credential_2,
159  const char *password);
160 
181 PN_EXTERN int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain,
182  const char *certificate_db);
183 
200 typedef enum {
201  PN_SSL_VERIFY_NULL = 0,
202  PN_SSL_VERIFY_PEER,
203  PN_SSL_ANONYMOUS_PEER,
204  PN_SSL_VERIFY_PEER_NAME
205 } pn_ssl_verify_mode_t;
206 
231 PN_EXTERN int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
232  const pn_ssl_verify_mode_t mode,
233  const char *trusted_CAs);
234 
248 PN_EXTERN int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols);
249 
260 PN_EXTERN int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers);
261 
274 PN_EXTERN int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain);
275 
286 PN_EXTERN pn_ssl_t *pn_ssl(pn_transport_t *transport);
287 
312 PN_EXTERN int pn_ssl_init(pn_ssl_t *ssl,
313  pn_ssl_domain_t *domain,
314  const char *session_id);
315 
329 PN_EXTERN bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size);
330 
337 PN_EXTERN int pn_ssl_get_ssf(pn_ssl_t *ssl);
338 
351 PN_EXTERN bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size);
352 
366 PN_EXTERN pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl);
367 
390 PN_EXTERN int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname);
391 
405 PN_EXTERN int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize);
406 
414 PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);
415 
419 typedef enum {
420  PN_SSL_CERT_SUBJECT_COUNTRY_NAME,
421  PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE,
422  PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY,
423  PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME,
424  PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT,
425  PN_SSL_CERT_SUBJECT_COMMON_NAME
426 } pn_ssl_cert_subject_subfield;
427 
431 typedef enum {
432  PN_SSL_SHA1, /* Produces hash that is 20 bytes long */
433  PN_SSL_SHA256, /* Produces hash that is 32 bytes long */
434  PN_SSL_SHA512, /* Produces hash that is 64 bytes long */
435  PN_SSL_MD5 /* Produces hash that is 16 bytes long */
436 } pn_ssl_hash_alg;
437 
451 PN_EXTERN int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0,
452  char *fingerprint,
453  size_t fingerprint_length,
454  pn_ssl_hash_alg hash_alg);
455 
468 PN_EXTERN const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field);
469 
474 #ifdef __cplusplus
475 }
476 #endif
477 
478 #endif /* ssl.h */
pn_ssl_get_protocol_name
bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the SSL protocol that is currently in use.
pn_ssl_get_remote_subject_subfield
const char * pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field)
Returns a char pointer that contains the value of the sub field of the subject field in the ssl certi...
pn_ssl_mode_t
pn_ssl_mode_t
Determines the type of SSL endpoint.
Definition: ssl.h:90
pn_ssl_get_remote_subject
const char * pn_ssl_get_remote_subject(pn_ssl_t *ssl)
Get the subject from the peers certificate.
pn_ssl_set_peer_hostname
int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname)
Set the expected identity of the remote peer.
pn_ssl_t
struct pn_ssl_t pn_ssl_t
Definition: ssl.h:85
pn_ssl_domain_allow_unsecured_client
int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain)
Deprecated - Use pn_transport_require_encryption()
pn_ssl_get_cert_fingerprint
int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t fingerprint_length, pn_ssl_hash_alg hash_alg)
Get the fingerprint of the certificate.
pn_ssl_domain_set_protocols
int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols)
Configure the list of permitted TLS protocols.
pn_ssl_domain_set_peer_authentication
int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, const pn_ssl_verify_mode_t mode, const char *trusted_CAs)
Configure the level of verification used on the peer certificate.
pn_ssl_init
int pn_ssl_init(pn_ssl_t *ssl, pn_ssl_domain_t *domain, const char *session_id)
Initialize an SSL session.
pn_ssl_get_cipher_name
bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the Cipher that is currently in use.
pn_ssl_domain_free
void pn_ssl_domain_free(pn_ssl_domain_t *domain)
Release an SSL configuration domain.
pn_ssl_resume_status
pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl)
Check whether the state has been resumed.
pn_ssl_cert_subject_subfield
pn_ssl_cert_subject_subfield
Enumeration identifying the sub fields of the subject field in the ssl certificate.
Definition: ssl.h:419
pn_ssl_domain_set_trusted_ca_db
int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain, const char *certificate_db)
Configure the set of trusted CA certificates used by this domain to verify peers.
pn_ssl_domain_set_credentials
int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain, const char *credential_1, const char *credential_2, const char *password)
Set the certificate that identifies the local node to the remote.
pn_ssl_get_peer_hostname
int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize)
Access the configured peer identity.
pn_ssl_get_ssf
int pn_ssl_get_ssf(pn_ssl_t *ssl)
Get the SSF (security strength factor) of the Cipher that is currently in use.
pn_ssl_domain
pn_ssl_domain_t * pn_ssl_domain(pn_ssl_mode_t mode)
Create an SSL configuration domain.
pn_ssl
pn_ssl_t * pn_ssl(pn_transport_t *transport)
Create a new SSL session object associated with a transport.
pn_ssl_domain_t
struct pn_ssl_domain_t pn_ssl_domain_t
API for using SSL with the Transport Layer.
Definition: ssl.h:80
pn_ssl_domain_set_ciphers
int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers)
Configure the list of permitted ciphers.
pn_ssl_verify_mode_t
pn_ssl_verify_mode_t
Determines the level of peer validation.
Definition: ssl.h:200
pn_ssl_present
bool pn_ssl_present(void)
Tests for SSL implementation present.
pn_ssl_hash_alg
pn_ssl_hash_alg
Enumeration identifying hashing algorithm.
Definition: ssl.h:431
pn_ssl_resume_status_t
pn_ssl_resume_status_t
Indicates whether an SSL session has been resumed.
Definition: ssl.h:98
PN_SSL_MODE_SERVER
@ PN_SSL_MODE_SERVER
Local connection endpoint is an SSL server.
Definition: ssl.h:92
PN_SSL_MODE_CLIENT
@ PN_SSL_MODE_CLIENT
Local connection endpoint is an SSL client.
Definition: ssl.h:91
PN_SSL_VERIFY_PEER_NAME
@ PN_SSL_VERIFY_PEER_NAME
require valid certificate and matching name
Definition: ssl.h:204
PN_SSL_VERIFY_PEER
@ PN_SSL_VERIFY_PEER
require peer to provide a valid identifying certificate
Definition: ssl.h:202
PN_SSL_VERIFY_NULL
@ PN_SSL_VERIFY_NULL
internal use only
Definition: ssl.h:201
PN_SSL_ANONYMOUS_PEER
@ PN_SSL_ANONYMOUS_PEER
do not require a certificate nor cipher authorization
Definition: ssl.h:203
PN_SSL_RESUME_REUSED
@ PN_SSL_RESUME_REUSED
Session resumed from previous session.
Definition: ssl.h:101
PN_SSL_RESUME_NEW
@ PN_SSL_RESUME_NEW
Session renegotiated - not resumed.
Definition: ssl.h:100
PN_SSL_RESUME_UNKNOWN
@ PN_SSL_RESUME_UNKNOWN
Session resume state unknown/not supported.
Definition: ssl.h:99
pn_transport_t
struct pn_transport_t pn_transport_t
A network channel supporting an AMQP connection.
Definition: types.h:435
types.h
AMQP and API data types.