c/api/ssl_8h_source.html

#ifndef PROTON_SSL_H

#define PROTON_SSL_H 1


/*

 *

 * Licensed to the Apache Software Foundation (ASF) under one

 * or more contributor license agreements.  See the NOTICE file

 * distributed with this work for additional information

 * regarding copyright ownership.  The ASF licenses this file

 * to you under the Apache License, Version 2.0 (the

 * "License"); you may not use this file except in compliance

 * with the License.  You may obtain a copy of the License at

 *

 *   http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing,

 * software distributed under the License is distributed on an

 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied.  See the License for the

 * specific language governing permissions and limitations

 * under the License.

 *

 */


#include <proton/import_export.h>

#include <proton/type_compat.h>

#include <proton/types.h>


#ifdef __cplusplus

extern "C" {

#endif


typedef struct pn_ssl_domain_t pn_ssl_domain_t;


typedef struct pn_ssl_t pn_ssl_t;


typedef enum {

  PN_SSL_MODE_CLIENT = 1,

  PN_SSL_MODE_SERVER

} pn_ssl_mode_t;


typedef enum {

  PN_SSL_RESUME_UNKNOWN,

  PN_SSL_RESUME_NEW,

  PN_SSL_RESUME_REUSED

} pn_ssl_resume_status_t;


PN_EXTERN bool pn_ssl_present( void );


PN_EXTERN pn_ssl_domain_t *pn_ssl_domain(pn_ssl_mode_t mode);


PN_EXTERN void pn_ssl_domain_free(pn_ssl_domain_t *domain);


PN_EXTERN int  pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain,

                                            const char *credential_1,

                                            const char *credential_2,

                                            const char *password);


PN_EXTERN int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain,

                                const char *certificate_db);


typedef enum {

  PN_SSL_VERIFY_NULL = 0,

  PN_SSL_VERIFY_PEER,

  PN_SSL_ANONYMOUS_PEER,

  PN_SSL_VERIFY_PEER_NAME

} pn_ssl_verify_mode_t;


PN_EXTERN int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,

                                                    const pn_ssl_verify_mode_t mode,

                                                    const char *trusted_CAs);


PN_EXTERN int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols);


PN_EXTERN int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers);


PN_EXTERN int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain);


PN_EXTERN pn_ssl_t *pn_ssl(pn_transport_t *transport);


PN_EXTERN int pn_ssl_init(pn_ssl_t *ssl,

                          pn_ssl_domain_t *domain,

                          const char *session_id);


PN_EXTERN bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size);


PN_EXTERN int pn_ssl_get_ssf(pn_ssl_t *ssl);


PN_EXTERN bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size);


PN_EXTERN pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl);


PN_EXTERN int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname);


PN_EXTERN int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize);


PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);


typedef enum {

  PN_SSL_CERT_SUBJECT_COUNTRY_NAME,

  PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE,

  PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY,

  PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME,

  PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT,

  PN_SSL_CERT_SUBJECT_COMMON_NAME

} pn_ssl_cert_subject_subfield;


typedef enum {

  PN_SSL_SHA1,   /* Produces hash that is 20 bytes long */

  PN_SSL_SHA256, /* Produces hash that is 32 bytes long */

  PN_SSL_SHA512, /* Produces hash that is 64 bytes long */

  PN_SSL_MD5     /* Produces hash that is 16 bytes long */

} pn_ssl_hash_alg;


PN_EXTERN int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0,

                                          char *fingerprint,

                                          size_t fingerprint_length,

                                          pn_ssl_hash_alg hash_alg);


PN_EXTERN const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field);


#ifdef __cplusplus

}

#endif


#endif /* ssl.h */

pn_ssl_get_protocol_name
bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the SSL protocol that is currently in use.

pn_ssl_mode_t
pn_ssl_mode_t
Determines the type of SSL endpoint.
Definition: ssl.h:90

pn_ssl_set_peer_hostname
int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname)
Set the expected identity of the remote peer.

pn_ssl_t
struct pn_ssl_t pn_ssl_t
Definition: ssl.h:85

pn_ssl_domain_allow_unsecured_client
int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain)
Deprecated - Use pn_transport_require_encryption()

pn_ssl_get_cert_fingerprint
int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t fingerprint_length, pn_ssl_hash_alg hash_alg)
Get the fingerprint of the certificate.

pn_ssl_get_remote_subject_subfield
const char * pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field)
Returns a char pointer that contains the value of the sub field of the subject field in the ssl certi...

pn_ssl_domain_set_protocols
int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols)
Configure the list of permitted TLS protocols.

pn_ssl_domain_set_peer_authentication
int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, const pn_ssl_verify_mode_t mode, const char *trusted_CAs)
Configure the level of verification used on the peer certificate.

pn_ssl_init
int pn_ssl_init(pn_ssl_t *ssl, pn_ssl_domain_t *domain, const char *session_id)
Initialize an SSL session.

pn_ssl_get_cipher_name
bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size)
Get the name of the Cipher that is currently in use.

pn_ssl_domain_free
void pn_ssl_domain_free(pn_ssl_domain_t *domain)
Release an SSL configuration domain.

pn_ssl_resume_status
pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl)
Check whether the state has been resumed.

pn_ssl_cert_subject_subfield
pn_ssl_cert_subject_subfield
Enumeration identifying the sub fields of the subject field in the ssl certificate.
Definition: ssl.h:419

pn_ssl_domain_set_trusted_ca_db
int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain, const char *certificate_db)
Configure the set of trusted CA certificates used by this domain to verify peers.

pn_ssl_domain
pn_ssl_domain_t * pn_ssl_domain(pn_ssl_mode_t mode)
Create an SSL configuration domain.

pn_ssl_domain_set_credentials
int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain, const char *credential_1, const char *credential_2, const char *password)
Set the certificate that identifies the local node to the remote.

pn_ssl_get_peer_hostname
int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize)
Access the configured peer identity.

pn_ssl_get_ssf
int pn_ssl_get_ssf(pn_ssl_t *ssl)
Get the SSF (security strength factor) of the Cipher that is currently in use.

pn_ssl
pn_ssl_t * pn_ssl(pn_transport_t *transport)
Create a new SSL session object associated with a transport.

pn_ssl_domain_t
struct pn_ssl_domain_t pn_ssl_domain_t
API for using SSL with the Transport Layer.
Definition: ssl.h:80

pn_ssl_domain_set_ciphers
int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers)
Configure the list of permitted ciphers.

pn_ssl_get_remote_subject
const char * pn_ssl_get_remote_subject(pn_ssl_t *ssl)
Get the subject from the peers certificate.

pn_ssl_verify_mode_t
pn_ssl_verify_mode_t
Determines the level of peer validation.
Definition: ssl.h:200

pn_ssl_present
bool pn_ssl_present(void)
Tests for SSL implementation present.

pn_ssl_hash_alg
pn_ssl_hash_alg
Enumeration identifying hashing algorithm.
Definition: ssl.h:431

pn_ssl_resume_status_t
pn_ssl_resume_status_t
Indicates whether an SSL session has been resumed.
Definition: ssl.h:98

PN_SSL_MODE_SERVER
@ PN_SSL_MODE_SERVER
Local connection endpoint is an SSL server.
Definition: ssl.h:92

PN_SSL_MODE_CLIENT
@ PN_SSL_MODE_CLIENT
Local connection endpoint is an SSL client.
Definition: ssl.h:91

PN_SSL_VERIFY_PEER_NAME
@ PN_SSL_VERIFY_PEER_NAME
require valid certificate and matching name
Definition: ssl.h:204

PN_SSL_VERIFY_PEER
@ PN_SSL_VERIFY_PEER
require peer to provide a valid identifying certificate
Definition: ssl.h:202

PN_SSL_VERIFY_NULL
@ PN_SSL_VERIFY_NULL
internal use only
Definition: ssl.h:201

PN_SSL_ANONYMOUS_PEER
@ PN_SSL_ANONYMOUS_PEER
do not require a certificate nor cipher authorization
Definition: ssl.h:203

PN_SSL_RESUME_REUSED
@ PN_SSL_RESUME_REUSED
Session resumed from previous session.
Definition: ssl.h:101

PN_SSL_RESUME_NEW
@ PN_SSL_RESUME_NEW
Session renegotiated - not resumed.
Definition: ssl.h:100

PN_SSL_RESUME_UNKNOWN
@ PN_SSL_RESUME_UNKNOWN
Session resume state unknown/not supported.
Definition: ssl.h:99

pn_transport_t
struct pn_transport_t pn_transport_t
A network channel supporting an AMQP connection.
Definition: types.h:435

types.h
AMQP and API data types.