libnetconf  0.10.0-146_trunk
NETCONF Library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Functions
NETCONF over TLS

libnetconf's functions to use TLS. More information can be found at Transport Protocol page. More...

Functions

void nc_tls_destroy (void)
 Destroy all resources allocated for preparation of TLS connections. More...
 
int nc_tls_init (const char *peer_cert, const char *peer_key, const char *CAfile, const char *CApath, const char *CRLfile, const char *CRLpath)
 Set paths to the client certificate and its private key. More...
 

Detailed Description

libnetconf's functions to use TLS. More information can be found at Transport Protocol page.

These functions are experimental. It is possible, that TLS transport (and mainly certificates management) is not fully implemented in this version.

Remember, that to make these functions available, libnetconf must be compiled with –enable-tls configure's option.

Function Documentation

void nc_tls_destroy ( void  )

Destroy all resources allocated for preparation of TLS connections.

See nc_tls_init() for more information about NETCONF session preparation.

To make this function available, you have to include libnetconf_tls.h header file.

int nc_tls_init ( const char *  peer_cert,
const char *  peer_key,
const char *  CAfile,
const char *  CApath,
const char *  CRLfile,
const char *  CRLpath 
)

Set paths to the client certificate and its private key.

This function takes effect only on client side. It must be used before establishing NETCONF session (including call home) over TLS.

This function is thread-safe. It is supposed to be part of the process of establishing NETCONF session within a single thread:

  1. Use nc_tls_init() to set client certificate and CA for server certificate verification. Calling this function repeatedly with different parameters changes those parameter for new NETCONF session created after the call. Any currently used NETCONF session will be still using the settings specified before the creation of the NETCONF session.
  2. Establish NETCONF session using nc_session_connect(). If you don't need to change parameters set in nc_tls_init(), you can call nc_session_connect() repeatedly.
  3. To properly clean all resources, call nc_tls_destroy(). It will destroy TLS connection context in the current thread.
Parameters
[in]peer_certPath to the file containing client certificate
[in]peer_keyPath to the file containing private key for the client certificate. If NULL, key is expected to be stored in the file specified in cert parameter.
[in]CAfileLocation of the CA certificate used to verify the server certificates. For More info, see documentation for SSL_CTX_load_verify_locations() function from OpenSSL.
[in]CApathLocation of the CA certificates used to verify the server certificates. For More info, see documentation for SSL_CTX_load_verify_locations() function from OpenSSL.
[in]CRLfileLocation of the CRL certificate used to check for revocated certificates.
[in]CRLpathLocarion of the CRL certificates used to check for revocated certificates.
Returns
EXIT_SUCCESS or EXIT_FAILURE