http://git-wip-us.apache.org/repos/asf/qpid-site/blob/bc75d075/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.html b/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.html new file mode 100755 index 0000000..dccbae4 --- /dev/null +++ b/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.html @@ -0,0 +1,1104 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +<html xmlns="http://www.w3.org/1999/xhtml";> +<head> +<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> +<meta http-equiv="X-UA-Compatible" content="IE=9"/> +<meta name="generator" content="Doxygen 1.8.13"/> +<meta name="viewport" content="width=device-width, initial-scale=1"/> +<title>Qpid Proton C API: SSL</title> +<link href="tabs.css" rel="stylesheet" type="text/css"/> +<script type="text/javascript" src="jquery.js"></script> +<script type="text/javascript" src="dynsections.js"></script> +<link href="navtree.css" rel="stylesheet" type="text/css"/> +<script type="text/javascript" src="resize.js"></script> +<script type="text/javascript" src="navtreedata.js"></script> +<script type="text/javascript" src="navtree.js"></script> +<script type="text/javascript"> + $(document).ready(initResizable); +</script> +<link href="search/search.css" rel="stylesheet" type="text/css"/> +<script type="text/javascript" src="search/searchdata.js"></script> +<script type="text/javascript" src="search/search.js"></script> +<script type="text/javascript"> + $(document).ready(function() { init_search(); }); +</script> +<link href="doxygen.css" rel="stylesheet" type="text/css" /> +</head> +<body> +<div id="top"><!-- do not remove this div, it is closed by doxygen! --> +<div id="titlearea"> +<table cellspacing="0" cellpadding="0"> + <tbody> + <tr style="height: 56px;"> + <td id="projectalign" style="padding-left: 0.5em;"> + <div id="projectname">Qpid Proton C API +  <span id="projectnumber">0.22.0</span> + </div> + </td> + <td> <div id="MSearchBox" class="MSearchBoxInactive"> + <span class="left"> + <img id="MSearchSelect" src="search/mag_sel.png" + onmouseover="return searchBox.OnSearchSelectShow()" + onmouseout="return searchBox.OnSearchSelectHide()" + alt=""/> + <input type="text" id="MSearchField" value="Search" accesskey="S" + onfocus="searchBox.OnSearchFieldFocus(true)" + onblur="searchBox.OnSearchFieldFocus(false)" + onkeyup="searchBox.OnSearchFieldChange(event)"/> + </span><span class="right"> + <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a> + </span> + </div> +</td> + </tr> + </tbody> +</table> +</div> +<!-- end header part --> +<!-- Generated by Doxygen 1.8.13 --> +<script type="text/javascript"> +var searchBox = new SearchBox("searchBox", "search",false,'Search'); +</script> +</div><!-- top --> +<div id="side-nav" class="ui-resizable side-nav-resizable"> + <div id="nav-tree"> + <div id="nav-tree-contents"> + <div id="nav-sync" class="sync"></div> + </div> + </div> + <div id="splitbar" style="-moz-user-select:none;" + class="ui-resizable-handle"> + </div> +</div> +<script type="text/javascript"> +$(document).ready(function(){initNavTree('group__ssl.html','');}); +</script> +<div id="doc-content"> +<!-- window showing the filter options --> +<div id="MSearchSelectWindow" + onmouseover="return searchBox.OnSearchSelectShow()" + onmouseout="return searchBox.OnSearchSelectHide()" + onkeydown="return searchBox.OnSearchSelectKey(event)"> +</div> + +<!-- iframe showing the search results (closed by default) --> +<div id="MSearchResultsWindow"> +<iframe src="javascript:void(0)" frameborder="0" + name="MSearchResults" id="MSearchResults"> +</iframe> +</div> + +<div class="header"> + <div class="summary"> +<a href="#typedef-members">Typedefs</a> | +<a href="#enum-members">Enumerations</a> | +<a href="#func-members">Functions</a> </div> + <div class="headertitle"> +<div class="title">SSL<div class="ingroups"><a class="el" href="group__core.html">Core</a></div></div> </div> +</div><!--header--> +<div class="contents"> + +<p>SSL secure transport layer. +<a href="#details">More...</a></p> +<table class="memberdecls"> +<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a> +Typedefs</h2></td></tr> +<tr class="memitem:gaba83c3a1779c8b35a479bf3a7bb5b175"><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a></td></tr> +<tr class="memdesc:gaba83c3a1779c8b35a479bf3a7bb5b175"><td class="mdescLeft"> </td><td class="mdescRight">API for using SSL with the Transport Layer. <a href="#gaba83c3a1779c8b35a479bf3a7bb5b175">More...</a><br /></td></tr> +<tr class="separator:gaba83c3a1779c8b35a479bf3a7bb5b175"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga215da63662423b00d34605ba4f9761f5"><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a></td></tr> +<tr class="separator:ga215da63662423b00d34605ba4f9761f5"><td class="memSeparator" colspan="2"> </td></tr> +</table><table class="memberdecls"> +<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="enum-members"></a> +Enumerations</h2></td></tr> +<tr class="memitem:ga0f1d40875c45b14a31a77f27430bc225"><td class="memItemLeft" align="right" valign="top">enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225">pn_ssl_mode_t</a> { <a class="el" href="group__ssl.html#gga0f1d40875c45b14a31a77f27430bc225a4e2fe24fcd2692e4c20c27668091a49c">PN_SSL_MODE_CLIENT</a>, +<a class="el" href="group__ssl.html#gga0f1d40875c45b14a31a77f27430bc225a0c4550c70a6bc74cb906a74c5f1e5078">PN_SSL_MODE_SERVER</a> + }<tr class="memdesc:ga0f1d40875c45b14a31a77f27430bc225"><td class="mdescLeft"> </td><td class="mdescRight">Determines the type of SSL endpoint. <a href="group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225">More...</a><br /></td></tr> +</td></tr> +<tr class="separator:ga0f1d40875c45b14a31a77f27430bc225"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gaf175c116d52a91001f9a3559b580f56d"><td class="memItemLeft" align="right" valign="top">enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaf175c116d52a91001f9a3559b580f56d">pn_ssl_resume_status_t</a> { <a class="el" href="group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dad1385651f6078177d6652c385453280d">PN_SSL_RESUME_UNKNOWN</a>, +<a class="el" href="group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dac8a5515a69c89007f681b3c555328e8f">PN_SSL_RESUME_NEW</a>, +<a class="el" href="group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dabb1b88b78dcb91ee80cd6f0eb5873d6d">PN_SSL_RESUME_REUSED</a> + }<tr class="memdesc:gaf175c116d52a91001f9a3559b580f56d"><td class="mdescLeft"> </td><td class="mdescRight">Indicates whether an SSL session has been resumed. <a href="group__ssl.html#gaf175c116d52a91001f9a3559b580f56d">More...</a><br /></td></tr> +</td></tr> +<tr class="separator:gaf175c116d52a91001f9a3559b580f56d"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gae5e33024ed6af3432d4c76d1484d7ecb"><td class="memItemLeft" align="right" valign="top">enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb">pn_ssl_verify_mode_t</a> { <a class="el" href="group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbada1e3837cc900bd6419de72c25b253cc">PN_SSL_VERIFY_NULL</a>, +<a class="el" href="group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbad80276abde5d95760c63d0b9685d4d44">PN_SSL_VERIFY_PEER</a>, +<a class="el" href="group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbafa6dbe705dd0366ff4799616f788a9f5">PN_SSL_ANONYMOUS_PEER</a>, +<a class="el" href="group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbaac956f0febf05ab579de839700895e36">PN_SSL_VERIFY_PEER_NAME</a> + }<tr class="memdesc:gae5e33024ed6af3432d4c76d1484d7ecb"><td class="mdescLeft"> </td><td class="mdescRight">Determines the level of peer validation. <a href="group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb">More...</a><br /></td></tr> +</td></tr> +<tr class="separator:gae5e33024ed6af3432d4c76d1484d7ecb"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga68d52866e8172acc7ecc7b4fe5b38a40"><td class="memItemLeft" align="right" valign="top"><a id="ga68d52866e8172acc7ecc7b4fe5b38a40"></a>enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga68d52866e8172acc7ecc7b4fe5b38a40">pn_ssl_cert_subject_subfield</a> { <br /> +  <b>PN_SSL_CERT_SUBJECT_COUNTRY_NAME</b>, +<b>PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE</b>, +<b>PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY</b>, +<b>PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME</b>, +<br /> +  <b>PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT</b>, +<b>PN_SSL_CERT_SUBJECT_COMMON_NAME</b> +<br /> + }<tr class="memdesc:ga68d52866e8172acc7ecc7b4fe5b38a40"><td class="mdescLeft"> </td><td class="mdescRight">Enumeration identifying the sub fields of the subject field in the ssl certificate. <br /></td></tr> +</td></tr> +<tr class="separator:ga68d52866e8172acc7ecc7b4fe5b38a40"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gaf0b0cd3271ad4a0e33e2a61a8cea7892"><td class="memItemLeft" align="right" valign="top"><a id="gaf0b0cd3271ad4a0e33e2a61a8cea7892"></a>enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaf0b0cd3271ad4a0e33e2a61a8cea7892">pn_ssl_hash_alg</a> { <b>PN_SSL_SHA1</b>, +<b>PN_SSL_SHA256</b>, +<b>PN_SSL_SHA512</b>, +<b>PN_SSL_MD5</b> + }<tr class="memdesc:gaf0b0cd3271ad4a0e33e2a61a8cea7892"><td class="mdescLeft"> </td><td class="mdescRight">Enumeration identifying hashing algorithm. <br /></td></tr> +</td></tr> +<tr class="separator:gaf0b0cd3271ad4a0e33e2a61a8cea7892"><td class="memSeparator" colspan="2"> </td></tr> +</table><table class="memberdecls"> +<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a> +Functions</h2></td></tr> +<tr class="memitem:gaec849c8189c12da727e7be7ca757dbdb"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaec849c8189c12da727e7be7ca757dbdb">pn_ssl_present</a> (void)</td></tr> +<tr class="memdesc:gaec849c8189c12da727e7be7ca757dbdb"><td class="mdescLeft"> </td><td class="mdescRight">Tests for SSL implementation present. <a href="#gaec849c8189c12da727e7be7ca757dbdb">More...</a><br /></td></tr> +<tr class="separator:gaec849c8189c12da727e7be7ca757dbdb"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gaab5e86b7a4d22943eba82c6e94b82357"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaab5e86b7a4d22943eba82c6e94b82357">pn_ssl_domain</a> (<a class="el" href="group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225">pn_ssl_mode_t</a> mode)</td></tr> +<tr class="memdesc:gaab5e86b7a4d22943eba82c6e94b82357"><td class="mdescLeft"> </td><td class="mdescRight">Create an SSL configuration domain. <a href="#gaab5e86b7a4d22943eba82c6e94b82357">More...</a><br /></td></tr> +<tr class="separator:gaab5e86b7a4d22943eba82c6e94b82357"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga5452ded9c36d78a17c6dea292a01c80d"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga5452ded9c36d78a17c6dea292a01c80d">pn_ssl_domain_free</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain)</td></tr> +<tr class="memdesc:ga5452ded9c36d78a17c6dea292a01c80d"><td class="mdescLeft"> </td><td class="mdescRight">Release an SSL configuration domain. <a href="#ga5452ded9c36d78a17c6dea292a01c80d">More...</a><br /></td></tr> +<tr class="separator:ga5452ded9c36d78a17c6dea292a01c80d"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga7311e46bb756474513f3c331e0c1b0aa"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga7311e46bb756474513f3c331e0c1b0aa">pn_ssl_domain_set_credentials</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const char *credential_1, const char *credential_2, const char *password)</td></tr> +<tr class="memdesc:ga7311e46bb756474513f3c331e0c1b0aa"><td class="mdescLeft"> </td><td class="mdescRight">Set the certificate that identifies the local node to the remote. <a href="#ga7311e46bb756474513f3c331e0c1b0aa">More...</a><br /></td></tr> +<tr class="separator:ga7311e46bb756474513f3c331e0c1b0aa"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga6cdf12ad6ff3d50ac1d31db3cff11c2d"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga6cdf12ad6ff3d50ac1d31db3cff11c2d">pn_ssl_domain_set_trusted_ca_db</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const char *certificate_db)</td></tr> +<tr class="memdesc:ga6cdf12ad6ff3d50ac1d31db3cff11c2d"><td class="mdescLeft"> </td><td class="mdescRight">Configure the set of trusted CA certificates used by this domain to verify peers. <a href="#ga6cdf12ad6ff3d50ac1d31db3cff11c2d">More...</a><br /></td></tr> +<tr class="separator:ga6cdf12ad6ff3d50ac1d31db3cff11c2d"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga39b67bd22fb8f0a47bcdbdfd40f80b11"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga39b67bd22fb8f0a47bcdbdfd40f80b11">pn_ssl_domain_set_peer_authentication</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const <a class="el" href="group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb">pn_ssl_verify_mode_t</a> mode, const char *trusted_CAs)</td></tr> +<tr class="memdesc:ga39b67bd22fb8f0a47bcdbdfd40f80b11"><td class="mdescLeft"> </td><td class="mdescRight">Configure the level of verification used on the peer certificate. <a href="#ga39b67bd22fb8f0a47bcdbdfd40f80b11">More...</a><br /></td></tr> +<tr class="separator:ga39b67bd22fb8f0a47bcdbdfd40f80b11"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga333fcb941ed20421373f37b23d84fc98"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga333fcb941ed20421373f37b23d84fc98">pn_ssl_domain_set_protocols</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const char *protocols)</td></tr> +<tr class="memdesc:ga333fcb941ed20421373f37b23d84fc98"><td class="mdescLeft"> </td><td class="mdescRight">Configure the list of permitted TLS protocols. <a href="#ga333fcb941ed20421373f37b23d84fc98">More...</a><br /></td></tr> +<tr class="separator:ga333fcb941ed20421373f37b23d84fc98"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gac3da0f48aeeb11d8149a559a2a064ddc"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gac3da0f48aeeb11d8149a559a2a064ddc">pn_ssl_domain_set_ciphers</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const char *ciphers)</td></tr> +<tr class="memdesc:gac3da0f48aeeb11d8149a559a2a064ddc"><td class="mdescLeft"> </td><td class="mdescRight">Configure the list of permitted ciphers. <a href="#gac3da0f48aeeb11d8149a559a2a064ddc">More...</a><br /></td></tr> +<tr class="separator:gac3da0f48aeeb11d8149a559a2a064ddc"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga2ac989a62dcd138be770fae0bbb85e74"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga2ac989a62dcd138be770fae0bbb85e74">pn_ssl_domain_allow_unsecured_client</a> (<a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain)</td></tr> +<tr class="memdesc:ga2ac989a62dcd138be770fae0bbb85e74"><td class="mdescLeft"> </td><td class="mdescRight">Permit a server to accept connection requests from non-SSL clients. <a href="#ga2ac989a62dcd138be770fae0bbb85e74">More...</a><br /></td></tr> +<tr class="separator:ga2ac989a62dcd138be770fae0bbb85e74"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:gaaeb5284b45f9e2146ff671b1ddc9420c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#gaaeb5284b45f9e2146ff671b1ddc9420c">pn_ssl</a> (<a class="el" href="group__transport.html#gac26eda05f649bbf0399f3d8d78d12fa8">pn_transport_t</a> *transport)</td></tr> +<tr class="memdesc:gaaeb5284b45f9e2146ff671b1ddc9420c"><td class="mdescLeft"> </td><td class="mdescRight">Create a new SSL session object associated with a transport. <a href="#gaaeb5284b45f9e2146ff671b1ddc9420c">More...</a><br /></td></tr> +<tr class="separator:gaaeb5284b45f9e2146ff671b1ddc9420c"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga45f319dd31ad456b8a85927888f94acf"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga45f319dd31ad456b8a85927888f94acf">pn_ssl_init</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl, <a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> *domain, const char *session_id)</td></tr> +<tr class="memdesc:ga45f319dd31ad456b8a85927888f94acf"><td class="mdescLeft"> </td><td class="mdescRight">Initialize an SSL session. <a href="#ga45f319dd31ad456b8a85927888f94acf">More...</a><br /></td></tr> +<tr class="separator:ga45f319dd31ad456b8a85927888f94acf"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga47653f84f4b5e3bad46c08d4e82a2c52"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga47653f84f4b5e3bad46c08d4e82a2c52">pn_ssl_get_cipher_name</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl, char *buffer, size_t size)</td></tr> +<tr class="memdesc:ga47653f84f4b5e3bad46c08d4e82a2c52"><td class="mdescLeft"> </td><td class="mdescRight">Get the name of the Cipher that is currently in use. <a href="#ga47653f84f4b5e3bad46c08d4e82a2c52">More...</a><br /></td></tr> +<tr class="separator:ga47653f84f4b5e3bad46c08d4e82a2c52"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga7fa81d6e5f9b28f90558ab8dd3c4fb1d"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga7fa81d6e5f9b28f90558ab8dd3c4fb1d">pn_ssl_get_ssf</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl)</td></tr> +<tr class="memdesc:ga7fa81d6e5f9b28f90558ab8dd3c4fb1d"><td class="mdescLeft"> </td><td class="mdescRight">Get the SSF (security strength factor) of the Cipher that is currently in use. <a href="#ga7fa81d6e5f9b28f90558ab8dd3c4fb1d">More...</a><br /></td></tr> +<tr class="separator:ga7fa81d6e5f9b28f90558ab8dd3c4fb1d"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga03e8070271747c3901d8d6e5710c0066"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga03e8070271747c3901d8d6e5710c0066">pn_ssl_get_protocol_name</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl, char *buffer, size_t size)</td></tr> +<tr class="memdesc:ga03e8070271747c3901d8d6e5710c0066"><td class="mdescLeft"> </td><td class="mdescRight">Get the name of the SSL protocol that is currently in use. <a href="#ga03e8070271747c3901d8d6e5710c0066">More...</a><br /></td></tr> +<tr class="separator:ga03e8070271747c3901d8d6e5710c0066"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga5f1a1d6697994bac00edc3df200a8f5f"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__ssl.html#gaf175c116d52a91001f9a3559b580f56d">pn_ssl_resume_status_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga5f1a1d6697994bac00edc3df200a8f5f">pn_ssl_resume_status</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl)</td></tr> +<tr class="memdesc:ga5f1a1d6697994bac00edc3df200a8f5f"><td class="mdescLeft"> </td><td class="mdescRight">Check whether the state has been resumed. <a href="#ga5f1a1d6697994bac00edc3df200a8f5f">More...</a><br /></td></tr> +<tr class="separator:ga5f1a1d6697994bac00edc3df200a8f5f"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga15d46dcd823ebd42b9f7f63ed570080a"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga15d46dcd823ebd42b9f7f63ed570080a">pn_ssl_set_peer_hostname</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl, const char *hostname)</td></tr> +<tr class="memdesc:ga15d46dcd823ebd42b9f7f63ed570080a"><td class="mdescLeft"> </td><td class="mdescRight">Set the expected identity of the remote peer. <a href="#ga15d46dcd823ebd42b9f7f63ed570080a">More...</a><br /></td></tr> +<tr class="separator:ga15d46dcd823ebd42b9f7f63ed570080a"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga76636a5ce4696284356321226ee0731c"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga76636a5ce4696284356321226ee0731c">pn_ssl_get_peer_hostname</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl, char *hostname, size_t *bufsize)</td></tr> +<tr class="memdesc:ga76636a5ce4696284356321226ee0731c"><td class="mdescLeft"> </td><td class="mdescRight">Access the configured peer identity. <a href="#ga76636a5ce4696284356321226ee0731c">More...</a><br /></td></tr> +<tr class="separator:ga76636a5ce4696284356321226ee0731c"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga11c877302188bc852cfdc9efd6de58c3"><td class="memItemLeft" align="right" valign="top">const char * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga11c877302188bc852cfdc9efd6de58c3">pn_ssl_get_remote_subject</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl)</td></tr> +<tr class="memdesc:ga11c877302188bc852cfdc9efd6de58c3"><td class="mdescLeft"> </td><td class="mdescRight">Get the subject from the peers certificate. <a href="#ga11c877302188bc852cfdc9efd6de58c3">More...</a><br /></td></tr> +<tr class="separator:ga11c877302188bc852cfdc9efd6de58c3"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga324db5da83b1abad2e948481d65119d4"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga324db5da83b1abad2e948481d65119d4">pn_ssl_get_cert_fingerprint</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl0, char *fingerprint, size_t fingerprint_length, <a class="el" href="group__ssl.html#gaf0b0cd3271ad4a0e33e2a61a8cea7892">pn_ssl_hash_alg</a> hash_alg)</td></tr> +<tr class="memdesc:ga324db5da83b1abad2e948481d65119d4"><td class="mdescLeft"> </td><td class="mdescRight">Get the fingerprint of the certificate. <a href="#ga324db5da83b1abad2e948481d65119d4">More...</a><br /></td></tr> +<tr class="separator:ga324db5da83b1abad2e948481d65119d4"><td class="memSeparator" colspan="2"> </td></tr> +<tr class="memitem:ga0c9e8827536b9929793045771d82bdf1"><td class="memItemLeft" align="right" valign="top">const char * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__ssl.html#ga0c9e8827536b9929793045771d82bdf1">pn_ssl_get_remote_subject_subfield</a> (<a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> *ssl0, <a class="el" href="group__ssl.html#ga68d52866e8172acc7ecc7b4fe5b38a40">pn_ssl_cert_subject_subfield</a> field)</td></tr> +<tr class="memdesc:ga0c9e8827536b9929793045771d82bdf1"><td class="mdescLeft"> </td><td class="mdescRight">Returns a char pointer that contains the value of the sub field of the subject field in the ssl certificate. <a href="#ga0c9e8827536b9929793045771d82bdf1">More...</a><br /></td></tr> +<tr class="separator:ga0c9e8827536b9929793045771d82bdf1"><td class="memSeparator" colspan="2"> </td></tr> +</table> +<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2> +<p>SSL secure transport layer. </p> +<h2 class="groupheader">Typedef Documentation</h2> +<a id="gaba83c3a1779c8b35a479bf3a7bb5b175"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gaba83c3a1779c8b35a479bf3a7bb5b175">◆ </a></span>pn_ssl_domain_t</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">typedef struct <a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> <a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>API for using SSL with the Transport Layer. </p> +<p>A Transport may be configured to use SSL for encryption and/or authentication. A Transport can be configured as either an "SSL client" or an "SSL server". An SSL client is the party that proactively establishes a connection to an SSL server. An SSL server is the party that accepts a connection request from a remote SSL client.</p> +<p>This SSL implementation defines the following objects:</p> +<ul> +<li>A top-level object that stores the configuration used by one or more SSL sessions (pn_ssl_domain_t). </li> +<li>A per-connection SSL session object that performs the encryption/authentication associated with the transport (pn_ssl_t). </li> +<li>The encryption parameters negotiated for the SSL session (pn_ssl_state_t).</li> +</ul> +<p>A pn_ssl_domain_t object must be created and configured before an SSL session can be established. The pn_ssl_domain_t is used to construct an SSL session (pn_ssl_t). The session "adopts" its configuration from the pn_ssl_domain_t that was used to create it. For example, pn_ssl_domain_t can be configured as either a "client" or a "server". SSL sessions constructed from this domain will perform the corresponding role (either client or server).</p> +<p>If either an SSL server or client needs to identify itself with the remote node, it must have its SSL certificate configured (see <a class="el" href="group__ssl.html#ga7311e46bb756474513f3c331e0c1b0aa" title="Set the certificate that identifies the local node to the remote. ">pn_ssl_domain_set_credentials()</a>).</p> +<p>If either an SSL server or client needs to verify the identity of the remote node, it must have its database of trusted CAs configured (see <a class="el" href="group__ssl.html#ga6cdf12ad6ff3d50ac1d31db3cff11c2d" title="Configure the set of trusted CA certificates used by this domain to verify peers. ...">pn_ssl_domain_set_trusted_ca_db()</a>).</p> +<p>An SSL server connection may allow the remote client to connect without SSL (eg. "in +the clear"), see <a class="el" href="group__ssl.html#ga2ac989a62dcd138be770fae0bbb85e74" title="Permit a server to accept connection requests from non-SSL clients. ">pn_ssl_domain_allow_unsecured_client()</a>.</p> +<p>The level of verification required of the remote may be configured (see <a class="el" href="group__ssl.html#ga39b67bd22fb8f0a47bcdbdfd40f80b11" title="Configure the level of verification used on the peer certificate. ">pn_ssl_domain_set_peer_authentication</a>)</p> +<p>Support for SSL Client Session resume is provided (see <a class="el" href="group__ssl.html#ga45f319dd31ad456b8a85927888f94acf" title="Initialize an SSL session. ">pn_ssl_init</a>, <a class="el" href="group__ssl.html#ga5f1a1d6697994bac00edc3df200a8f5f" title="Check whether the state has been resumed. ">pn_ssl_resume_status</a>). </p> + +</div> +</div> +<a id="ga215da63662423b00d34605ba4f9761f5"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga215da63662423b00d34605ba4f9761f5">◆ </a></span>pn_ssl_t</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">typedef struct <a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> <a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a></td> + </tr> + </table> +</div><div class="memdoc"> +<dl class="section see"><dt>See also</dt><dd><a class="el" href="group__ssl.html#gaaeb5284b45f9e2146ff671b1ddc9420c" title="Create a new SSL session object associated with a transport. ">pn_ssl</a> </dd></dl> + +</div> +</div> +<h2 class="groupheader">Enumeration Type Documentation</h2> +<a id="ga0f1d40875c45b14a31a77f27430bc225"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga0f1d40875c45b14a31a77f27430bc225">◆ </a></span>pn_ssl_mode_t</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">enum <a class="el" href="group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225">pn_ssl_mode_t</a></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Determines the type of SSL endpoint. </p> +<table class="fieldtable"> +<tr><th colspan="2">Enumerator</th></tr><tr><td class="fieldname"><a id="gga0f1d40875c45b14a31a77f27430bc225a4e2fe24fcd2692e4c20c27668091a49c"></a>PN_SSL_MODE_CLIENT </td><td class="fielddoc"><p>Local connection endpoint is an SSL client. </p> +</td></tr> +<tr><td class="fieldname"><a id="gga0f1d40875c45b14a31a77f27430bc225a0c4550c70a6bc74cb906a74c5f1e5078"></a>PN_SSL_MODE_SERVER </td><td class="fielddoc"><p>Local connection endpoint is an SSL server. </p> +</td></tr> +</table> + +</div> +</div> +<a id="gaf175c116d52a91001f9a3559b580f56d"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gaf175c116d52a91001f9a3559b580f56d">◆ </a></span>pn_ssl_resume_status_t</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">enum <a class="el" href="group__ssl.html#gaf175c116d52a91001f9a3559b580f56d">pn_ssl_resume_status_t</a></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Indicates whether an SSL session has been resumed. </p> +<table class="fieldtable"> +<tr><th colspan="2">Enumerator</th></tr><tr><td class="fieldname"><a id="ggaf175c116d52a91001f9a3559b580f56dad1385651f6078177d6652c385453280d"></a>PN_SSL_RESUME_UNKNOWN </td><td class="fielddoc"><p>Session resume state unknown/not supported. </p> +</td></tr> +<tr><td class="fieldname"><a id="ggaf175c116d52a91001f9a3559b580f56dac8a5515a69c89007f681b3c555328e8f"></a>PN_SSL_RESUME_NEW </td><td class="fielddoc"><p>Session renegotiated - not resumed. </p> +</td></tr> +<tr><td class="fieldname"><a id="ggaf175c116d52a91001f9a3559b580f56dabb1b88b78dcb91ee80cd6f0eb5873d6d"></a>PN_SSL_RESUME_REUSED </td><td class="fielddoc"><p>Session resumed from previous session. </p> +</td></tr> +</table> + +</div> +</div> +<a id="gae5e33024ed6af3432d4c76d1484d7ecb"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gae5e33024ed6af3432d4c76d1484d7ecb">◆ </a></span>pn_ssl_verify_mode_t</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">enum <a class="el" href="group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb">pn_ssl_verify_mode_t</a></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Determines the level of peer validation. </p> +<p>ANONYMOUS_PEER does not require a valid certificate, and permits use of ciphers that do not provide authentication.</p> +<p>VERIFY_PEER will only connect to those peers that provide a valid identifying certificate signed by a trusted CA and are using an authenticated cipher.</p> +<p>VERIFY_PEER_NAME is like VERIFY_PEER, but also requires the peer's identity as contained in the certificate to be valid (see <a class="el" href="group__ssl.html#ga15d46dcd823ebd42b9f7f63ed570080a" title="Set the expected identity of the remote peer. ">pn_ssl_set_peer_hostname</a>).</p> +<p>ANONYMOUS_PEER is configured by default. </p> +<table class="fieldtable"> +<tr><th colspan="2">Enumerator</th></tr><tr><td class="fieldname"><a id="ggae5e33024ed6af3432d4c76d1484d7ecbada1e3837cc900bd6419de72c25b253cc"></a>PN_SSL_VERIFY_NULL </td><td class="fielddoc"><p>internal use only </p> +</td></tr> +<tr><td class="fieldname"><a id="ggae5e33024ed6af3432d4c76d1484d7ecbad80276abde5d95760c63d0b9685d4d44"></a>PN_SSL_VERIFY_PEER </td><td class="fielddoc"><p>require peer to provide a valid identifying certificate </p> +</td></tr> +<tr><td class="fieldname"><a id="ggae5e33024ed6af3432d4c76d1484d7ecbafa6dbe705dd0366ff4799616f788a9f5"></a>PN_SSL_ANONYMOUS_PEER </td><td class="fielddoc"><p>do not require a certificate nor cipher authorization </p> +</td></tr> +<tr><td class="fieldname"><a id="ggae5e33024ed6af3432d4c76d1484d7ecbaac956f0febf05ab579de839700895e36"></a>PN_SSL_VERIFY_PEER_NAME </td><td class="fielddoc"><p>require valid certificate and matching name </p> +</td></tr> +</table> + +</div> +</div> +<h2 class="groupheader">Function Documentation</h2> +<a id="gaec849c8189c12da727e7be7ca757dbdb"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gaec849c8189c12da727e7be7ca757dbdb">◆ </a></span>pn_ssl_present()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">bool pn_ssl_present </td> + <td>(</td> + <td class="paramtype">void </td> + <td class="paramname"></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Tests for SSL implementation present. </p> +<dl class="section return"><dt>Returns</dt><dd>true if we support SSL, false if not </dd></dl> + +</div> +</div> +<a id="gaab5e86b7a4d22943eba82c6e94b82357"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gaab5e86b7a4d22943eba82c6e94b82357">◆ </a></span>pn_ssl_domain()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a>* pn_ssl_domain </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225">pn_ssl_mode_t</a> </td> + <td class="paramname"><em>mode</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Create an SSL configuration domain. </p> +<p>This method allocates an SSL domain object. This object is used to hold the SSL configuration for one or more SSL sessions. The SSL session object (pn_ssl_t) is allocated from this object.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">mode</td><td>the role, client or server, assumed by all SSL sessions created with this domain. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>a pointer to the SSL domain, if SSL support is present. </dd></dl> + +</div> +</div> +<a id="ga5452ded9c36d78a17c6dea292a01c80d"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga5452ded9c36d78a17c6dea292a01c80d">◆ </a></span>pn_ssl_domain_free()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">void pn_ssl_domain_free </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Release an SSL configuration domain. </p> +<p>This method frees an SSL domain object allocated by <a class="el" href="group__ssl.html#gaab5e86b7a4d22943eba82c6e94b82357" title="Create an SSL configuration domain. ">pn_ssl_domain</a>. </p><dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the domain to destroy. </td></tr> + </table> + </dd> +</dl> + +</div> +</div> +<a id="ga7311e46bb756474513f3c331e0c1b0aa"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga7311e46bb756474513f3c331e0c1b0aa">◆ </a></span>pn_ssl_domain_set_credentials()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_set_credentials </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>credential_1</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>credential_2</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>password</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Set the certificate that identifies the local node to the remote. </p> +<p>This certificate establishes the identity for the local node for all SSL sessions created from this domain. It will be sent to the remote if the remote needs to verify the identity of this node. This may be used for both SSL servers and SSL clients (if client authentication is required by the server).</p> +<dl class="section note"><dt>Note</dt><dd>This setting effects only those pn_ssl_t objects created after this call returns. pn_ssl_t objects created before invoking this method will use the domain's previous setting.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain that will use this certificate. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">credential_1</td><td>specifier for the file/database containing the identifying certificate. For Openssl users, this is a PEM file. For Windows SChannel users, this is the PKCS#12 file or system store. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">credential_2</td><td>an optional key to access the identifying certificate. For Openssl users, this is an optional PEM file containing the private key used to sign the certificate. For Windows SChannel users, this is the friendly name of the self-identifying certificate if there are multiple certificates in the store. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">password</td><td>the password used to sign the key, else NULL if key is not protected. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="ga6cdf12ad6ff3d50ac1d31db3cff11c2d"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga6cdf12ad6ff3d50ac1d31db3cff11c2d">◆ </a></span>pn_ssl_domain_set_trusted_ca_db()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_set_trusted_ca_db </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>certificate_db</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Configure the set of trusted CA certificates used by this domain to verify peers. </p> +<p>If the local SSL client/server needs to verify the identity of the remote, it must validate the signature of the remote's certificate. This function sets the database of trusted CAs that will be used to verify the signature of the remote's certificate.</p> +<dl class="section note"><dt>Note</dt><dd>This setting effects only those pn_ssl_t objects created after this call returns. pn_ssl_t objects created before invoking this method will use the domain's previous setting.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain that will use the database. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">certificate_db</td><td>database of trusted CAs, used to authenticate the peer. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="ga39b67bd22fb8f0a47bcdbdfd40f80b11"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga39b67bd22fb8f0a47bcdbdfd40f80b11">◆ </a></span>pn_ssl_domain_set_peer_authentication()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_set_peer_authentication </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const <a class="el" href="group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb">pn_ssl_verify_mode_t</a> </td> + <td class="paramname"><em>mode</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>trusted_CAs</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Configure the level of verification used on the peer certificate. </p> +<p>This method controls how the peer's certificate is validated, if at all. By default, neither servers nor clients attempt to verify their peers (PN_SSL_ANONYMOUS_PEER). Once certificates and trusted CAs are configured, peer verification can be enabled.</p> +<dl class="section note"><dt>Note</dt><dd>In order to verify a peer, a trusted CA must be configured. See <a class="el" href="group__ssl.html#ga6cdf12ad6ff3d50ac1d31db3cff11c2d" title="Configure the set of trusted CA certificates used by this domain to verify peers. ...">pn_ssl_domain_set_trusted_ca_db()</a>.</dd> +<dd> +Servers must provide their own certificate when verifying a peer. See <a class="el" href="group__ssl.html#ga7311e46bb756474513f3c331e0c1b0aa" title="Set the certificate that identifies the local node to the remote. ">pn_ssl_domain_set_credentials()</a>.</dd> +<dd> +This setting effects only those pn_ssl_t objects created after this call returns. pn_ssl_t objects created before invoking this method will use the domain's previous setting.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain to configure. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">mode</td><td>the level of validation to apply to the peer </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">trusted_CAs</td><td>path to a database of trusted CAs that the server will advertise to the peer client if the server has been configured to verify its peer. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="ga333fcb941ed20421373f37b23d84fc98"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga333fcb941ed20421373f37b23d84fc98">◆ </a></span>pn_ssl_domain_set_protocols()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_set_protocols </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>protocols</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Configure the list of permitted TLS protocols. </p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain to configure. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">protocols</td><td>string representing the protocol list. This list is a space separated string of the allowed TLS protocols, The current possibilities are TLSv1 TLSv1.1 TLSv1.2. None of the earlier SSL protocols are allowed for security reason.</td></tr> + </table> + </dd> +</dl> +<dl class="section note"><dt>Note</dt><dd>If this API not called then all the TLS protocols are allowed. The API only acts to restrict the allowed protocols to the specified set. </dd></dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="gac3da0f48aeeb11d8149a559a2a064ddc"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gac3da0f48aeeb11d8149a559a2a064ddc">◆ </a></span>pn_ssl_domain_set_ciphers()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_set_ciphers </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>ciphers</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Configure the list of permitted ciphers. </p> +<dl class="section note"><dt>Note</dt><dd>The syntax of the permitted list is undefined and will depend on the underlying SSL implementation.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain to configure. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">ciphers</td><td>string representing the cipher list </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="ga2ac989a62dcd138be770fae0bbb85e74"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga2ac989a62dcd138be770fae0bbb85e74">◆ </a></span>pn_ssl_domain_allow_unsecured_client()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_domain_allow_unsecured_client </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Permit a server to accept connection requests from non-SSL clients. </p> +<p>This configures the server to "sniff" the incoming client data stream, and dynamically determine whether SSL/TLS is being used. This option is disabled by default: only clients using SSL/TLS are accepted.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the domain (server) that will accept the client connections. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success </dd></dl> + +</div> +</div> +<a id="gaaeb5284b45f9e2146ff671b1ddc9420c"></a> +<h2 class="memtitle"><span class="permalink"><a href="#gaaeb5284b45f9e2146ff671b1ddc9420c">◆ </a></span>pn_ssl()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a>* pn_ssl </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__transport.html#gac26eda05f649bbf0399f3d8d78d12fa8">pn_transport_t</a> * </td> + <td class="paramname"><em>transport</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Create a new SSL session object associated with a transport. </p> +<p>A transport must have an SSL object in order to "speak" SSL over its connection. This method allocates an SSL object associates it with the transport.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">transport</td><td>the transport that will own the new SSL session. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>a pointer to the SSL object configured for this transport. Returns NULL if no SSL session is associated with the transport. </dd></dl> + +</div> +</div> +<a id="ga45f319dd31ad456b8a85927888f94acf"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga45f319dd31ad456b8a85927888f94acf">◆ </a></span>pn_ssl_init()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_init </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175">pn_ssl_domain_t</a> * </td> + <td class="paramname"><em>domain</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>session_id</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Initialize an SSL session. </p> +<p>This method configures an SSL object using the configuration provided by the given domain.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl session to configured. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">domain</td><td>the ssl domain used to configure the SSL session. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">session_id</td><td>if supplied, attempt to resume a previous SSL session that used the same session_id. If no previous SSL session is available, a new session will be created using the session_id and stored for future session restore (see ::<a class="el" href="group__ssl.html#ga5f1a1d6697994bac00edc3df200a8f5f" title="Check whether the state has been resumed. ">pn_ssl_resume_status</a>). </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success, else an error code. </dd></dl> + +</div> +</div> +<a id="ga47653f84f4b5e3bad46c08d4e82a2c52"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga47653f84f4b5e3bad46c08d4e82a2c52">◆ </a></span>pn_ssl_get_cipher_name()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">bool pn_ssl_get_cipher_name </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">char * </td> + <td class="paramname"><em>buffer</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">size_t </td> + <td class="paramname"><em>size</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Get the name of the Cipher that is currently in use. </p> +<p>Gets a text description of the cipher that is currently active, or returns FALSE if SSL is not active (no cipher). Note that the cipher in use may change over time due to renegotiation or other changes to the SSL state.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl client/server to query. </td></tr> + <tr><td class="paramdir">[in,out]</td><td class="paramname">buffer</td><td>buffer of size bytes to hold cipher name </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">size</td><td>maximum number of bytes in buffer. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>True if cipher name written to buffer, False if no cipher in use. </dd></dl> + +</div> +</div> +<a id="ga7fa81d6e5f9b28f90558ab8dd3c4fb1d"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga7fa81d6e5f9b28f90558ab8dd3c4fb1d">◆ </a></span>pn_ssl_get_ssf()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_get_ssf </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Get the SSF (security strength factor) of the Cipher that is currently in use. </p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl client/server to query. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>the ssf, note that 0 means no security. </dd></dl> + +</div> +</div> +<a id="ga03e8070271747c3901d8d6e5710c0066"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga03e8070271747c3901d8d6e5710c0066">◆ </a></span>pn_ssl_get_protocol_name()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">bool pn_ssl_get_protocol_name </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">char * </td> + <td class="paramname"><em>buffer</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">size_t </td> + <td class="paramname"><em>size</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Get the name of the SSL protocol that is currently in use. </p> +<p>Gets a text description of the SSL protocol that is currently active, or returns FALSE if SSL is not active. Note that the protocol may change over time due to renegotiation.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl client/server to query. </td></tr> + <tr><td class="paramdir">[in,out]</td><td class="paramname">buffer</td><td>buffer of size bytes to hold the version identifier </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">size</td><td>maximum number of bytes in buffer. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>True if the version information was written to buffer, False if SSL connection not ready. </dd></dl> + +</div> +</div> +<a id="ga5f1a1d6697994bac00edc3df200a8f5f"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga5f1a1d6697994bac00edc3df200a8f5f">◆ </a></span>pn_ssl_resume_status()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname"><a class="el" href="group__ssl.html#gaf175c116d52a91001f9a3559b580f56d">pn_ssl_resume_status_t</a> pn_ssl_resume_status </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Check whether the state has been resumed. </p> +<p>Used for client session resume. When called on an active session, indicates whether the state has been resumed from a previous session.</p> +<dl class="section note"><dt>Note</dt><dd>This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a re-negotiation instead.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl session to check </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>status code indicating whether or not the session has been resumed. </dd></dl> + +</div> +</div> +<a id="ga15d46dcd823ebd42b9f7f63ed570080a"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga15d46dcd823ebd42b9f7f63ed570080a">◆ </a></span>pn_ssl_set_peer_hostname()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_set_peer_hostname </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">const char * </td> + <td class="paramname"><em>hostname</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Set the expected identity of the remote peer. </p> +<p>By default, SSL will use the hostname associated with the connection that the transport is bound to (see <a class="el" href="group__connection.html#ga0c3bed8e6764915a137a9daff199ecbb" title="Set the name of the virtual host (either fully qualified or relative) to which this connection is con...">pn_connection_set_hostname</a>). This method allows the caller to override that default.</p> +<p>The hostname is used for two purposes: 1) when set on an SSL client, it is sent to the server during the handshake (if Server Name Indication is supported), and 2) it is used to check against the identifying name provided in the peer's certificate. If the supplied name does not exactly match a SubjectAltName (type DNS name), or the CommonName entry in the peer's certificate, the peer is considered unauthenticated (potential imposter), and the SSL connection is aborted.</p> +<dl class="section note"><dt>Note</dt><dd>Verification of the hostname is only done if PN_SSL_VERIFY_PEER_NAME is enabled. See <a class="el" href="group__ssl.html#ga39b67bd22fb8f0a47bcdbdfd40f80b11" title="Configure the level of verification used on the peer certificate. ">pn_ssl_domain_set_peer_authentication</a>.</dd></dl> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl session. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">hostname</td><td>the expected identity of the remote. Must conform to the syntax as given in RFC1034, Section 3.5. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success. </dd></dl> + +</div> +</div> +<a id="ga76636a5ce4696284356321226ee0731c"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga76636a5ce4696284356321226ee0731c">◆ </a></span>pn_ssl_get_peer_hostname()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_get_peer_hostname </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">char * </td> + <td class="paramname"><em>hostname</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">size_t * </td> + <td class="paramname"><em>bufsize</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Access the configured peer identity. </p> +<p>Return the expected identity of the remote peer, as set by <a class="el" href="group__ssl.html#ga15d46dcd823ebd42b9f7f63ed570080a" title="Set the expected identity of the remote peer. ">pn_ssl_set_peer_hostname</a>.</p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl session. </td></tr> + <tr><td class="paramdir">[out]</td><td class="paramname">hostname</td><td>buffer to hold the null-terminated name string. If null, no string is written. </td></tr> + <tr><td class="paramdir">[in,out]</td><td class="paramname">bufsize</td><td>on input set to the number of octets in hostname. On output, set to the number of octets needed to hold the value of hostname plus a null byte. Zero if no hostname set. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>0 on success. </dd></dl> + +</div> +</div> +<a id="ga11c877302188bc852cfdc9efd6de58c3"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga11c877302188bc852cfdc9efd6de58c3">◆ </a></span>pn_ssl_get_remote_subject()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">const char* pn_ssl_get_remote_subject </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl</em></td><td>)</td> + <td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Get the subject from the peers certificate. </p> +<dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl</td><td>the ssl client/server to query. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>A null terminated string representing the full subject, which is valid until the ssl object is destroyed. </dd></dl> + +</div> +</div> +<a id="ga324db5da83b1abad2e948481d65119d4"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga324db5da83b1abad2e948481d65119d4">◆ </a></span>pn_ssl_get_cert_fingerprint()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">int pn_ssl_get_cert_fingerprint </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl0</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">char * </td> + <td class="paramname"><em>fingerprint</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype">size_t </td> + <td class="paramname"><em>fingerprint_length</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype"><a class="el" href="group__ssl.html#gaf0b0cd3271ad4a0e33e2a61a8cea7892">pn_ssl_hash_alg</a> </td> + <td class="paramname"><em>hash_alg</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Get the fingerprint of the certificate. </p> +<p>The certificate fingerprint (as displayed in the Fingerprints section when looking at a certificate with say the Firefox browser) is the hexadecimal hash of the entire certificate. The fingerprint is not part of the certificate, rather it is computed from the certificate and can be used to uniquely identify a certificate. </p><dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl0</td><td>the ssl client/server to query </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">fingerprint</td><td>char pointer. The certificate fingerprint (in hex format) will be populated in this array. If sha1 is the digest name, the fingerprint is 41 characters long (40 + 1 '\0' character), 65 characters long for sha256 and 129 characters long for sha512 and 33 characters for md5. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">fingerprint_length</td><td>- Must be at >= 33 for md5, >= 41 for sha1, >= 65 for sha256 and >=129 for sha512. </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">hash_alg</td><td>the hash algorithm to use. Must be of type pn_ssl_hash_alg (currently supports sha1, sha256, sha512 and md5) </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>error code - Returns 0 on success. Return a value less than zero if there were any errors. Upon execution of this function, char *fingerprint will contain the appropriate null terminated hex fingerprint </dd></dl> + +</div> +</div> +<a id="ga0c9e8827536b9929793045771d82bdf1"></a> +<h2 class="memtitle"><span class="permalink"><a href="#ga0c9e8827536b9929793045771d82bdf1">◆ </a></span>pn_ssl_get_remote_subject_subfield()</h2> + +<div class="memitem"> +<div class="memproto"> + <table class="memname"> + <tr> + <td class="memname">const char* pn_ssl_get_remote_subject_subfield </td> + <td>(</td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga215da63662423b00d34605ba4f9761f5">pn_ssl_t</a> * </td> + <td class="paramname"><em>ssl0</em>, </td> + </tr> + <tr> + <td class="paramkey"></td> + <td></td> + <td class="paramtype"><a class="el" href="group__ssl.html#ga68d52866e8172acc7ecc7b4fe5b38a40">pn_ssl_cert_subject_subfield</a> </td> + <td class="paramname"><em>field</em> </td> + </tr> + <tr> + <td></td> + <td>)</td> + <td></td><td></td> + </tr> + </table> +</div><div class="memdoc"> + +<p>Returns a char pointer that contains the value of the sub field of the subject field in the ssl certificate. </p> +<p>The subject field usually contains the following sub fields - C = ISO3166 two character country code ST = state or province L = Locality; generally means city O = Organization - Company Name OU = Organization Unit - division or unit CN = CommonName </p><dl class="params"><dt>Parameters</dt><dd> + <table class="params"> + <tr><td class="paramdir">[in]</td><td class="paramname">ssl0</td><td>the ssl client/server to query </td></tr> + <tr><td class="paramdir">[in]</td><td class="paramname">field</td><td>The enumeration pn_ssl_cert_subject_subfield representing the required sub field. </td></tr> + </table> + </dd> +</dl> +<dl class="section return"><dt>Returns</dt><dd>A null terminated string which contains the requested sub field value which is valid until the ssl object is destroyed. </dd></dl> + +</div> +</div> +</div><!-- contents --> +</div><!-- doc-content --> +<!-- start footer part --> +<div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> + <ul> + <li class="footer">Generated by + <a href="http://www.doxygen.org/index.html";> + <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.13 </li> + </ul> +</div> +</body> +</html>
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/bc75d075/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.js ---------------------------------------------------------------------- diff --git a/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.js b/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.js new file mode 100755 index 0000000..dacde1a --- /dev/null +++ b/content/releases/qpid-proton-0.22.0/proton/c/api/group__ssl.js @@ -0,0 +1,42 @@ +var group__ssl = +[ + [ "pn_ssl_domain_t", "group__ssl.html#gaba83c3a1779c8b35a479bf3a7bb5b175", null ], + [ "pn_ssl_t", "group__ssl.html#ga215da63662423b00d34605ba4f9761f5", null ], + [ "pn_ssl_mode_t", "group__ssl.html#ga0f1d40875c45b14a31a77f27430bc225", [ + [ "PN_SSL_MODE_CLIENT", "group__ssl.html#gga0f1d40875c45b14a31a77f27430bc225a4e2fe24fcd2692e4c20c27668091a49c", null ], + [ "PN_SSL_MODE_SERVER", "group__ssl.html#gga0f1d40875c45b14a31a77f27430bc225a0c4550c70a6bc74cb906a74c5f1e5078", null ] + ] ], + [ "pn_ssl_resume_status_t", "group__ssl.html#gaf175c116d52a91001f9a3559b580f56d", [ + [ "PN_SSL_RESUME_UNKNOWN", "group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dad1385651f6078177d6652c385453280d", null ], + [ "PN_SSL_RESUME_NEW", "group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dac8a5515a69c89007f681b3c555328e8f", null ], + [ "PN_SSL_RESUME_REUSED", "group__ssl.html#ggaf175c116d52a91001f9a3559b580f56dabb1b88b78dcb91ee80cd6f0eb5873d6d", null ] + ] ], + [ "pn_ssl_verify_mode_t", "group__ssl.html#gae5e33024ed6af3432d4c76d1484d7ecb", [ + [ "PN_SSL_VERIFY_NULL", "group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbada1e3837cc900bd6419de72c25b253cc", null ], + [ "PN_SSL_VERIFY_PEER", "group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbad80276abde5d95760c63d0b9685d4d44", null ], + [ "PN_SSL_ANONYMOUS_PEER", "group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbafa6dbe705dd0366ff4799616f788a9f5", null ], + [ "PN_SSL_VERIFY_PEER_NAME", "group__ssl.html#ggae5e33024ed6af3432d4c76d1484d7ecbaac956f0febf05ab579de839700895e36", null ] + ] ], + [ "pn_ssl_cert_subject_subfield", "group__ssl.html#ga68d52866e8172acc7ecc7b4fe5b38a40", null ], + [ "pn_ssl_hash_alg", "group__ssl.html#gaf0b0cd3271ad4a0e33e2a61a8cea7892", null ], + [ "pn_ssl_present", "group__ssl.html#gaec849c8189c12da727e7be7ca757dbdb", null ], + [ "pn_ssl_domain", "group__ssl.html#gaab5e86b7a4d22943eba82c6e94b82357", null ], + [ "pn_ssl_domain_free", "group__ssl.html#ga5452ded9c36d78a17c6dea292a01c80d", null ], + [ "pn_ssl_domain_set_credentials", "group__ssl.html#ga7311e46bb756474513f3c331e0c1b0aa", null ], + [ "pn_ssl_domain_set_trusted_ca_db", "group__ssl.html#ga6cdf12ad6ff3d50ac1d31db3cff11c2d", null ], + [ "pn_ssl_domain_set_peer_authentication", "group__ssl.html#ga39b67bd22fb8f0a47bcdbdfd40f80b11", null ], + [ "pn_ssl_domain_set_protocols", "group__ssl.html#ga333fcb941ed20421373f37b23d84fc98", null ], + [ "pn_ssl_domain_set_ciphers", "group__ssl.html#gac3da0f48aeeb11d8149a559a2a064ddc", null ], + [ "pn_ssl_domain_allow_unsecured_client", "group__ssl.html#ga2ac989a62dcd138be770fae0bbb85e74", null ], + [ "pn_ssl", "group__ssl.html#gaaeb5284b45f9e2146ff671b1ddc9420c", null ], + [ "pn_ssl_init", "group__ssl.html#ga45f319dd31ad456b8a85927888f94acf", null ], + [ "pn_ssl_get_cipher_name", "group__ssl.html#ga47653f84f4b5e3bad46c08d4e82a2c52", null ], + [ "pn_ssl_get_ssf", "group__ssl.html#ga7fa81d6e5f9b28f90558ab8dd3c4fb1d", null ], + [ "pn_ssl_get_protocol_name", "group__ssl.html#ga03e8070271747c3901d8d6e5710c0066", null ], + [ "pn_ssl_resume_status", "group__ssl.html#ga5f1a1d6697994bac00edc3df200a8f5f", null ], + [ "pn_ssl_set_peer_hostname", "group__ssl.html#ga15d46dcd823ebd42b9f7f63ed570080a", null ], + [ "pn_ssl_get_peer_hostname", "group__ssl.html#ga76636a5ce4696284356321226ee0731c", null ], + [ "pn_ssl_get_remote_subject", "group__ssl.html#ga11c877302188bc852cfdc9efd6de58c3", null ], + [ "pn_ssl_get_cert_fingerprint", "group__ssl.html#ga324db5da83b1abad2e948481d65119d4", null ], + [ "pn_ssl_get_remote_subject_subfield", "group__ssl.html#ga0c9e8827536b9929793045771d82bdf1", null ] +]; \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org
