You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 lines
3.2 KiB
C
131 lines
3.2 KiB
C
/*
|
|
* tls_config.h
|
|
*
|
|
* TLS Configuration API for protocol stacks using TCP/IP
|
|
*
|
|
* Copyright 2017-2018 MZ Automation GmbH
|
|
*
|
|
* Abstraction layer for configuration of different TLS implementations
|
|
*
|
|
*/
|
|
|
|
#ifndef SRC_TLS_CONFIG_H_
|
|
#define SRC_TLS_CONFIG_H_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include "hal_base.h"
|
|
|
|
/**
|
|
* \file tls_config.h
|
|
* \brief TLS API functions
|
|
*/
|
|
|
|
/*! \addtogroup hal Platform (Hardware/OS) abstraction layer
|
|
*
|
|
* @{
|
|
*/
|
|
|
|
/**
|
|
* @defgroup TLS_CONFIG_API TLS configuration
|
|
*
|
|
* @{
|
|
*/
|
|
|
|
typedef struct sTLSConfiguration* TLSConfiguration;
|
|
|
|
/**
|
|
* \brief Create a new \ref TLSConfiguration object to represent TLS configuration and certificates
|
|
*
|
|
* \return the new TLS configuration
|
|
*/
|
|
PAL_API TLSConfiguration
|
|
TLSConfiguration_create(void);
|
|
|
|
/* will be called by stack automatically when appropriate */
|
|
PAL_API void
|
|
TLSConfiguration_setClientMode(TLSConfiguration self);
|
|
|
|
/**
|
|
* \brief Enables the validation of the certificate trust chain (enabled by default)
|
|
*
|
|
* \param value true to enable chain validation, false to disable
|
|
*/
|
|
PAL_API void
|
|
TLSConfiguration_setChainValidation(TLSConfiguration self, bool value);
|
|
|
|
/**
|
|
* \brief Set if only known certificates are accepted.
|
|
*
|
|
* If set to true only known certificates are accepted. Connections with unknown certificates
|
|
* are rejected even if they are signed by a trusted authority.
|
|
*
|
|
* \param value true to enable setting, false otherwise
|
|
*/
|
|
PAL_API void
|
|
TLSConfiguration_setAllowOnlyKnownCertificates(TLSConfiguration self, bool value);
|
|
|
|
/**
|
|
* \brief Set own certificate (identity) from a byte buffer
|
|
*
|
|
* \param certificate the certificate buffer
|
|
* \param certLen the lenght of the certificate
|
|
*
|
|
* \return true, when the certificate was set, false otherwise (e.g. unknown certificate format)
|
|
*/
|
|
PAL_API bool
|
|
TLSConfiguration_setOwnCertificate(TLSConfiguration self, uint8_t* certificate, int certLen);
|
|
|
|
/**
|
|
* \brief Set own certificate (identity) from a certificate file
|
|
*
|
|
* \param filename of the certificate file
|
|
*
|
|
* \return true, when the certificate was set, false otherwise (e.g. unknown certificate format)
|
|
*/
|
|
PAL_API bool
|
|
TLSConfiguration_setOwnCertificateFromFile(TLSConfiguration self, const char* filename);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_setOwnKey(TLSConfiguration self, uint8_t* key, int keyLen, const char* keyPassword);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_setOwnKeyFromFile(TLSConfiguration self, const char* filename, const char* keyPassword);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_addAllowedCertificate(TLSConfiguration self, uint8_t* certifcate, int certLen);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_addAllowedCertificateFromFile(TLSConfiguration self, const char* filename);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_addCACertificate(TLSConfiguration self, uint8_t* certifcate, int certLen);
|
|
|
|
PAL_API bool
|
|
TLSConfiguration_addCACertificateFromFile(TLSConfiguration self, const char* filename);
|
|
|
|
/**
|
|
* \brief Set the renegotiation timeout.
|
|
*
|
|
* After the timeout elapsed a TLS session renegotiation has to occur.
|
|
*
|
|
* \param timeInMs session renegotiation timeout in milliseconds
|
|
*/
|
|
PAL_API void
|
|
TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs);
|
|
|
|
PAL_API void
|
|
TLSConfiguration_destroy(TLSConfiguration self);
|
|
|
|
/** @} */
|
|
|
|
/** @} */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SRC_TLS_CONFIG_H_ */
|