libnetconf2 2.0.24
NETCONF server and client library in C.
Loading...
Searching...
No Matches
Server-side Call Home on TLS

TLS settings for the Call Home functionality. More...

Collaboration diagram for Server-side Call Home on TLS:

Functions

int nc_server_tls_ch_client_endpt_add_ctn (const char *client_name, const char *endpt_name, uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name)
 Add a cert-to-name entry.
 
int nc_server_tls_ch_client_endpt_add_trusted_cert_list (const char *client_name, const char *endpt_name, const char *name)
 Add a Call Home trusted certificate list. Can be both a CA or a client one.
 
void nc_server_tls_ch_client_endpt_clear_crls (const char *client_name, const char *endpt_name)
 Destroy and clean Call Home CRLs. Call Home certificates, private keys, and CTN entries are not affected.
 
int nc_server_tls_ch_client_endpt_del_ctn (const char *client_name, const char *endpt_name, int64_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name)
 Remove a Call Home cert-to-name entry.
 
int nc_server_tls_ch_client_endpt_del_trusted_cert_list (const char *client_name, const char *endpt_name, const char *name)
 Remove a set Call Home trusted certificate list. CRLs and CTN entries are not affected.
 
int nc_server_tls_ch_client_endpt_get_ctn (const char *client_name, const char *endpt_name, uint32_t *id, char **fingerprint, NC_TLS_CTN_MAPTYPE *map_type, char **name)
 Get a Call Home cert-to-name entry.
 
int nc_server_tls_ch_client_endpt_set_crl_paths (const char *client_name, const char *endpt_name, const char *crl_file, const char *crl_dir)
 Set Call Home Certificate Revocation List locations. There can only be one file and one directory, they are replaced if already set.
 
int nc_server_tls_ch_client_endpt_set_server_cert (const char *client_name, const char *endpt_name, const char *name)
 Set the server Call Home TLS certificate. Only the name is set, the certificate itself wil be retrieved using a callback.
 
int nc_server_tls_ch_client_endpt_set_trusted_ca_paths (const char *client_name, const char *endpt_name, const char *ca_file, const char *ca_dir)
 Set trusted Call Home Certificate Authority certificate locations. There can only be one file and one directory, they are replaced if already set.
 

Detailed Description

TLS settings for the Call Home functionality.

Function Documentation

◆ nc_server_tls_ch_client_endpt_add_ctn()

int nc_server_tls_ch_client_endpt_add_ctn ( const char *  client_name,
const char *  endpt_name,
uint32_t  id,
const char *  fingerprint,
NC_TLS_CTN_MAPTYPE  map_type,
const char *  name 
)

Add a cert-to-name entry.

It is possible to add an entry step-by-step, specifying first only ip and in later calls fingerprint, map_type, and optionally name spearately.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]idPriority of the entry. It must be unique. If already exists, the entry with this id is modified.
[in]fingerprintMatching certificate fingerprint. If NULL, kept temporarily unset.
[in]map_typeType of username-certificate mapping. If 0, kept temporarily unset.
[in]nameSpecific username used only if map_type == NC_TLS_CTN_SPECIFED.
Returns
0 on success, -1 on error.

◆ nc_server_tls_ch_client_endpt_add_trusted_cert_list()

int nc_server_tls_ch_client_endpt_add_trusted_cert_list ( const char *  client_name,
const char *  endpt_name,
const char *  name 
)

Add a Call Home trusted certificate list. Can be both a CA or a client one.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]nameArbitary name identifying this certificate list.
Returns
0 on success, -1 on error.

◆ nc_server_tls_ch_client_endpt_clear_crls()

void nc_server_tls_ch_client_endpt_clear_crls ( const char *  client_name,
const char *  endpt_name 
)

Destroy and clean Call Home CRLs. Call Home certificates, private keys, and CTN entries are not affected.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.

◆ nc_server_tls_ch_client_endpt_del_ctn()

int nc_server_tls_ch_client_endpt_del_ctn ( const char *  client_name,
const char *  endpt_name,
int64_t  id,
const char *  fingerprint,
NC_TLS_CTN_MAPTYPE  map_type,
const char *  name 
)

Remove a Call Home cert-to-name entry.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]idPriority of the entry. -1 matches all the priorities.
[in]fingerprintFingerprint fo the entry. NULL matches all the fingerprints.
[in]map_typeMapping type of the entry. 0 matches all the mapping types.
[in]nameSpecific username for the entry. NULL matches all the usernames.
Returns
0 on success, -1 on not finding any match.

◆ nc_server_tls_ch_client_endpt_del_trusted_cert_list()

int nc_server_tls_ch_client_endpt_del_trusted_cert_list ( const char *  client_name,
const char *  endpt_name,
const char *  name 
)

Remove a set Call Home trusted certificate list. CRLs and CTN entries are not affected.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]nameName of the certificate list to delete. NULL deletes all the lists.
Returns
0 on success, -1 on not found.

◆ nc_server_tls_ch_client_endpt_get_ctn()

int nc_server_tls_ch_client_endpt_get_ctn ( const char *  client_name,
const char *  endpt_name,
uint32_t *  id,
char **  fingerprint,
NC_TLS_CTN_MAPTYPE map_type,
char **  name 
)

Get a Call Home cert-to-name entry.

If a parameter is NULL, it is ignored. If its dereferenced value is NULL, it is filled and returned. If the value is set, it is used as a filter. Returns first matching entry.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in,out]idPriority of the entry.
[in,out]fingerprintFingerprint fo the entry.
[in,out]map_typeMapping type of the entry.
[in,out]nameSpecific username for the entry.
Returns
0 on success, -1 on not finding any match.

◆ nc_server_tls_ch_client_endpt_set_crl_paths()

int nc_server_tls_ch_client_endpt_set_crl_paths ( const char *  client_name,
const char *  endpt_name,
const char *  crl_file,
const char *  crl_dir 
)

Set Call Home Certificate Revocation List locations. There can only be one file and one directory, they are replaced if already set.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]crl_filePath to a CRL store file in PEM format. Can be NULL.
[in]crl_dirPath to a CRL store hashed directory (c_rehash utility can be used to create hashes) with PEM files. Can be NULL.
Returns
0 on success, -1 on error.

◆ nc_server_tls_ch_client_endpt_set_server_cert()

int nc_server_tls_ch_client_endpt_set_server_cert ( const char *  client_name,
const char *  endpt_name,
const char *  name 
)

Set the server Call Home TLS certificate. Only the name is set, the certificate itself wil be retrieved using a callback.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]nameArbitrary certificate name.
Returns
0 on success, -1 on error.

◆ nc_server_tls_ch_client_endpt_set_trusted_ca_paths()

int nc_server_tls_ch_client_endpt_set_trusted_ca_paths ( const char *  client_name,
const char *  endpt_name,
const char *  ca_file,
const char *  ca_dir 
)

Set trusted Call Home Certificate Authority certificate locations. There can only be one file and one directory, they are replaced if already set.

Parameters
[in]client_nameExisting Call Home client name.
[in]endpt_nameExisting endpoint name of the client.
[in]ca_filePath to a trusted CA cert store file in PEM format. Can be NULL.
[in]ca_dirPath to a trusted CA cert store hashed directory (c_rehash utility can be used to create hashes) with PEM files. Can be NULL.
Returns
0 on success, -1 on error.