12#ifndef SRC_TLS_CONFIG_H_
13#define SRC_TLS_CONFIG_H_
20#include "tls_ciphers.h"
90#define TLS_EVENT_CODE_ALM_ALGO_NOT_SUPPORTED 1
91#define TLS_EVENT_CODE_ALM_UNSECURE_COMMUNICATION 2
92#define TLS_EVENT_CODE_ALM_CERT_UNAVAILABLE 3
93#define TLS_EVENT_CODE_ALM_BAD_CERT 4
94#define TLS_EVENT_CODE_ALM_CERT_SIZE_EXCEEDED 5
95#define TLS_EVENT_CODE_ALM_CERT_VALIDATION_FAILED 6
96#define TLS_EVENT_CODE_ALM_CERT_REQUIRED 7
97#define TLS_EVENT_CODE_ALM_HANDSHAKE_FAILED_UNKNOWN_REASON 8
98#define TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION 9
99#define TLS_EVENT_CODE_INF_SESSION_RENEGOTIATION 10
100#define TLS_EVENT_CODE_ALM_CERT_EXPIRED 11
101#define TLS_EVENT_CODE_ALM_CERT_REVOKED 12
102#define TLS_EVENT_CODE_ALM_CERT_NOT_CONFIGURED 13
103#define TLS_EVENT_CODE_ALM_CERT_NOT_TRUSTED 14
104#define TLS_EVENT_CODE_ALM_NO_CIPHER 15
105#define TLS_EVENT_CODE_INF_SESSION_ESTABLISHED 16
PAL_API bool TLSConfiguration_setOwnKey(TLSConfiguration self, uint8_t *key, int keyLen, const char *keyPassword)
Set the own private key from a byte buffer.
PAL_API void TLSConfiguration_clearCipherSuiteList(TLSConfiguration self)
Clear the list of allowed ciphersuites.
PAL_API const char * TLSConfigVersion_toString(TLSConfigVersion version)
Convert TLS version number to string.
PAL_API bool TLSConfiguration_addCACertificate(TLSConfiguration self, uint8_t *certificate, int certLen)
Add a CA certificate used to validate peer certificates from a byte buffer.
PAL_API void TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs)
Set the renegotiation timeout.
PAL_API void TLSConfiguration_setChainValidation(TLSConfiguration self, bool value)
Enables the validation of the certificate trust chain (enabled by default)
PAL_API void TLSConfiguration_enableSessionResumption(TLSConfiguration self, bool enable)
enable or disable TLS session resumption (default: enabled)
PAL_API void TLSConfiguration_setEventHandler(TLSConfiguration self, TLSConfiguration_EventHandler handler, void *parameter)
Set the security event handler.
PAL_API void TLSConfiguration_resetCRL(TLSConfiguration self)
Removes any CRL (certificate revocation list) currently in use.
PAL_API uint8_t * TLSConnection_getPeerCertificate(TLSConnection self, int *certSize)
Get the TLS certificate used by the peer.
PAL_API void TLSConfiguration_addCipherSuite(TLSConfiguration self, int ciphersuite)
Add an allowed ciphersuite to the list of allowed ciphersuites.
TLSConfigVersion
Definition tls_config.h:65
PAL_API void TLSConfiguration_setSessionResumptionInterval(TLSConfiguration self, int intervalInSeconds)
Set the maximum life time of a cached TLS session for session resumption in seconds.
PAL_API void TLSConfiguration_setAllowOnlyKnownCertificates(TLSConfiguration self, bool value)
Set if only known certificates are accepted.
PAL_API bool TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char *filename)
Add a CRL (certificate revocation list) from a file.
PAL_API bool TLSConfiguration_setOwnCertificateFromFile(TLSConfiguration self, const char *filename)
Set own certificate (identity) from a certificate file.
TLSEventLevel
Definition tls_config.h:84
struct sTLSConfiguration * TLSConfiguration
Definition tls_config.h:38
struct sTLSConnection * TLSConnection
Definition tls_config.h:107
PAL_API bool TLSConfiguration_addAllowedCertificate(TLSConfiguration self, uint8_t *certificate, int certLen)
PAL_API bool TLSConfiguration_addCRL(TLSConfiguration self, uint8_t *crl, int crlLen)
Add a CRL (certificate revocation list) from buffer.
PAL_API bool TLSConfiguration_addAllowedCertificateFromFile(TLSConfiguration self, const char *filename)
Add a certificate to the list of allowed peer certificates.
PAL_API char * TLSConnection_getPeerAddress(TLSConnection self, char *peerAddrBuf)
Get the peer address of the TLS connection.
PAL_API TLSConfigVersion TLSConnection_getTLSVersion(TLSConnection self)
Get the TLS version used by the connection.
PAL_API bool TLSConfiguration_setOwnCertificate(TLSConfiguration self, uint8_t *certificate, int certLen)
Set own certificate (identity) from a byte buffer.
PAL_API void TLSConfiguration_destroy(TLSConfiguration self)
Release all resource allocated by the TLSConfiguration instance or decrease owner count.
PAL_API void TLSConfiguration_setMaxTlsVersion(TLSConfiguration self, TLSConfigVersion version)
Set maximal allowed TLS version to use.
void(* TLSConfiguration_EventHandler)(void *parameter, TLSEventLevel eventLevel, int eventCode, const char *message, TLSConnection con)
Definition tls_config.h:141
PAL_API bool TLSConfiguration_addCACertificateFromFile(TLSConfiguration self, const char *filename)
Add a CA certificate used to validate peer certificates from a file.
PAL_API TLSConfiguration TLSConfiguration_claimOwnership(TLSConfiguration self)
Increase the owner count.
PAL_API void TLSConfiguration_setMinTlsVersion(TLSConfiguration self, TLSConfigVersion version)
Set minimal allowed TLS version to use.
PAL_API void TLSConfiguration_setClientMode(TLSConfiguration self)
PAL_API TLSConfiguration TLSConfiguration_create(void)
Create a new TLSConfiguration object to represent TLS configuration and certificates and set owner co...
PAL_API bool TLSConfiguration_setOwnKeyFromFile(TLSConfiguration self, const char *filename, const char *keyPassword)
Set the own private key from a key file.
@ TLS_VERSION_TLS_1_1
Definition tls_config.h:69
@ TLS_VERSION_SSL_3_0
Definition tls_config.h:67
@ TLS_VERSION_TLS_1_0
Definition tls_config.h:68
@ TLS_VERSION_TLS_1_3
Definition tls_config.h:71
@ TLS_VERSION_TLS_1_2
Definition tls_config.h:70
@ TLS_VERSION_NOT_SELECTED
Definition tls_config.h:66
@ TLS_SEC_EVT_WARNING
Definition tls_config.h:86
@ TLS_SEC_EVT_INCIDENT
Definition tls_config.h:87
@ TLS_SEC_EVT_INFO
Definition tls_config.h:85
1.12.0