TLS configuration for SMA-X. More...

Functions
int	smaxDisableTLS ()

int	smaxSetDHCipherParams (const char *dh_file)

int	smaxSetMutualTLS (const char cert_file, const char key_file)

int	smaxSetTLS (const char ca_path, const char ca_file)

int	smaxSetTLSCiphers (const char *list)

int	smaxSetTLSCipherSuites (const char *list)

int	smaxSetTLSServerName (const char *host)

int	smaxSetTLSVerify (boolean value)

Detailed Description

TLS configuration for SMA-X.

Date: Created on Jan 13, 2025

Author: Attila Kovacs

Function Documentation

◆ smaxDisableTLS()

int smaxDisableTLS ( )

Disables a previously enabled TLS configuration for SMA-X.

Returns: X_SUCCESS (0) if successful, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLS()

References FALSE, and X_SUCCESS.

◆ smaxSetDHCipherParams()

int smaxSetDHCipherParams ( const char * dh_file )

Sets parameters for DH-based cyphers when using a TLS encrypted connection.

Parameters

dh_file Path to the DH-based cypher parameters file (in PEM format; we don't support the old DER format), or NULL for no params.

Returns: X_SUCCESS (0) if successful, or X_NAME_INVALID if the file is not accessible, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLS(); smaxSetTLSCiphers(); smaxSetTLSCipherSuites()

References x_error(), X_FAILURE, X_NAME_INVALID, X_SUCCESS, and xStringCopyOf().

◆ smaxSetMutualTLS()

int smaxSetMutualTLS	(	const char *	cert_file,
		const char *	key_file
	)

Set a TLS certificate and private key for mutual TLS. You will still need to call smaxSetTLS() also to create a complete TLS configuration. Redis normally uses mutual TLS, which requires both the client and the server to authenticate themselves. For this you need the server's TLS certificate and private key also. It is possible to configure Redis servers to verify one way only with a CA certificate, in which case you don't need to call this to configure the client.

To disable mutual TLS, set both file name arguments to NULL.

Parameters

cert_file	Path to the server's certificate file.
key_file	Path to the server'sprivate key file.

Returns: X_SUCCESS (0) if successful, or, X_NAME_INVALID if the certificate or private key file is not accessible, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLS()

References x_error(), X_FAILURE, X_NAME_INVALID, X_SUCCESS, and xStringCopyOf().

◆ smaxSetTLS()

int smaxSetTLS	(	const char *	ca_path,
		const char *	ca_file
	)

Configures a TLS-encrypted connection to thr SMA-X server with the specified CA certificate file. Normally you will want to set up mutual TLS with smaxSetMutualTLS() also, unless the server is not requiring mutual authentication. Additionally, you might also want to set parameters for DH-based cyphers if needed using smaxSetDHCypherParams().

Parameters

ca_path	Directory containing CA certificates. It may be NULL to use the default locations.
ca_file	CA certificate file relative to specified directory. It may be NULL to use default certificate.

Returns: X_SUCCESS (0) if successful, or X_NAME_INVALID if the path or CA certificate file is not accessible, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxDisableTLS(); smaxSetMutualTLS(); smaxSetDHCipherParams(); smaxSetTLSCiphers(); smaxSetTLSCipherSuites(); smaxSetTLSServerName(); smaxSetTLSVerify()

References TRUE, x_error(), X_FAILURE, X_NAME_INVALID, X_SUCCESS, and xStringCopyOf().

◆ smaxSetTLSCiphers()

int smaxSetTLSCiphers ( const char * list )

Sets the TLS ciphers to try (TLSv1.2 and earlier).

Parameters

list	a colon (:) separated list of ciphers, or NULL for default ciphers.

Returns: X_SUCCESS (0) if successful, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLSCipherSuites(); smaxSetTLS(); smaSetDHCipherParams()

References x_error(), X_FAILURE, X_SUCCESS, and xStringCopyOf().

◆ smaxSetTLSCipherSuites()

int smaxSetTLSCipherSuites ( const char * list )

Sets the TLS ciphers suites to try (TLSv1.3 and later).

Parameters

list	a colon (:) separated list of cipher suites, or NULL for default cipher suites.

Returns: X_SUCCESS (0) if successful, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLSCiphers(); smaxSetTLS(); smaxSetDHCipherParams()

References x_error(), X_FAILURE, X_SUCCESS, and xStringCopyOf().

◆ smaxSetTLSServerName()

int smaxSetTLSServerName ( const char * host )

Sets the Server name for TLS Server Name Indication (SNI), an optional extra later of security.

Parameters

host	server name to use for SNI.

Returns: X_SUCCESS (0) if successful, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLS()

References x_error(), X_FAILURE, X_SUCCESS, and xStringCopyOf().

◆ smaxSetTLSVerify()

int smaxSetTLSVerify ( boolean value )

Sets whether to verify the the certificate. Certificates are verified by default.

Parameters

value TRUE (non-zero) to verify certificates, or else FALSE (0).

Returns: X_SUCCESS (0) if successful, or else X_FAILURE (-1) if the SMA-X library was built without TLS support.

See also: smaxSetTLS()

References x_error(), X_FAILURE, and X_SUCCESS.

Functions

Detailed Description

Function Documentation

◆ smaxDisableTLS()

◆ smaxSetDHCipherParams()

◆ smaxSetMutualTLS()

◆ smaxSetTLS()

◆ smaxSetTLSCiphers()

◆ smaxSetTLSCipherSuites()

◆ smaxSetTLSServerName()

◆ smaxSetTLSVerify()