 |
API参考
|
|
API参考
|
TLS Certificate Operation Interface 更多...
宏定义 | |
| #define | HITLS_CFG_SetVerifyDepth(config, depth) |
| Set the certificate verification depth. | |
| #define | HITLS_CFG_GetVerifyDepth(config, depth) |
| Obtain the certificate verification depth. | |
| #define | HITLS_SetVerifyDepth(ctx, depth) |
| Set the certificate verification depth. | |
| #define | HITLS_GetVerifyDepth(ctx, depth) |
| Obtain the certificate verification depth. | |
| #define | HITLS_CFG_SetVerifyFlags(config, verifyFlags) |
| Set the certificate verification flags. | |
| #define | HITLS_CFG_GetVerifyFlags(config, verifyFlags) |
| Get the certificate verification flags. | |
| #define | HITLS_SetVerifyFlags(ctx, verifyFlags) |
| Set the certificate verification flags. | |
| #define | HITLS_GetVerifyFlags(ctx, verifyFlags) |
| Get the certificate verification flags. | |
类型定义 | |
| typedef int32_t(* | HITLS_PasswordCb) (char *buf, int32_t bufLen, int32_t flag, void *userdata) |
| Password Callback | |
| typedef int32_t(* | HITLS_CertCb) (HITLS_Ctx *ctx, void *arg) |
| Process the certificate callback. | |
| typedef void(* | HITLS_KeyLogCb) (HITLS_Ctx *ctx, const char *line) |
| Key logging callback | |
函数 | |
| int32_t | HITLS_CFG_SetVerifyStore (HITLS_Config *config, HITLS_CERT_Store *store, bool isClone) |
| Set the verify store used by the TLS configuration, which is used for certificate verification. | |
| HITLS_CERT_Store * | HITLS_CFG_GetVerifyStore (const HITLS_Config *config) |
| Obtain the verify store used by the TLS configuration. | |
| int32_t | HITLS_SetVerifyStore (HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone) |
| Set the verify store used by the TLS link for certificate verification. | |
| HITLS_CERT_Store * | HITLS_GetVerifyStore (const HITLS_Ctx *ctx) |
| Obtain the verify store used by the TLS link. | |
| int32_t | HITLS_CFG_SetChainStore (HITLS_Config *config, HITLS_CERT_Store *store, bool isClone) |
| Set the chain store used by the TLS configuration, which is used to construct the certificate chain. | |
| HITLS_CERT_Store * | HITLS_CFG_GetChainStore (const HITLS_Config *config) |
| Obtain the chain store used by the TLS configuration. | |
| int32_t | HITLS_SetChainStore (HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone) |
| Set the chain store used by the TLS link to construct the certificate chain. | |
| HITLS_CERT_Store * | HITLS_GetChainStore (const HITLS_Ctx *ctx) |
| Obtain the chain store used by the TLS link. | |
| int32_t | HITLS_CFG_SetCertStore (HITLS_Config *config, HITLS_CERT_Store *store, bool isClone) |
| Set the cert store used by the TLS configuration. | |
| HITLS_CERT_Store * | HITLS_CFG_GetCertStore (const HITLS_Config *config) |
| Obtain the cert store used by the TLS configuration. | |
| int32_t | HITLS_SetCertStore (HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone) |
| Set the cert store used by the TLS link. | |
| HITLS_CERT_Store * | HITLS_GetCertStore (const HITLS_Ctx *ctx) |
| Obtain the cert store used by the TLS link. | |
| int32_t | HITLS_CFG_SetDefaultPasswordCb (HITLS_Config *config, HITLS_PasswordCb cb) |
| Set the default password callback, cb can be NULL. | |
| HITLS_PasswordCb | HITLS_CFG_GetDefaultPasswordCb (HITLS_Config *config) |
| Callback for obtaining the default password. | |
| int32_t | HITLS_CFG_SetDefaultPasswordCbUserdata (HITLS_Config *config, void *userdata) |
| Set the user data used by the password callback. | |
| void * | HITLS_CFG_GetDefaultPasswordCbUserdata (HITLS_Config *config) |
| Obtain the user data used by the password callback. | |
| int32_t | HITLS_SetDefaultPasswordCb (HITLS_Ctx *ctx, HITLS_PasswordCb cb) |
| Set the default password callback, cb can be NULL | |
| HITLS_PasswordCb | HITLS_GetDefaultPasswordCb (HITLS_Ctx *ctx) |
| Callback for obtaining the default password | |
| int32_t | HITLS_SetDefaultPasswordCbUserdata (HITLS_Ctx *ctx, void *userdata) |
| Set the user data used by the default password callback. | |
| void * | HITLS_GetDefaultPasswordCbUserdata (HITLS_Ctx *ctx) |
| Obtain the user data used by the default password callback. | |
| int32_t | HITLS_CFG_SetTlcpCertificate (HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone, bool isTlcpEncCert) |
| Add the device certificate by the ShangMi(SM) cipher suites. Only one certificate can be added for each type. | |
| int32_t | HITLS_CFG_SetTlcpPrivateKey (HITLS_Config *config, HITLS_CERT_Key *privateKey, bool isClone, bool isTlcpEncCertPriKey) |
| Add the private key of the device certificate by the ShangMi(SM) cipher suites. Only one private key can be added for each type of certificate. | |
| int32_t | HITLS_CFG_SetCertificate (HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone) |
| Add a device certificate. Only one certificate of each type can be added | |
| int32_t | HITLS_CFG_LoadCertFile (HITLS_Config *config, const char *file, HITLS_ParseFormat format) |
| Load the device certificate from the file. | |
| int32_t | HITLS_CFG_LoadCertBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Read the device certificate from the buffer. | |
| HITLS_CERT_X509 * | HITLS_CFG_GetCertificate (const HITLS_Config *config) |
| Obtain the device certificate in use. | |
| int32_t | HITLS_SetCertificate (HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, bool isClone) |
| Add a device certificate. Only one certificate can be added for each type. | |
| int32_t | HITLS_LoadCertFile (HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format) |
| Use a file to set the device certificate. | |
| int32_t | HITLS_LoadCertBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Read the device certificate from the buffer. | |
| HITLS_CERT_X509 * | HITLS_GetCertificate (const HITLS_Ctx *ctx) |
| Obtain the local certificate. Returns the most recently added certificate if it is called before the certificate is selected. If no certificate is added, NULL is returned. It returns the certificate selected during the handshake if a certificate selection occurs, or NULL if no certificate is selected (e.g. on a client that does not use a client certificate). | |
| HITLS_CERT_X509 * | HITLS_GetPeerCertificate (const HITLS_Ctx *ctx) |
| Obtain the peer certificate. | |
| int32_t | HITLS_CFG_SetPrivateKey (HITLS_Config *config, HITLS_CERT_Key *privateKey, bool isClone) |
| Add the private key of the device certificate. Only one private key can be added for each type of certificate. | |
| int32_t | HITLS_CFG_LoadKeyFile (HITLS_Config *config, const char *file, HITLS_ParseFormat format) |
| Load the private key of the device certificate from the file. | |
| int32_t | HITLS_CFG_ProviderLoadKeyFile (HITLS_Config *config, const char *file, const char *format, const char *type) |
| Load the private key of the device certificate from the file, when the provider is used. | |
| int32_t | HITLS_CFG_LoadKeyBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Read the private key of the device certificate from the buffer. | |
| int32_t | HITLS_CFG_ProviderLoadKeyBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, const char *format, const char *type) |
| Load the private key of the device certificate from the buffer, when the provider is used. | |
| HITLS_CERT_Key * | HITLS_CFG_GetPrivateKey (HITLS_Config *config) |
| Obtain the private key of the certificate in use. | |
| int32_t | HITLS_CFG_CheckPrivateKey (HITLS_Config *config) |
| Check whether the configured certificate matches the private key. | |
| int32_t | HITLS_SetPrivateKey (HITLS_Ctx *ctx, HITLS_CERT_Key *key, bool isClone) |
| Add the private key of the device certificate. Only one private key can be added for each type of certificate. | |
| int32_t | HITLS_LoadKeyFile (HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format) |
| Use the file to set the device private key. | |
| int32_t | HITLS_ProviderLoadKeyFile (HITLS_Ctx *ctx, const char *file, const char *format, const char *type) |
| Load the private key of the device certificate from the file, when the provider is used. | |
| int32_t | HITLS_LoadKeyBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Read the private key of the device certificate from the buffer. | |
| int32_t | HITLS_ProviderLoadKeyBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, const char *format, const char *type) |
| Load the private key of the device certificate from the buffer, when the provider is used. | |
| HITLS_CERT_Key * | HITLS_GetPrivateKey (HITLS_Ctx *ctx) |
| Obtain the private key of the certificate in use. | |
| int32_t | HITLS_CheckPrivateKey (HITLS_Ctx *ctx) |
| Check whether the configured certificate matches the private key. | |
| int32_t | HITLS_CFG_AddChainCert (HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone) |
| Add the certificate to the certificate chain that is being used by the current config. | |
| int32_t | HITLS_CFG_AddCertToStore (HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_StoreType storeType, bool isClone) |
| Add the certificate to the certificate store that is being used by the current config. | |
| HITLS_CERT_X509 * | HITLS_CFG_ParseCert (HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, HITLS_ParseFormat format) |
| Parse Certificate file or buffer to X509. | |
| HITLS_CERT_Key * | HITLS_CFG_ParseKey (HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, HITLS_ParseFormat format) |
| Parse Certificate file or buffer to X509. | |
| HITLS_CERT_Key * | HITLS_CFG_ProviderParseKey (HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, const char *format, const char *encodeType) |
| Parse Certificate file or buffer to X509. | |
| HITLS_CERT_Chain * | HITLS_CFG_GetChainCerts (HITLS_Config *config) |
| Obtain the certificate chain that is being used by the current config. | |
| int32_t | HITLS_CFG_ClearChainCerts (HITLS_Config *config) |
| Clear the certificate chain associated with the current certificate. | |
| int32_t | HITLS_ClearChainCerts (HITLS_Ctx *ctx) |
| Clear the certificate in the current certificate. | |
| int32_t | HITLS_CFG_RemoveCertAndKey (HITLS_Config *config) |
| Release all loaded certificates and private keys. | |
| int32_t | HITLS_RemoveCertAndKey (HITLS_Ctx *ctx) |
| Release all loaded certificates and private keys. | |
| int32_t | HITLS_CFG_SetVerifyCb (HITLS_Config *config, HITLS_VerifyCb callback) |
| Set the certificate verification callback function, cb can be NULL. | |
| HITLS_VerifyCb | HITLS_CFG_GetVerifyCb (HITLS_Config *config) |
| Obtain the certificate verification callback function. | |
| int32_t | HITLS_SetVerifyCb (HITLS_Ctx *ctx, HITLS_VerifyCb callback) |
| Set the certificate verification callback function, cb can be NULL. | |
| HITLS_VerifyCb | HITLS_GetVerifyCb (HITLS_Ctx *ctx) |
| Obtain the certificate verification callback function. | |
| int32_t | HITLS_SetVerifyResult (HITLS_Ctx *ctx, HITLS_ERROR verifyResult) |
| Set the peer certificate verification result of the current context. | |
| int32_t | HITLS_GetVerifyResult (const HITLS_Ctx *ctx, HITLS_ERROR *verifyResult) |
| Return the peer certificate verification result of the current context. | |
| HITLS_CERT_Chain * | HITLS_GetPeerCertChain (const HITLS_Ctx *ctx) |
| Obtain the peer certificate chain. | |
| HITLS_TrustedCAList * | HITLS_GetPeerCAList (const HITLS_Ctx *ctx) |
| Obtain the trusted CA list of the peer end. | |
| HITLS_TrustedCAList * | HITLS_GetCAList (const HITLS_Ctx *ctx) |
| Obtain the trusted CA list of the current context. | |
| int32_t | HITLS_SetCAList (HITLS_Ctx *ctx, HITLS_TrustedCAList *list) |
| Set the trusted CA list of the current context. | |
| int32_t | HITLS_CFG_AddExtraChainCert (HITLS_Config *config, HITLS_CERT_X509 *cert) |
| Add a certificate to the attached certificate chain. | |
| HITLS_CERT_Chain * | HITLS_CFG_GetExtraChainCerts (HITLS_Config *config) |
| Obtain the attached certificate chain. | |
| int32_t | HITLS_CFG_ClearExtraChainCerts (HITLS_Config *config) |
| Release the attached certificate chain. | |
| int32_t | HITLS_CFG_SetCurrentCert (HITLS_Config *config, long option) |
| Set the current certificate to the value based on the option parameter. | |
| int32_t | HITLS_SetCurrentCert (HITLS_Ctx *ctx, long option) |
| Set the current certificate to the value based on the option parameter. | |
| int32_t | HITLS_CFG_SetCertCb (HITLS_Config *config, HITLS_CertCb certCb, void *arg) |
| Sets the processing certificate callback function, which checks the passed ctx structure and sets or clears any appropriate certificate, cb can be NULL. | |
| int32_t | HITLS_SetCertCb (HITLS_Ctx *ctx, HITLS_CertCb certCb, void *arg) |
| Set the certificate processing callback function. The callback can check the passed ctx structure and set or clear any appropriate certificate, cb can be NULL. | |
| int32_t | HITLS_CFG_SetKeyLogCb (HITLS_Config *config, HITLS_KeyLogCb callback) |
| Sets the callback for recording TLS keys. | |
| HITLS_KeyLogCb | HITLS_CFG_GetKeyLogCb (HITLS_Config *config) |
| Callback for obtaining TLS key logs | |
| int32_t | HITLS_LogSecret (HITLS_Ctx *ctx, const char *label, const uint8_t *secret, size_t secretLen) |
| If logging is enabled, the master key is logged | |
| int32_t | HITLS_CFG_ParseCAList (HITLS_Config *config, const char *input, uint32_t inputLen, HITLS_ParseType inputType, HITLS_ParseFormat format, HITLS_TrustedCAList **caList) |
| Load the CA file and parse it into a trusted CA list. | |
| int32_t | HITLS_CFG_BuildCertChain (HITLS_Config *config, HITLS_BUILD_CHAIN_FLAG flag) |
| Before establishing a TLS connection, try to form a certificate chain as much as possible according to the flag. | |
| int32_t | HITLS_BuildCertChain (HITLS_Ctx *ctx, HITLS_BUILD_CHAIN_FLAG flag) |
| Before establishing a TLS connection, try to form a certificate chain as much as possible according to the flag. | |
| int32_t | HITLS_CFG_CtrlSetVerifyParams (HITLS_Config *config, HITLS_CERT_Store *store, uint32_t cmd, int64_t in, void *inArg) |
| Set certificate verification parameters. | |
| int32_t | HITLS_CFG_CtrlGetVerifyParams (HITLS_Config *config, HITLS_CERT_Store *store, uint32_t cmd, void *out) |
| Get certificate verification parameters | |
| int32_t | HITLS_CtrlSetVerifyParams (HITLS_Ctx *ctx, HITLS_CERT_Store *store, uint32_t cmd, int64_t in, void *inArg) |
| Set certificate verification parameters. | |
| int32_t | HITLS_CtrlGetVerifyParams (HITLS_Ctx *ctx, HITLS_CERT_Store *store, uint32_t cmd, void *out) |
| Get certificate verification parameters. | |
| int32_t | HITLS_CFG_LoadCrlFile (HITLS_Config *config, const char *file, HITLS_ParseFormat format) |
| Load CRL from file and add it into the verify store of the TLS configuration. | |
| int32_t | HITLS_CFG_LoadCrlBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Load CRL from buffer and add it into the verify store of the TLS configuration. | |
| int32_t | HITLS_CFG_ClearVerifyCrls (HITLS_Config *config) |
| Clear all CRLs in the verify store of the configuration. | |
| int32_t | HITLS_LoadCrlFile (HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format) |
| Load CRL from file and add it into the verify store of the TLS context. | |
| int32_t | HITLS_LoadCrlBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Load CRL from buffer and add it into the verify store of the TLS context. | |
| int32_t | HITLS_ClearVerifyCrls (HITLS_Ctx *ctx) |
| Clear all CRLs in the verify store of the context. | |
| int32_t | HITLS_CFG_FreeCert (HITLS_Config *config, HITLS_CERT_X509 *cert) |
| Release the certificate. | |
| int32_t | HITLS_CFG_FreeKey (HITLS_Config *config, HITLS_CERT_Key *key) |
| Release the key. | |
| int32_t | HITLS_UseCertificateChainFile (HITLS_Ctx *ctx, const char *file) |
| Use the certificate chain file to set the certificate chain. | |
| int32_t | HITLS_CFG_UseCertificateChainFile (HITLS_Config *config, const char *file) |
| Use the certificate chain file to set the certificate chain. | |
| int32_t | HITLS_CFG_UseCertificateChainBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Use the certificate chain buffer to set the certificate chain. | |
| int32_t | HITLS_UseCertificateChainBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Use the certificate chain buffer to set the certificate chain. | |
| int32_t | HITLS_CFG_LoadVerifyFile (HITLS_Config *config, const char *file) |
| Load the verification file from the file. | |
| int32_t | HITLS_CFG_LoadVerifyBuffer (HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Load the verification certificates from buffer. | |
| int32_t | HITLS_LoadVerifyBuffer (HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format) |
| Load the verification certificates from buffer. | |
| int32_t | HITLS_CFG_LoadVerifyDir (HITLS_Config *config, const char *path) |
| Load the verification file from the directory. | |
TLS Certificate Operation Interface
| #define HITLS_CFG_GetVerifyDepth | ( | config, | |
| depth ) |
Obtain the certificate verification depth.
| config | [IN] TLS link configuration |
| depth | [OUT] Certificate verification depth, type: int32_t * |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_CFG_GetVerifyFlags | ( | config, | |
| verifyFlags ) |
Get the certificate verification flags.
| config | [IN] TLS link configuration |
| flags | [IN] Verification flag, type : uint32_t *. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_CFG_SetVerifyDepth | ( | config, | |
| depth ) |
Set the certificate verification depth.
| config | [OUT] TLS link configuration |
| depth | [IN] Verification depth, type: uint32_t |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_CFG_SetVerifyFlags | ( | config, | |
| verifyFlags ) |
Set the certificate verification flags.
| config | [IN] TLS link configuration |
| flags | [IN] Verification flag, type : uint32_t. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_GetVerifyDepth | ( | ctx, | |
| depth ) |
Obtain the certificate verification depth.
| ctx | [IN] TLS link object |
| depth | [OUT] Certificate verification depth, type: int32_t * |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_GetVerifyFlags | ( | ctx, | |
| verifyFlags ) |
Get the certificate verification flags.
| ctx | [IN] TLS link object |
| flags | [IN] Verification flag, type : uint32_t *. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_SetVerifyDepth | ( | ctx, | |
| depth ) |
Set the certificate verification depth.
| ctx | [OUT] TLS link object |
| depth | [IN] Verification depth, type: uint32_t |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| #define HITLS_SetVerifyFlags | ( | ctx, | |
| verifyFlags ) |
Set the certificate verification flags.
| ctx | [IN] TLS link object |
| flags | [IN] Verification flag, type : uint32_t. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| typedef int32_t(* HITLS_CertCb) (HITLS_Ctx *ctx, void *arg) |
Process the certificate callback.
| ctx | [IN] TLS link object |
| arg | [IN] Related parameters arg |
| typedef void(* HITLS_KeyLogCb) (HITLS_Ctx *ctx, const char *line) |
Key logging callback
| ctx | [OUT] TLS Link object |
| line | [IN] Content to be recorded |
| typedef int32_t(* HITLS_PasswordCb) (char *buf, int32_t bufLen, int32_t flag, void *userdata) |
Password Callback
| buf | [OUT] Passwd data. |
| bufLen | [IN] Maximum buffer length. |
| flag | [IN] r/w flag. The value 0 indicates read, and the value 1 indicates write. |
| userdata | [IN] User data. |
| int32_t HITLS_BuildCertChain | ( | HITLS_Ctx * | ctx, |
| HITLS_BUILD_CHAIN_FLAG | flag ) |
Before establishing a TLS connection, try to form a certificate chain as much as possible according to the flag.
| ctx | [OUT] TLS link configuration |
| flag | [IN] Control how to group certificate chains based on flags, see HITLS_BUILD_CHAIN_FLAG. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_AddCertToStore | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert, | ||
| HITLS_CERT_StoreType | storeType, | ||
| bool | isClone ) |
Add the certificate to the certificate store that is being used by the current config.
| config | [IN] TLS link configuration |
| cert | [IN] Certificate to be added |
| storeType | [IN] Indicates which store to add cert. |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| int32_t HITLS_CFG_AddChainCert | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert, | ||
| bool | isClone ) |
Add the certificate to the certificate chain that is being used by the current config.
| config | [IN] TLS link configuration |
| cert | [IN] Certificate to be added |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| int32_t HITLS_CFG_AddExtraChainCert | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert ) |
Add a certificate to the attached certificate chain.
| config | [OUT] Config handle |
| cert | [IN] X509 certificate |
| int32_t HITLS_CFG_BuildCertChain | ( | HITLS_Config * | config, |
| HITLS_BUILD_CHAIN_FLAG | flag ) |
Before establishing a TLS connection, try to form a certificate chain as much as possible according to the flag.
| config | [OUT] TLS link configuration |
| flag | [IN] Control how to group certificate chains based on flags, see HITLS_BUILD_CHAIN_FLAG. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_CheckPrivateKey | ( | HITLS_Config * | config | ) |
Check whether the configured certificate matches the private key.
| config | [IN] TLS link configuration |
| int32_t HITLS_CFG_ClearChainCerts | ( | HITLS_Config * | config | ) |
Clear the certificate chain associated with the current certificate.
| config | [IN] TLS link configuration |
| int32_t HITLS_CFG_ClearExtraChainCerts | ( | HITLS_Config * | config | ) |
Release the attached certificate chain.
| config | [IN] TLS link configuration |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_ClearVerifyCrls | ( | HITLS_Config * | config | ) |
Clear all CRLs in the verify store of the configuration.
| config | [IN] TLS link configuration |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_CFG_CtrlGetVerifyParams | ( | HITLS_Config * | config, |
| HITLS_CERT_Store * | store, | ||
| uint32_t | cmd, | ||
| void * | out ) |
Get certificate verification parameters
| config | [IN] TLS link configuration |
| store | [IN] Certificate store |
| cmd | [IN] Operation command, HITLS_CERT_CtrlCmd enum |
| out | [OUT] Output parameter |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_CtrlSetVerifyParams | ( | HITLS_Config * | config, |
| HITLS_CERT_Store * | store, | ||
| uint32_t | cmd, | ||
| int64_t | in, | ||
| void * | inArg ) |
Set certificate verification parameters.
| config | [OUT] TLS link configuration |
| store | [IN] Certificate store |
| cmd | [IN] Operation command, HITLS_CERT_CtrlCmd enum |
| in | [IN] Input parameter, integer type |
| inArg | [IN] Input parameter, pointer type |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_FreeCert | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert ) |
Release the certificate.
| config | [IN] Config handle |
| cert | [IN] X509 certificate |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_FreeKey | ( | HITLS_Config * | config, |
| HITLS_CERT_Key * | key ) |
Release the key.
| config | [IN] Config handle |
| key | [IN] private key |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| HITLS_CERT_X509 * HITLS_CFG_GetCertificate | ( | const HITLS_Config * | config | ) |
Obtain the device certificate in use.
| config | [IN] TLS link configuration |
| HITLS_CERT_Store * HITLS_CFG_GetCertStore | ( | const HITLS_Config * | config | ) |
Obtain the cert store used by the TLS configuration.
| config | [IN] TLS link configuration |
| HITLS_CERT_Chain * HITLS_CFG_GetChainCerts | ( | HITLS_Config * | config | ) |
Obtain the certificate chain that is being used by the current config.
| config | [IN] TLS link configuration |
| HITLS_CERT_Store * HITLS_CFG_GetChainStore | ( | const HITLS_Config * | config | ) |
Obtain the chain store used by the TLS configuration.
| config | [IN] TLS link configuration |
| HITLS_PasswordCb HITLS_CFG_GetDefaultPasswordCb | ( | HITLS_Config * | config | ) |
Callback for obtaining the default password.
| config | [IN] TLS link configuration. |
| void * HITLS_CFG_GetDefaultPasswordCbUserdata | ( | HITLS_Config * | config | ) |
Obtain the user data used by the password callback.
| config | [IN] TLS link configuration |
| HITLS_CERT_Chain * HITLS_CFG_GetExtraChainCerts | ( | HITLS_Config * | config | ) |
Obtain the attached certificate chain.
| config | [IN] Config handle |
| HITLS_KeyLogCb HITLS_CFG_GetKeyLogCb | ( | HITLS_Config * | config | ) |
Callback for obtaining TLS key logs
| config | [OUT] TLS Link Configuration |
| Callback | function for recording key logs |
| HITLS_CERT_Key * HITLS_CFG_GetPrivateKey | ( | HITLS_Config * | config | ) |
Obtain the private key of the certificate in use.
| config | [IN] TLS link configuration |
| HITLS_VerifyCb HITLS_CFG_GetVerifyCb | ( | HITLS_Config * | config | ) |
Obtain the certificate verification callback function.
| config | [OUT] TLS link configuration |
| HITLS_CERT_Store * HITLS_CFG_GetVerifyStore | ( | const HITLS_Config * | config | ) |
Obtain the verify store used by the TLS configuration.
| config | [IN] TLS link configuration |
| int32_t HITLS_CFG_LoadCertBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Read the device certificate from the buffer.
| config | [OUT] TLS link configuration |
| buf | [IN] Certificate data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_LoadCertFile | ( | HITLS_Config * | config, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Load the device certificate from the file.
| config | [OUT] TLS link configuration |
| file | [IN] File name |
| type | [IN] File format |
| int32_t HITLS_CFG_LoadCrlBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Load CRL from buffer and add it into the verify store of the TLS configuration.
| config | [OUT] TLS link configuration |
| buf | [IN] CRL data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format, see HITLS_ParseFormat |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_CFG_LoadCrlFile | ( | HITLS_Config * | config, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Load CRL from file and add it into the verify store of the TLS configuration.
| config | [OUT] TLS link configuration |
| file | [IN] CRL file path |
| format | [IN] Data format, see HITLS_ParseFormat |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_CFG_LoadKeyBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Read the private key of the device certificate from the buffer.
| config | [OUT] TLS link configuration |
| buf | [IN] Private key data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_LoadKeyFile | ( | HITLS_Config * | config, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Load the private key of the device certificate from the file.
| config | [OUT] TLS link configuration |
| file | [IN] File name |
| format | [IN] Data format |
| int32_t HITLS_CFG_LoadVerifyBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Load the verification certificates from buffer.
| config | [OUT] TLS link configuration |
| buf | [IN] Certificate buffer data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Buffer length the bufLen should exclude the end '\0' |
| format | [IN] Certificate format (PEM/DER/ASN1) |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_LoadVerifyDir | ( | HITLS_Config * | config, |
| const char * | path ) |
Load the verification file from the directory.
| config | [OUT] TLS link configuration |
| path | [IN] Directory path |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_LoadVerifyFile | ( | HITLS_Config * | config, |
| const char * | file ) |
Load the verification file from the file.
| config | [OUT] TLS link configuration |
| file | [IN] File name |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_ParseCAList | ( | HITLS_Config * | config, |
| const char * | input, | ||
| uint32_t | inputLen, | ||
| HITLS_ParseType | inputType, | ||
| HITLS_ParseFormat | format, | ||
| HITLS_TrustedCAList ** | caList ) |
Load the CA file and parse it into a trusted CA list.
| config | [OUT] TLS link configuration |
| input | [IN] Input data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the input needs to end with '\0' |
| inputLen | [IN] Length of the input data the inputLen should exclude the end '\0' |
| inputType | [IN] Type of the input data |
| format | [IN] File format |
| caList | [OUT] Trusted CA list |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| HITLS_CERT_X509 * HITLS_CFG_ParseCert | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | len, | ||
| HITLS_ParseType | type, | ||
| HITLS_ParseFormat | format ) |
Parse Certificate file or buffer to X509.
| config | [IN] TLS link configuration |
| buf | [IN] Certificate file or buffer BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| len | [IN] bufLen the len should exclude the end '\0' |
| type | [IN] buf type: file or buffer |
| format | [IN] cert type |
| HITLS_CERT_Key * HITLS_CFG_ParseKey | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | len, | ||
| HITLS_ParseType | type, | ||
| HITLS_ParseFormat | format ) |
Parse Certificate file or buffer to X509.
| config | [IN] TLS link configuration |
| buf | [IN] Certificate file or buffer BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| len | [IN] bufLen the bufLen should exclude the end '\0' |
| type | [IN] buf type: file or buffer |
| format | [IN] cert type |
| int32_t HITLS_CFG_ProviderLoadKeyBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| const char * | format, | ||
| const char * | type ) |
Load the private key of the device certificate from the buffer, when the provider is used.
| config | [OUT] TLS link configuration |
| buf | [IN] Private key data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format |
| type | [IN] Data type |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_ProviderLoadKeyFile | ( | HITLS_Config * | config, |
| const char * | file, | ||
| const char * | format, | ||
| const char * | type ) |
Load the private key of the device certificate from the file, when the provider is used.
| config | [OUT] TLS link configuration |
| file | [IN] File name |
| format | [IN] Data format. e.g. "PEM", "ASN1", etc. |
| type | [IN] Data type. e.g. "PRIKEY_RSA", "PRIKEY_ECC", "PRIKEY_PKCS8_UNENCRYPT", "PRIKEY_PKCS8_ENCRYPT", etc. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| HITLS_CERT_Key * HITLS_CFG_ProviderParseKey | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | len, | ||
| HITLS_ParseType | type, | ||
| const char * | format, | ||
| const char * | encodeType ) |
Parse Certificate file or buffer to X509.
| config | [IN] TLS link configuration |
| buf | [IN] Certificate file or buffer BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| len | [IN] bufLen the bufLen should exclude the end '\0' |
| type | [IN] buf type: file or buffer |
| format | [IN] cert type |
| encodeType | [IN] cert encode type |
| HITLS_CERT_X509 |
| int32_t HITLS_CFG_RemoveCertAndKey | ( | HITLS_Config * | config | ) |
Release all loaded certificates and private keys.
| config | [IN] TLS link configuration |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetCertCb | ( | HITLS_Config * | config, |
| HITLS_CertCb | certCb, | ||
| void * | arg ) |
Sets the processing certificate callback function, which checks the passed ctx structure and sets or clears any appropriate certificate, cb can be NULL.
| ctx | [OUT] TLS link object |
| cert_cb | [IN] Certificate verification callback function |
| arg | [IN] Parameters required in the certificate verification callback function |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetCertificate | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert, | ||
| bool | isClone ) |
Add a device certificate. Only one certificate of each type can be added
| config | [OUT] TLS link configuration |
| cert | [IN] Device certificate |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetCertStore | ( | HITLS_Config * | config, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the cert store used by the TLS configuration.
| config | [OUT] TLS link configuration |
| store | [IN] Trust certificate store |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetChainStore | ( | HITLS_Config * | config, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the chain store used by the TLS configuration, which is used to construct the certificate chain.
| config | [OUT] TLS link configuration |
| store | [IN] Certificate chain store |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| HITLS_SUCCESS. | |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetCurrentCert | ( | HITLS_Config * | config, |
| long | option ) |
Set the current certificate to the value based on the option parameter.
| config | [IN] Configuration |
| option | [IN] Setting options, including HITLS_CERT_SET_FIRST, HITLS_CERT_SET_NEXT |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetDefaultPasswordCb | ( | HITLS_Config * | config, |
| HITLS_PasswordCb | cb ) |
Set the default password callback, cb can be NULL.
| config | [OUT] TLS link configuration |
| cb | [IN] Password Callback |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetDefaultPasswordCbUserdata | ( | HITLS_Config * | config, |
| void * | userdata ) |
Set the user data used by the password callback.
| config | [OUT] TLS link configuration |
| userdata | [IN] User data |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetKeyLogCb | ( | HITLS_Config * | config, |
| HITLS_KeyLogCb | callback ) |
Sets the callback for recording TLS keys.
| config | [OUT] TLS Link Configuration |
| callback | [IN] Callback function for recording keys |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetPrivateKey | ( | HITLS_Config * | config, |
| HITLS_CERT_Key * | privateKey, | ||
| bool | isClone ) |
Add the private key of the device certificate. Only one private key can be added for each type of certificate.
| config | [OUT] TLS link configuration |
| privateKey | [IN] Certificate private key |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetTlcpCertificate | ( | HITLS_Config * | config, |
| HITLS_CERT_X509 * | cert, | ||
| bool | isClone, | ||
| bool | isTlcpEncCert ) |
Add the device certificate by the ShangMi(SM) cipher suites. Only one certificate can be added for each type.
| config | [OUT] TLS link configuration |
| cert | [IN] Device certificate |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| isTlcpEncCert | [IN] Indicates whether the certificate is encrypted by China. The options are as follows: true: yes; false: no. |
| int32_t HITLS_CFG_SetTlcpPrivateKey | ( | HITLS_Config * | config, |
| HITLS_CERT_Key * | privateKey, | ||
| bool | isClone, | ||
| bool | isTlcpEncCertPriKey ) |
Add the private key of the device certificate by the ShangMi(SM) cipher suites. Only one private key can be added for each type of certificate.
| config | [OUT] TLS link configuration |
| privateKey | [IN] Certificate private key |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| isTlcpEncCertPriKey | [IN] Indicates whether the private key of the encryption certificate is the private key of the encryption certificate. true: yes; false: no. |
| int32_t HITLS_CFG_SetVerifyCb | ( | HITLS_Config * | config, |
| HITLS_VerifyCb | callback ) |
Set the certificate verification callback function, cb can be NULL.
| config | [OUT] TLS link configuration |
| callback | [IN] Certificate verification callback function |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_SetVerifyStore | ( | HITLS_Config * | config, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the verify store used by the TLS configuration, which is used for certificate verification.
| config | [OUT] TLS link configuration. |
| store | [IN] CA certificate store. |
| isClone | [IN] Indicates whether deep copy is required. true indicates need, false indicates not need. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_UseCertificateChainBuffer | ( | HITLS_Config * | config, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Use the certificate chain buffer to set the certificate chain.
| config | [OUT] TLS link configuration |
| buf | [IN] Certificate chain buffer data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Buffer length the bufLen should exclude the end '\0' |
| format | [IN] Certificate format (PEM/DER/ASN1) |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CFG_UseCertificateChainFile | ( | HITLS_Config * | config, |
| const char * | file ) |
Use the certificate chain file to set the certificate chain.
| config | [OUT] TLS link configuration |
| file | [IN] Certificate chain file name |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_CheckPrivateKey | ( | HITLS_Ctx * | ctx | ) |
Check whether the configured certificate matches the private key.
| ctx | [IN] TLS link object |
| int32_t HITLS_ClearChainCerts | ( | HITLS_Ctx * | ctx | ) |
Clear the certificate in the current certificate.
| ctx | [IN] hitls context |
| int32_t HITLS_ClearVerifyCrls | ( | HITLS_Ctx * | ctx | ) |
Clear all CRLs in the verify store of the context.
| ctx | [IN] TLS link object |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_CtrlGetVerifyParams | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Store * | store, | ||
| uint32_t | cmd, | ||
| void * | out ) |
Get certificate verification parameters.
| ctx | [IN] TLS handle |
| store | [IN] Certificate store |
| cmd | [IN] Operation command, HITLS_CERT_CtrlCmd enum |
| out | [OUT] Output parameter |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_CtrlSetVerifyParams | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Store * | store, | ||
| uint32_t | cmd, | ||
| int64_t | in, | ||
| void * | inArg ) |
Set certificate verification parameters.
| ctx | [OUT] TLS handle |
| store | [IN] Certificate store |
| cmd | [IN] Operation command, HITLS_CERT_CtrlCmd enum |
| in | [IN] Input parameter, integer type |
| inArg | [IN] Input parameter, pointer type |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| HITLS_TrustedCAList * HITLS_GetCAList | ( | const HITLS_Ctx * | ctx | ) |
Obtain the trusted CA list of the current context.
| ctx | [OUT] TLS connection handle |
| Trusted | CA list |
| HITLS_CERT_X509 * HITLS_GetCertificate | ( | const HITLS_Ctx * | ctx | ) |
Obtain the local certificate. Returns the most recently added certificate if it is called before the certificate is selected. If no certificate is added, NULL is returned. It returns the certificate selected during the handshake if a certificate selection occurs, or NULL if no certificate is selected (e.g. on a client that does not use a client certificate).
| ctx | [IN] TLS link object |
| HITLS_CERT_Store * HITLS_GetCertStore | ( | const HITLS_Ctx * | ctx | ) |
Obtain the cert store used by the TLS link.
| ctx | [IN] TLS link object |
| HITLS_CERT_Store * HITLS_GetChainStore | ( | const HITLS_Ctx * | ctx | ) |
Obtain the chain store used by the TLS link.
| ctx | [IN] TLS object |
| HITLS_PasswordCb HITLS_GetDefaultPasswordCb | ( | HITLS_Ctx * | ctx | ) |
Callback for obtaining the default password
| ctx | [IN] TLS link object |
| void * HITLS_GetDefaultPasswordCbUserdata | ( | HITLS_Ctx * | ctx | ) |
Obtain the user data used by the default password callback.
| ctx | [IN] TLS link object |
| HITLS_TrustedCAList * HITLS_GetPeerCAList | ( | const HITLS_Ctx * | ctx | ) |
Obtain the trusted CA list of the peer end.
| ctx | [OUT] TLS connection handle |
| HITLS_CERT_Chain * HITLS_GetPeerCertChain | ( | const HITLS_Ctx * | ctx | ) |
Obtain the peer certificate chain.
| ctx | [OUT] TLS connection handle |
| HITLS_CERT_X509 * HITLS_GetPeerCertificate | ( | const HITLS_Ctx * | ctx | ) |
Obtain the peer certificate.
| ctx | [IN] hitls Context |
| HITLS_CERT_Key * HITLS_GetPrivateKey | ( | HITLS_Ctx * | ctx | ) |
Obtain the private key of the certificate in use.
| ctx | [IN] TLS link object |
| HITLS_VerifyCb HITLS_GetVerifyCb | ( | HITLS_Ctx * | ctx | ) |
Obtain the certificate verification callback function.
| ctx | [IN] TLS link object |
| int32_t HITLS_GetVerifyResult | ( | const HITLS_Ctx * | ctx, |
| HITLS_ERROR * | verifyResult ) |
Return the peer certificate verification result of the current context.
| ctx | [IN] TLS connection handle |
| verifyResult | [OUT] Peer certificate verification result |
| HITLS_CERT_Store * HITLS_GetVerifyStore | ( | const HITLS_Ctx * | ctx | ) |
Obtain the verify store used by the TLS link.
| ctx | [IN] TLS link object |
| int32_t HITLS_LoadCertBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Read the device certificate from the buffer.
| ctx | [OUT] TLS link object |
| buf | [IN] Certificate data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_LoadCertFile | ( | HITLS_Ctx * | ctx, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Use a file to set the device certificate.
| ctx | [IN/OUT] TLS connection handle |
| file | [IN] File name |
| format | [IN] Data format |
| int32_t HITLS_LoadCrlBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Load CRL from buffer and add it into the verify store of the TLS context.
| ctx | [OUT] TLS link object |
| buf | [IN] CRL data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf of encode needs to end with '\0' |
| bufLen | [IN] Data length the bufLen should exclude the end '\0' |
| format | [IN] Data format, see HITLS_ParseFormat |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_LoadCrlFile | ( | HITLS_Ctx * | ctx, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Load CRL from file and add it into the verify store of the TLS context.
| ctx | [OUT] TLS link object |
| file | [IN] CRL file path |
| format | [IN] Data format, see HITLS_ParseFormat |
| HITLS_SUCCESS | if successful |
| For | other error codes, see hitls_error.h |
| int32_t HITLS_LoadKeyBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Read the private key of the device certificate from the buffer.
| ctx | [OUT] TLS link object. |
| buf | [IN] Private key data. BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buff of encode needs to end with '\0' |
| bufLen | [IN] Data length. the bufLen should exclude the end '\0' |
| format | [IN] Data format. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_LoadKeyFile | ( | HITLS_Ctx * | ctx, |
| const char * | file, | ||
| HITLS_ParseFormat | format ) |
Use the file to set the device private key.
| ctx | [IN/OUT] TLS connection handle |
| file | [IN] File name. |
| format | [IN] Data format. |
| int32_t HITLS_LoadVerifyBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Load the verification certificates from buffer.
| ctx | [OUT] TLS connection handle |
| buf | [IN] Certificate buffer data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Buffer length the bufLen should exclude the end '\0' |
| format | [IN] Certificate format (PEM/DER/ASN1) |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_LogSecret | ( | HITLS_Ctx * | ctx, |
| const char * | label, | ||
| const uint8_t * | secret, | ||
| size_t | secretLen ) |
If logging is enabled, the master key is logged
| ctx | [OUT] TLS Link object. |
| label | [IN] Label |
| secret | [IN] Key |
| secretLen | [IN] Key length. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_ProviderLoadKeyBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| const char * | format, | ||
| const char * | type ) |
Load the private key of the device certificate from the buffer, when the provider is used.
| ctx | [IN/OUT] TLS connection handle |
| buf | [IN] Private key data. |
| bufLen | [IN] Data length. |
| format | [IN] Data format. |
| type | [IN] Data type. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_ProviderLoadKeyFile | ( | HITLS_Ctx * | ctx, |
| const char * | file, | ||
| const char * | format, | ||
| const char * | type ) |
Load the private key of the device certificate from the file, when the provider is used.
| ctx | [IN/OUT] TLS connection handle |
| file | [IN] File name. |
| format | [IN] Data format. |
| type | [IN] Data type. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_RemoveCertAndKey | ( | HITLS_Ctx * | ctx | ) |
Release all loaded certificates and private keys.
| ctx | [IN] TLS link object |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetCAList | ( | HITLS_Ctx * | ctx, |
| HITLS_TrustedCAList * | list ) |
Set the trusted CA list of the current context.
| ctx | [OUT] TLS connection handle |
| list | [IN] List of trusted CAs to be set. |
| Trusted | CA list |
| int32_t HITLS_SetCertCb | ( | HITLS_Ctx * | ctx, |
| HITLS_CertCb | certCb, | ||
| void * | arg ) |
Set the certificate processing callback function. The callback can check the passed ctx structure and set or clear any appropriate certificate, cb can be NULL.
| ctx | [OUT] TLS link object |
| cert_cb | [IN] Certificate verification callback function |
| arg | [IN] Parameters required in the certificate verification callback function |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetCertificate | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_X509 * | cert, | ||
| bool | isClone ) |
Add a device certificate. Only one certificate can be added for each type.
| ctx | [OUT] TLS link object |
| cert | [IN] Device certificate |
| isClone | [IN] Flag indicating if the certificate is a clone. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetCertStore | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the cert store used by the TLS link.
| ctx | [OUT] TLS link object |
| store | [IN] Trust certificate store |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetChainStore | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the chain store used by the TLS link to construct the certificate chain.
| ctx | [OUT] TLS link object |
| store | [IN] Certificate chain |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetCurrentCert | ( | HITLS_Ctx * | ctx, |
| long | option ) |
Set the current certificate to the value based on the option parameter.
| ctx | [OUT] TLS link object |
| option | [IN] Setting options, including HITLS_CERT_SET_FIRST, HITLS_CERT_SET_NEXT |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetDefaultPasswordCb | ( | HITLS_Ctx * | ctx, |
| HITLS_PasswordCb | cb ) |
Set the default password callback, cb can be NULL
| ctx | [OUT] TLS link object |
| cb | [IN] password Callback |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetDefaultPasswordCbUserdata | ( | HITLS_Ctx * | ctx, |
| void * | userdata ) |
Set the user data used by the default password callback.
| ctx | [OUT] TLS link object |
| userdata | [IN] user data |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetPrivateKey | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Key * | key, | ||
| bool | isClone ) |
Add the private key of the device certificate. Only one private key can be added for each type of certificate.
| ctx | [OUT] TLS link object. |
| pkey | [IN] Device private key. |
| isClone | [IN] Indicates whether deep copy is required. The options are as follows: true: yes; false: no. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetVerifyCb | ( | HITLS_Ctx * | ctx, |
| HITLS_VerifyCb | callback ) |
Set the certificate verification callback function, cb can be NULL.
| ctx | [OUT] TLS link object |
| callback | [IN] Certificate verification callback function |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_SetVerifyResult | ( | HITLS_Ctx * | ctx, |
| HITLS_ERROR | verifyResult ) |
Set the peer certificate verification result of the current context.
| ctx | [IN] TLS connection handle |
| verifyResult | [IN] Peer certificate verification result |
| int32_t HITLS_SetVerifyStore | ( | HITLS_Ctx * | ctx, |
| HITLS_CERT_Store * | store, | ||
| bool | isClone ) |
Set the verify store used by the TLS link for certificate verification.
| ctx | [OUT] TLS link object |
| store | [IN] CA certificate store |
| isClone | [IN] Indicates whether deep copy is required. The options are true and false. |
| HITLS_SUCCESS,if | successful. |
| For | other error codes, see hitls_error.h. |
| int32_t HITLS_UseCertificateChainBuffer | ( | HITLS_Ctx * | ctx, |
| const uint8_t * | buf, | ||
| uint32_t | bufLen, | ||
| HITLS_ParseFormat | format ) |
Use the certificate chain buffer to set the certificate chain.
| ctx | [OUT] TLS connection handle |
| buf | [IN] Certificate chain buffer data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM : the buf needs to end with '\0' |
| bufLen | [IN] Buffer length the bufLen should exclude the end '\0' |
| format | [IN] Certificate format (PEM/DER/ASN1) |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
| int32_t HITLS_UseCertificateChainFile | ( | HITLS_Ctx * | ctx, |
| const char * | file ) |
Use the certificate chain file to set the certificate chain.
| ctx | [OUT] TLS link configuration |
| file | [IN] Certificate chain file name |
| HITLS_SUCCESS,if | successful. For details about other error codes, see hitls_error.h. |
1.15.0