rabbitmq-c  0.8.0
C AMQP Client library for RabbitMQ
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Enumerations | Functions
amqp_ssl_socket.h File Reference

Go to the source code of this file.

Enumerations

enum  amqp_tls_version_t { AMQP_TLSv1 = 1, AMQP_TLSv1_1 = 2, AMQP_TLSv1_2 = 3, AMQP_TLSvLATEST = 0xFFFF }
 

Functions

amqp_socket_t * amqp_ssl_socket_new (amqp_connection_state_t state)
 Create a new SSL/TLS socket object. More...
 
int amqp_ssl_socket_set_cacert (amqp_socket_t *self, const char *cacert)
 Set the CA certificate. More...
 
int amqp_ssl_socket_set_key (amqp_socket_t *self, const char *cert, const char *key)
 Set the client key. More...
 
int amqp_ssl_socket_set_key_buffer (amqp_socket_t *self, const char *cert, const void *key, size_t n)
 Set the client key from a buffer. More...
 
void amqp_ssl_socket_set_verify (amqp_socket_t *self, amqp_boolean_t verify)
 Enable or disable peer verification. More...
 
void amqp_ssl_socket_set_verify_peer (amqp_socket_t *self, amqp_boolean_t verify)
 Enable or disable peer verification. More...
 
void amqp_ssl_socket_set_verify_hostname (amqp_socket_t *self, amqp_boolean_t verify)
 Enable or disable hostname verification. More...
 
int amqp_ssl_socket_set_ssl_versions (amqp_socket_t *self, amqp_tls_version_t min, amqp_tls_version_t max)
 Set min and max TLS versions. More...
 
void amqp_set_initialize_ssl_library (amqp_boolean_t do_initialize)
 Sets whether rabbitmq-c initializes the underlying SSL library. More...
 

Function Documentation

void amqp_set_initialize_ssl_library ( amqp_boolean_t  do_initialize)

Sets whether rabbitmq-c initializes the underlying SSL library.

For SSL libraries that require a one-time initialization across a whole program (e.g., OpenSSL) this sets whether or not rabbitmq-c will initialize the SSL library when the first call to amqp_open_socket() is made. You should call this function with do_init = 0 if the underlying SSL library is initialized somewhere else the program.

Failing to initialize or double initialization of the SSL library will result in undefined behavior

By default rabbitmq-c will initialize the underlying SSL library

NOTE: calling this function after the first socket has been opened with amqp_open_socket() will not have any effect.

Parameters
[in]do_initializeIf 0 rabbitmq-c will not initialize the SSL library, otherwise rabbitmq-c will initialize the SSL library
Since
v0.4.0
amqp_socket_t* amqp_ssl_socket_new ( amqp_connection_state_t  state)

Create a new SSL/TLS socket object.

The returned socket object is owned by the amqp_connection_state_t object and will be destroyed when the state object is destroyed or a new socket object is created.

If the socket object creation fails, the amqp_connection_state_t object will not be changed.

The object returned by this function can be retrieved from the amqp_connection_state_t object later using the amqp_get_socket() function.

Calling this function may result in the underlying SSL library being initialized.

See Also
amqp_set_initialize_ssl_library()
Parameters
[in,out]stateThe connection object that owns the SSL/TLS socket
Returns
A new socket object or NULL if an error occurred.
Since
v0.4.0
int amqp_ssl_socket_set_cacert ( amqp_socket_t *  self,
const char *  cacert 
)

Set the CA certificate.

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]cacertPath to the CA cert file in PEM format.
Returns
AMQP_STATUS_OK on success an amqp_status_enum value on failure.
Since
v0.4.0
int amqp_ssl_socket_set_key ( amqp_socket_t *  self,
const char *  cert,
const char *  key 
)

Set the client key.

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]certPath to the client certificate in PEM foramt.
[in]keyPath to the client key in PEM format.
Returns
AMQP_STATUS_OK on success an amqp_status_enum value on failure.
Since
v0.4.0
int amqp_ssl_socket_set_key_buffer ( amqp_socket_t *  self,
const char *  cert,
const void *  key,
size_t  n 
)

Set the client key from a buffer.

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]certPath to the client certificate in PEM foramt.
[in]keyA buffer containing client key in PEM format.
[in]nThe length of the buffer.
Returns
AMQP_STATUS_OK on success an amqp_status_enum value on failure.
Since
v0.4.0
int amqp_ssl_socket_set_ssl_versions ( amqp_socket_t *  self,
amqp_tls_version_t  min,
amqp_tls_version_t  max 
)

Set min and max TLS versions.

Set the oldest and newest acceptable TLS versions that are acceptable when connecting to the broker. Set min == max to restrict to just that version.

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]minthe minimum acceptable TLS version
[in]maxthe maxmium acceptable TLS version
Returns
AMQP_STATUS_OK on success, AMQP_STATUS_UNSUPPORTED if OpenSSL does not support the requested TLS version, AMQP_STATUS_INVALID_PARAMETER if an invalid combination of parameters is passed.
Since
v0.8.0
void amqp_ssl_socket_set_verify ( amqp_socket_t *  self,
amqp_boolean_t  verify 
)

Enable or disable peer verification.

Deprecated:
use and instead.

If peer verification is enabled then the common name in the server certificate must match the server name. Peer verification is enabled by default.

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]verifyEnable or disable peer verification.
Since
v0.4.0
void amqp_ssl_socket_set_verify_hostname ( amqp_socket_t *  self,
amqp_boolean_t  verify 
)

Enable or disable hostname verification.

Hostname verification checks the broker cert for a CN or SAN that matches the hostname that amqp_socket_open() is presented. Peer verification is controlled by

Since
v0.8.0
void amqp_ssl_socket_set_verify_peer ( amqp_socket_t *  self,
amqp_boolean_t  verify 
)

Enable or disable peer verification.

Peer verification validates the certificate chain that is sent by the broker. Hostname validation is controlled by .

Parameters
[in,out]selfAn SSL/TLS socket object.
[in]verifyenable or disable peer validation
Since
v0.8.0