CassSsl¶

struct CassSsl¶

Describes the SSL configuration of a cluster.

Public Functions

CassSsl *cass_ssl_new()¶

Creates a new SSL context.

See also

cass_ssl_free()

Returns

Returns a SSL context that must be freed.

CassSsl *cass_ssl_new_no_lib_init()¶

Creates a new SSL context without initializing the underlying library implementation. The integrating application is responsible for initializing the underlying SSL implementation. The driver uses the SSL implmentation from several threads concurrently so it’s important that it’s properly setup for multithreaded use e.g. lock callbacks for OpenSSL.

Important: The SSL library must be initialized before calling this function.

When using OpenSSL the following components need to be initialized:

SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms();

The following thread-safety callbacks also need to be set:

CRYPTO_set_locking_callback(…); CRYPTO_set_id_callback(…);

See also

cass_ssl_new()

See also

cass_ssl_free()

Returns

Returns a SSL context that must be freed.

void cass_ssl_free(CassSsl *ssl)¶

Frees a SSL context instance.

Parameters

ssl – [in]

CassError cass_ssl_add_trusted_cert(CassSsl *ssl, const char *cert)¶

Adds a trusted certificate. This is used to verify the peer’s certificate.

Parameters

• ssl – [in]

• cert – [in] PEM formatted certificate string

Returns

CASS_OK if successful, otherwise an error occurred

CassError cass_ssl_add_trusted_cert_n(CassSsl *ssl, const char *cert, size_t cert_length)¶

Same as cass_ssl_add_trusted_cert(), but with lengths for string parameters.

See also

cass_ssl_add_trusted_cert()

Parameters

• ssl – [in]

• cert – [in]

• cert_length – [in]

Returns

same as cass_ssl_add_trusted_cert()

void cass_ssl_set_verify_flags(CassSsl *ssl, int flags)¶

Sets verification performed on the peer’s certificate.

CASS_SSL_VERIFY_NONE - No verification is performed CASS_SSL_VERIFY_PEER_CERT - Certificate is present and valid CASS_SSL_VERIFY_PEER_IDENTITY - IP address matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. CASS_SSL_VERIFY_PEER_IDENTITY_DNS - Hostname matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. Hostname resolution must also be enabled.

Default: CASS_SSL_VERIFY_PEER_CERT

See also

cass_cluster_set_use_hostname_resolution()

Parameters

• ssl – [in]

• flags – [in]

Returns

CASS_OK if successful, otherwise an error occurred

CassError cass_ssl_set_cert(CassSsl *ssl, const char *cert)¶

Set client-side certificate chain. This is used to authenticate the client on the server-side. This should contain the entire Certificate chain starting with the certificate itself.

Parameters

• ssl – [in]

• cert – [in] PEM formatted certificate string

Returns

CASS_OK if successful, otherwise an error occurred

CassError cass_ssl_set_cert_n(CassSsl *ssl, const char *cert, size_t cert_length)¶

Same as cass_ssl_set_cert(), but with lengths for string parameters.

See also

cass_ssl_set_cert()

Parameters

• ssl – [in]

• cert – [in]

• cert_length – [in]

Returns

same as cass_ssl_set_cert()

CassError cass_ssl_set_private_key(CassSsl *ssl, const char *key, const char *password)¶

Set client-side private key. This is used to authenticate the client on the server-side.

Parameters

• ssl – [in]

• key – [in] PEM formatted key string

• password – [in] used to decrypt key

Returns

CASS_OK if successful, otherwise an error occurred

CassError cass_ssl_set_private_key_n(CassSsl *ssl, const char *key, size_t key_length, const char *password, size_t password_length)¶

Same as cass_ssl_set_private_key(), but with lengths for string parameters.

See also

cass_ssl_set_private_key()

Parameters

• ssl – [in]

• key – [in]

• key_length – [in]

• password – [in]

• password_length – [in]

Returns

same as cass_ssl_set_private_key()