TLS/QUIC certificate and session configuration. More...

Data Structures
struct	ct_security_parameters_t
	Opaque handle representing a security parameters used to configure security settings for connections and listeners. More...

Functions
int	ct_security_parameters_set_ticket_store_path (ct_security_parameters_t sec, const char ticket_store_path)
	Set the path to the ticket store for QUIC session resumption.

int	ct_security_parameters_set_server_name_identification (ct_security_parameters_t sec, const char sni)
	Set the server name identification (SNI) for TLS connections.

int	ct_security_parameters_add_server_certificate (ct_security_parameters_t sec, const char cert_file, const char *key_file)
	Add a server certificate and private key for TLS connections.

int	ct_security_parameters_add_client_certificate (ct_security_parameters_t sec, const char cert_file, const char *key_file)
	Add a client certificate and private key for TLS connections.

int	ct_security_parameters_add_alpn (ct_security_parameters_t sec, const char alpn)
	Add an ALPN protocol identifier to the list of supported ALPNs for TLS connections.

int	ct_security_parameters_clear_alpn (ct_security_parameters_t *sec)
	Free and clear all configured ALPN protocol identifiers from the security parameters.

int	ct_security_parameters_set_session_ticket_encryption_key (ct_security_parameters_t sec, const uint8_t key, size_t key_len)
	Set the session ticket encryption key for QUIC session resumption.

ct_security_parameters_t *	ct_security_parameters_new (void)
	Allocate a new security parameters object on the heap.

void	ct_security_parameters_free (ct_security_parameters_t *security_parameters)
	Free resources in security parameters including the structure itself.

const char *	ct_security_parameters_get_ticket_store_path (const ct_security_parameters_t *sec)

const char *	ct_security_parameters_get_server_name_identification (const ct_security_parameters_t *sec)

size_t	ct_security_parameters_get_server_certificate_count (const ct_security_parameters_t *sec)

const char *	ct_security_parameters_get_server_certificate_file (const ct_security_parameters_t *sec, size_t index)

const char *	ct_security_parameters_get_server_certificate_key_file (const ct_security_parameters_t *sec, size_t index)

size_t	ct_security_parameters_get_client_certificate_count (const ct_security_parameters_t *sec)

const char *	ct_security_parameters_get_client_certificate_file (const ct_security_parameters_t *sec, size_t index)

const char *	ct_security_parameters_get_client_certificate_key_file (const ct_security_parameters_t *sec, size_t index)

const char const	ct_security_parameters_get_alpns (const ct_security_parameters_t sec, size_t num_alpns)
	Get the configured ALPN protocol identifiers.

const uint8_t *	ct_security_parameters_get_session_ticket_encryption_key (const ct_security_parameters_t sec, size_t key_len)
	Get the session ticket encryption key.

Detailed Description

TLS/QUIC certificate and session configuration.

Function Documentation

◆ ct_security_parameters_add_alpn()

int ct_security_parameters_add_alpn	(	ct_security_parameters_t *	sec,
		const char *	alpn
	)

Add an ALPN protocol identifier to the list of supported ALPNs for TLS connections.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	alpn	ALPN protocol identifier string (e.g., "h3-29")

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_add_client_certificate()

int ct_security_parameters_add_client_certificate	(	ct_security_parameters_t *	sec,
		const char *	cert_file,
		const char *	key_file
	)

Add a client certificate and private key for TLS connections.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	cert_file	Filesystem path to the certificate file (PEM format)
[in]	key_file	Filesystem path to the private key file (PEM format), or NULL if not applicable

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_add_server_certificate()

int ct_security_parameters_add_server_certificate	(	ct_security_parameters_t *	sec,
		const char *	cert_file,
		const char *	key_file
	)

Add a server certificate and private key for TLS connections.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	cert_file	Filesystem path to the certificate file (PEM format)
[in]	key_file	Filesystem path to the private key file (PEM format), or NULL if not applicable

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_clear_alpn()

int ct_security_parameters_clear_alpn ( ct_security_parameters_t * sec )

Free and clear all configured ALPN protocol identifiers from the security parameters.

Parameters

[in] sec Pointer to security parameters object to configure

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_free()

void ct_security_parameters_free ( ct_security_parameters_t * security_parameters )

Free resources in security parameters including the structure itself.

Parameters

[in] security_parameters structure to free

◆ ct_security_parameters_get_alpns()

const char const ct_security_parameters_get_alpns	(	const ct_security_parameters_t *	sec,
		size_t *	num_alpns
	)

Get the configured ALPN protocol identifiers.

Parameters

[in]	sec	Security parameters to query
[out]	num_alpns	Set to the number of ALPN strings in the returned array

Returns: Pointer to array of ALPN strings, or NULL if none are set

◆ ct_security_parameters_get_client_certificate_count()

size_t ct_security_parameters_get_client_certificate_count ( const ct_security_parameters_t * sec )

◆ ct_security_parameters_get_client_certificate_file()

const char * ct_security_parameters_get_client_certificate_file	(	const ct_security_parameters_t *	sec,
		size_t	index
	)

◆ ct_security_parameters_get_client_certificate_key_file()

const char * ct_security_parameters_get_client_certificate_key_file	(	const ct_security_parameters_t *	sec,
		size_t	index
	)

◆ ct_security_parameters_get_server_certificate_count()

size_t ct_security_parameters_get_server_certificate_count ( const ct_security_parameters_t * sec )

◆ ct_security_parameters_get_server_certificate_file()

const char * ct_security_parameters_get_server_certificate_file	(	const ct_security_parameters_t *	sec,
		size_t	index
	)

◆ ct_security_parameters_get_server_certificate_key_file()

const char * ct_security_parameters_get_server_certificate_key_file	(	const ct_security_parameters_t *	sec,
		size_t	index
	)

◆ ct_security_parameters_get_server_name_identification()

const char * ct_security_parameters_get_server_name_identification ( const ct_security_parameters_t * sec )

◆ ct_security_parameters_get_session_ticket_encryption_key()

const uint8_t * ct_security_parameters_get_session_ticket_encryption_key	(	const ct_security_parameters_t *	sec,
		size_t *	key_len
	)

Get the session ticket encryption key.

Parameters

[in]	sec	Security parameters to query
[out]	key_len	Set to the length of the returned key in bytes

Returns: Pointer to key data, or NULL if no key is set

◆ ct_security_parameters_get_ticket_store_path()

const char * ct_security_parameters_get_ticket_store_path ( const ct_security_parameters_t * sec )

◆ ct_security_parameters_new()

ct_security_parameters_t * ct_security_parameters_new ( void )

Allocate a new security parameters object on the heap.

Returns: Pointer to newly allocated security parameters, or NULL on failure

◆ ct_security_parameters_set_server_name_identification()

int ct_security_parameters_set_server_name_identification	(	ct_security_parameters_t *	sec,
		const char *	sni
	)

Set the server name identification (SNI) for TLS connections.

Frees any existing server name identification value.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	sni	Server name for TLS SNI extension (e.g., "example.com")

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_set_session_ticket_encryption_key()

int ct_security_parameters_set_session_ticket_encryption_key	(	ct_security_parameters_t *	sec,
		const uint8_t *	key,
		size_t	key_len
	)

Set the session ticket encryption key for QUIC session resumption.

This is an optional parameter, but needed if you want server session resumption.

Frees any existing session ticket encryption key.

Takes a deep copy of the provided key data.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	key	Binary key data for encrypting session tickets
[in]	key_len	Length of the key data in bytes

Returns: 0 on success, negative error code on failure

◆ ct_security_parameters_set_ticket_store_path()

int ct_security_parameters_set_ticket_store_path	(	ct_security_parameters_t *	sec,
		const char *	ticket_store_path
	)

Set the path to the ticket store for QUIC session resumption.

Optional parameter, but needed if you want client session resumption.

Frees any existing ticket store path

Takes a deep copy of the provided string.

Parameters

[in]	sec	Pointer to security parameters object to configure
[in]	ticket_store_path	Filesystem path to the ticket store (e.g., "quic_tickets.dat")

Returns: 0 on success, negative error code on failure

Data Structures

Functions

Detailed Description

Function Documentation

◆ ct_security_parameters_add_alpn()

◆ ct_security_parameters_add_client_certificate()

◆ ct_security_parameters_add_server_certificate()

◆ ct_security_parameters_clear_alpn()

◆ ct_security_parameters_free()

◆ ct_security_parameters_get_alpns()

◆ ct_security_parameters_get_client_certificate_count()

◆ ct_security_parameters_get_client_certificate_file()

◆ ct_security_parameters_get_client_certificate_key_file()

◆ ct_security_parameters_get_server_certificate_count()

◆ ct_security_parameters_get_server_certificate_file()

◆ ct_security_parameters_get_server_certificate_key_file()

◆ ct_security_parameters_get_server_name_identification()

◆ ct_security_parameters_get_session_ticket_encryption_key()

◆ ct_security_parameters_get_ticket_store_path()

◆ ct_security_parameters_new()

◆ ct_security_parameters_set_server_name_identification()

◆ ct_security_parameters_set_session_ticket_encryption_key()

◆ ct_security_parameters_set_ticket_store_path()