Describes the SSL configuration of a cluster.

Functions

CassSsl *

cass_ssl_new

( )

Creates a new SSL context.

Returns:
Type Details
CassSsl *

Returns a SSL context that must be freed.

See Also:
CassSsl *

cass_ssl_new_no_lib_init

( )

Creates a new SSL context without initializing the underlying library implementation. The integrating application is responsible for initializing the underlying SSL implementation. The driver uses the SSL implmentation from several threads concurrently so it’s important that it’s properly setup for multithreaded use e.g. lock callbacks for OpenSSL.

Important: The SSL library must be initialized before calling this function.

When using OpenSSL the following components need to be initialized:

SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms();

The following thread-safety callbacks also need to be set:

CRYPTO_set_locking_callback(…); CRYPTO_set_id_callback(…);

Returns:
Type Details
CassSsl *

Returns a SSL context that must be freed.

See Also:
void

cass_ssl_free

( ssl )

Frees a SSL context instance.

Parameters:
Name Type Details
in ssl
CassError

cass_ssl_add_trusted_cert

( ssl, cert )

Adds a trusted certificate. This is used to verify the peer’s certificate.

Parameters:
Name Type Details
in ssl
in cert

PEM formatted certificate string

Returns:
Type Details
CassError

CASS_OK if successful, otherwise an error occurred

CassError

cass_ssl_add_trusted_cert_n

( ssl, cert, cert_length )

Same as CassSsl::cass_ssl_add_trusted_cert, but with lengths for string parameters.

Parameters:
Name Type Details
in ssl
in cert
in cert_length
Returns:
Type Details
CassError

same as CassSsl::cass_ssl_add_trusted_cert

See Also:
void

cass_ssl_set_verify_flags

( ssl, flags )

Sets verification performed on the peer’s certificate.

CASS_SSL_VERIFY_NONE - No verification is performed CASS_SSL_VERIFY_PEER_CERT - Certificate is present and valid CASS_SSL_VERIFY_PEER_IDENTITY - IP address matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. CASS_SSL_VERIFY_PEER_IDENTITY_DNS - Hostname matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. Hostname resolution must also be enabled.

Default: CASS_SSL_VERIFY_PEER_CERT

Parameters:
Name Type Details
in ssl
in flags
Returns:
Type Details
void

CASS_OK if successful, otherwise an error occurred

See Also:
CassError

cass_ssl_set_cert

( ssl, cert )

Set client-side certificate chain. This is used to authenticate the client on the server-side. This should contain the entire Certificate chain starting with the certificate itself.

Parameters:
Name Type Details
in ssl
in cert

PEM formatted certificate string

Returns:
Type Details
CassError

CASS_OK if successful, otherwise an error occurred

CassError

cass_ssl_set_cert_n

( ssl, cert, cert_length )

Same as CassSsl::cass_ssl_set_cert, but with lengths for string parameters.

Parameters:
Name Type Details
in ssl
in cert
in cert_length
Returns:
Type Details
CassError

same as CassSsl::cass_ssl_set_cert

See Also:
CassError

cass_ssl_set_private_key

( ssl, key, password )

Set client-side private key. This is used to authenticate the client on the server-side.

Parameters:
Name Type Details
in ssl
in key

PEM formatted key string

in password

used to decrypt key

Returns:
Type Details
CassError

CASS_OK if successful, otherwise an error occurred

CassError

cass_ssl_set_private_key_n

( ssl, key, key_length, password, password_length )

Same as CassSsl::cass_ssl_set_private_key, but with lengths for string parameters.

Parameters:
Name Type Details
in ssl
in key
in key_length
in password
in password_length
Returns:
Type Details
CassError

same as CassSsl::cass_ssl_set_private_key

See Also: