Describes the SSL configuration of a cluster.
Creates a new SSL context.
Creates a new SSL context without initializing the underlying library implementation. The integrating application is responsible for initializing the underlying SSL implementation. The driver uses the SSL implmentation from several threads concurrently so it’s important that it’s properly setup for multithreaded use e.g. lock callbacks for OpenSSL.
Important: The SSL library must be initialized before calling this function.
When using OpenSSL the following components need to be initialized:
SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms();
The following thread-safety callbacks also need to be set:
cass_ssl_free( ssl )
Frees a SSL context instance.
cass_ssl_add_trusted_cert( ssl, cert )
Adds a trusted certificate. This is used to verify the peer’s certificate.
cass_ssl_add_trusted_cert_n( ssl, cert, cert_length )
CassSsl::cass_ssl_add_trusted_cert, but with lengths for string parameters.
cass_ssl_set_verify_flags( ssl, flags )
Sets verification performed on the peer’s certificate.
CASS_SSL_VERIFY_NONE - No verification is performed CASS_SSL_VERIFY_PEER_CERT - Certificate is present and valid CASS_SSL_VERIFY_PEER_IDENTITY - IP address matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. CASS_SSL_VERIFY_PEER_IDENTITY_DNS - Hostname matches the certificate’s common name or one of its subject alternative names. This implies the certificate is also present. Hostname resolution must also be enabled.
cass_ssl_set_cert( ssl, cert )
Set client-side certificate chain. This is used to authenticate the client on the server-side. This should contain the entire Certificate chain starting with the certificate itself.
cass_ssl_set_cert_n( ssl, cert, cert_length )
CassSsl::cass_ssl_set_cert, but with lengths for string parameters.
cass_ssl_set_private_key( ssl, key, password )
Set client-side private key. This is used to authenticate the client on the server-side.