TLS Client

Creating a TLS client is exactly the same process as a TCP client, except that an extra TlsClientConfig is required. For more details about TLS support and the configuration options, check the TLS general information page.

Examples

Certificate chain configuration

Rust
C
Java
C#

let ca_chain_tls_config = TlsClientConfig::new(
    "test.com",
    &Path::new("./certs/ca_chain/ca_cert.pem"),
    &Path::new("./certs/ca_chain/entity1_cert.pem"),
    &Path::new("./certs/ca_chain/entity1_key.pem"),
    None, // no password
    MinTlsVersion::V1_2,
    CertificateMode::AuthorityBased,
)?;
let tls_config = ca_chain_tls_config;

let mut channel = spawn_master_tls_client(
    LinkErrorMode::Close,
    get_master_channel_config()?,
    EndpointList::new("127.0.0.1:20001".to_owned(), &[]),
    tls_config,
    ConnectStrategy::default(),
    NullListener::create(),
);

dnp3_master_channel_t *channel = NULL;
dnp3_param_error_t err = DNP3_PARAM_ERROR_OK;

dnp3_tls_client_config_t ca_chain_tls_config = dnp3_tls_client_config_init(
    "test.com",
    "./certs/ca_chain/ca_cert.pem",
    "./certs/ca_chain/entity1_cert.pem",
    "./certs/ca_chain/entity1_key.pem",
    "" // no password
);
dnp3_tls_server_config_t tls_config = ca_chain_tls_config;
dnp3_endpoint_list_t *endpoints = dnp3_endpoint_list_new("127.0.0.1:20001");
err = dnp3_master_channel_create_tls(runtime, DNP3_LINK_ERROR_MODE_CLOSE, get_master_channel_config(), endpoints, tls_config, dnp3_connect_strategy_init(), get_client_state_listener(), &channel);
dnp3_endpoint_list_destroy(endpoints);
// check error

TlsClientConfig caChainTlsConfig =
    new TlsClientConfig(
        "test.com",
        "./certs/ca_chain/ca_cert.pem",
        "./certs/ca_chain/entity1_cert.pem",
        "./certs/ca_chain/entity1_key.pem",
        "" // no password
        );
TlsServerConfig tlsConfig = caChainTlsConfig;
MasterChannel channel =
    MasterChannel.createTlsChannel(
        runtime,
        LinkErrorMode.CLOSE,
        getMasterChannelConfig(),
        new EndpointList("127.0.0.1:20001"),
        tlsConfig,
        new ConnectStrategy(),
        new TestListener());

var caChainTlsConfig = new TlsClientConfig(
    "test.com",
    "./certs/ca_chain/ca_cert.pem",
    "./certs/ca_chain/entity1_cert.pem",
    "./certs/ca_chain/entity1_key.pem",
    "" // no password
);
var tlsConfig = caChainTlsConfig;
var channel = MasterChannel.CreateTlsChannel(
    runtime,
    LinkErrorMode.Close,
    GetMasterChannelConfig(),
    new EndpointList("127.0.0.1:20001"),
    tlsConfig,
    new ConnectStrategy(),
    new TestListener()
);

Self-signed certificate configuration

Rust
C
Java
C#

let self_signed_tls_config = TlsClientConfig::new(
    "test.com",
    &Path::new("./certs/self_signed/entity2_cert.pem"),
    &Path::new("./certs/self_signed/entity1_cert.pem"),
    &Path::new("./certs/self_signed/entity1_key.pem"),
    None, // no password
    MinTlsVersion::V1_2,
    CertificateMode::SelfSigned,
)?;
let tls_config = self_signed_tls_config;

let mut channel = spawn_master_tls_client(
    LinkErrorMode::Close,
    get_master_channel_config()?,
    EndpointList::new("127.0.0.1:20001".to_owned(), &[]),
    tls_config,
    ConnectStrategy::default(),
    NullListener::create(),
);

dnp3_master_channel_t *channel = NULL;
dnp3_param_error_t err = DNP3_PARAM_ERROR_OK;

dnp3_tls_client_config_t self_signed_tls_config = dnp3_tls_client_config_init(
    "test.com",
    "./certs/self_signed/entity2_cert.pem",
    "./certs/self_signed/entity1_cert.pem",
    "./certs/self_signed/entity1_key.pem",
    "" // no password
);
self_signed_tls_config.certificate_mode = DNP3_CERTIFICATE_MODE_SELF_SIGNED;
dnp3_tls_server_config_t tls_config = self_signed_tls_config;
dnp3_endpoint_list_t *endpoints = dnp3_endpoint_list_new("127.0.0.1:20001");
err = dnp3_master_channel_create_tls(runtime, DNP3_LINK_ERROR_MODE_CLOSE, get_master_channel_config(), endpoints, tls_config, dnp3_connect_strategy_init(), get_client_state_listener(), &channel);
dnp3_endpoint_list_destroy(endpoints);
// check error

TlsClientConfig selfSignedTlsConfig =
    new TlsClientConfig(
        "test.com",
        "./certs/self_signed/entity2_cert.pem",
        "./certs/self_signed/entity1_cert.pem",
        "./certs/self_signed/entity1_key.pem",
        "" // no password
        );
selfSignedTlsConfig.certificateMode = CertificateMode.SELF_SIGNED;
TlsServerConfig tlsConfig = selfSignedTlsConfig;
MasterChannel channel =
    MasterChannel.createTlsChannel(
        runtime,
        LinkErrorMode.CLOSE,
        getMasterChannelConfig(),
        new EndpointList("127.0.0.1:20001"),
        tlsConfig,
        new ConnectStrategy(),
        new TestListener());

var selfSignedTlsConfig = new TlsClientConfig(
    "test.com",
    "./certs/self_signed/ca_cert.pem",
    "./certs/self_signed/entity1_cert.pem",
    "./certs/self_signed/entity1_key.pem",
    "" // no password
);
selfSignedTlsConfig.CertificateMode = CertificateMode.SelfSigned;
var tlsConfig = selfSignedTlsConfig;
var channel = MasterChannel.CreateTlsChannel(
    runtime,
    LinkErrorMode.Close,
    GetMasterChannelConfig(),
    new EndpointList("127.0.0.1:20001"),
    tlsConfig,
    new ConnectStrategy(),
    new TestListener()
);

Examples​

Certificate chain configuration​

Self-signed certificate configuration​

Examples

Certificate chain configuration

Self-signed certificate configuration