TLS Client
Creating a TLS client is exactly the same process as a TCP client,
except that an extra TlsClientConfig is required. For more details about TLS support and the configuration options,
check the TLS general information page.
Examples
Certificate Authority-based configuration
- Rust
- C
- C++
- Java
- C#
let config = TlsClientConfig::new(
"test.com",
&Path::new("./certs/ca_chain/ca_cert.pem"),
&Path::new("./certs/ca_chain/entity1_cert.pem"),
&Path::new("./certs/ca_chain/entity1_key.pem"),
None, // no password
MinTlsVersion::V12,
CertificateMode::AuthorityBased,
)?;
let channel = spawn_master_tls_client(
LinkErrorMode::Close,
get_master_channel_config()?,
EndpointList::new("127.0.0.1:20001".to_owned(), &[]),
ConnectStrategy::default(),
NullListener::create(),
tls_config,
);
dnp3_tls_client_config_t config = dnp3_tls_client_config_init(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity1_cert.pem",
"./certs/ca_chain/entity1_key.pem",
"" // no password
);
dnp3_master_channel_t *channel = NULL;
dnp3_endpoint_list_t *endpoints = dnp3_endpoint_list_create("127.0.0.1:20001");
dnp3_param_error_t err = dnp3_master_channel_create_tls(
runtime,
DNP3_LINK_ERROR_MODE_CLOSE,
get_master_channel_config(),
endpoints,
dnp3_connect_strategy_init(),
get_client_state_listener(),
tls_config,
&channel
);
dnp3_endpoint_list_destroy(endpoints);
// check error
// defaults to CA mode
dnp3::TlsClientConfig config(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity1_cert.pem",
"./certs/ca_chain/entity1_key.pem",
"" // no password
);
dnp3::EndpointList endpoints(std::string("127.0.0.1:20001"));
auto channel = dnp3::MasterChannel::create_tls_channel(
runtime,
dnp3::LinkErrorMode::close,
get_master_channel_config(),
endpoints,
dnp3::ConnectStrategy(),
std::make_unique<ClientStateListener>(),
tls_config
);
TlsClientConfig config =
new TlsClientConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity1_cert.pem",
"./certs/ca_chain/entity1_key.pem",
"" // no password
);
MasterChannel channel =
MasterChannel.createTlsChannel(
runtime,
LinkErrorMode.CLOSE,
getMasterChannelConfig(),
new EndpointList("127.0.0.1:20001"),
new ConnectStrategy(),
new TestClientStateListener(),
tlsConfig);
// defaults to CA mode
var config = new TlsClientConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity1_cert.pem",
"./certs/ca_chain/entity1_key.pem",
"" // no password
);
var channel = MasterChannel.CreateTlsChannel(
runtime,
LinkErrorMode.Close,
GetMasterChannelConfig(),
new EndpointList("127.0.0.1:20001"),
new ConnectStrategy(),
new TestClientStateListener(),
tlsConfig
);
Self-signed certificate configuration
- Rust
- C
- C++
- Java
- C#
let config = TlsClientConfig::new(
"test.com",
&Path::new("./certs/self_signed/entity2_cert.pem"),
&Path::new("./certs/self_signed/entity1_cert.pem"),
&Path::new("./certs/self_signed/entity1_key.pem"),
None, // no password
MinTlsVersion::V12,
CertificateMode::SelfSigned,
)?;
let channel = spawn_master_tls_client(
LinkErrorMode::Close,
get_master_channel_config()?,
EndpointList::new("127.0.0.1:20001".to_owned(), &[]),
ConnectStrategy::default(),
NullListener::create(),
tls_config,
);
dnp3_tls_client_config_t config = dnp3_tls_client_config_init(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
);
config.certificate_mode = DNP3_CERTIFICATE_MODE_SELF_SIGNED;
dnp3_master_channel_t *channel = NULL;
dnp3_endpoint_list_t *endpoints = dnp3_endpoint_list_create("127.0.0.1:20001");
dnp3_param_error_t err = dnp3_master_channel_create_tls(
runtime,
DNP3_LINK_ERROR_MODE_CLOSE,
get_master_channel_config(),
endpoints,
dnp3_connect_strategy_init(),
get_client_state_listener(),
tls_config,
&channel
);
dnp3_endpoint_list_destroy(endpoints);
// check error
dnp3::TlsClientConfig config(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
);
config.certificate_mode = dnp3::CertificateMode::self_signed;
dnp3::EndpointList endpoints(std::string("127.0.0.1:20001"));
auto channel = dnp3::MasterChannel::create_tls_channel(
runtime,
dnp3::LinkErrorMode::close,
get_master_channel_config(),
endpoints,
dnp3::ConnectStrategy(),
std::make_unique<ClientStateListener>(),
tls_config
);
TlsClientConfig config =
new TlsClientConfig(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
).withCertificateMode(CertificateMode.SELF_SIGNED);
MasterChannel channel =
MasterChannel.createTlsChannel(
runtime,
LinkErrorMode.CLOSE,
getMasterChannelConfig(),
new EndpointList("127.0.0.1:20001"),
new ConnectStrategy(),
new TestClientStateListener(),
tlsConfig);
var config = new TlsClientConfig(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
).WithCertificateMode(CertificateMode.SelfSigned);
var channel = MasterChannel.CreateTlsChannel(
runtime,
LinkErrorMode.Close,
GetMasterChannelConfig(),
new EndpointList("127.0.0.1:20001"),
new ConnectStrategy(),
new TestClientStateListener(),
tlsConfig
);