TLS Client
Creating a TLS client is exactly the same process as a TCP client,
except that an extra TlsClientConfig
is required. For more details about TLS support and the configuration options,
check the TLS general information page.
Examples
Certificate chain configuration
- Rust
- C
- C++
- Java
- C#
let tls_config = TlsClientConfig::full_pki(
Some("test.com".to_string()),
Path::new("./certs/ca_chain/ca_cert.pem"),
Path::new("./certs/ca_chain/client_cert.pem"),
Path::new("./certs/ca_chain/client_key.pem"),
None, // no password
MinTlsVersion::V1_2,
)?;
let channel = spawn_tls_client_task(
HostAddr::ip(IpAddr::V4(Ipv4Addr::LOCALHOST), 802),
1,
default_retry_strategy(),
tls_config,
DecodeLevel::new(
AppDecodeLevel::DataValues,
FrameDecodeLevel::Nothing,
PhysDecodeLevel::Nothing,
),
Some(Box::new(LoggingListener)),
);
rodbus_tls_client_config_t tls_config = rodbus_tls_client_config_init(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/client_cert.pem",
"./certs/ca_chain/client_key.pem",
"" // no password
);
rodbus_client_channel_t* channel = NULL;
rodbus_decode_level_t decode_level = rodbus_decode_level_nothing();
rodbus_param_error_t err = rodbus_client_channel_create_tls(runtime, "127.0.0.1", 802, 100, rodbus_retry_strategy_init(), tls_config, decode_level,
get_client_listener(), & channel);
if (err) {
printf("Unable to initialize channel: %s\n", rodbus_param_error_to_string(err));
return -1;
}
// check error
auto tls_config = rodbus::TlsClientConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/client_cert.pem",
"./certs/ca_chain/client_key.pem",
"" // no password
);
auto channel = rodbus::ClientChannel::create_tls(
runtime,
"127.0.0.1",
802,
100,
rodbus::RetryStrategy(),
tls_config,
rodbus::DecodeLevel::nothing(),
std::make_unique<PrintingClientStateListener>()
);
TlsClientConfig tlsConfig = new TlsClientConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/client_cert.pem",
"./certs/ca_chain/client_key.pem",
"" // no password
);
ClientChannel channel = ClientChannel.createTls(runtime, "127.0.0.1", ushort(802), ushort(100), new RetryStrategy(), tlsConfig, DecodeLevel.nothing(), new PrintingClientStateListener());
var tlsConfig = new TlsClientConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/client_cert.pem",
"./certs/ca_chain/client_key.pem",
"" // no password
);
var channel = ClientChannel.CreateTls(runtime, "127.0.0.1", 802, 100, new RetryStrategy(), tlsConfig, DecodeLevel.Nothing(), new ClientStateListener());
Self-signed certificate configuration
- Rust
- C
- C++
- Java
- C#
let tls_config = TlsClientConfig::self_signed(
Path::new("./certs/self_signed/entity2_cert.pem"),
Path::new("./certs/self_signed/entity1_cert.pem"),
Path::new("./certs/self_signed/entity1_key.pem"),
None, // no password
MinTlsVersion::V1_2,
)?;
let channel = spawn_tls_client_task(
HostAddr::ip(IpAddr::V4(Ipv4Addr::LOCALHOST), 802),
1,
default_retry_strategy(),
tls_config,
DecodeLevel::new(
AppDecodeLevel::DataValues,
FrameDecodeLevel::Nothing,
PhysDecodeLevel::Nothing,
),
Some(Box::new(LoggingListener)),
);
rodbus_tls_client_config_t tls_config = rodbus_tls_client_config_init(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
);
tls_config.certificate_mode = RODBUS_CERTIFICATE_MODE_SELF_SIGNED;
rodbus_client_channel_t* channel = NULL;
rodbus_decode_level_t decode_level = rodbus_decode_level_nothing();
rodbus_param_error_t err = rodbus_client_channel_create_tls(runtime, "127.0.0.1", 802, 100, rodbus_retry_strategy_init(), tls_config, decode_level,
get_client_listener(), & channel);
if (err) {
printf("Unable to initialize channel: %s\n", rodbus_param_error_to_string(err));
return -1;
}
// check error
auto tls_config = rodbus::TlsClientConfig(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
);
tls_config.certificate_mode = rodbus::CertificateMode::self_signed;
auto channel = rodbus::ClientChannel::create_tls(
runtime,
"127.0.0.1",
802,
100,
rodbus::RetryStrategy(),
tls_config,
rodbus::DecodeLevel::nothing(),
std::make_unique<PrintingClientStateListener>()
);
TlsClientConfig tlsConfig = new TlsClientConfig(
"test.com",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
).withCertificateMode(CertificateMode.SELF_SIGNED);
ClientChannel channel = ClientChannel.createTls(runtime, "127.0.0.1", ushort(802), ushort(100), new RetryStrategy(), tlsConfig, DecodeLevel.nothing(), new PrintingClientStateListener());
var tlsConfig = new TlsClientConfig(
"test.com",
"./certs/self_signed/ca_cert.pem",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity1_key.pem",
"" // no password
).WithCertificateMode(CertificateMode.SelfSigned);
var channel = ClientChannel.CreateTls(runtime, "127.0.0.1", 802, 100, new RetryStrategy(), tlsConfig, DecodeLevel.Nothing(), new ClientStateListener());