TLS Client

Creating a TLS client is exactly the same process as a TCP client, except that an extra TlsClientConfig is required. For more details about TLS support and the configuration options, check the TLS general information page.

Examples

Certificate chain configuration

Rust
C
C++
Java
C#

let tls_config = TlsClientConfig::full_pki(
    Some("test.com".to_string()),
    Path::new("./certs/ca_chain/ca_cert.pem"),
    Path::new("./certs/ca_chain/client_cert.pem"),
    Path::new("./certs/ca_chain/client_key.pem"),
    None, // no password
    MinTlsVersion::V1_2,
)?;

let channel = spawn_tls_client_task(
    HostAddr::ip(IpAddr::V4(Ipv4Addr::LOCALHOST), 802),
    1,
    default_retry_strategy(),
    tls_config,
    DecodeLevel::new(
        AppDecodeLevel::DataValues,
        FrameDecodeLevel::Nothing,
        PhysDecodeLevel::Nothing,
    ),
    Some(Box::new(LoggingListener)),
);

rodbus_tls_client_config_t tls_config = rodbus_tls_client_config_init(
    "test.com",
    "./certs/ca_chain/ca_cert.pem",
    "./certs/ca_chain/client_cert.pem",
    "./certs/ca_chain/client_key.pem",
    "" // no password
);

rodbus_client_channel_t* channel = NULL;
rodbus_decode_level_t decode_level = rodbus_decode_level_nothing();
rodbus_param_error_t err = rodbus_client_channel_create_tls(runtime, "127.0.0.1", 802, 100, rodbus_retry_strategy_init(), tls_config, decode_level,
                                                            get_client_listener(), & channel);
if (err) {
    printf("Unable to initialize channel: %s\n", rodbus_param_error_to_string(err));
    return -1;
}
// check error

auto tls_config = rodbus::TlsClientConfig(
    "test.com",
    "./certs/ca_chain/ca_cert.pem",
    "./certs/ca_chain/client_cert.pem",
    "./certs/ca_chain/client_key.pem",
    "" // no password
);

auto channel = rodbus::ClientChannel::create_tls(
    runtime,
    "127.0.0.1",
    802,
    100,
    rodbus::RetryStrategy(),
    tls_config,
    rodbus::DecodeLevel::nothing(),
    std::make_unique<PrintingClientStateListener>()
);

TlsClientConfig tlsConfig = new TlsClientConfig(
        "test.com",
        "./certs/ca_chain/ca_cert.pem",
        "./certs/ca_chain/client_cert.pem",
        "./certs/ca_chain/client_key.pem",
        "" // no password
);

ClientChannel channel = ClientChannel.createTls(runtime, "127.0.0.1", ushort(802), ushort(100), new RetryStrategy(), tlsConfig, DecodeLevel.nothing(), new PrintingClientStateListener());

var tlsConfig = new TlsClientConfig(
    "test.com",
    "./certs/ca_chain/ca_cert.pem",
    "./certs/ca_chain/client_cert.pem",
    "./certs/ca_chain/client_key.pem",
    "" // no password
);

var channel = ClientChannel.CreateTls(runtime, "127.0.0.1", 802, 100, new RetryStrategy(), tlsConfig, DecodeLevel.Nothing(), new ClientStateListener());

Self-signed certificate configuration

Rust
C
C++
Java
C#

let tls_config = TlsClientConfig::self_signed(
    Path::new("./certs/self_signed/entity2_cert.pem"),
    Path::new("./certs/self_signed/entity1_cert.pem"),
    Path::new("./certs/self_signed/entity1_key.pem"),
    None, // no password
    MinTlsVersion::V1_2,
)?;

let channel = spawn_tls_client_task(
    HostAddr::ip(IpAddr::V4(Ipv4Addr::LOCALHOST), 802),
    1,
    default_retry_strategy(),
    tls_config,
    DecodeLevel::new(
        AppDecodeLevel::DataValues,
        FrameDecodeLevel::Nothing,
        PhysDecodeLevel::Nothing,
    ),
    Some(Box::new(LoggingListener)),
);

rodbus_tls_client_config_t tls_config = rodbus_tls_client_config_init(
    "test.com",
    "./certs/self_signed/entity2_cert.pem",
    "./certs/self_signed/entity1_cert.pem",
    "./certs/self_signed/entity1_key.pem",
    "" // no password
);
tls_config.certificate_mode = RODBUS_CERTIFICATE_MODE_SELF_SIGNED;

rodbus_client_channel_t* channel = NULL;
rodbus_decode_level_t decode_level = rodbus_decode_level_nothing();
rodbus_param_error_t err = rodbus_client_channel_create_tls(runtime, "127.0.0.1", 802, 100, rodbus_retry_strategy_init(), tls_config, decode_level,
                                                            get_client_listener(), & channel);
if (err) {
    printf("Unable to initialize channel: %s\n", rodbus_param_error_to_string(err));
    return -1;
}
// check error

auto tls_config = rodbus::TlsClientConfig(
    "test.com",
    "./certs/self_signed/entity2_cert.pem",
    "./certs/self_signed/entity1_cert.pem",
    "./certs/self_signed/entity1_key.pem",
    "" // no password
);
tls_config.certificate_mode = rodbus::CertificateMode::self_signed;

auto channel = rodbus::ClientChannel::create_tls(
    runtime,
    "127.0.0.1",
    802,
    100,
    rodbus::RetryStrategy(),
    tls_config,
    rodbus::DecodeLevel::nothing(),
    std::make_unique<PrintingClientStateListener>()
);

TlsClientConfig tlsConfig = new TlsClientConfig(
        "test.com",
        "./certs/self_signed/entity2_cert.pem",
        "./certs/self_signed/entity1_cert.pem",
        "./certs/self_signed/entity1_key.pem",
        "" // no password
).withCertificateMode(CertificateMode.SELF_SIGNED);

ClientChannel channel = ClientChannel.createTls(runtime, "127.0.0.1", ushort(802), ushort(100), new RetryStrategy(), tlsConfig, DecodeLevel.nothing(), new PrintingClientStateListener());

var tlsConfig = new TlsClientConfig(
    "test.com",
    "./certs/self_signed/ca_cert.pem",
    "./certs/self_signed/entity1_cert.pem",
    "./certs/self_signed/entity1_key.pem",
    "" // no password
).WithCertificateMode(CertificateMode.SelfSigned);

var channel = ClientChannel.CreateTls(runtime, "127.0.0.1", 802, 100, new RetryStrategy(), tlsConfig, DecodeLevel.Nothing(), new ClientStateListener());

Examples​

Certificate chain configuration​

Self-signed certificate configuration​

Examples

Certificate chain configuration

Self-signed certificate configuration