• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# net_ssl_c.h
2
3## Overview
4
5Defines data structures for the C APIs of the SSL/TLS certificate chain verification module.
6
7**File to include**: <network/netstack/net_ssl/net_ssl_c.h>
8
9**Library**: libnet_ssl.so
10
11**System capability**: SystemCapability.Communication.NetStack
12
13**Since**: 11
14
15**Related module**: [netstack](capi-netstack.md)
16
17## Summary
18
19### Functions
20
21| Name| Description|
22| -- | -- |
23| [uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert)](#oh_netstack_certverification) | Verifies the certificate chain.|
24| [int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin)](#oh_netstack_getpinsetforhostname) | Obtains the certificate lock information.|
25| [int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs)](#oh_netstack_getcertificatesforhostname) | Obtains certificate information.|
26| [void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs)](#oh_netstack_destroycertificatescontent) | Releases the certificate content.|
27| [int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted)](#oh_netstack_iscleartextpermitted) | Boolean value indicating whether plaintext HTTP is allowed.|
28| [int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted)](#oh_netstack_iscleartextpermittedbyhostname) | Boolean value indicating whether host name–based plaintext HTTP is allowed.|
29
30
31## Function Description
32
33### OH_NetStack_CertVerification()
34
35```
36uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert)
37```
38
39**Description**
40
41Provides certificate chain verification APIs for external systems.
42
43**System capability**: SystemCapability.Communication.NetStack
44
45**Since**: 11
46
47
48**Parameters**
49
50| Name| Description|
51| -- | -- |
52| [const struct NetStack_CertBlob](capi-netstack-netstack-certblob.md) *cert | Certificate to be verified.|
53| [const struct NetStack_CertBlob](capi-netstack-netstack-certblob.md) *caCert |   Certificate specified by the user. If this parameter is left blank, the preset certificate is used for verification.|
54
55**Returns**
56
57| Type| Description|
58| -- | -- |
59| uint32_t | **0**: Success.<br> **2305001**: Unknown error.<br> **2305002**: Failed to obtain the issuer certificate.<br> **2305003**: Failed to obtain the certificate revocation list (CRL).<br> **2305004**: Failed to decrypt the certificate signature.<br> **2305005**: Failed to decrypt the CRL signature.<br> **2305006**: Failed to decode the issuer public key.<br> **2305007**: Failed to sign the certificate.<br> **2305008**: Failed to sign the CRL.<br> **2305009**: Certificate not activated.<br> **2305010**: Certificate expired.<br> **2305011**: CRL not activated.<br> **2305012**: CRL expired.<br> **2305023**: Certificate revoked.<br> **2305024**: Invalid certificate authority (CA).<br> **2305027**: Untrusted certificate.|
60
61### OH_NetStack_GetPinSetForHostName()
62
63```
64int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin)
65```
66
67**Description**
68
69Obtains the certificate lock information.
70
71**System capability**: SystemCapability.Communication.NetStack
72
73**Since**: 12
74
75
76**Parameters**
77
78| Name| Description|
79| -- | -- |
80| const char *hostname | Host name.|
81| [NetStack_CertificatePinning](capi-netstack-netstack-certificatepinning.md) *pin | Defines the certificate lock information structure.|
82
83**Returns**
84
85| Type| Description|
86| -- | -- |
87| int32_t | **0**: Success.<br>         **401**: Parameter error.<br>         **2305999**: Memory error.|
88
89### OH_NetStack_GetCertificatesForHostName()
90
91```
92int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs)
93```
94
95**Description**
96
97Obtains the certificate information.
98
99**System capability**: SystemCapability.Communication.NetStack
100
101**Since**: 12
102
103
104**Parameters**
105
106| Name| Description|
107| -- | -- |
108| const char *hostname | Host name.|
109| [NetStack_Certificates](capi-netstack-netstack-certificates.md) *certs | Defines the certificate information structure.|
110
111**Returns**
112
113| Type| Description|
114| -- | -- |
115| int32_t | **0**: Success.<br>         **401**: Parameter error.<br>         **2305999**: Memory error.|
116
117### OH_Netstack_DestroyCertificatesContent()
118
119```
120void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs)
121```
122
123**Description**
124
125Releases the certificate content.
126
127**System capability**: SystemCapability.Communication.NetStack
128
129**Since**: 12
130
131
132**Parameters**
133
134| Name| Description|
135| -- | -- |
136| [NetStack_Certificates](capi-netstack-netstack-certificates.md) *certs | Represents the certificate information.|
137
138### OH_Netstack_IsCleartextPermitted()
139
140```
141int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted)
142```
143
144**Description**
145
146Boolean value indicating whether plaintext HTTP is allowed.
147
148**Required permission**: ohos.permission.INTERNET
149
150**Since**: 18
151
152
153**Parameters**
154
155| Name| Description|
156| -- | -- |
157| bool *isCleartextPermitted | Boolean value indicating whether plaintext HTTP is allowed. The value **true** means that plaintext HTTP is allowed, and the value **false** means the opposite.|
158
159**Returns**
160
161| Type| Description|
162| -- | -- |
163| int32_t | **0**: Success.<br>         **201**: Permission denied.<br>         **401**: Parameter error.|
164
165### OH_Netstack_IsCleartextPermittedByHostName()
166
167```
168int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted)
169```
170
171**Description**
172
173Boolean value indicating whether host name–based plaintext HTTP is allowed.
174
175**Required permission**: ohos.permission.INTERNET
176
177**Since**: 18
178
179
180**Parameters**
181
182| Name| Description|
183| -- | -- |
184| const char *hostname | Host name.|
185| bool *isCleartextPermitted | Boolean value indicating whether host name–based plaintext HTTP is allowed. The value **true** means that host name–based plaintext HTTP is allowed, and the value **false** means the opposite.|
186
187**Returns**
188
189| Type| Description|
190| -- | -- |
191| int32_t | **0**: Success.<br>         **201**: Permission denied.<br>         **401**: Parameter error.|
192