net_ssl_c.h
Overview
Defines data structures for the C APIs of the SSL/TLS certificate chain verification module.
File to include: <network/netstack/net_ssl/net_ssl_c.h>
Library: libnet_ssl.so
System capability: SystemCapability.Communication.NetStack
Since: 11
Related module: netstack
Summary
Functions
| Name | Description |
|---|---|
| uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert) | Verifies the certificate chain. |
| int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin) | Obtains the certificate lock information. |
| int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs) | Obtains certificate information. |
| void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs) | Releases the certificate content. |
| int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted) | Boolean value indicating whether plaintext HTTP is allowed. |
| int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted) | Boolean value indicating whether host name–based plaintext HTTP is allowed. |
| int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *componentCfg) | Checks whether plaintext HTTP interception is enabled. |
Function Description
OH_NetStack_CertVerification()
uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert)
Description
Provides certificate chain verification APIs for external systems.
System capability: SystemCapability.Communication.NetStack
Since: 11
Parameters
| Name | Description |
|---|---|
| const struct NetStack_CertBlob *cert | Certificate to be verified. |
| const struct NetStack_CertBlob *caCert | Certificate specified by the user. If this parameter is left blank, the preset certificate is used for verification. |
Returns
| Type | Description |
|---|---|
| uint32_t | 0: Success. 2305001: Unknown error. 2305002: Failed to obtain the issuer certificate. 2305003: Failed to obtain the certificate revocation list (CRL). 2305004: Failed to decrypt the certificate signature. 2305005: Failed to decrypt the CRL signature. 2305006: Failed to decode the issuer public key. 2305007: Failed to sign the certificate. 2305008: Failed to sign the CRL. 2305009: Certificate not activated. 2305010: Certificate expired. 2305011: CRL not activated. 2305012: CRL expired. 2305023: Certificate revoked. 2305024: Invalid certificate authority (CA). 2305027: Untrusted certificate. |
OH_NetStack_GetPinSetForHostName()
int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin)
Description
Obtains the certificate lock information.
System capability: SystemCapability.Communication.NetStack
Since: 12
Parameters
| Name | Description |
|---|---|
| const char *hostname | Host name. |
| NetStack_CertificatePinning *pin | Defines the certificate lock information structure. |
Returns
| Type | Description |
|---|---|
| int32_t | 0: Success. 401: Parameter error. 2305999: Memory error. |
OH_NetStack_GetCertificatesForHostName()
int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs)
Description
Obtains the certificate information.
System capability: SystemCapability.Communication.NetStack
Since: 12
Parameters
| Name | Description |
|---|---|
| const char *hostname | Host name. |
| NetStack_Certificates *certs | Defines the certificate information structure. |
Returns
| Type | Description |
|---|---|
| int32_t | 0: Success. 401: Parameter error. 2305999: Memory error. |
OH_Netstack_DestroyCertificatesContent()
void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs)
Description
Releases the certificate content.
System capability: SystemCapability.Communication.NetStack
Since: 12
Parameters
| Name | Description |
|---|---|
| NetStack_Certificates *certs | Represents the certificate information. |
OH_Netstack_IsCleartextPermitted()
int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted)
Description
Boolean value indicating whether plaintext HTTP is allowed.
Required permission: ohos.permission.INTERNET
Since: 18
Parameters
| Name | Description |
|---|---|
| bool *isCleartextPermitted | Boolean value indicating whether plaintext HTTP is allowed. The value true means that plaintext HTTP is allowed, and the value false means the opposite. |
Returns
| Type | Description |
|---|---|
| int32_t | 0: Success. 201: Permission denied. 401: Parameter error. |
OH_Netstack_IsCleartextPermittedByHostName()
int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted)
Description
Boolean value indicating whether host name–based plaintext HTTP is allowed.
Required permission: ohos.permission.INTERNET
Since: 18
Parameters
| Name | Description |
|---|---|
| const char *hostname | Host name. |
| bool *isCleartextPermitted | Boolean value indicating whether host name–based plaintext HTTP is allowed. The value true means that host name–based plaintext HTTP is allowed, and the value false means the opposite. |
Returns
| Type | Description |
|---|---|
| int32_t | 0: Success. 201: Permission denied. 401: Parameter error. |
OH_Netstack_IsCleartextCfgByComponent
int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *componentCfg);
Description
Checks whether plaintext HTTP interception is enabled.
Since: 20
Parameters
| Name | Description |
|---|---|
| const char *component | Component name. The following components are supported: Network Kit and ArkWeb. |
| bool *componentCfg | Output parameter, which indicates whether plaintext HTTP interception is enabled. The value true indicates that plaintext HTTP interception is enabled, and the value false indicates the opposite. |
Returns
| Type | Description |
|---|---|
| int32_t | 0: Success. 2100001: Invalid parameter value. |