soConfigTLS (Function)

Top Previous Next

The soConfigTLS function enables or disables the use of a secure TLS connection for a socket.

The secure TLS (TLS v1.2, v1.1 or 1.0) connection can be established assuming that a matching X509 certificate(s) is present.

If a connection is present when the function is called, the secure connection will be established immediately.

Otherwise the secure connection will be established together with the socket connection. (in the soConnect or soAccept functions)

Using TLS as a client:

1. Ensure the root certificate needed to verify the server is present.

2. Set enable := TRUE' when calling soConfigTLS.

If client verification is required by server then:

1. Ensure the client certificate needed to verify the device is present.

2. Set 'certificate' and 'password' according to the installed client certificate when calling soConfigTLS.

1. Ensure the server certificate used to create the secure connection, and identify the device, is present.

2. Set enable := TRUE' when calling soConfigTLS.

3. Set 'certificate' and 'password' according to the installed server certificate when calling soConfigTLS.

To enable verification of the connecting client(s):

1. Ensure the root certificate needed to verify the connecting client is present.

2. Set 'peer_cert := TRUE' when calling soConfigTLS.

Input:

socket : SYSHANDLE

Handle to the socket.

enable : BOOL

TRUE:	Enable secure TLS connection.
FALSE:	Disable secure TLS connection.

peer_cert : BOOL

TRUE:	A client certificate is required by incoming connections.
FALSE:	Incoming connections do not require a client certificate..

Only used if listening for incoming connections.

certificate : STRING

The certificate to use for the secure connections.

Only include if listening for incoming connections, or if the server require clients to include a certificate.

password : STRING

The password for the certificate if required.

Returns: INT

1	- Success.
0	- The function is not supported.
-1	- The handle is not a valid socket.
-2	- One or more parameters are illegal.
-3	- The socket is closed.
-5	- The socket does not support this action.
- 10	- Timeout establishing the secure connection.
-17	- Generic error.
-19	- TLS is already enabled in socket.
-101	- The certificate can not be validated.
-102	- The certificate is expired or not yet valid.
-103	- The root certificate cannot be validated.
-104	- The client did not send a certificate.
-105	- The TLS handshake failed.
-106	- Configuration of CA certificate failed.
-107	- Configuration of certificate failed.
-108	- Configuration of certificate key failed.
-109	- Configuration of TLS failed.

Declaration:

FUNCTION soConfigTLS : INT;
VAR_INPUT
socket : SYSHANDLE;
enable : BOOL;
peer_cert : BOOL;
certificate : STRING;
password : STRING;
END_VAR;

Example: