Struct TCPTransportDescriptor::TLSConfig

Nested Relationships

This struct is a nested type of Struct TCPTransportDescriptor.

Struct Documentation

struct TLSConfig

TLS Configuration

  • password: password of the private_key_file or rsa_private_key_file.

  • private_key_file: path to the private key certificate file.

  • rsa_private_key_file: path to the private key RSA certificate file.

  • cert_chain_file: path to the public certificate chain file.

  • tmp_dh_file: path to the Diffie-Hellman parameters file.

  • verify_file: path to the CA (Certification-Authority) file.

  • verify_mode: establishes the verification mode mask.

  • options: establishes the SSL Context options mask.

  • verify_paths: paths where the system will look for verification files.

  • default_verify_path: look for verification files on the default paths.

  • handshake_role: role that the transport will take on handshaking.

  • server_name: server name or host name required in case Server Name Indication (SNI) is used.

Public Types

enum TLSOptions

Supported TLS features. Several options can be combined in the same TransportDescriptor using the add_option() member function.

  • DEFAULT_WORKAROUNDS: implement various bug workarounds.

  • NO_COMPRESSION: disable compression.

  • NO_SSLV2: disable SSL v2.

  • NO_SSLV3: disable SSL v3.

  • NO_TLSV1: disable TLS v1.

  • NO_TLSV1_1: disable TLS v1.1.

  • NO_TLSV1_2: disable TLS v1.2.

  • NO_TLSV1_3: disable TLS v1.3.

  • SINGLE_DH_USE: always create a new key using Diffie-Hellman parameters.

Values:

enumerator NONE
enumerator DEFAULT_WORKAROUNDS
enumerator NO_COMPRESSION
enumerator NO_SSLV2
enumerator NO_SSLV3
enumerator NO_TLSV1
enumerator NO_TLSV1_1
enumerator NO_TLSV1_2
enumerator NO_TLSV1_3
enumerator SINGLE_DH_USE
enum TLSVerifyMode

Peer node verification options. Several verification options can be combined in the same TransportDescriptor using the add_verify_mode() member function.

  • VERIFY_NONE: perform no verification.

  • VERIFY_PEER: perform verification of the peer.

  • VERIFY_FAIL_IF_NO_PEER_CERT: fail verification if the peer has no certificate. Ignored unless VERIFY_PEER is also set.

  • VERIFY_CLIENT_ONCE: do not request client certificate on renegotiation. Ignored unless VERIFY_PEER is also set.

Values:

enumerator UNUSED
enumerator VERIFY_NONE
enumerator VERIFY_PEER
enumerator VERIFY_FAIL_IF_NO_PEER_CERT
enumerator VERIFY_CLIENT_ONCE
enum TLSHandShakeRole

Role that the transport will take on handshaking.

  • DEFAULT: configured as client if connector, and as server if acceptor.

  • CLIENT: configured as client.

  • SERVER: configured as server.

Values:

enumerator DEFAULT
enumerator CLIENT
enumerator SERVER

Public Functions

inline void add_verify_mode(const TLSVerifyMode verify)

Add verification modes to the verification mode mask.

inline bool get_verify_mode(const TLSVerifyMode verify) const

Get the verification mode mask.

inline void add_option(const TLSOptions option)

Add TLS features to the SSL Context options mask.

inline bool get_option(const TLSOptions option) const

Get the SSL Context options mask.

inline bool operator==(const TLSConfig &t) const

Comparison operator.

Public Members

std::string password

Password of the private_key_file or rsa_private_key_file.

uint32_t options = TLSOptions::NONE

SSL context options mask.

std::string cert_chain_file

Path to the public certificate chain file.

std::string private_key_file

Path to the private key certificate file.

std::string tmp_dh_file

Path to the Diffie-Hellman parameters file.

std::string verify_file

Path to the CA (Certification-Authority) file.

uint8_t verify_mode = TLSVerifyMode::UNUSED

Verification mode mask.

std::vector<std::string> verify_paths

Paths where the system will look for verification files.

bool default_verify_path = false

Look for verification files on the default paths.

int32_t verify_depth = -1

Maximum allowed depth for verifying intermediate certificates. Do not override.

std::string rsa_private_key_file

Path to the private key RSA certificate file.

TLSHandShakeRole handshake_role = TLSHandShakeRole::DEFAULT

Role that the transport will take on handshaking.

std::string server_name

Server name or host name required in case Server Name Indication (SNI) is used.