aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
|
#include <TlsOptions.h>
Public Member Functions | |
TlsContextOptions () noexcept | |
virtual | ~TlsContextOptions () |
TlsContextOptions (const TlsContextOptions &) noexcept=delete | |
TlsContextOptions & | operator= (const TlsContextOptions &) noexcept=delete |
TlsContextOptions (TlsContextOptions &&) noexcept | |
TlsContextOptions & | operator= (TlsContextOptions &&) noexcept |
operator bool () const noexcept | |
int | LastError () const noexcept |
bool | SetAlpnList (const char *alpnList) noexcept |
void | SetVerifyPeer (bool verifyPeer) noexcept |
void | SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion) |
bool | OverrideDefaultTrustStore (const char *caPath, const char *caFile) noexcept |
bool | OverrideDefaultTrustStore (const ByteCursor &ca) noexcept |
Static Public Member Functions | |
static TlsContextOptions | InitDefaultClient (Allocator *allocator=g_allocator) noexcept |
static TlsContextOptions | InitClientWithMtls (const char *cert_path, const char *pkey_path, Allocator *allocator=g_allocator) noexcept |
static TlsContextOptions | InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=g_allocator) noexcept |
static TlsContextOptions | InitClientWithMtlsPkcs11 (const TlsContextPkcs11Options &pkcs11Options, Allocator *allocator=g_allocator) noexcept |
static bool | IsAlpnSupported () noexcept |
Friends | |
class | TlsContext |
Top-level tls configuration options. These options are used to create a context from which per-connection TLS contexts can be created.
|
noexcept |
|
virtual |
|
deletenoexcept |
|
noexcept |
|
staticnoexcept |
Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.
cert | Certificate contents in memory. |
pkey | Private key contents in memory. |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.
cert_path | Path to certificate file. |
pkey_path | Path to private key file. |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions with secure by default options, using a PKCS#11 library for private key operations.
NOTE: This configuration only works on Unix devices.
pkcs11Options | PKCS#11 options |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions with secure by default options, with no client certificates.
|
staticnoexcept |
|
noexcept |
|
inlineexplicitnoexcept |
|
deletenoexcept |
|
noexcept |
|
noexcept |
Overrides the default system trust store.
ca | PEM armored chain of trusted CA certificates. |
|
noexcept |
Overrides the default system trust store.
caPath | Path to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object. |
caFile | Path to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object. |
|
noexcept |
Sets the list of alpn protocols.
alpnList | List of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object. |
void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion | ( | aws_tls_versions | minimumTlsVersion | ) |
Sets the minimum TLS version allowed.
minimumTlsVersion | The minimum TLS version. |
|
noexcept |
In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.
In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.
|
friend |