VLink  2.0.0
A high-performance communication middleware
ssl_options.h File Reference

Backend-neutral SSL / TLS settings shared by all VLink transports that support encryption. More...

#include <string>
#include "../base/macros.h"
#include "./conf.h"
Include dependency graph for ssl_options.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  vlink::SslOptions
 Aggregate of SSL / TLS settings for transport-layer encryption. More...
 

Namespaces

 

Detailed Description

Backend-neutral SSL / TLS settings shared by all VLink transports that support encryption.

This is an internal implementation header used by NodeImpl and by every transport backend that supports TLS; user code typically interacts with SslOptions through Node::set_ssl_options(). The struct is a thin aggregate that the transport factory translates into the ssl.* property convention used during connection setup.

Native mechanism per backend
Backend Underlying TLS mechanism
MQTT MQTTClient_SSLOptions (Paho C); auto promotes tcp:// to ssl://
DDS TCPv4TransportDescriptor::tls_config (Fast-DDS)
CycloneDDS ddsi_config SSL fields (requires DDS_HAS_SSL)
Zenoh transport/link/tls config keys (zenoh-c, not zenoh-pico)
SSL options table
Field Property key Description
ca_file ssl.ca CA certificate file path (PEM).
cert_file ssl.cert Client certificate file path (PEM).
key_file ssl.key Client private key file path (PEM).
key_password ssl.key_password Passphrase for an encrypted private key.
verify_peer ssl.verify "0" to skip server verification.
server_name ssl.server_name SNI override.
ciphers ssl.ciphers Cipher suite string (OpenSSL format).
Environment variable defaults
The factory consults these variables when the matching property is not set; explicit properties always win.
Environment variable Property key
VLINK_SSL_CA ssl.ca
VLINK_SSL_CERT ssl.cert
VLINK_SSL_KEY ssl.key
VLINK_SSL_KEY_PASS ssl.key_password
VLINK_SSL_VERIFY ssl.verify
VLINK_SSL_SNI ssl.server_name
VLINK_SSL_CIPHERS ssl.ciphers
Auto-detection
TLS is considered active when ca_file or cert_file is non-empty; there is no separate enable flag. On DDS / CycloneDDS, activating TLS also forces the TCP transport because TLS rides over TCP.
Example
// --- Through the public Node API ---
vlink::Publisher<MyMsg> pub("mqtt://sensor/data");
ssl.ca_file = "/etc/certs/ca.pem";
ssl.cert_file = "/etc/certs/client.pem";
ssl.key_file = "/etc/certs/client-key.pem";
pub.set_ssl_options(ssl);
// --- Through set_property ---
pub.set_property("ssl.ca", "/etc/certs/ca.pem");
// --- Through global property ---
vlink::MqttConf::set_global_property("ssl.ca", "/etc/certs/ca.pem");
// --- Through environment ---
// export VLINK_SSL_CA=/etc/certs/ca.pem
Note
  • Zenoh-pico (VLINK_ENABLE_ZENOH_PICO) does not support TLS; SSL properties trigger a warning.
  • CycloneDDS requires DDS_HAS_SSL at compile time; if the feature was not compiled in, SSL properties also trigger a warning.