VLink  2.0.0
A high-performance communication middleware
vlink::SslOptions Struct Referencefinal

Aggregate of SSL / TLS settings for transport-layer encryption. More...

#include <ssl_options.h>

Collaboration diagram for vlink::SslOptions:

Public Member Functions

 SslOptions () noexcept=default
 Default-constructs an empty options aggregate. More...
 
 ~SslOptions () noexcept=default
 Default destructor. More...
 
bool is_valid () const noexcept
 Reports whether the configuration is sufficient to enable TLS. More...
 
void parse_to (Conf::PropertiesMap &properties) const noexcept
 Writes non-default fields back into properties as ssl.* entries. More...
 

Static Public Member Functions

static SslOptions parse_from (const Conf::PropertiesMap &properties) noexcept
 Reads ssl.* entries from properties (and the environment) into a new instance. More...
 

Public Attributes

bool verify_peer {true}
 Whether the server certificate must be validated. More...
 
std::string ca_file
 Path to the CA certificate (PEM) used to validate the peer. More...
 
std::string cert_file
 Path to the client certificate (PEM) used for mutual TLS. More...
 
std::string key_file
 Path to the client private key (PEM) accompanying cert_file. More...
 
std::string key_password
 Passphrase for an encrypted private key. More...
 
std::string server_name
 Server Name Indication (SNI) override. More...
 
std::string ciphers
 Cipher suite string passed verbatim to the TLS implementation. More...
 

Detailed Description

Aggregate of SSL / TLS settings for transport-layer encryption.

The struct can be either populated by hand and passed to Node::set_ssl_options(), or constructed from a Conf::PropertiesMap via parse_from() / written back via parse_to(). An instance is considered to enable TLS when ca_file or cert_file is non-empty.

Constructor & Destructor Documentation

◆ SslOptions()

vlink::SslOptions::SslOptions ( )
defaultnoexcept

Default-constructs an empty options aggregate.

◆ ~SslOptions()

vlink::SslOptions::~SslOptions ( )
defaultnoexcept

Default destructor.

Member Function Documentation

◆ is_valid()

bool vlink::SslOptions::is_valid ( ) const
noexcept

Reports whether the configuration is sufficient to enable TLS.

Returns true as soon as ca_file or cert_file is non-empty. An otherwise empty SslOptions yields false and the transport backend skips the TLS handshake entirely.

Returns
true when TLS should be activated.

◆ parse_from()

static SslOptions vlink::SslOptions::parse_from ( const Conf::PropertiesMap properties)
staticnoexcept

Reads ssl.* entries from properties (and the environment) into a new instance.

Resolution order, highest priority first:

  1. Explicit ssl.* entries in properties.
  2. Matching VLINK_SSL_* environment variables.

Fields absent from both sources keep their default values.

Parameters
propertiesProperty map to read.
Returns
Fully-resolved SslOptions aggregate.

◆ parse_to()

void vlink::SslOptions::parse_to ( Conf::PropertiesMap properties) const
noexcept

Writes non-default fields back into properties as ssl.* entries.

Only non-empty string fields and a false verify_peer are emitted. Used internally by Node::set_ssl_options() to merge the aggregate into the node property map.

Parameters
propertiesProperty map updated in place.

Member Data Documentation

◆ ca_file

std::string vlink::SslOptions::ca_file

Path to the CA certificate (PEM) used to validate the peer.

Setting this field (or its corresponding ssl.ca property) is one of the two conditions that makes is_valid() report true.

◆ cert_file

std::string vlink::SslOptions::cert_file

Path to the client certificate (PEM) used for mutual TLS.

Setting this field is the second condition that makes is_valid() report true. Pair with key_file for true mTLS.

◆ ciphers

std::string vlink::SslOptions::ciphers

Cipher suite string passed verbatim to the TLS implementation.

Format depends on the underlying TLS library (OpenSSL by default). Leave empty to inherit the backend's default cipher choice.

◆ key_file

std::string vlink::SslOptions::key_file

Path to the client private key (PEM) accompanying cert_file.

If the key is encrypted, provide its passphrase via key_password.

◆ key_password

std::string vlink::SslOptions::key_password

Passphrase for an encrypted private key.

Mirrored to the ssl.key_password property and the VLINK_SSL_KEY_PASS environment variable.

◆ server_name

std::string vlink::SslOptions::server_name

Server Name Indication (SNI) override.

When non-empty the handshake announces this name to the server instead of the host derived from the URL. Honoured by MQTT, DDS and Zenoh.

◆ verify_peer

bool vlink::SslOptions::verify_peer {true}

Whether the server certificate must be validated.

Defaults to true. Setting it to false maps to ssl.verify = "0" and disables peer verification, which is convenient for development with self-signed certificates but should never ship to production.


The documentation for this struct was generated from the following file: