|
VLink
2.0.0
A high-performance communication middleware
|
Aggregate of SSL / TLS settings for transport-layer encryption. 更多...
#include <ssl_options.h>
Public 成员函数 | |
| SslOptions () noexcept=default | |
| Default-constructs an empty options aggregate. 更多... | |
| ~SslOptions () noexcept=default | |
| Default destructor. 更多... | |
| bool | is_valid () const noexcept |
| Reports whether the configuration is sufficient to enable TLS. 更多... | |
| void | parse_to (Conf::PropertiesMap &properties) const noexcept |
Writes non-default fields back into properties as ssl.* entries. 更多... | |
静态 Public 成员函数 | |
| static SslOptions | parse_from (const Conf::PropertiesMap &properties) noexcept |
Reads ssl.* entries from properties (and the environment) into a new instance. 更多... | |
Public 属性 | |
| bool | verify_peer {true} |
| Whether the server certificate must be validated. 更多... | |
| std::string | ca_file |
| Path to the CA certificate (PEM) used to validate the peer. 更多... | |
| std::string | cert_file |
| Path to the client certificate (PEM) used for mutual TLS. 更多... | |
| std::string | key_file |
Path to the client private key (PEM) accompanying cert_file. 更多... | |
| std::string | key_password |
| Passphrase for an encrypted private key. 更多... | |
| std::string | server_name |
| Server Name Indication (SNI) override. 更多... | |
| std::string | ciphers |
| Cipher suite string passed verbatim to the TLS implementation. 更多... | |
Aggregate of SSL / TLS settings for transport-layer encryption.
The struct can be either populated by hand and passed to Node::set_ssl_options(), or constructed from a Conf::PropertiesMap via parse_from() / written back via parse_to(). An instance is considered to enable TLS when ca_file or cert_file is non-empty.
|
defaultnoexcept |
Default-constructs an empty options aggregate.
|
defaultnoexcept |
Default destructor.
|
noexcept |
Reports whether the configuration is sufficient to enable TLS.
Returns true as soon as ca_file or cert_file is non-empty. An otherwise empty SslOptions yields false and the transport backend skips the TLS handshake entirely.
true when TLS should be activated.
|
staticnoexcept |
Reads ssl.* entries from properties (and the environment) into a new instance.
Resolution order, highest priority first:
ssl.* entries in properties.VLINK_SSL_* environment variables.Fields absent from both sources keep their default values.
| properties | Property map to read. |
SslOptions aggregate.
|
noexcept |
Writes non-default fields back into properties as ssl.* entries.
Only non-empty string fields and a false verify_peer are emitted. Used internally by Node::set_ssl_options() to merge the aggregate into the node property map.
| properties | Property map updated in place. |
| std::string vlink::SslOptions::ca_file |
Path to the CA certificate (PEM) used to validate the peer.
Setting this field (or its corresponding ssl.ca property) is one of the two conditions that makes is_valid() report true.
| std::string vlink::SslOptions::cert_file |
Path to the client certificate (PEM) used for mutual TLS.
Setting this field is the second condition that makes is_valid() report true. Pair with key_file for true mTLS.
| std::string vlink::SslOptions::ciphers |
Cipher suite string passed verbatim to the TLS implementation.
Format depends on the underlying TLS library (OpenSSL by default). Leave empty to inherit the backend's default cipher choice.
| std::string vlink::SslOptions::key_file |
Path to the client private key (PEM) accompanying cert_file.
If the key is encrypted, provide its passphrase via key_password.
| std::string vlink::SslOptions::key_password |
Passphrase for an encrypted private key.
Mirrored to the ssl.key_password property and the VLINK_SSL_KEY_PASS environment variable.
| std::string vlink::SslOptions::server_name |
Server Name Indication (SNI) override.
When non-empty the handshake announces this name to the server instead of the host derived from the URL. Honoured by MQTT, DDS and Zenoh.
| bool vlink::SslOptions::verify_peer {true} |
Whether the server certificate must be validated.
Defaults to true. Setting it to false maps to ssl.verify = "0" and disables peer verification, which is convenient for development with self-signed certificates but should never ship to production.