VLink  2.0.0
A high-performance communication middleware
vlink::SslOptions结构体 参考final

Aggregate of SSL / TLS settings for transport-layer encryption. 更多...

#include <ssl_options.h>

vlink::SslOptions 的协作图:

Public 成员函数

 SslOptions () noexcept=default
 Default-constructs an empty options aggregate. 更多...
 
 ~SslOptions () noexcept=default
 Default destructor. 更多...
 
bool is_valid () const noexcept
 Reports whether the configuration is sufficient to enable TLS. 更多...
 
void parse_to (Conf::PropertiesMap &properties) const noexcept
 Writes non-default fields back into properties as ssl.* entries. 更多...
 

静态 Public 成员函数

static SslOptions parse_from (const Conf::PropertiesMap &properties) noexcept
 Reads ssl.* entries from properties (and the environment) into a new instance. 更多...
 

Public 属性

bool verify_peer {true}
 Whether the server certificate must be validated. 更多...
 
std::string ca_file
 Path to the CA certificate (PEM) used to validate the peer. 更多...
 
std::string cert_file
 Path to the client certificate (PEM) used for mutual TLS. 更多...
 
std::string key_file
 Path to the client private key (PEM) accompanying cert_file. 更多...
 
std::string key_password
 Passphrase for an encrypted private key. 更多...
 
std::string server_name
 Server Name Indication (SNI) override. 更多...
 
std::string ciphers
 Cipher suite string passed verbatim to the TLS implementation. 更多...
 

详细描述

Aggregate of SSL / TLS settings for transport-layer encryption.

The struct can be either populated by hand and passed to Node::set_ssl_options(), or constructed from a Conf::PropertiesMap via parse_from() / written back via parse_to(). An instance is considered to enable TLS when ca_file or cert_file is non-empty.

构造及析构函数说明

◆ SslOptions()

vlink::SslOptions::SslOptions ( )
defaultnoexcept

Default-constructs an empty options aggregate.

◆ ~SslOptions()

vlink::SslOptions::~SslOptions ( )
defaultnoexcept

Default destructor.

成员函数说明

◆ is_valid()

bool vlink::SslOptions::is_valid ( ) const
noexcept

Reports whether the configuration is sufficient to enable TLS.

Returns true as soon as ca_file or cert_file is non-empty. An otherwise empty SslOptions yields false and the transport backend skips the TLS handshake entirely.

返回
true when TLS should be activated.

◆ parse_from()

static SslOptions vlink::SslOptions::parse_from ( const Conf::PropertiesMap properties)
staticnoexcept

Reads ssl.* entries from properties (and the environment) into a new instance.

Resolution order, highest priority first:

  1. Explicit ssl.* entries in properties.
  2. Matching VLINK_SSL_* environment variables.

Fields absent from both sources keep their default values.

参数
propertiesProperty map to read.
返回
Fully-resolved SslOptions aggregate.

◆ parse_to()

void vlink::SslOptions::parse_to ( Conf::PropertiesMap properties) const
noexcept

Writes non-default fields back into properties as ssl.* entries.

Only non-empty string fields and a false verify_peer are emitted. Used internally by Node::set_ssl_options() to merge the aggregate into the node property map.

参数
propertiesProperty map updated in place.

类成员变量说明

◆ ca_file

std::string vlink::SslOptions::ca_file

Path to the CA certificate (PEM) used to validate the peer.

Setting this field (or its corresponding ssl.ca property) is one of the two conditions that makes is_valid() report true.

◆ cert_file

std::string vlink::SslOptions::cert_file

Path to the client certificate (PEM) used for mutual TLS.

Setting this field is the second condition that makes is_valid() report true. Pair with key_file for true mTLS.

◆ ciphers

std::string vlink::SslOptions::ciphers

Cipher suite string passed verbatim to the TLS implementation.

Format depends on the underlying TLS library (OpenSSL by default). Leave empty to inherit the backend's default cipher choice.

◆ key_file

std::string vlink::SslOptions::key_file

Path to the client private key (PEM) accompanying cert_file.

If the key is encrypted, provide its passphrase via key_password.

◆ key_password

std::string vlink::SslOptions::key_password

Passphrase for an encrypted private key.

Mirrored to the ssl.key_password property and the VLINK_SSL_KEY_PASS environment variable.

◆ server_name

std::string vlink::SslOptions::server_name

Server Name Indication (SNI) override.

When non-empty the handshake announces this name to the server instead of the host derived from the URL. Honoured by MQTT, DDS and Zenoh.

◆ verify_peer

bool vlink::SslOptions::verify_peer {true}

Whether the server certificate must be validated.

Defaults to true. Setting it to false maps to ssl.verify = "0" and disables peer verification, which is convenient for development with self-signed certificates but should never ship to production.


该结构体的文档由以下文件生成: