wraps SSL_CTX.
More...
#include <tls_context.h>
|
| std::unique_ptr< SSL_CTX, decltype(&SSL_CTX_free)> | ssl_ctx_ |
| |
wraps SSL_CTX.
TODO:
- SSL_CTX_set_session_cache_mode()
- SSL_CTX_set_alpn_select_cb()
- SSL_CTX_set_tlsext_ticket_key_cb()
- SSL_CTX_set_tlsext_servername_callback() for SNI
- SSL_CTX_set_cert_verify_callback() vs. SSL_CTX_set_verify()
◆ InfoCallback
◆ TlsContext()
| TlsContext::TlsContext |
( |
const SSL_METHOD * |
method | ) |
|
|
explicit |
construct a TlsContext based on the SSL_METHODs provided by openssl.
◆ cipher_list()
| std::vector< std::string > TlsContext::cipher_list |
( |
| ) |
const |
◆ crl()
| stdx::expected< void, std::error_code > TlsContext::crl |
( |
const std::string & |
crl_file, |
|
|
const std::string & |
crl_path |
|
) |
| |
set CRL file and CRL directory.
Search-order:
- crl_file (if not empty)
- all PEMs in crl_dir (if not empty)
- See also
- X509_STORE_load_locations
- Parameters
-
| crl_file | path to a PEM file containing CRL file, ignored if empty() |
| crl_path | path to a directory of PEM files containing CRL files, ignored if empty() |
- Returns
- success
- Return values
-
| false | if both ca_file and ca_path are empty |
◆ curves_list()
| stdx::expected< void, std::error_code > TlsContext::curves_list |
( |
const std::string & |
curves | ) |
|
init elliptic curves for DH ciphers for Perfect Forward Security.
- Note
- uses P-512, P-384 or P-256
- See also
- RFC 5480
-
has_curves()
- Parameters
-
| curves | colon-separated names of curves |
- Exceptions
-
| TlsError | |
| std::invalid_argument | if API isn't supported |
- See also
- has_set_curves_list()
◆ get()
| SSL_CTX * TlsContext::get |
( |
| ) |
const |
|
inline |
get non-owning pointer to SSL_CTX.
◆ has_set_cipher_suites()
| static constexpr bool TlsContext::has_set_cipher_suites |
( |
| ) |
|
|
inlinestaticconstexpr |
if TLS context allows setting cipher-suites (TLSv1.3 and later).
- Returns
- if cipher_suites() is supported.
- Return values
-
| false | cipher_suites() is not supported |
◆ has_set_curves_list()
| static constexpr bool TlsContext::has_set_curves_list |
( |
| ) |
|
|
inlinestaticconstexpr |
if TLS context allows to change elliptic curves list.
- Returns
- if curves_list() is supported.
- Return values
-
| false | curves_list() is not supported |
◆ info_callback() [1/2]
◆ info_callback() [2/2]
◆ load_key_and_cert()
| stdx::expected< void, std::error_code > TlsContext::load_key_and_cert |
( |
const std::string & |
private_key_file, |
|
|
const std::string & |
cert_chain_file |
|
) |
| |
load key and cert.
cerifiticate is verified against the key
- Parameters
-
| private_key_file | filename of a PEM file containing a key |
| cert_chain_file | filename of a PEM file containing a certificate |
◆ min_version()
◆ security_level()
| int TlsContext::security_level |
( |
| ) |
const |
◆ session_cache_hits()
| long TlsContext::session_cache_hits |
( |
| ) |
const |
get session reuse cache hits number
◆ ssl_ca()
| stdx::expected< void, std::error_code > TlsContext::ssl_ca |
( |
const std::string & |
ca_file, |
|
|
const std::string & |
ca_path |
|
) |
| |
set CA file and CA directory.
Search-order:
- ca_file (if not empty)
- all PEMs in ca_dir (if not empty)
- See also
- SSL_CTX_load_verify_locations
- Parameters
-
| ca_file | path to a PEM file containing a certificate of a CA, ignored if empty() |
| ca_path | path to a directory of PEM files containing certifications, ignored if empty() of CAs |
- Returns
- success
- Return values
-
| false | if both ca_file and ca_path are empty |
◆ version_range()
set the supported TLS version range.
◆ ssl_ctx_
| std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)> TlsContext::ssl_ctx_ |
|
protected |
The documentation for this class was generated from the following files:
1.9.2