aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
Public Member Functions | Static Public Member Functions | Friends | List of all members
Aws::Crt::Io::TlsContextOptions Class Reference

#include <TlsOptions.h>

Public Member Functions

 TlsContextOptions () noexcept
 
virtual ~TlsContextOptions ()
 
 TlsContextOptions (const TlsContextOptions &) noexcept=delete
 
TlsContextOptionsoperator= (const TlsContextOptions &) noexcept=delete
 
 TlsContextOptions (TlsContextOptions &&) noexcept
 
TlsContextOptionsoperator= (TlsContextOptions &&) noexcept
 
 operator bool () const noexcept
 
int LastError () const noexcept
 
bool SetAlpnList (const char *alpnList) noexcept
 
void SetVerifyPeer (bool verifyPeer) noexcept
 
void SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion)
 
bool OverrideDefaultTrustStore (const char *caPath, const char *caFile) noexcept
 
bool OverrideDefaultTrustStore (const ByteCursor &ca) noexcept
 

Static Public Member Functions

static TlsContextOptions InitDefaultClient (Allocator *allocator=g_allocator) noexcept
 
static TlsContextOptions InitClientWithMtls (const char *cert_path, const char *pkey_path, Allocator *allocator=g_allocator) noexcept
 
static TlsContextOptions InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=g_allocator) noexcept
 
static bool IsAlpnSupported () noexcept
 

Friends

class TlsContext
 

Constructor & Destructor Documentation

◆ TlsContextOptions() [1/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( )
noexcept

◆ ~TlsContextOptions()

Aws::Crt::Io::TlsContextOptions::~TlsContextOptions ( )
virtual

◆ TlsContextOptions() [2/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( const TlsContextOptions )
deletenoexcept

◆ TlsContextOptions() [3/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( TlsContextOptions &&  other)
noexcept

Member Function Documentation

◆ InitClientWithMtls() [1/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const ByteCursor cert,
const ByteCursor pkey,
Allocator allocator = g_allocator 
)
staticnoexcept

Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.

Parameters
certCertificate contents in memory.
pkeyPrivate key contents in memory.

◆ InitClientWithMtls() [2/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const char *  cert_path,
const char *  pkey_path,
Allocator allocator = g_allocator 
)
staticnoexcept

Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.

Parameters
cert_pathPath to certificate file.
pkey_pathPath to private key file.

◆ InitDefaultClient()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitDefaultClient ( Allocator allocator = g_allocator)
staticnoexcept

Initializes TlsContextOptions with secure by default options, with no client certificates.

◆ IsAlpnSupported()

bool Aws::Crt::Io::TlsContextOptions::IsAlpnSupported ( )
staticnoexcept
Returns
true if alpn is supported by the underlying security provider, false otherwise.

◆ LastError()

int Aws::Crt::Io::TlsContextOptions::LastError ( ) const
noexcept
Returns
the value of the last aws error encountered by operations on this instance.

◆ operator bool()

Aws::Crt::Io::TlsContextOptions::operator bool ( ) const
inlineexplicitnoexcept
Returns
true if the instance is in a valid state, false otherwise.

◆ operator=() [1/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( const TlsContextOptions )
deletenoexcept

◆ operator=() [2/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( TlsContextOptions &&  other)
noexcept

◆ OverrideDefaultTrustStore() [1/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const ByteCursor ca)
noexcept

Overrides the default system trust store.

Parameters
caPEM armored chain of trusted CA certificates.

◆ OverrideDefaultTrustStore() [2/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const char *  caPath,
const char *  caFile 
)
noexcept

Overrides the default system trust store.

Parameters
caPathPath to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object.
caFilePath to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object.

◆ SetAlpnList()

bool Aws::Crt::Io::TlsContextOptions::SetAlpnList ( const char *  alpnList)
noexcept

Sets the list of alpn protocols.

Parameters
alpnListList of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object.

◆ SetMinimumTlsVersion()

void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion ( aws_tls_versions  minimumTlsVersion)

Sets the minimum TLS version allowed.

Parameters
minimumTlsVersionThe minimum TLS version.

◆ SetVerifyPeer()

void Aws::Crt::Io::TlsContextOptions::SetVerifyPeer ( bool  verifyPeer)
noexcept

In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.

In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.

Friends And Related Function Documentation

◆ TlsContext

friend class TlsContext
friend

The documentation for this class was generated from the following files: