AWS IoT Device SDK C++ v2 1.44.1
AWS IoT Device SDK C++ v2
Loading...
Searching...
No Matches
Aws::Crt::Io::TlsContextOptions Class Reference

#include <TlsOptions.h>

Public Member Functions

 TlsContextOptions () noexcept
virtual ~TlsContextOptions ()
 TlsContextOptions (const TlsContextOptions &) noexcept=delete
TlsContextOptionsoperator= (const TlsContextOptions &) noexcept=delete
 TlsContextOptions (TlsContextOptions &&) noexcept
TlsContextOptionsoperator= (TlsContextOptions &&) noexcept
 operator bool () const noexcept
int LastError () const noexcept
bool SetKeychainPath (ByteCursor &keychain_path) noexcept
bool SetAlpnList (const char *alpnList) noexcept
void SetVerifyPeer (bool verifyPeer) noexcept
void SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion)
void SetTlsCipherPreference (aws_tls_cipher_pref cipher_pref)
bool OverrideDefaultTrustStore (const char *caPath, const char *caFile) noexcept
bool OverrideDefaultTrustStore (const ByteCursor &ca) noexcept

Static Public Member Functions

static TlsContextOptions InitDefaultClient (Allocator *allocator=ApiAllocator()) noexcept
static TlsContextOptions InitClientWithMtls (const char *cert_path, const char *pkey_path, Allocator *allocator=ApiAllocator()) noexcept
static TlsContextOptions InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=ApiAllocator()) noexcept
static TlsContextOptions InitClientWithMtlsPkcs11 (const TlsContextPkcs11Options &pkcs11Options, Allocator *allocator=ApiAllocator()) noexcept
static TlsContextOptions InitClientWithMtlsPkcs12 (const char *pkcs12_path, const char *pkcs12_pwd, Allocator *allocator=ApiAllocator()) noexcept
static TlsContextOptions InitClientWithMtlsSystemPath (const char *windowsCertStorePath, Allocator *allocator=ApiAllocator()) noexcept
static bool IsAlpnSupported () noexcept

Friends

class TlsContext

Detailed Description

Top-level tls configuration options. These options are used to create a context from which per-connection TLS contexts can be created.

Constructor & Destructor Documentation

◆ TlsContextOptions() [1/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( )
noexcept

◆ ~TlsContextOptions()

Aws::Crt::Io::TlsContextOptions::~TlsContextOptions ( )
virtual

◆ TlsContextOptions() [2/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( const TlsContextOptions & )
deletenoexcept

◆ TlsContextOptions() [3/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( TlsContextOptions && other)
noexcept

Member Function Documentation

◆ InitClientWithMtls() [1/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const ByteCursor & cert,
const ByteCursor & pkey,
Allocator * allocator = ApiAllocator() )
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.

NOTE: This is unsupported on iOS.

Parameters
certCertificate contents in memory.
pkeyPrivate key contents in memory.
allocatorMemory allocator to use.

◆ InitClientWithMtls() [2/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const char * cert_path,
const char * pkey_path,
Allocator * allocator = ApiAllocator() )
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.

NOTE: This is unsupported on iOS.

Parameters
cert_pathPath to certificate file.
pkey_pathPath to private key file.
allocatorMemory allocator to use.

◆ InitClientWithMtlsPkcs11()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsPkcs11 ( const TlsContextPkcs11Options & pkcs11Options,
Allocator * allocator = ApiAllocator() )
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), using a PKCS#11 library for private key operations.

NOTE: This only works on Unix devices.

Parameters
pkcs11OptionsPKCS#11 options
allocatorMemory allocator to use.

◆ InitClientWithMtlsPkcs12()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsPkcs12 ( const char * pkcs12_path,
const char * pkcs12_pwd,
Allocator * allocator = ApiAllocator() )
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key in the PKCS#12 format.

NOTE: This only works on Apple devices.

Parameters
pkcs12_pathPath to PKCS #12 file. The file is loaded from disk and stored internally. It must remain in memory for the lifetime of the returned object.
pkcs12_pwdPassword to PKCS #12 file. It must remain in memory for the lifetime of the returned object.
allocatorMemory allocator to use.

◆ InitClientWithMtlsSystemPath()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsSystemPath ( const char * windowsCertStorePath,
Allocator * allocator = ApiAllocator() )
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), using a client certificate in a Windows certificate store.

NOTE: This only works on Windows.

Parameters
windowsCertStorePathPath to certificate in a Windows certificate store. The path must use backslashes and end with the certificate's thumbprint. Example: CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6
allocatorThe memory allocator to use.

◆ InitDefaultClient()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitDefaultClient ( Allocator * allocator = ApiAllocator())
staticnoexcept

Initializes TlsContextOptions with secure by default options, with no client certificates.

◆ IsAlpnSupported()

bool Aws::Crt::Io::TlsContextOptions::IsAlpnSupported ( )
staticnoexcept
Returns
true if alpn is supported by the underlying security provider, false otherwise.

◆ LastError()

int Aws::Crt::Io::TlsContextOptions::LastError ( ) const
noexcept
Returns
the value of the last aws error encountered by operations on this instance.

◆ operator bool()

Aws::Crt::Io::TlsContextOptions::operator bool ( ) const
inlineexplicitnoexcept
Returns
true if the instance is in a valid state, false otherwise.

◆ operator=() [1/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( const TlsContextOptions & )
deletenoexcept

◆ operator=() [2/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( TlsContextOptions && other)
noexcept

◆ OverrideDefaultTrustStore() [1/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const ByteCursor & ca)
noexcept

Overrides the default system trust store.

Parameters
caPEM armored chain of trusted CA certificates.

◆ OverrideDefaultTrustStore() [2/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const char * caPath,
const char * caFile )
noexcept

Overrides the default system trust store.

Parameters
caPathPath to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object.
caFilePath to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object.

◆ SetAlpnList()

bool Aws::Crt::Io::TlsContextOptions::SetAlpnList ( const char * alpnList)
noexcept

Sets the list of alpn protocols.

Parameters
alpnListList of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object.

◆ SetKeychainPath()

bool Aws::Crt::Io::TlsContextOptions::SetKeychainPath ( ByteCursor & keychain_path)
noexcept
Deprecated
Custom keychain management is deprecated.

By default the certificates and private keys are stored in the default keychain of the account of the process. If you instead wish to provide your own keychain for storing them, this makes the TlsContext to use that instead. NOTE: The password of your keychain must be empty.

NOTE: This only works on MacOS.

◆ SetMinimumTlsVersion()

void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion ( aws_tls_versions minimumTlsVersion)

Sets the minimum TLS version allowed.

Parameters
minimumTlsVersionThe minimum TLS version.

◆ SetTlsCipherPreference()

void Aws::Crt::Io::TlsContextOptions::SetTlsCipherPreference ( aws_tls_cipher_pref cipher_pref)

Sets the preferred TLS Cipher List

Parameters
cipher_prefThe preferred TLS cipher list.

◆ SetVerifyPeer()

void Aws::Crt::Io::TlsContextOptions::SetVerifyPeer ( bool verifyPeer)
noexcept

In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.

In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.

◆ TlsContext

friend class TlsContext
friend

The documentation for this class was generated from the following files: