AWS IoT Device SDK C++ v2  1.34.0
AWS IoT Device SDK C++ v2
Public Member Functions | Static Public Member Functions | Friends | List of all members
Aws::Crt::Io::TlsContextOptions Class Reference

#include <TlsOptions.h>

Public Member Functions

 TlsContextOptions () noexcept
 
virtual ~TlsContextOptions ()
 
 TlsContextOptions (const TlsContextOptions &) noexcept=delete
 
TlsContextOptionsoperator= (const TlsContextOptions &) noexcept=delete
 
 TlsContextOptions (TlsContextOptions &&) noexcept
 
TlsContextOptionsoperator= (TlsContextOptions &&) noexcept
 
 operator bool () const noexcept
 
int LastError () const noexcept
 
bool SetKeychainPath (ByteCursor &keychain_path) noexcept
 
bool SetAlpnList (const char *alpnList) noexcept
 
void SetVerifyPeer (bool verifyPeer) noexcept
 
void SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion)
 
void SetTlsCipherPreference (aws_tls_cipher_pref cipher_pref)
 
bool OverrideDefaultTrustStore (const char *caPath, const char *caFile) noexcept
 
bool OverrideDefaultTrustStore (const ByteCursor &ca) noexcept
 

Static Public Member Functions

static TlsContextOptions InitDefaultClient (Allocator *allocator=ApiAllocator()) noexcept
 
static TlsContextOptions InitClientWithMtls (const char *cert_path, const char *pkey_path, Allocator *allocator=ApiAllocator()) noexcept
 
static TlsContextOptions InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=ApiAllocator()) noexcept
 
static TlsContextOptions InitClientWithMtlsPkcs11 (const TlsContextPkcs11Options &pkcs11Options, Allocator *allocator=ApiAllocator()) noexcept
 
static TlsContextOptions InitClientWithMtlsPkcs12 (const char *pkcs12_path, const char *pkcs12_pwd, Allocator *allocator=ApiAllocator()) noexcept
 
static TlsContextOptions InitClientWithMtlsSystemPath (const char *windowsCertStorePath, Allocator *allocator=ApiAllocator()) noexcept
 
static bool IsAlpnSupported () noexcept
 

Friends

class TlsContext
 

Detailed Description

Top-level tls configuration options. These options are used to create a context from which per-connection TLS contexts can be created.

Constructor & Destructor Documentation

◆ TlsContextOptions() [1/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( )
noexcept

◆ ~TlsContextOptions()

Aws::Crt::Io::TlsContextOptions::~TlsContextOptions ( )
virtual

◆ TlsContextOptions() [2/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( const TlsContextOptions )
deletenoexcept

◆ TlsContextOptions() [3/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( TlsContextOptions &&  other)
noexcept

Member Function Documentation

◆ InitClientWithMtls() [1/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const ByteCursor cert,
const ByteCursor pkey,
Allocator allocator = ApiAllocator() 
)
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.

NOTE: This is unsupported on iOS.

Parameters
certCertificate contents in memory.
pkeyPrivate key contents in memory.
allocatorMemory allocator to use.

◆ InitClientWithMtls() [2/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls ( const char *  cert_path,
const char *  pkey_path,
Allocator allocator = ApiAllocator() 
)
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.

NOTE: This is unsupported on iOS.

Parameters
cert_pathPath to certificate file.
pkey_pathPath to private key file.
allocatorMemory allocator to use.

◆ InitClientWithMtlsPkcs11()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsPkcs11 ( const TlsContextPkcs11Options pkcs11Options,
Allocator allocator = ApiAllocator() 
)
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), using a PKCS#11 library for private key operations.

NOTE: This only works on Unix devices.

Parameters
pkcs11OptionsPKCS#11 options
allocatorMemory allocator to use.

◆ InitClientWithMtlsPkcs12()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsPkcs12 ( const char *  pkcs12_path,
const char *  pkcs12_pwd,
Allocator allocator = ApiAllocator() 
)
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key in the PKCS#12 format.

NOTE: This only works on Apple devices.

Parameters
pkcs12_pathPath to PKCS #12 file. The file is loaded from disk and stored internally. It must remain in memory for the lifetime of the returned object.
pkcs12_pwdPassword to PKCS #12 file. It must remain in memory for the lifetime of the returned object.
allocatorMemory allocator to use.

◆ InitClientWithMtlsSystemPath()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsSystemPath ( const char *  windowsCertStorePath,
Allocator allocator = ApiAllocator() 
)
staticnoexcept

Initializes TlsContextOptions for mutual TLS (mTLS), using a client certificate in a Windows certificate store.

NOTE: This only works on Windows.

Parameters
windowsCertStorePathPath to certificate in a Windows certificate store. The path must use backslashes and end with the certificate's thumbprint. Example: CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6
allocatorThe memory allocator to use.

◆ InitDefaultClient()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitDefaultClient ( Allocator allocator = ApiAllocator())
staticnoexcept

Initializes TlsContextOptions with secure by default options, with no client certificates.

◆ IsAlpnSupported()

bool Aws::Crt::Io::TlsContextOptions::IsAlpnSupported ( )
staticnoexcept
Returns
true if alpn is supported by the underlying security provider, false otherwise.

◆ LastError()

int Aws::Crt::Io::TlsContextOptions::LastError ( ) const
noexcept
Returns
the value of the last aws error encountered by operations on this instance.

◆ operator bool()

Aws::Crt::Io::TlsContextOptions::operator bool ( ) const
inlineexplicitnoexcept
Returns
true if the instance is in a valid state, false otherwise.

◆ operator=() [1/2]

TlsContextOptions& Aws::Crt::Io::TlsContextOptions::operator= ( const TlsContextOptions )
deletenoexcept

◆ operator=() [2/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( TlsContextOptions &&  other)
noexcept

◆ OverrideDefaultTrustStore() [1/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const ByteCursor ca)
noexcept

Overrides the default system trust store.

Parameters
caPEM armored chain of trusted CA certificates.

◆ OverrideDefaultTrustStore() [2/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const char *  caPath,
const char *  caFile 
)
noexcept

Overrides the default system trust store.

Parameters
caPathPath to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object.
caFilePath to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object.

◆ SetAlpnList()

bool Aws::Crt::Io::TlsContextOptions::SetAlpnList ( const char *  alpnList)
noexcept

Sets the list of alpn protocols.

Parameters
alpnListList of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object.

◆ SetKeychainPath()

bool Aws::Crt::Io::TlsContextOptions::SetKeychainPath ( ByteCursor keychain_path)
noexcept
Deprecated:
Custom keychain management is deprecated.

By default the certificates and private keys are stored in the default keychain of the account of the process. If you instead wish to provide your own keychain for storing them, this makes the TlsContext to use that instead. NOTE: The password of your keychain must be empty.

NOTE: This only works on MacOS.

◆ SetMinimumTlsVersion()

void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion ( aws_tls_versions  minimumTlsVersion)

Sets the minimum TLS version allowed.

Parameters
minimumTlsVersionThe minimum TLS version.

◆ SetTlsCipherPreference()

void Aws::Crt::Io::TlsContextOptions::SetTlsCipherPreference ( aws_tls_cipher_pref  cipher_pref)

Sets the preferred TLS Cipher List

Parameters
cipher_prefThe preferred TLS cipher list.

◆ SetVerifyPeer()

void Aws::Crt::Io::TlsContextOptions::SetVerifyPeer ( bool  verifyPeer)
noexcept

In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.

In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.

Friends And Related Function Documentation

◆ TlsContext

friend class TlsContext
friend

The documentation for this class was generated from the following files: