AWS IoT Device SDK C++ v2
1.34.0
AWS IoT Device SDK C++ v2
|
#include <TlsOptions.h>
Public Member Functions | |
TlsContextOptions () noexcept | |
virtual | ~TlsContextOptions () |
TlsContextOptions (const TlsContextOptions &) noexcept=delete | |
TlsContextOptions & | operator= (const TlsContextOptions &) noexcept=delete |
TlsContextOptions (TlsContextOptions &&) noexcept | |
TlsContextOptions & | operator= (TlsContextOptions &&) noexcept |
operator bool () const noexcept | |
int | LastError () const noexcept |
bool | SetKeychainPath (ByteCursor &keychain_path) noexcept |
bool | SetAlpnList (const char *alpnList) noexcept |
void | SetVerifyPeer (bool verifyPeer) noexcept |
void | SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion) |
void | SetTlsCipherPreference (aws_tls_cipher_pref cipher_pref) |
bool | OverrideDefaultTrustStore (const char *caPath, const char *caFile) noexcept |
bool | OverrideDefaultTrustStore (const ByteCursor &ca) noexcept |
Static Public Member Functions | |
static TlsContextOptions | InitDefaultClient (Allocator *allocator=ApiAllocator()) noexcept |
static TlsContextOptions | InitClientWithMtls (const char *cert_path, const char *pkey_path, Allocator *allocator=ApiAllocator()) noexcept |
static TlsContextOptions | InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=ApiAllocator()) noexcept |
static TlsContextOptions | InitClientWithMtlsPkcs11 (const TlsContextPkcs11Options &pkcs11Options, Allocator *allocator=ApiAllocator()) noexcept |
static TlsContextOptions | InitClientWithMtlsPkcs12 (const char *pkcs12_path, const char *pkcs12_pwd, Allocator *allocator=ApiAllocator()) noexcept |
static TlsContextOptions | InitClientWithMtlsSystemPath (const char *windowsCertStorePath, Allocator *allocator=ApiAllocator()) noexcept |
static bool | IsAlpnSupported () noexcept |
Friends | |
class | TlsContext |
Top-level tls configuration options. These options are used to create a context from which per-connection TLS contexts can be created.
|
noexcept |
|
virtual |
|
deletenoexcept |
|
noexcept |
|
staticnoexcept |
Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.
NOTE: This is unsupported on iOS.
cert | Certificate contents in memory. |
pkey | Private key contents in memory. |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.
NOTE: This is unsupported on iOS.
cert_path | Path to certificate file. |
pkey_path | Path to private key file. |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions for mutual TLS (mTLS), using a PKCS#11 library for private key operations.
NOTE: This only works on Unix devices.
pkcs11Options | PKCS#11 options |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions for mutual TLS (mTLS), with client certificate and private key in the PKCS#12 format.
NOTE: This only works on Apple devices.
pkcs12_path | Path to PKCS #12 file. The file is loaded from disk and stored internally. It must remain in memory for the lifetime of the returned object. |
pkcs12_pwd | Password to PKCS #12 file. It must remain in memory for the lifetime of the returned object. |
allocator | Memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions for mutual TLS (mTLS), using a client certificate in a Windows certificate store.
NOTE: This only works on Windows.
windowsCertStorePath | Path to certificate in a Windows certificate store. The path must use backslashes and end with the certificate's thumbprint. Example: CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6 |
allocator | The memory allocator to use. |
|
staticnoexcept |
Initializes TlsContextOptions with secure by default options, with no client certificates.
|
staticnoexcept |
|
noexcept |
|
inlineexplicitnoexcept |
|
deletenoexcept |
|
noexcept |
|
noexcept |
Overrides the default system trust store.
ca | PEM armored chain of trusted CA certificates. |
|
noexcept |
Overrides the default system trust store.
caPath | Path to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object. |
caFile | Path to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object. |
|
noexcept |
Sets the list of alpn protocols.
alpnList | List of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object. |
|
noexcept |
By default the certificates and private keys are stored in the default keychain of the account of the process. If you instead wish to provide your own keychain for storing them, this makes the TlsContext to use that instead. NOTE: The password of your keychain must be empty.
NOTE: This only works on MacOS.
void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion | ( | aws_tls_versions | minimumTlsVersion | ) |
Sets the minimum TLS version allowed.
minimumTlsVersion | The minimum TLS version. |
void Aws::Crt::Io::TlsContextOptions::SetTlsCipherPreference | ( | aws_tls_cipher_pref | cipher_pref | ) |
Sets the preferred TLS Cipher List
cipher_pref | The preferred TLS cipher list. |
|
noexcept |
In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.
In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.
|
friend |