#include <TlsOptions.h>

Public Member Functions
	TlsContextOptions () noexcept

virtual	~TlsContextOptions ()

	TlsContextOptions (const TlsContextOptions &) noexcept=delete

TlsContextOptions &	operator= (const TlsContextOptions &) noexcept=delete

	TlsContextOptions (TlsContextOptions &&) noexcept

TlsContextOptions &	operator= (TlsContextOptions &&) noexcept

	operator bool () const noexcept

int	LastError () const noexcept

bool	SetAlpnList (const char *alpnList) noexcept

void	SetVerifyPeer (bool verifyPeer) noexcept

void	SetMinimumTlsVersion (aws_tls_versions minimumTlsVersion)

bool	OverrideDefaultTrustStore (const char caPath, const char caFile) noexcept

bool	OverrideDefaultTrustStore (const ByteCursor &ca) noexcept

Static Public Member Functions
static TlsContextOptions	InitDefaultClient (Allocator *allocator=g_allocator) noexcept

static TlsContextOptions	InitClientWithMtls (const char cert_path, const char pkey_path, Allocator *allocator=g_allocator) noexcept

static TlsContextOptions	InitClientWithMtls (const ByteCursor &cert, const ByteCursor &pkey, Allocator *allocator=g_allocator) noexcept

static TlsContextOptions	InitClientWithMtlsPkcs11 (const TlsContextPkcs11Options &pkcs11Options, Allocator *allocator=g_allocator) noexcept

static bool	IsAlpnSupported () noexcept

Friends
class	TlsContext

Detailed Description

Top-level tls configuration options. These options are used to create a context from which per-connection TLS contexts can be created.

Constructor & Destructor Documentation

◆ TlsContextOptions() [1/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( )

noexcept

◆ ~TlsContextOptions()

Aws::Crt::Io::TlsContextOptions::~TlsContextOptions ( )

virtual

◆ TlsContextOptions() [2/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( const TlsContextOptions & )

deletenoexcept

◆ TlsContextOptions() [3/3]

Aws::Crt::Io::TlsContextOptions::TlsContextOptions ( TlsContextOptions && other )

noexcept

Member Function Documentation

◆ InitClientWithMtls() [1/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls	(	const ByteCursor &	cert,
		const ByteCursor &	pkey,
		Allocator *	allocator = `g_allocator`
	)

staticnoexcept

Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are in memory buffers. These buffers must be in the PEM format.

Parameters

cert	Certificate contents in memory.
pkey	Private key contents in memory.
allocator	Memory allocator to use.

◆ InitClientWithMtls() [2/2]

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtls	(	const char *	cert_path,
		const char *	pkey_path,
		Allocator *	allocator = `g_allocator`
	)

staticnoexcept

Initializes TlsContextOptions with secure by default options, with client certificate and private key. These are paths to a file on disk. These files must be in the PEM format.

Parameters

cert_path	Path to certificate file.
pkey_path	Path to private key file.
allocator	Memory allocator to use.

◆ InitClientWithMtlsPkcs11()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitClientWithMtlsPkcs11	(	const TlsContextPkcs11Options &	pkcs11Options,
		Allocator *	allocator = `g_allocator`
	)

staticnoexcept

Initializes TlsContextOptions with secure by default options, using a PKCS#11 library for private key operations.

NOTE: This configuration only works on Unix devices.

Parameters

pkcs11Options	PKCS#11 options
allocator	Memory allocator to use.

◆ InitDefaultClient()

TlsContextOptions Aws::Crt::Io::TlsContextOptions::InitDefaultClient ( Allocator * allocator = g_allocator )

staticnoexcept

Initializes TlsContextOptions with secure by default options, with no client certificates.

◆ IsAlpnSupported()

bool Aws::Crt::Io::TlsContextOptions::IsAlpnSupported ( )

staticnoexcept

Returns: true if alpn is supported by the underlying security provider, false otherwise.

◆ LastError()

int Aws::Crt::Io::TlsContextOptions::LastError ( ) const

noexcept

Returns: the value of the last aws error encountered by operations on this instance.

◆ operator bool()

Aws::Crt::Io::TlsContextOptions::operator bool ( ) const

inlineexplicitnoexcept

Returns: true if the instance is in a valid state, false otherwise.

◆ operator=() [1/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( const TlsContextOptions & )

deletenoexcept

◆ operator=() [2/2]

TlsContextOptions & Aws::Crt::Io::TlsContextOptions::operator= ( TlsContextOptions && other )

noexcept

◆ OverrideDefaultTrustStore() [1/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore ( const ByteCursor & ca )

noexcept

Overrides the default system trust store.

Parameters

ca	PEM armored chain of trusted CA certificates.

◆ OverrideDefaultTrustStore() [2/2]

bool Aws::Crt::Io::TlsContextOptions::OverrideDefaultTrustStore	(	const char *	caPath,
		const char *	caFile
	)

noexcept

Overrides the default system trust store.

Parameters

caPath	Path to directory containing trusted certificates, which will overrides the default trust store. Only useful on Unix style systems where all anchors are stored in a directory (like /etc/ssl/certs). This string must remain in memory for the lifetime of this object.
caFile	Path to file containing PEM armored chain of trusted CA certificates. This string must remain in memory for the lifetime of this object.

◆ SetAlpnList()

bool Aws::Crt::Io::TlsContextOptions::SetAlpnList ( const char * alpnList )

noexcept

Sets the list of alpn protocols.

Parameters

alpnList List of protocol names, delimited by ';'. This string must remain in memory for the lifetime of this object.

◆ SetMinimumTlsVersion()

void Aws::Crt::Io::TlsContextOptions::SetMinimumTlsVersion ( aws_tls_versions minimumTlsVersion )

Sets the minimum TLS version allowed.

Parameters

minimumTlsVersion The minimum TLS version.

◆ SetVerifyPeer()

void Aws::Crt::Io::TlsContextOptions::SetVerifyPeer ( bool verifyPeer )

noexcept

In client mode, this turns off x.509 validation. Don't do this unless you're testing. It's much better, to just override the default trust store and pass the self-signed certificate as the caFile argument.

In server mode, this defaults to false. If you want to support mutual TLS from the server, you'll want to set this to true.

Friends And Related Function Documentation

◆ TlsContext

friend class TlsContext

friend

The documentation for this class was generated from the following files:

crt/aws-crt-cpp/include/aws/crt/io/TlsOptions.h
crt/aws-crt-cpp/source/io/TlsOptions.cpp

Public Member Functions

Static Public Member Functions

Friends

Detailed Description

Constructor & Destructor Documentation

◆ TlsContextOptions() [1/3]

◆ ~TlsContextOptions()

◆ TlsContextOptions() [2/3]

◆ TlsContextOptions() [3/3]

Member Function Documentation

◆ InitClientWithMtls() [1/2]

◆ InitClientWithMtls() [2/2]

◆ InitClientWithMtlsPkcs11()

◆ InitDefaultClient()

◆ IsAlpnSupported()

◆ LastError()

◆ operator bool()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ OverrideDefaultTrustStore() [1/2]

◆ OverrideDefaultTrustStore() [2/2]

◆ SetAlpnList()

◆ SetMinimumTlsVersion()

◆ SetVerifyPeer()

Friends And Related Function Documentation

◆ TlsContext