Transport-layer SSL/TLS configuration for VLink communication backends. More...

#include <string>
#include "../base/macros.h"
#include "./conf.h"

Include dependency graph for ssl_options.h:

This graph shows which files directly or indirectly include this file:

Classes
struct	vlink::SslOptions
	Aggregate of SSL/TLS settings for transport-layer encryption. More...

Namespaces
namespace	vlink

Detailed Description

Transport-layer SSL/TLS configuration for VLink communication backends.

SslOptions provides a backend-agnostic way to configure transport-layer TLS encryption. It works through the ssl.* property convention that every transport backend reads during connection setup:

Backend	Native TLS Mechanism
MQTT	`MQTTClient_SSLOptions` (Paho C), auto `tcp://` to ssl://
DDS	`TCPv4TransportDescriptor::tls_config` (Fast-DDS)
CycloneDDS	`ddsi_config` ssl fields (requires `DDS_HAS_SSL`)
Zenoh	`transport/link/tls` config keys (zenoh-c, not zenoh-pico)

Property Keys

Property Key	`SslOptions` Field	Description
`ssl.ca`	`ca_file`	CA certificate file path (PEM)
`ssl.cert`	`cert_file`	Client certificate file path (PEM)
`ssl.key`	`key_file`	Client private key file path (PEM)
`ssl.key_password`	`key_password`	Private key passphrase
`ssl.verify`	`verify_peer`	`"0"` to skip verification; default verify
`ssl.server_name`	`server_name`	SNI server name override
`ssl.ciphers`	`ciphers`	Cipher suite string (OpenSSL format)

Environment Variable Defaults: When a property is not set explicitly, the factory reads these environment variables as lowest-priority defaults (property values always take precedence):

Environment Variable	Maps to
`VLINK_SSL_CA`	`ssl.ca`
`VLINK_SSL_CERT`	`ssl.cert`
`VLINK_SSL_KEY`	`ssl.key`
`VLINK_SSL_KEY_PASS`	`ssl.key_password`
`VLINK_SSL_VERIFY`	`ssl.verify`
`VLINK_SSL_SNI`	`ssl.server_name`
`VLINK_SSL_CIPHERS`	`ssl.ciphers`

Auto-detection: SSL is considered valid (enabled) when ca_file or cert_file is non-empty. There is no separate ssl.enabled flag. When SSL is enabled on DDS/CycloneDDS, TCP transport is automatically activated because TLS requires TCP.

Usage: // --- Via Node API ---

Publisher<MyMsg> pub("mqtt://sensor/data");

SslOptions ssl;

ssl.ca_file = "/etc/certs/ca.pem";

ssl.cert_file = "/etc/certs/client.pem";

ssl.key_file = "/etc/certs/client-key.pem";

pub.set_ssl_options(ssl);

// --- Via set_property ---

pub.set_property("ssl.ca", "/etc/certs/ca.pem");

// --- Via global property ---

MqttConf::set_global_property("ssl.ca", "/etc/certs/ca.pem");

// --- Via environment variable ---

// export VLINK_SSL_CA=/etc/certs/ca.pem

Note

Zenoh-pico (VLINK_ENABLE_ZENOH_PICO) does not support TLS; a warning is logged if SSL properties are present.
CycloneDDS requires DDS_HAS_SSL at compile time; a warning is logged if SSL properties are present but the feature was not compiled in.

Classes

Namespaces

Detailed Description