Aggregate of SSL/TLS settings for transport-layer encryption. More...

#include <ssl_options.h>

Collaboration diagram for vlink::SslOptions:

Public Member Functions
	SslOptions () noexcept=default
	Default constructor; all strings are empty, `verify_peer` is `true`.
	~SslOptions () noexcept=default
	Default destructor.
bool	is_valid () const noexcept
	Returns `true` when the configuration contains enough data to enable TLS.
void	parse_to (Conf::PropertiesMap &properties) const noexcept
	Writes the non-default fields back into a property map as `ssl`.* entries.

Static Public Member Functions
static SslOptions	parse_from (const Conf::PropertiesMap &properties) noexcept
	Constructs an `SslOptions` by reading `ssl`.* entries from a property map.

Public Attributes
bool	verify_peer {true}
	Whether to verify the server certificate.
std::string	ca_file
	Path to the CA certificate file (PEM format).
std::string	cert_file
	Path to the client certificate file (PEM format).
std::string	key_file
	Path to the client private key file (PEM format).
std::string	key_password
	Passphrase for the encrypted private key.
std::string	server_name
	Server Name Indication (SNI) override.
std::string	ciphers
	Cipher suite string (OpenSSL format).

Detailed Description

Aggregate of SSL/TLS settings for transport-layer encryption.

Populate the desired fields and pass to Node::set_ssl_options(), or use parse_from() / parse_to() to convert between SslOptions and the ssl.* entries in a Conf::PropertiesMap.

is_valid() returns true when at least ca_file or cert_file is set, which the transport backends interpret as "SSL is enabled".

Constructor & Destructor Documentation

◆ SslOptions()

vlink::SslOptions::SslOptions ( )

defaultnoexcept

Default constructor; all strings are empty, verify_peer is true.

Here is the caller graph for this function:

◆ ~SslOptions()

vlink::SslOptions::~SslOptions ( )

defaultnoexcept

Default destructor.

Here is the call graph for this function:

Member Function Documentation

◆ is_valid()

bool vlink::SslOptions::is_valid ( ) const

noexcept

Returns true when the configuration contains enough data to enable TLS.

TLS is considered valid when at least ca_file or cert_file is non-empty. An empty SslOptions (no certificates at all) is not valid and the transport backend will not attempt a TLS connection.

Returns: true if TLS should be enabled.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parse_from()

SslOptions vlink::SslOptions::parse_from ( const Conf::PropertiesMap & properties )

staticnoexcept

Constructs an SslOptions by reading ssl.* entries from a property map.

Resolution order (highest priority first):

Explicit ssl.* entries in properties.
Environment variables (VLINK_SSL_CA, VLINK_SSL_CERT, etc.).

Properties not present in either source retain their default values (verify_peer = true, all strings empty).

Parameters

properties The property map to read from.

Returns: A fully-resolved SslOptions.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parse_to()

void vlink::SslOptions::parse_to ( Conf::PropertiesMap & properties ) const

noexcept

Writes the non-default fields back into a property map as ssl.* entries.

Only non-empty string fields and a false verify_peer are written. This is the inverse of parse_from() and is used internally by Node::set_ssl_options() to merge SSL settings into the node properties.

Parameters

properties The property map to write into.

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

◆ ca_file

std::string vlink::SslOptions::ca_file

Path to the CA certificate file (PEM format).

Used by all backends to verify the remote peer. Setting this field (or its corresponding property ssl.ca) is one of the two conditions that makes is_valid() return true.

◆ cert_file

std::string vlink::SslOptions::cert_file

Path to the client certificate file (PEM format).

Required for mutual TLS (mTLS) where the server verifies the client. Setting this field is the other condition that makes is_valid() return true.

◆ ciphers

std::string vlink::SslOptions::ciphers

Cipher suite string (OpenSSL format).

Overrides the default cipher suite selection. The format depends on the underlying TLS library (typically OpenSSL). Leave empty to use the backend default.

◆ key_file

std::string vlink::SslOptions::key_file

Path to the client private key file (PEM format).

Paired with cert_file for mutual TLS. If the key is encrypted, provide the passphrase via key_password.

◆ key_password

std::string vlink::SslOptions::key_password

Passphrase for the encrypted private key.

Only needed when key_file is protected by a passphrase. Corresponds to property ssl.key_password and environment variable VLINK_SSL_KEY_PASS.

◆ server_name

std::string vlink::SslOptions::server_name

Server Name Indication (SNI) override.

When set, the TLS handshake uses this value as the expected server name instead of the hostname derived from the connection URL. Used by MQTT, DDS, and Zenoh backends.

◆ verify_peer

bool vlink::SslOptions::verify_peer {true}

Whether to verify the server certificate.

Defaults to true. Set to false to skip peer verification (maps to ssl.verify = "0"). This is useful for development environments with self-signed certificates, but should remain true in production.

The documentation for this struct was generated from the following file:

include/vlink/impl/ssl_options.h

Public Member Functions

Static Public Member Functions

Public Attributes

Detailed Description

Constructor & Destructor Documentation

◆ SslOptions()

◆ ~SslOptions()

Member Function Documentation

◆ is_valid()

◆ parse_from()

◆ parse_to()

Member Data Documentation

◆ ca_file

◆ cert_file

◆ ciphers

◆ key_file

◆ key_password

◆ server_name

◆ verify_peer