Aggregate of SSL/TLS settings for transport-layer encryption. 更多...

#include <ssl_options.h>

vlink::SslOptions 的协作图:

Public 成员函数
	SslOptions () noexcept=default
	Default constructor; all strings are empty, `verify_peer` is `true`.
	~SslOptions () noexcept=default
	Default destructor.
bool	is_valid () const noexcept
	Returns `true` when the configuration contains enough data to enable TLS.
void	parse_to (Conf::PropertiesMap &properties) const noexcept
	Writes the non-default fields back into a property map as `ssl`.* entries.

静态 Public 成员函数
static SslOptions	parse_from (const Conf::PropertiesMap &properties) noexcept
	Constructs an `SslOptions` by reading `ssl`.* entries from a property map.

Public 属性
bool	verify_peer {true}
	Whether to verify the server certificate.
std::string	ca_file
	Path to the CA certificate file (PEM format).
std::string	cert_file
	Path to the client certificate file (PEM format).
std::string	key_file
	Path to the client private key file (PEM format).
std::string	key_password
	Passphrase for the encrypted private key.
std::string	server_name
	Server Name Indication (SNI) override.
std::string	ciphers
	Cipher suite string (OpenSSL format).

详细描述

Aggregate of SSL/TLS settings for transport-layer encryption.

Populate the desired fields and pass to Node::set_ssl_options(), or use parse_from() / parse_to() to convert between SslOptions and the ssl.* entries in a Conf::PropertiesMap.

is_valid() returns true when at least ca_file or cert_file is set, which the transport backends interpret as "SSL is enabled".

构造及析构函数说明

◆ SslOptions()

vlink::SslOptions::SslOptions ( )

defaultnoexcept

Default constructor; all strings are empty, verify_peer is true.

这是这个函数的调用关系图:

◆ ~SslOptions()

vlink::SslOptions::~SslOptions ( )

defaultnoexcept

Default destructor.

函数调用图:

成员函数说明

◆ is_valid()

bool vlink::SslOptions::is_valid ( ) const

noexcept

Returns true when the configuration contains enough data to enable TLS.

TLS is considered valid when at least ca_file or cert_file is non-empty. An empty SslOptions (no certificates at all) is not valid and the transport backend will not attempt a TLS connection.

返回: true if TLS should be enabled.

函数调用图:

这是这个函数的调用关系图:

◆ parse_from()

SslOptions vlink::SslOptions::parse_from ( const Conf::PropertiesMap & properties )

staticnoexcept

Constructs an SslOptions by reading ssl.* entries from a property map.

Resolution order (highest priority first):

Explicit ssl.* entries in properties.
Environment variables (VLINK_SSL_CA, VLINK_SSL_CERT, etc.).

Properties not present in either source retain their default values (verify_peer = true, all strings empty).

参数

properties The property map to read from.

返回: A fully-resolved SslOptions.

函数调用图:

这是这个函数的调用关系图:

◆ parse_to()

void vlink::SslOptions::parse_to ( Conf::PropertiesMap & properties ) const

noexcept

Writes the non-default fields back into a property map as ssl.* entries.

Only non-empty string fields and a false verify_peer are written. This is the inverse of parse_from() and is used internally by Node::set_ssl_options() to merge SSL settings into the node properties.

参数

properties The property map to write into.

函数调用图:

这是这个函数的调用关系图:

类成员变量说明

◆ ca_file

std::string vlink::SslOptions::ca_file

Path to the CA certificate file (PEM format).

Used by all backends to verify the remote peer. Setting this field (or its corresponding property ssl.ca) is one of the two conditions that makes is_valid() return true.

◆ cert_file

std::string vlink::SslOptions::cert_file

Path to the client certificate file (PEM format).

Required for mutual TLS (mTLS) where the server verifies the client. Setting this field is the other condition that makes is_valid() return true.

◆ ciphers

std::string vlink::SslOptions::ciphers

Cipher suite string (OpenSSL format).

Overrides the default cipher suite selection. The format depends on the underlying TLS library (typically OpenSSL). Leave empty to use the backend default.

◆ key_file

std::string vlink::SslOptions::key_file

Path to the client private key file (PEM format).

Paired with cert_file for mutual TLS. If the key is encrypted, provide the passphrase via key_password.

◆ key_password

std::string vlink::SslOptions::key_password

Passphrase for the encrypted private key.

Only needed when key_file is protected by a passphrase. Corresponds to property ssl.key_password and environment variable VLINK_SSL_KEY_PASS.

◆ server_name

std::string vlink::SslOptions::server_name

Server Name Indication (SNI) override.

When set, the TLS handshake uses this value as the expected server name instead of the hostname derived from the connection URL. Used by MQTT, DDS, and Zenoh backends.

◆ verify_peer

bool vlink::SslOptions::verify_peer {true}

Whether to verify the server certificate.

Defaults to true. Set to false to skip peer verification (maps to ssl.verify = "0"). This is useful for development environments with self-signed certificates, but should remain true in production.

该结构体的文档由以下文件生成:

include/vlink/impl/ssl_options.h

Public 成员函数

静态 Public 成员函数

Public 属性

详细描述

构造及析构函数说明

◆ SslOptions()

◆ ~SslOptions()

成员函数说明

◆ is_valid()

◆ parse_from()

◆ parse_to()

类成员变量说明

◆ ca_file

◆ cert_file

◆ ciphers

◆ key_file

◆ key_password

◆ server_name

◆ verify_peer