Fast DDS  Version 3.1.2
Fast DDS
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Public Attributes | List of all members
TCPTransportDescriptor::TLSConfig Struct Reference

TLS Configuration. More...

#include <TCPTransportDescriptor.hpp>

Public Types

enum  TLSOptions : uint32_t {
  NONE = 0 , DEFAULT_WORKAROUNDS = 1 << 0 , NO_COMPRESSION = 1 << 1 , NO_SSLV2 = 1 << 2 ,
  NO_SSLV3 = 1 << 3 , NO_TLSV1 = 1 << 4 , NO_TLSV1_1 = 1 << 5 , NO_TLSV1_2 = 1 << 6 ,
  NO_TLSV1_3 = 1 << 7 , SINGLE_DH_USE = 1 << 8
}
 Supported TLS features. More...
 
enum  TLSVerifyMode : uint8_t {
  UNUSED = 0 , VERIFY_NONE = 1 << 0 , VERIFY_PEER = 1 << 1 , VERIFY_FAIL_IF_NO_PEER_CERT = 1 << 2 ,
  VERIFY_CLIENT_ONCE = 1 << 3
}
 Peer node verification options. More...
 
enum  TLSHandShakeRole : uint8_t { DEFAULT = 0 , CLIENT = 1 << 0 , SERVER = 1 << 1 }
 Role that the transport will take on handshaking. More...
 

Public Member Functions

void add_verify_mode (const TLSVerifyMode verify)
 Add verification modes to the verification mode mask.
 
bool get_verify_mode (const TLSVerifyMode verify) const
 Get the verification mode mask.
 
void add_option (const TLSOptions option)
 Add TLS features to the SSL Context options mask.
 
bool get_option (const TLSOptions option) const
 Get the SSL Context options mask.
 
bool operator== (const TLSConfig &t) const
 Comparison operator.
 

Public Attributes

std::string password
 Password of the private_key_file or rsa_private_key_file.
 
uint32_t options = TLSOptions::NONE
 SSL context options mask.
 
std::string cert_chain_file
 Path to the public certificate chain file.
 
std::string private_key_file
 Path to the private key certificate file.
 
std::string tmp_dh_file
 Path to the Diffie-Hellman parameters file.
 
std::string verify_file
 Path to the CA (Certification-Authority) file.
 
uint8_t verify_mode = TLSVerifyMode::UNUSED
 Verification mode mask.
 
std::vector< std::string > verify_paths
 Paths where the system will look for verification files.
 
bool default_verify_path = false
 Look for verification files on the default paths.
 
int32_t verify_depth = -1
 Maximum allowed depth for verifying intermediate certificates. Do not override.
 
std::string rsa_private_key_file
 Path to the private key RSA certificate file.
 
TLSHandShakeRole handshake_role = TLSHandShakeRole::DEFAULT
 Role that the transport will take on handshaking.
 
std::string server_name
 Server name or host name required in case Server Name Indication (SNI) is used.
 

Detailed Description

TLS Configuration.

  • password: password of the private_key_file or rsa_private_key_file.
  • private_key_file: path to the private key certificate file.
  • rsa_private_key_file: path to the private key RSA certificate file.
  • cert_chain_file: path to the public certificate chain file.
  • tmp_dh_file: path to the Diffie-Hellman parameters file.
  • verify_file: path to the CA (Certification-Authority) file.
  • verify_mode: establishes the verification mode mask.
  • options: establishes the SSL Context options mask.
  • verify_paths: paths where the system will look for verification files.
  • default_verify_path: look for verification files on the default paths.
  • handshake_role: role that the transport will take on handshaking.
  • server_name: server name or host name required in case Server Name Indication (SNI) is used.

Member Enumeration Documentation

◆ TLSHandShakeRole

enum TLSHandShakeRole : uint8_t

Role that the transport will take on handshaking.

  • DEFAULT: configured as client if connector, and as server if acceptor.
  • CLIENT: configured as client.
  • SERVER: configured as server.
Enumerator
DEFAULT 
CLIENT 
SERVER 

◆ TLSOptions

enum TLSOptions : uint32_t

Supported TLS features.

Several options can be combined in the same TransportDescriptor using the add_option() member function.

  • DEFAULT_WORKAROUNDS: implement various bug workarounds.
  • NO_COMPRESSION: disable compression.
  • NO_SSLV2: disable SSL v2.
  • NO_SSLV3: disable SSL v3.
  • NO_TLSV1: disable TLS v1.
  • NO_TLSV1_1: disable TLS v1.1.
  • NO_TLSV1_2: disable TLS v1.2.
  • NO_TLSV1_3: disable TLS v1.3.
  • SINGLE_DH_USE: always create a new key using Diffie-Hellman parameters.
Enumerator
NONE 
DEFAULT_WORKAROUNDS 
NO_COMPRESSION 
NO_SSLV2 
NO_SSLV3 
NO_TLSV1 
NO_TLSV1_1 
NO_TLSV1_2 
NO_TLSV1_3 
SINGLE_DH_USE 

◆ TLSVerifyMode

enum TLSVerifyMode : uint8_t

Peer node verification options.

Several verification options can be combined in the same TransportDescriptor using the add_verify_mode() member function.

  • VERIFY_NONE: perform no verification.
  • VERIFY_PEER: perform verification of the peer.
  • VERIFY_FAIL_IF_NO_PEER_CERT: fail verification if the peer has no certificate. Ignored unless VERIFY_PEER is also set.
  • VERIFY_CLIENT_ONCE: do not request client certificate on renegotiation. Ignored unless VERIFY_PEER is also set.
Enumerator
UNUSED 
VERIFY_NONE 
VERIFY_PEER 
VERIFY_FAIL_IF_NO_PEER_CERT 
VERIFY_CLIENT_ONCE 

Member Function Documentation

◆ add_option()

void add_option ( const TLSOptions  option)
inline

Add TLS features to the SSL Context options mask.

◆ add_verify_mode()

void add_verify_mode ( const TLSVerifyMode  verify)
inline

Add verification modes to the verification mode mask.

◆ get_option()

bool get_option ( const TLSOptions  option) const
inline

Get the SSL Context options mask.

◆ get_verify_mode()

bool get_verify_mode ( const TLSVerifyMode  verify) const
inline

Get the verification mode mask.

◆ operator==()

bool operator== ( const TLSConfig t) const
inline

Comparison operator.

Member Data Documentation

◆ cert_chain_file

std::string cert_chain_file

Path to the public certificate chain file.

◆ default_verify_path

bool default_verify_path = false

Look for verification files on the default paths.

◆ handshake_role

TLSHandShakeRole handshake_role = TLSHandShakeRole::DEFAULT

Role that the transport will take on handshaking.

◆ options

uint32_t options = TLSOptions::NONE

SSL context options mask.

◆ password

std::string password

Password of the private_key_file or rsa_private_key_file.

◆ private_key_file

std::string private_key_file

Path to the private key certificate file.

◆ rsa_private_key_file

std::string rsa_private_key_file

Path to the private key RSA certificate file.

◆ server_name

std::string server_name

Server name or host name required in case Server Name Indication (SNI) is used.

◆ tmp_dh_file

std::string tmp_dh_file

Path to the Diffie-Hellman parameters file.

◆ verify_depth

int32_t verify_depth = -1

Maximum allowed depth for verifying intermediate certificates. Do not override.

◆ verify_file

std::string verify_file

Path to the CA (Certification-Authority) file.

◆ verify_mode

uint8_t verify_mode = TLSVerifyMode::UNUSED

Verification mode mask.

◆ verify_paths

std::vector<std::string> verify_paths

Paths where the system will look for verification files.

The documentation for this struct was generated from the following file: