The TlsConfiguration class represents a configuration for TLS encryption. More...

Public Types
enum class	Cipher { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 , TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 , TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 , TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 , TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 , TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 , TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 , TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 , TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 , TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 , TLS_AES_128_GCM_SHA256 , TLS_AES_256_GCM_SHA384 , TLS_CHACHA20_POLY1305_SHA256 }
	Ciphers TlsConfiguration supports. More...

enum class	Curve { X25519 , prime256v1 , secp384r1 , secp521r1 }
	Curves TlsConfiguration supports. More...

enum	PeerVerifyMode { On , Off , Auto }
	Peer verification mode for TLS connections. More...

enum class	TlsVersion { TLS_1_2 , TLS_1_2_or_newer , TLS_1_3 , TLS_1_3_or_newer }
	TLS version. More...

Public Member Functions
	TlsConfiguration ()

	TlsConfiguration (const TlsConfiguration &other)

	~TlsConfiguration ()

void	addCaCertificate (std::string_view certificate)

const std::set< std::string > &	addedCertificates () const

const std::string &	certificate () const

const std::set< Cipher > &	ciphers () const

const std::set< Curve > &	curves () const

TlsConfiguration &	operator= (const TlsConfiguration &other)

int	peerVerifyDepth () const

PeerVerifyMode	peerVerifyMode () const

const std::string &	privateKey () const

const std::string &	privateKeyPassword () const

void	setCaCertificates (const std::set< std::string > &certificates)

void	setCertificateKeyPair (std::string_view certificate, std::string_view key, std::string_view keyPassword="")

void	setCiphers (const std::set< Cipher > &ciphers)

void	setCurves (std::set< Curve > curves)

void	setPeerVerifyDepth (int depth)

void	setPeerVerifyMode (PeerVerifyMode mode)

void	setTlsVersion (TlsVersion tlsVersion)

void	setUseSystemCertificates (bool useSystemCertificates)

TlsVersion	tlsVersion () const

bool	useSystemCertificates () const

Static Public Member Functions
static std::set< Cipher >	supportedCiphers ()

static std::set< Curve >	supportedCurves ()

Detailed Description

The TlsConfiguration class represents a configuration for TLS encryption.

Member Enumeration Documentation

◆ Cipher

enum class Kourier::TlsConfiguration::Cipher

strong

Ciphers TlsConfiguration supports.

Enumerator
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	TLS 1.2 cipher.
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	TLS 1.2 cipher.
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	TLS 1.2 cipher.
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	TLS 1.2 cipher.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	TLS 1.2 cipher.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	TLS 1.2 cipher.
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	TLS 1.2 cipher.
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	TLS 1.2 cipher.
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	TLS 1.2 cipher.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	TLS 1.2 cipher.
TLS_AES_128_GCM_SHA256	TLS 1.3 cipher.
TLS_AES_256_GCM_SHA384	TLS 1.3 cipher.
TLS_CHACHA20_POLY1305_SHA256	TLS 1.3 cipher.

◆ Curve

enum class Kourier::TlsConfiguration::Curve

strong

Curves TlsConfiguration supports.

Enumerator
X25519	A 256-bit Montgomery curve.
prime256v1	A 256-bit prime field Weierstrass curve.
secp384r1	A 384-bit prime field Weierstrass curve.
secp521r1	A 521-bit prime field Weierstrass curve.

◆ PeerVerifyMode

enum Kourier::TlsConfiguration::PeerVerifyMode

Peer verification mode for TLS connections.

Enumerator
On	Verify the peer when establishing the TLS connection.
Off	Do not verify the peer when establishing the TLS connection.
Auto	Verify servers but not clients when establishing TLS connections.

◆ TlsVersion

enum class Kourier::TlsConfiguration::TlsVersion

strong

TLS version.

Enumerator
TLS_1_2	TLS version 1.2.
TLS_1_2_or_newer	TLS version 1.2 or newer.
TLS_1_3	TLS version 1.3.
TLS_1_3_or_newer	TLS version 1.3 or newer.

Constructor & Destructor Documentation

◆ TlsConfiguration() [1/2]

Kourier::TlsConfiguration::TlsConfiguration ( )

Creates an empty TLS configuration.

◆ TlsConfiguration() [2/2]

Kourier::TlsConfiguration::TlsConfiguration ( const TlsConfiguration & other )

Creates a TlsConfiguration object and copies configuration from other to this object.

◆ ~TlsConfiguration()

Kourier::TlsConfiguration::~TlsConfiguration ( )

Destroys the TlsConfiguration object.

Member Function Documentation

◆ addCaCertificate()

void Kourier::TlsConfiguration::addCaCertificate ( std::string_view certificate )

Adds the certificate file to the set of files from which to load CA certificates. The certificate files should contain CA certificates in the PEM format.

◆ addedCertificates()

const std::set< std::string > & Kourier::TlsConfiguration::addedCertificates ( ) const

Returns the file paths of the files from which CA certificates are loaded.

◆ certificate()

const std::string & Kourier::TlsConfiguration::certificate ( ) const

Returns the file path of the local certificate given in setCertificateKeyPair, which should be sent to the connected peer during the TLS handshake for verification purposes.

◆ ciphers()

const std::set< TlsConfiguration::Cipher > & Kourier::TlsConfiguration::ciphers ( ) const

Returns the set of ciphers that have been set for this TlsConfiguration instance.

◆ curves()

const std::set< TlsConfiguration::Curve > & Kourier::TlsConfiguration::curves ( ) const

Returns the set of curves that have been set for this TlsConfiguration instance.

◆ operator=()

TlsConfiguration & Kourier::TlsConfiguration::operator= ( const TlsConfiguration & other )

Copies configuration from other to this object.

◆ peerVerifyDepth()

int Kourier::TlsConfiguration::peerVerifyDepth ( ) const

Returns the peer verify depth.

◆ peerVerifyMode()

TlsConfiguration::PeerVerifyMode Kourier::TlsConfiguration::peerVerifyMode ( ) const

Returns the peer verify mode.

◆ privateKey()

const std::string & Kourier::TlsConfiguration::privateKey ( ) const

Returns the file path of the private key given in setCertificateKeyPair, and belonging to the local certificate.

◆ privateKeyPassword()

const std::string & Kourier::TlsConfiguration::privateKeyPassword ( ) const

Returns the encrypted private key password given in setCertificateKeyPair.

◆ setCaCertificates()

void Kourier::TlsConfiguration::setCaCertificates ( const std::set< std::string > & certificates )

Sets the set of file paths containing CA certificates. CA certificates should be in the PEM format.

◆ setCertificateKeyPair()

void Kourier::TlsConfiguration::setCertificateKeyPair	(	std::string_view	certificate,
		std::string_view	key,
		std::string_view	keyPassword = `""`
	)

Sets the certificate and private key files. TlsConfiguration loads the first private key found in the key file and the first certificate in the certificate file. If the certificate file contains more than one certificate, TlsConfiguration adds all the other certificates to the chain of certificates. Certificates and private keys should be in the PEM format. You can use the keyPassword parameter to inform the password for encrypted private keys.

◆ setCiphers()

void Kourier::TlsConfiguration::setCiphers ( const std::set< Cipher > & ciphers )

Sets the ciphers to use.

◆ setCurves()

void Kourier::TlsConfiguration::setCurves ( std::set< Curve > curves )

Sets the curves to use.

◆ setPeerVerifyDepth()

void Kourier::TlsConfiguration::setPeerVerifyDepth ( int depth )

Sets the maximum depth for the certificate chain verification that TlsConfiguration can use.

◆ setPeerVerifyMode()

void Kourier::TlsConfiguration::setPeerVerifyMode ( PeerVerifyMode mode )

Sets the peer verification mode.

◆ setTlsVersion()

void Kourier::TlsConfiguration::setTlsVersion ( TlsVersion tlsVersion )

Sets the TLS version to use.

◆ setUseSystemCertificates()

void Kourier::TlsConfiguration::setUseSystemCertificates ( bool useSystemCertificates )

If useSystemCertificates is true, TlsConfiguration sets OpenSSL to load CA certificates from default locations.

◆ supportedCiphers()

std::set< TlsConfiguration::Cipher > Kourier::TlsConfiguration::supportedCiphers ( )

static

Returns the ciphers supported by TlsConfiguration.

◆ supportedCurves()

std::set< TlsConfiguration::Curve > Kourier::TlsConfiguration::supportedCurves ( )

static

Returns the curves supported by TlsConfiguration.

◆ tlsVersion()

TlsConfiguration::TlsVersion Kourier::TlsConfiguration::tlsVersion ( ) const

Returns the TLS version this TlsConfiguration uses.

◆ useSystemCertificates()

bool Kourier::TlsConfiguration::useSystemCertificates ( ) const

Returns true if this TlsConfiguration makes OpenSSL load CA certificates from default locations.

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

◆ Cipher

◆ Curve

◆ PeerVerifyMode

◆ TlsVersion

Constructor & Destructor Documentation

◆ TlsConfiguration() [1/2]

◆ TlsConfiguration() [2/2]

◆ ~TlsConfiguration()

Member Function Documentation

◆ addCaCertificate()

◆ addedCertificates()

◆ certificate()

◆ ciphers()

◆ curves()

◆ operator=()

◆ peerVerifyDepth()

◆ peerVerifyMode()

◆ privateKey()

◆ privateKeyPassword()

◆ setCaCertificates()

◆ setCertificateKeyPair()

◆ setCiphers()

◆ setCurves()

◆ setPeerVerifyDepth()

◆ setPeerVerifyMode()

◆ setTlsVersion()

◆ setUseSystemCertificates()

◆ supportedCiphers()

◆ supportedCurves()

◆ tlsVersion()

◆ useSystemCertificates()