caf::net::ssl::context Class Reference

SSL state, shared by multiple connections. More...

#include <context.hpp>

Public Member Functions
	context (context &&other)
context &	operator= (context &&other)
	operator bool () const noexcept
bool	operator! () const noexcept
void	verify_mode (verify_t flags)
	Overrides the verification mode for this context.
template<typename PasswordCallback >
void	password_callback (PasswordCallback callback)
	Overrides the callback to obtain the password for encrypted PEM files.
void	password (std::string password)
	Overrides the callback to obtain the password for encrypted PEM files with a function that always returns password.
void *	native_handle () const noexcept
	Retrieves the native handle from the context.
expected< connection >	new_connection (stream_socket fd)
	Creates a new SSL connection on fd.
expected< connection >	new_connection (stream_socket fd, close_on_shutdown_t)
	Creates a new SSL connection on fd.
bool	enable_default_verify_paths ()
	Configure the context to use the default locations for loading CA certificates.
bool	add_verify_path (const char *path)
	Configures the context to load CA certificate from a directory.
bool	add_verify_path (const std::string &path)
	Configures the context to load CA certificate from a directory.
bool	load_verify_file (const char *path)
	Loads a CA certificate file.
bool	load_verify_file (const std::string &path)
	Loads a CA certificate file.
bool	use_certificate_file (const char *path, format file_format)
	Loads the first certificate found in given file.
bool	use_certificate_file (const std::string &path, format file_format)
	Loads the first certificate found in given file.
bool	use_certificate_chain_file (const char *path)
	Loads a certificate chain from a PEM-formatted file.
bool	use_certificate_chain_file (const std::string &path)
	Loads a certificate chain from a PEM-formatted file.
bool	use_private_key_file (const char *path, format file_format)
	Loads the first private key found in given file.
bool	use_private_key_file (const std::string &path, format file_format)
	Loads the first private key found in given file.

Static Public Member Functions
static expected< void >	enable (bool flag)
	Starting point for chaining expected<T>::and_then() invocations, whereas the next function in the chain should create the SSL context depending on the value of flag.
static expected< context >	make (tls min_version, tls max_version=tls::any)
	Returns a generic SSL context with TLS.
static expected< context >	make_server (tls min_version, tls max_version=tls::any)
	Returns a SSL context with TLS for a server role.
static expected< context >	make_client (tls min_version, tls max_version=tls::any)
	Returns a SSL context with TLS for a client role.
static expected< context >	make (dtls min_version, dtls max_version=dtls::any)
	Returns a generic SSL context with DTLS.
static expected< context >	make_server (dtls min_version, dtls max_version=dtls::any)
	Returns a SSL context with DTLS for a server role.
static expected< context >	make_client (dtls min_version, dtls max_version=dtls::any)
	Returns a SSL context with TLS for a client role.
static context	from_native (void *native_handle)
	Reinterprets native_handle as the native implementation type and takes ownership of the handle.
static std::string	next_error_string ()
	Retrieves a human-readable error description for a preceding call to another member functions and removes that error from the thread-local error queue.
static void	append_next_error_string (std::string &buf)
	Retrieves a human-readable error description for a preceding call to another member functions, appends the generated string to buf and removes that error from the thread-local error queue.
static std::string	last_error_string ()
	Convenience function for calling next_error_string repeatedly until has_error returns false.
static bool	has_error () noexcept
	Queries whether the thread-local error stack has at least one entry.
static error	last_error ()
	Retrieves all errors from the thread-local error queue and assembles them into a single error string.
static error	last_error_or (error default_error)
	Returns last_error or default_error if the former is default-constructed.
static error	last_error_or_unexpected (std::string_view description)
	Returns last_error or an error that represents an unexpected failure if the former is default-constructed.

Detailed Description

SSL state, shared by multiple connections.

Member Function Documentation

add_verify_path() [1/2]

bool caf::net::ssl::context::add_verify_path

(

const char *

path

)

Configures the context to load CA certificate from a directory.

Parameters

path	Null-terminated string with a path to a directory. Files in the directory must use the CA subject name hash value as file name with a suffix to disambiguate multiple certificates, e.g., 9d66eef0.0 and 9d66eef0.1.

Returns

true on success, false otherwise and last_error can be used to retrieve a human-readable error representation.

Note

Calls SSL_CTX_load_verify_locations

add_verify_path() [2/2]

bool caf::net::ssl::context::add_verify_path

(

const std::string &

path

)

Configures the context to load CA certificate from a directory.

Parameters

path	Null-terminated string with a path to a directory. Files in the directory must use the CA subject name hash value as file name with a suffix to disambiguate multiple certificates, e.g., 9d66eef0.0 and 9d66eef0.1.

Returns

true on success, false otherwise and last_error can be used to retrieve a human-readable error representation.

Note

Calls SSL_CTX_load_verify_locations

append_next_error_string()

void caf::net::ssl::context::append_next_error_string ( std::string &  buf )

static

Retrieves a human-readable error description for a preceding call to another member functions, appends the generated string to buf and removes that error from the thread-local error queue.

Call repeatedly until has_error returns false to retrieve all errors from the queue.

enable_default_verify_paths()

bool caf::net::ssl::context::enable_default_verify_paths

(

)

Configure the context to use the default locations for loading CA certificates.

Returns

true on success, false otherwise and last_error can be used to retrieve a human-readable error representation.

last_error()

error caf::net::ssl::context::last_error ( )

static

Retrieves all errors from the thread-local error queue and assembles them into a single error string.

Returns

all error strings from the thread-local error queue or

load_verify_file() [1/2]

bool caf::net::ssl::context::load_verify_file

(

const char *

path

)

Loads a CA certificate file.

Parameters

path	Null-terminated string with a path to a single PEM file.

Returns

true on success, false otherwise and last_error can be used to retrieve a human-readable error representation.

Note

Calls SSL_CTX_load_verify_locations

load_verify_file() [2/2]

bool caf::net::ssl::context::load_verify_file

(

const std::string &

path

)

Loads a CA certificate file.

Parameters

path	Null-terminated string with a path to a single PEM file.

Returns

true on success, false otherwise and last_error can be used to retrieve a human-readable error representation.

Note

Calls SSL_CTX_load_verify_locations

new_connection() [1/2]

expected< connection > caf::net::ssl::context::new_connection

(

stream_socket

fd

)

Creates a new SSL connection on fd.

The connection does not take ownership of the socket, i.e., does not close the socket when the SSL session ends.

new_connection() [2/2]

expected< connection > caf::net::ssl::context::new_connection	(	stream_socket	fd,
		close_on_shutdown_t
	)

Creates a new SSL connection on fd.

The connection takes ownership of the socket, i.e., closes the socket when the SSL session ends.

next_error_string()

std::string caf::net::ssl::context::next_error_string ( )

static

Retrieves a human-readable error description for a preceding call to another member functions and removes that error from the thread-local error queue.

Call repeatedly until has_error returns false to retrieve all errors from the queue.

password()

void caf::net::ssl::context::password

(

std::string

password

)

Overrides the callback to obtain the password for encrypted PEM files with a function that always returns password.

Note

calls SSL_CTX_set_default_passwd_cb

password_callback()

template<typename PasswordCallback >

void caf::net::ssl::context::password_callback

(

PasswordCallback

callback

)

Overrides the callback to obtain the password for encrypted PEM files.

Note

calls SSL_CTX_set_default_passwd_cb

use_certificate_chain_file() [1/2]

bool caf::net::ssl::context::use_certificate_chain_file

(

const char *

path

)

Loads a certificate chain from a PEM-formatted file.

Note

calls SSL_CTX_use_certificate_chain_file

use_certificate_chain_file() [2/2]

bool caf::net::ssl::context::use_certificate_chain_file

(

const std::string &

path

)

Loads a certificate chain from a PEM-formatted file.

Note

calls SSL_CTX_use_certificate_chain_file

use_certificate_file() [1/2]

bool caf::net::ssl::context::use_certificate_file	(	const char *	path,
		format	file_format
	)

Loads the first certificate found in given file.

Parameters

path	Null-terminated string with a path to a single file.

use_certificate_file() [2/2]

bool caf::net::ssl::context::use_certificate_file	(	const std::string &	path,
		format	file_format
	)

Loads the first certificate found in given file.

Parameters

path	Null-terminated string with a path to a single file.

use_private_key_file()

bool caf::net::ssl::context::use_private_key_file	(	const std::string &	path,
		format	file_format
	)

Loads the first private key found in given file.

verify_mode()

void caf::net::ssl::context::verify_mode

(

verify_t

flags

)

Overrides the verification mode for this context.

Note

calls SSL_CTX_set_verify

---

The documentation for this class was generated from the following files:

• libcaf_net/caf/net/ssl/context.hpp
• libcaf_net/caf/net/ssl/context.cpp