1/*
2 * IXSocketTLSOptions.h
3 * Author: Matt DeBoer
4 * Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
5 */
6
7#pragma once
8
9#include <string>
10
11namespace ix
12{
13 struct SocketTLSOptions
14 {
15 public:
16 // check validity of the object
17 bool isValid() const;
18
19 // the certificate presented to peers
20 std::string certFile;
21
22 // the key used for signing/encryption
23 std::string keyFile;
24
25 // the ca certificate (or certificate bundle) file containing
26 // certificates to be trusted by peers; use 'SYSTEM' to
27 // leverage the system defaults, use 'NONE' to disable peer verification
28 std::string caFile = "SYSTEM";
29
30 // list of ciphers (rsa, etc...)
31 std::string ciphers = "DEFAULT";
32
33 // whether tls is enabled, used for server code
34 bool tls = false;
35
36 bool hasCertAndKey() const;
37
38 bool isUsingSystemDefaults() const;
39
40 bool isUsingInMemoryCAs() const;
41
42 bool isPeerVerifyDisabled() const;
43
44 bool isUsingDefaultCiphers() const;
45
46 const std::string& getErrorMsg() const;
47
48 std::string getDescription() const;
49
50 private:
51 mutable std::string _errMsg;
52 mutable bool _validated = false;
53 };
54} // namespace ix
55