Loading...
Searching...
No Matches
Data Fields
as_config_tls Struct Reference

Detailed Description

TLS module config

Definition at line 204 of file as_config.h.

#include "as_config.h"

+ Collaboration diagram for as_config_tls:

Data Fields

char * cafile
 
char * capath
 
char * castring
 
char * cert_blacklist
 
char * certfile
 
char * certstring
 
char * cipher_suite
 
bool crl_check
 
bool crl_check_all
 
bool enable
 
bool for_login_only
 
char * keyfile
 
char * keyfile_pw
 
char * keystring
 
bool log_session_info
 
char * protocols
 

Field Documentation

◆ cafile

char* as_config_tls::cafile

Path to a trusted CA certificate file. By default TLS will use system standard trusted CA certificates. Use as_config_tls_set_cafile() to set this field. If cafile is populated, castring is ignored.

Definition at line 218 of file as_config.h.

◆ capath

char* as_config_tls::capath

Path to a directory of trusted certificates. See the OpenSSL SSL_CTX_load_verify_locations manual page for more information about the format of the directory. Use as_config_tls_set_capath() to set this field.

Definition at line 233 of file as_config.h.

◆ castring

char* as_config_tls::castring

String containing trusted CA certificate(s). Use as_config_tls_set_castring() to set this field. If cafile is populated, castring is ignored.

Definition at line 225 of file as_config.h.

◆ cert_blacklist

char* as_config_tls::cert_blacklist

Path to a certificate blacklist file. The file should contain one line for each blacklisted certificate. Each line starts with the certificate serial number expressed in hex. Each entry may optionally specify the issuer name of the certificate (serial numbers are only required to be unique per issuer). Example records: 867EC87482B2 /C=US/ST=CA/O=Acme/OU=Engineering/CN=Test Chain CA E2D4B0E570F9EF8E885C065899886461

Use as_config_tls_set_cert_blacklist() to set this field.

Definition at line 278 of file as_config.h.

◆ certfile

char* as_config_tls::certfile

Path to the client's certificate chain file for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_certfile() to set this field. If certfile is populated, certstring is ignored.

Definition at line 310 of file as_config.h.

◆ certstring

char* as_config_tls::certstring

Client's certificate chain file string for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_certstring() to set this field. If certfile is populated, certstring is ignored.

Definition at line 318 of file as_config.h.

◆ cipher_suite

char* as_config_tls::cipher_suite

Specifies enabled cipher suites.

The format is the same as OpenSSL's Cipher List Format documented at https://www.openssl.org/docs/manmaster/apps/ciphers.html

If not specified the OpenSSL default cipher suite described in the ciphers documentation will be used.

If you are not sure what cipher suite to select this option is best left unspecified (NULL).

Use as_config_tls_set_cipher_suite() to set this field.

Definition at line 264 of file as_config.h.

◆ crl_check

bool as_config_tls::crl_check

Enable CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.

Definition at line 325 of file as_config.h.

◆ crl_check_all

bool as_config_tls::crl_check_all

Enable CRL checking for the entire certificate chain. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.

Definition at line 332 of file as_config.h.

◆ enable

bool as_config_tls::enable

Enable TLS on connections. By default TLS is disabled.

Definition at line 210 of file as_config.h.

◆ for_login_only

bool as_config_tls::for_login_only

Use TLS connections only for login authentication. All other communication with the server will be done with non-TLS connections. Default: false (Use TLS connections for all communication with server.)

Definition at line 344 of file as_config.h.

◆ keyfile

char* as_config_tls::keyfile

Path to the client's key for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_keyfile() to set this field. If keyfile is populated, keystring is ignored.

Definition at line 286 of file as_config.h.

◆ keyfile_pw

char* as_config_tls::keyfile_pw

Decryption password for the client's key for mutual authentication. By default the key is assumed not to be encrypted.

Use as_config_tls_set_keyfile_pw() to set this field.

Definition at line 294 of file as_config.h.

◆ keystring

char* as_config_tls::keystring

Client's key string for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_keystring() to set this field. If keyfile is populated, keystring is ignored.

Definition at line 302 of file as_config.h.

◆ log_session_info

bool as_config_tls::log_session_info

Log session information for each connection.

Definition at line 337 of file as_config.h.

◆ protocols

char* as_config_tls::protocols

Specifies enabled protocols.

This format is the same as Apache's SSLProtocol documented at https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol

If not specified (NULL) the client will use "-all +TLSv1.2".

If you are not sure what protocols to select this option is best left unspecified (NULL).

Use as_config_tls_set_protocols() to set this field.

Definition at line 248 of file as_config.h.


The documentation for this struct was generated from the following file: