 |
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
|
TLS module config
Definition at line 204 of file as_config.h.
#include "as_config.h"
Collaboration diagram for as_config_tls:Data Fields | |
| char * | cafile |
| char * | capath |
| char * | castring |
| char * | cert_blacklist |
| char * | certfile |
| char * | certstring |
| char * | cipher_suite |
| bool | crl_check |
| bool | crl_check_all |
| bool | enable |
| bool | for_login_only |
| char * | keyfile |
| char * | keyfile_pw |
| char * | keystring |
| bool | log_session_info |
| char * | protocols |
| char* as_config_tls::cafile |
Path to a trusted CA certificate file. By default TLS will use system standard trusted CA certificates. Use as_config_tls_set_cafile() to set this field. If cafile is populated, castring is ignored.
Definition at line 218 of file as_config.h.
| char* as_config_tls::capath |
Path to a directory of trusted certificates. See the OpenSSL SSL_CTX_load_verify_locations manual page for more information about the format of the directory. Use as_config_tls_set_capath() to set this field.
Definition at line 233 of file as_config.h.
| char* as_config_tls::castring |
String containing trusted CA certificate(s). Use as_config_tls_set_castring() to set this field. If cafile is populated, castring is ignored.
Definition at line 225 of file as_config.h.
| char* as_config_tls::cert_blacklist |
Path to a certificate blacklist file. The file should contain one line for each blacklisted certificate. Each line starts with the certificate serial number expressed in hex. Each entry may optionally specify the issuer name of the certificate (serial numbers are only required to be unique per issuer). Example records: 867EC87482B2 /C=US/ST=CA/O=Acme/OU=Engineering/CN=Test Chain CA E2D4B0E570F9EF8E885C065899886461
Use as_config_tls_set_cert_blacklist() to set this field.
Definition at line 278 of file as_config.h.
| char* as_config_tls::certfile |
Path to the client's certificate chain file for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_certfile() to set this field. If certfile is populated, certstring is ignored.
Definition at line 310 of file as_config.h.
| char* as_config_tls::certstring |
Client's certificate chain file string for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_certstring() to set this field. If certfile is populated, certstring is ignored.
Definition at line 318 of file as_config.h.
| char* as_config_tls::cipher_suite |
Specifies enabled cipher suites.
The format is the same as OpenSSL's Cipher List Format documented at https://www.openssl.org/docs/manmaster/apps/ciphers.html
If not specified the OpenSSL default cipher suite described in the ciphers documentation will be used.
If you are not sure what cipher suite to select this option is best left unspecified (NULL).
Use as_config_tls_set_cipher_suite() to set this field.
Definition at line 264 of file as_config.h.
| bool as_config_tls::crl_check |
Enable CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.
Definition at line 325 of file as_config.h.
| bool as_config_tls::crl_check_all |
Enable CRL checking for the entire certificate chain. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.
Definition at line 332 of file as_config.h.
| bool as_config_tls::enable |
Enable TLS on connections. By default TLS is disabled.
Definition at line 210 of file as_config.h.
| bool as_config_tls::for_login_only |
Use TLS connections only for login authentication. All other communication with the server will be done with non-TLS connections. Default: false (Use TLS connections for all communication with server.)
Definition at line 344 of file as_config.h.
| char* as_config_tls::keyfile |
Path to the client's key for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_keyfile() to set this field. If keyfile is populated, keystring is ignored.
Definition at line 286 of file as_config.h.
| char* as_config_tls::keyfile_pw |
Decryption password for the client's key for mutual authentication. By default the key is assumed not to be encrypted.
Use as_config_tls_set_keyfile_pw() to set this field.
Definition at line 294 of file as_config.h.
| char* as_config_tls::keystring |
Client's key string for mutual authentication. By default mutual authentication is disabled. Use as_config_tls_set_keystring() to set this field. If keyfile is populated, keystring is ignored.
Definition at line 302 of file as_config.h.
| bool as_config_tls::log_session_info |
Log session information for each connection.
Definition at line 337 of file as_config.h.
| char* as_config_tls::protocols |
Specifies enabled protocols.
This format is the same as Apache's SSLProtocol documented at https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol
If not specified (NULL) the client will use "-all +TLSv1.2".
If you are not sure what protocols to select this option is best left unspecified (NULL).
Use as_config_tls_set_protocols() to set this field.
Definition at line 248 of file as_config.h.
