3 * Copyright 2010-2011 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 * Class to access the global (and connection specific) TLS Settings
13 * To access the global TLS Settings just instantiate a TlsOption object
14 * using the default constructor.
16 * To access connection specific settings instantiate a TlsOption object
17 * through the getTlsOptions() method from the corresponding
18 * LDAPConnection/LDAPAsynConnection object.
25 * Available TLS Options
44 * Possible Values for the REQUIRE_CERT option
55 * Possible Values for the CRLCHECK option
65 * Default constructor. Gives access to the global TlsSettings
70 * Set string valued options.
71 * @param opt The following string valued options are available:
72 * - TlsOptions::CACERTFILE
73 * - TlsOptions::CACERTDIR
74 * - TlsOptions::CERTFILE
75 * - TlsOptions::KEYFILE
76 * - TlsOptions::CIPHER_SUITE
77 * - TlsOptions::RANDOM_FILE
78 * - TlsOptions::DHFILE
79 * @param value The value to apply to that option,
80 * - TlsOptions::CACERTFILE:
81 * The path to the file containing all recognized Certificate
83 * - TlsOptions::CACERTDIR:
84 * The path to a directory containing individual files of all
85 * recognized Certificate Authority certificates
86 * - TlsOptions::CERTFILE:
87 * The path to the client certificate
88 * - TlsOptions::KEYFILE:
89 * The path to the file containing the private key matching the
90 * Certificate that as configured with TlsOptions::CERTFILE
91 * - TlsOptions::CIPHER_SUITE
92 * Specifies the cipher suite and preference order
93 * - TlsOptions::RANDOM_FILE
94 * Specifies the file to obtain random bits from when
95 * /dev/[u]random is not available.
96 * - TlsOptions::DHFILE
97 * File containing DH parameters
99 void setOption(tls_option opt, const std::string& value) const;
102 * Set integer valued options.
103 * @param opt The following string valued options are available:
104 * - TlsOptions::REQUIRE_CERT
105 * - TlsOptions::PROTOCOL_MIN
106 * - TlsOptions::CRLCHECK
107 * @param value The value to apply to that option,
108 * - TlsOptions::REQUIRE_CERT:
109 * Possible Values (For details see the ldap.conf(5) man-page):
110 * - TlsOptions::NEVER
111 * - TlsOptions::DEMAND
112 * - TlsOptions::ALLOW
114 * - TlsOptions::PROTOCOL_MIN
115 * - TlsOptions::CRLCHECK
117 * - TlsOptions::CRL_NONE
118 * - TlsOptions::CRL_PEER
119 * - TlsOptions::CRL_ALL
121 void setOption(tls_option opt, int value) const;
124 * Generic setOption variant. Generally you should prefer to use one
125 * of the other variants
127 void setOption(tls_option opt, void *value) const;
130 * Read integer valued options
131 * @return Option value
132 * @throws LDAPException in case of error (invalid on non-integer
133 * valued option is requested)
135 int getIntOption(tls_option opt) const;
138 * Read string valued options
139 * @return Option value
140 * @throws LDAPException in case of error (invalid on non-string
141 * valued option is requested)
143 std::string getStringOption(tls_option opt) const;
146 * Read options value. Usually you should prefer to use either
147 * getIntOption() or getStringOption()
148 * @param value points to a buffer containing the option value
149 * @throws LDAPException in case of error (invalid on non-string
150 * valued option is requested)
152 void getOption(tls_option opt, void *value ) const;
155 TlsOptions( LDAP* ld );
159 friend class LDAPAsynConnection;
162 #endif /* TLS_OPTIONS_H */