#include <string>
#include <ldap.h>
+/**
+ * Class to access the global (and connection specific) TLS Settings
+ * To access the global TLS Settings just instantiate a TlsOption object
+ * using the default constructor.
+ *
+ * To access connection specific settings instantiate a TlsOption object
+ * through the getTlsOptions() method from the corresponding
+ * LDAPConnection/LDAPAsynConnection object.
+ *
+ */
class TlsOptions {
public:
+
+ /**
+ * Available TLS Options
+ */
enum tls_option {
- CACERTFILE=0,
+ CACERTFILE=0,
CACERTDIR,
CERTFILE,
KEYFILE,
RANDOM_FILE,
CRLCHECK,
DHFILE,
+ /// @cond
LASTOPT /* dummy */
+ /// @endcond
};
- TlsOptions();
- void setOption(tls_option opt, const std::string& value) const;
- void setOption(tls_option opt, int value) const;
- void setOption(tls_option opt, void *value) const;
-
- int getIntOption(tls_option opt) const;
- std::string getStringOption(tls_option opt) const;
- void getOption(tls_option opt, void *value ) const;
-
+ /**
+ * Possible Values for the REQUIRE_CERT option
+ */
enum verifyMode {
NEVER=0,
HARD,
TRY
};
+ /**
+ * Possible Values for the CRLCHECK option
+ */
enum crlMode {
CRL_NONE=0,
CRL_PEER,
CRL_ALL
};
+
+ /**
+ * Default constructor. Gives access to the global TlsSettings
+ */
+ TlsOptions();
+
+ /**
+ * Set string valued options.
+ * @param opt The following string valued options are available:
+ * - TlsOptions::CACERTFILE
+ * - TlsOptions::CACERTDIR
+ * - TlsOptions::CERTFILE
+ * - TlsOptions::KEYFILE
+ * - TlsOptions::CIPHER_SUITE
+ * - TlsOptions::RANDOM_FILE
+ * - TlsOptions::DHFILE
+ * @param value The value to apply to that option,
+ * - TlsOptions::CACERTFILE:
+ * The path to the file containing all recognized Certificate
+ * Authorities
+ * - TlsOptions::CACERTDIR:
+ * The path to a directory containing individual files of all
+ * recognized Certificate Authority certificates
+ * - TlsOptions::CERTFILE:
+ * The path to the client certificate
+ * - TlsOptions::KEYFILE:
+ * The path to the file containing the private key matching the
+ * Certificate that as configured with TlsOptions::CERTFILE
+ * - TlsOptions::CIPHER_SUITE
+ * Specifies the cipher suite and preference order
+ * - TlsOptions::RANDOM_FILE
+ * Specifies the file to obtain random bits from when
+ * /dev/[u]random is not available.
+ * - TlsOptions::DHFILE
+ * File containing DH parameters
+ */
+ void setOption(tls_option opt, const std::string& value) const;
+
+ /**
+ * Set integer valued options.
+ * @param opt The following string valued options are available:
+ * - TlsOptions::REQUIRE_CERT
+ * - TlsOptions::PROTOCOL_MIN
+ * - TlsOptions::CRLCHECK
+ * @param value The value to apply to that option,
+ * - TlsOptions::REQUIRE_CERT:
+ * Possible Values (For details see the ldap.conf(5) man-page):
+ * - TlsOptions::NEVER
+ * - TlsOptions::DEMAND
+ * - TlsOptions::ALLOW
+ * - TlsOptions::TRY
+ * - TlsOptions::PROTOCOL_MIN
+ * - TlsOptions::CRLCHECK
+ * Possible Values:
+ * - TlsOptions::CRL_NONE
+ * - TlsOptions::CRL_PEER
+ * - TlsOptions::CRL_ALL
+ */
+ void setOption(tls_option opt, int value) const;
+
+ /**
+ * Generic setOption variant. Generally you should prefer to use one
+ * of the other variants
+ */
+ void setOption(tls_option opt, void *value) const;
+
+ /**
+ * Read integer valued options
+ * @return Option value
+ * @throws LDAPException in case of error (invalid on non-integer
+ * valued option is requested)
+ */
+ int getIntOption(tls_option opt) const;
+
+ /**
+ * Read string valued options
+ * @return Option value
+ * @throws LDAPException in case of error (invalid on non-string
+ * valued option is requested)
+ */
+ std::string getStringOption(tls_option opt) const;
+
+ /**
+ * Read options value. Usually you should prefer to use either
+ * getIntOption() or getStringOption()
+ * @param value points to a buffer containing the option value
+ * @throws LDAPException in case of error (invalid on non-string
+ * valued option is requested)
+ */
+ void getOption(tls_option opt, void *value ) const;
+
private:
TlsOptions( LDAP* ld );
void newCtx() const;