TlsOptions documentation

2025-03-01 14:15:49 +08:00 · 2010-02-18 16:23:40 +00:00 · 2010-02-18 16:23:40 +00:00 · 26421a5254
commit 26421a5254
parent 35f19eac28
1 changed files with 114 additions and 10 deletions
--- a/contrib/ldapc++/src/TlsOptions.h
+++ b/contrib/ldapc++/src/TlsOptions.h
@ -8,10 +8,24 @@
 #include <string>
 #include <ldap.h>

+/**
+ * Class to access the global (and connection specific) TLS Settings
+ * To access the global TLS Settings just instantiate a TlsOption object
+ * using the default constructor.
+ *
+ * To access connection specific settings instantiate a TlsOption object
+ * through the getTlsOptions() method from the corresponding
+ * LDAPConnection/LDAPAsynConnection object.
+ *
+ */
 class TlsOptions {
    public:
+
+        /**
+         * Available TLS Options
+         */
        enum tls_option {
-            CACERTFILE=0,
+            CACERTFILE=0, 
            CACERTDIR,
            CERTFILE,
            KEYFILE,
@ -21,18 +35,14 @@ class TlsOptions {
            RANDOM_FILE,
            CRLCHECK,
            DHFILE,
+            /// @cond
            LASTOPT /* dummy */
+            /// @endcond
        };

-        TlsOptions();
-        void setOption(tls_option opt, const std::string& value) const;
-        void setOption(tls_option opt, int value) const;
-        void setOption(tls_option opt, void *value) const;
-
-        int getIntOption(tls_option opt) const;
-        std::string getStringOption(tls_option opt) const;
-        void getOption(tls_option opt, void *value ) const;
-        
+        /**
+         * Possible Values for the REQUIRE_CERT option
+         */
        enum verifyMode {
            NEVER=0,
            HARD,
@ -41,12 +51,106 @@ class TlsOptions {
            TRY
        };

+        /**
+         * Possible Values for the CRLCHECK option
+         */
        enum crlMode {
            CRL_NONE=0,
            CRL_PEER,
            CRL_ALL
        };

+
+        /**
+         * Default constructor. Gives access to the global TlsSettings
+         */
+        TlsOptions();
+
+        /**
+         * Set string valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::CACERTFILE 
+         *      - TlsOptions::CACERTDIR
+         *      - TlsOptions::CERTFILE
+         *      - TlsOptions::KEYFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *      - TlsOptions::RANDOM_FILE
+         *      - TlsOptions::DHFILE
+         *  @param value The value to apply to that option, 
+         *      - TlsOptions::CACERTFILE:
+         *          The path to the file containing all recognized Certificate
+         *          Authorities
+         *      - TlsOptions::CACERTDIR:
+         *          The path to a directory containing individual files of all
+         *          recognized Certificate Authority certificates
+         *      - TlsOptions::CERTFILE:
+         *          The path to the client certificate
+         *      - TlsOptions::KEYFILE:
+         *          The path to the file containing the private key matching the 
+         *          Certificate that as configured with TlsOptions::CERTFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *          Specifies the cipher suite and preference order
+         *      - TlsOptions::RANDOM_FILE
+         *          Specifies the file to obtain random bits from when 
+         *          /dev/[u]random is not available.
+         *      - TlsOptions::DHFILE
+         *          File containing DH parameters
+         */
+        void setOption(tls_option opt, const std::string& value) const;
+
+        /** 
+         * Set integer valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::REQUIRE_CERT
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         * @param value The value to apply to that option, 
+         *      - TlsOptions::REQUIRE_CERT:
+         *          Possible Values (For details see the ldap.conf(5) man-page):
+         *              - TlsOptions::NEVER
+         *              - TlsOptions::DEMAND
+         *              - TlsOptions::ALLOW
+         *              - TlsOptions::TRY
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         *          Possible Values:
+         *              - TlsOptions::CRL_NONE
+         *              - TlsOptions::CRL_PEER
+         *              - TlsOptions::CRL_ALL
+         */
+        void setOption(tls_option opt, int value) const;
+
+        /**
+         * Generic setOption variant. Generally you should prefer to use one 
+         * of the other variants
+         */
+        void setOption(tls_option opt, void *value) const;
+
+        /**
+         * Read integer valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-integer 
+         *      valued option is requested)
+         */
+        int getIntOption(tls_option opt) const;
+
+        /**
+         * Read string valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        std::string getStringOption(tls_option opt) const;
+
+        /**
+         * Read options value. Usually you should prefer to use either 
+         * getIntOption() or getStringOption()
+         * @param value points to a buffer containing the option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        void getOption(tls_option opt, void *value ) const;
+        
    private:
        TlsOptions( LDAP* ld );
        void newCtx() const;