1 #ifndef __XRD_TLSCONTEXT_HH__
2 #define __XRD_TLSCONTEXT_HH__
133 static const int scOff = 0x00010000;
250 static const uint64_t
hsto = 0x00000000000000ff;
251 static const uint64_t
vdept = 0x000000000000ff00;
253 static const uint64_t
logVF = 0x0000000800000000;
254 static const uint64_t
servr = 0x0000000400000000;
255 static const uint64_t
dnsok = 0x0000000200000000;
256 static const uint64_t
nopxy = 0x0000000100000000;
257 static const uint64_t
rfCRL = 0x0000004000000000;
258 static const uint64_t
crlON = 0x0000008000000000;
259 static const uint64_t
crlFC = 0x000000C000000000;
260 static const uint64_t
crlRF = 0x00000000ffff0000;
262 static const uint64_t
artON = 0x0000002000000000;
265 const char *cadir=0,
const char *cafile=0,
266 uint64_t
opts=0, std::string *
eMsg=0);
299 #define TLS_SET_HSTO(cOpts,hstv) \
300 ((cOpts & ~XrdTlsContext::hsto) | (hstv & XrdTlsContext::hsto))
311 #define TLS_SET_REFINT(cOpts,refi) ((cOpts & ~XrdTlsContext::crlRF) |\
312 (XrdTlsContext::crlRF & (refi <<XrdTlsContext::crlRS)))
323 #define TLS_SET_VDEPTH(cOpts,vdv) ((cOpts & ~XrdTlsContext::vdept) |\
324 (XrdTlsContext::vdept & (vdv <<XrdTlsContext::vdepS)))
static const int scIdErr
Info: Id not set, is too long.
XrdTlsContext & operator=(XrdTlsContext &&ctx)=delete
XrdTlsContext * Clone(bool full=true, bool startCRLRefresh=false)
~XrdTlsContext()
Destructor.
static const uint64_t hsto
Mask to isolate the hsto.
static const uint64_t vdept
Mask to isolate vdept.
static const int crlRS
Bits to shift vdept.
int SessionCache(int opts=scNone, const char *id=0, int idlen=0)
static void SetDefaultCiphers(const char *ciphers)
XrdTlsContext(const char *cert=0, const char *key=0, const char *cadir=0, const char *cafile=0, uint64_t opts=0, std::string *eMsg=0)
static const int scClnt
Turn on cache client mode.
static const int DEFAULT_CRL_REF_INT_SEC
Default CRL refresh interval in seconds.
static const uint64_t servr
This is a server context.
static const uint64_t rfCRL
Turn on the CRL refresh thread.
static const int scKeep
Info: TLS-controlled flush disabled.
static const uint64_t nopxy
Do not allow proxy certs.
bool SetTlsClientAuth(ClientAuthSetting setting)
static const int scNone
Do not change any option settings.
XrdTlsContext(const XrdTlsContext &ctx)=delete
Disallow any copies of this object.
static const uint64_t logVF
Log verify failures.
static const uint64_t crlFC
Full crl chain checking.
static const uint64_t crlON
Enables crl checking.
static const uint64_t artON
Auto retry Handshake.
XrdTlsContext(XrdTlsContext &&ctx)=delete
static const int vdepS
Bits to shift vdept.
const CTX_Params * GetParams()
static const int scOff
Turn off cache.
static const uint64_t dnsok
Trust DNS for host name.
static const char * Init()
bool newHostCertificateDetected()
XrdTlsContext & operator=(const XrdTlsContext &ctx)=delete
bool SetContextCiphers(const char *ciphers)
bool SetCrlRefresh(int refsec=-1)
static const int scSrvr
Turn on cache server mode (default)
static const uint64_t crlRF
Mask to isolate crl refresh in min.
Socket wrapper for TLS I/O.
std::string cafile
-> ca cert file.
uint64_t opts
Options as passed to the constructor.
std::string cadir
-> ca cert directory.
int crlRT
crl refresh interval time in seconds
std::string pkey
-> private key path.
std::string cert
-> certificate path.