- Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
- const std::string& dhstr, unsigned int mindh, const std::string& hashstr,
- const std::string& ciphersuitestr, const std::string& curvestr,
- const std::string& castr, const std::string& crlstr,
- unsigned int recsize,
- CTRDRBG& ctrdrbg,
- int minver, int maxver,
- bool requestclientcert
- )
- : name(profilename)
- , x509cred(certstr, keystr)
- , ciphersuites(ciphersuitestr)
- , curves(curvestr)
- , serverctx(ctrdrbg, MBEDTLS_SSL_IS_SERVER)
- , clientctx(ctrdrbg, MBEDTLS_SSL_IS_CLIENT)
- , cacerts(castr, true)
- , crl(crlstr)
- , hash(hashstr)
- , outrecsize(recsize)
+ public:
+ struct Config
+ {
+ const std::string name;
+
+ CTRDRBG& ctrdrbg;
+
+ const std::string certstr;
+ const std::string keystr;
+ const std::string dhstr;
+
+ const std::string ciphersuitestr;
+ const std::string curvestr;
+ const unsigned int mindh;
+ const std::string hashstr;
+
+ std::string crlstr;
+ std::string castr;
+
+ const int minver;
+ const int maxver;
+ const unsigned int outrecsize;
+ const bool requestclientcert;
+
+ Config(const std::string& profilename, ConfigTag* tag, CTRDRBG& ctr_drbg)
+ : name(profilename)
+ , ctrdrbg(ctr_drbg)
+ , certstr(ReadFile(tag->getString("certfile", "cert.pem", 1)))
+ , keystr(ReadFile(tag->getString("keyfile", "key.pem", 1)))
+ , dhstr(ReadFile(tag->getString("dhfile", "dhparams.pem", 1)))
+ , ciphersuitestr(tag->getString("ciphersuites"))
+ , curvestr(tag->getString("curves"))
+ , mindh(tag->getUInt("mindhbits", 2048))
+ , hashstr(tag->getString("hash", "sha256", 1))
+ , castr(tag->getString("cafile"))
+ , minver(tag->getUInt("minver", 0))
+ , maxver(tag->getUInt("maxver", 0))
+ , outrecsize(tag->getUInt("outrecsize", 2048, 512, 16384))
+ , requestclientcert(tag->getBool("requestclientcert", true))
+ {
+ if (!castr.empty())
+ {
+ castr = ReadFile(castr);
+ crlstr = tag->getString("crlfile");
+ if (!crlstr.empty())
+ crlstr = ReadFile(crlstr);
+ }
+ }
+ };
+
+ Profile(Config& config)
+ : name(config.name)
+ , x509cred(config.certstr, config.keystr)
+ , ciphersuites(config.ciphersuitestr)
+ , curves(config.curvestr)
+ , serverctx(config.ctrdrbg, MBEDTLS_SSL_IS_SERVER)
+ , clientctx(config.ctrdrbg, MBEDTLS_SSL_IS_CLIENT)
+ , cacerts(config.castr, true)
+ , crl(config.crlstr)
+ , hash(config.hashstr)
+ , outrecsize(config.outrecsize)