1 files changed, 162 insertions, 0 deletions
diff --git a/contrib/ldapc++/src/TlsOptions.h b/contrib/ldapc++/src/TlsOptions.h
new file mode 100644
index 0000000..41d6ee3
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.h
@@ -0,0 +1,162 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+#ifndef TLS_OPTIONS_H
+#define TLS_OPTIONS_H
+#include <string>
+#include <ldap.h>
+
+/**
+ * Class to access the global (and connection specific) TLS Settings
+ * To access the global TLS Settings just instantiate a TlsOption object
+ * using the default constructor.
+ *
+ * To access connection specific settings instantiate a TlsOption object
+ * through the getTlsOptions() method from the corresponding
+ * LDAPConnection/LDAPAsynConnection object.
+ *
+ */
+class TlsOptions {
+    public:
+
+        /**
+         * Available TLS Options
+         */
+        enum tls_option {
+            CACERTFILE=0, 
+            CACERTDIR,
+            CERTFILE,
+            KEYFILE,
+            REQUIRE_CERT,
+            PROTOCOL_MIN,
+            CIPHER_SUITE,
+            RANDOM_FILE,
+            CRLCHECK,
+            DHFILE,
+            /// @cond
+            LASTOPT /* dummy */
+            /// @endcond
+        };
+
+        /**
+         * Possible Values for the REQUIRE_CERT option
+         */
+        enum verifyMode {
+            NEVER=0,
+            HARD,
+            DEMAND,
+            ALLOW,
+            TRY
+        };
+
+        /**
+         * Possible Values for the CRLCHECK option
+         */
+        enum crlMode {
+            CRL_NONE=0,
+            CRL_PEER,
+            CRL_ALL
+        };
+
+
+        /**
+         * Default constructor. Gives access to the global TlsSettings
+         */
+        TlsOptions();
+
+        /**
+         * Set string valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::CACERTFILE 
+         *      - TlsOptions::CACERTDIR
+         *      - TlsOptions::CERTFILE
+         *      - TlsOptions::KEYFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *      - TlsOptions::RANDOM_FILE
+         *      - TlsOptions::DHFILE
+         *  @param value The value to apply to that option, 
+         *      - TlsOptions::CACERTFILE:
+         *          The path to the file containing all recognized Certificate
+         *          Authorities
+         *      - TlsOptions::CACERTDIR:
+         *          The path to a directory containing individual files of all
+         *          recognized Certificate Authority certificates
+         *      - TlsOptions::CERTFILE:
+         *          The path to the client certificate
+         *      - TlsOptions::KEYFILE:
+         *          The path to the file containing the private key matching the 
+         *          Certificate that as configured with TlsOptions::CERTFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *          Specifies the cipher suite and preference order
+         *      - TlsOptions::RANDOM_FILE
+         *          Specifies the file to obtain random bits from when 
+         *          /dev/[u]random is not available.
+         *      - TlsOptions::DHFILE
+         *          File containing DH parameters
+         */
+        void setOption(tls_option opt, const std::string& value) const;
+
+        /** 
+         * Set integer valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::REQUIRE_CERT
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         * @param value The value to apply to that option, 
+         *      - TlsOptions::REQUIRE_CERT:
+         *          Possible Values (For details see the ldap.conf(5) man-page):
+         *              - TlsOptions::NEVER
+         *              - TlsOptions::DEMAND
+         *              - TlsOptions::ALLOW
+         *              - TlsOptions::TRY
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         *          Possible Values:
+         *              - TlsOptions::CRL_NONE
+         *              - TlsOptions::CRL_PEER
+         *              - TlsOptions::CRL_ALL
+         */
+        void setOption(tls_option opt, int value) const;
+
+        /**
+         * Generic setOption variant. Generally you should prefer to use one 
+         * of the other variants
+         */
+        void setOption(tls_option opt, void *value) const;
+
+        /**
+         * Read integer valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-integer 
+         *      valued option is requested)
+         */
+        int getIntOption(tls_option opt) const;
+
+        /**
+         * Read string valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        std::string getStringOption(tls_option opt) const;
+
+        /**
+         * Read options value. Usually you should prefer to use either 
+         * getIntOption() or getStringOption()
+         * @param value points to a buffer containing the option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        void getOption(tls_option opt, void *value ) const;
+        
+    private:
+        TlsOptions( LDAP* ld );
+        void newCtx() const;
+        LDAP *m_ld;
+
+    friend class LDAPAsynConnection;
+};
+
+#endif /* TLS_OPTIONS_H */