Exposing functionality to set minimum TLS version (aws#119)

rccarper · web-flow · commit 915b6cdf6c62 · 2020-06-08T17:47:48.000-04:00
diff --git a/include/aws/crt/io/TlsOptions.h b/include/aws/crt/io/TlsOptions.h
@@ -120,6 +120,12 @@ namespace Aws
                  */
                 void SetVerifyPeer(bool verifyPeer) noexcept;
 
+                /**
+                 * Sets the minimum TLS version allowed.
+                 * @param minimumTlsVersion: The minimum TLS version.
+                 */
+                void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
+
                 /**
                  * Overrides the default system trust store.
                  * @param caPath: Path to directory containing trusted certificates, which will overrides the
diff --git a/include/aws/iot/MqttClient.h b/include/aws/iot/MqttClient.h
@@ -214,6 +214,8 @@ namespace Aws
              */
             MqttClientConnectionConfigBuilder &WithTcpKeepAliveMaxProbes(uint16_t maxProbes) noexcept;
 
+            MqttClientConnectionConfigBuilder &WithMinimumTlsVersion(aws_tls_versions minimumTlsVersion) noexcept;
+
             /**
              * Builds a client configuration object from the set options.
              */
diff --git a/source/io/TlsOptions.cpp b/source/io/TlsOptions.cpp
@@ -128,6 +128,12 @@ namespace Aws
                 aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);
             }
 
+            void TlsContextOptions::SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion)
+            {
+                AWS_ASSERT(m_isInit);
+                aws_tls_ctx_options_set_minimum_tls_version(&m_options, minimumTlsVersion);
+            }
+
             bool TlsContextOptions::OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept
             {
                 AWS_ASSERT(m_isInit);
diff --git a/source/iot/MqttClient.cpp b/source/iot/MqttClient.cpp
@@ -250,6 +250,12 @@ namespace Aws
             return *this;
         }
 
+        MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithMinimumTlsVersion(aws_tls_versions minimumTlsVersion) noexcept
+        {
+            m_contextOptions.SetMinimumTlsVersion(minimumTlsVersion);
+            return *this;
+        }
+
         MqttClientConnectionConfig MqttClientConnectionConfigBuilder::Build() noexcept
         {
             if (!m_isGood)

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,12 @@ namespace Aws`
`128`	`128`	`aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);`
`129`	`129`	`}`
`130`	`130`
	`131`	`+ void TlsContextOptions::SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion)`
	`132`	`+ {`
	`133`	`+ AWS_ASSERT(m_isInit);`
	`134`	`+ aws_tls_ctx_options_set_minimum_tls_version(&m_options, minimumTlsVersion);`
	`135`	`+ }`
	`136`	`+`
`131`	`137`	`bool TlsContextOptions::OverrideDefaultTrustStore(const char caPath, const char caFile) noexcept`
`132`	`138`	`{`
`133`	`139`	`AWS_ASSERT(m_isInit);`
Original file line number	Diff line number	Diff line change
`@@ -250,6 +250,12 @@ namespace Aws`
`250`	`250`	`return *this;`
`251`	`251`	`}`
`252`	`252`
	`253`	`+ MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithMinimumTlsVersion(aws_tls_versions minimumTlsVersion) noexcept`
	`254`	`+ {`
	`255`	`+ m_contextOptions.SetMinimumTlsVersion(minimumTlsVersion);`
	`256`	`+ return *this;`
	`257`	`+ }`
	`258`	`+`
`253`	`259`	`MqttClientConnectionConfig MqttClientConnectionConfigBuilder::Build() noexcept`
`254`	`260`	`{`
`255`	`261`	`if (!m_isGood)`