diff options
author | Ingela Anderton Andin <[email protected]> | 2017-12-19 09:39:58 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-12-19 09:39:58 +0100 |
commit | 6661739422e8647e28dde4803e8a55f5f9625847 (patch) | |
tree | 765eea3c761dba416c01ea6afab7690bd08fba1f | |
parent | 6c7bc33453090db7f2853d8778290f51f548ddaa (diff) | |
parent | 01c644bbfbc3ac88d45ce5f77a35de9e82067009 (diff) | |
download | otp-6661739422e8647e28dde4803e8a55f5f9625847.tar.gz otp-6661739422e8647e28dde4803e8a55f5f9625847.tar.bz2 otp-6661739422e8647e28dde4803e8a55f5f9625847.zip |
Merge branch 'ingela/ssl/engin-ug-doc' into maint
* ingela/ssl/engin-ug-doc:
ssl: Add engine use case to Users Guide
-rw-r--r-- | lib/ssl/doc/src/using_ssl.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/using_ssl.xml b/lib/ssl/doc/src/using_ssl.xml index f84cd6e391..61918a346d 100644 --- a/lib/ssl/doc/src/using_ssl.xml +++ b/lib/ssl/doc/src/using_ssl.xml @@ -152,4 +152,41 @@ Shell got {ssl,{sslsocket,[...]},"foo"} ok</code> </section> </section> + + <section> + <title>Using an Engine Stored Key</title> + + <p>Erlang ssl application is able to use private keys provided + by OpenSSL engines using the following mechanism:</p> + + <code type="erl">1> ssl:start(). +ok</code> + + <p>Load a crypto engine, should be done once per engine used. For example + dynamically load the engine called <c>MyEngine</c>: + </p> + <code type="erl">2> {ok, EngineRef} = +crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, "/tmp/user/engines/MyEngine"},<<"LOAD">>],[]). +{ok,#Ref<0.2399045421.3028942852.173962>} + </code> + + <p>Create a map with the engine information and the algorithm used by the engine:</p> + <code type="erl">3> PrivKey = + #{algorithm => rsa, + engine => EngineRef, + key_id => "id of the private key in Engine"}. + </code> + <p>Use the map in the ssl key option:</p> + <code type="erl">4> {ok, SSLSocket} = +ssl:connect("localhost", 9999, + [{cacertfile, "cacerts.pem"}, + {certfile, "cert.pem"}, + {key, PrivKey}], infinity). + </code> + + <p>See also <seealso marker="crypto:engine_load#engine_load"> crypto documentation</seealso> </p> + + </section> + </chapter> |