aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/using_ssl.xmlsrc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-06-11 11:18:46 +0000
committerErlang/OTP <[email protected]>2010-06-11 14:15:27 +0200
commitb1024ed7b5b2606bf483e3c672579845a75e8009 (patch)
treedbd6b5362034cdfff02a7c0aab5cae76194cb73d /lib/ssl/doc/src/using_ssl.xmlsrc
parent150f6815f9cf493fec6842a7316d8b3be39cfaef (diff)
downloadotp-b1024ed7b5b2606bf483e3c672579845a75e8009.tar.gz
otp-b1024ed7b5b2606bf483e3c672579845a75e8009.tar.bz2
otp-b1024ed7b5b2606bf483e3c672579845a75e8009.zip
OTP-8695 New ssl default
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
Diffstat (limited to 'lib/ssl/doc/src/using_ssl.xmlsrc')
-rw-r--r--lib/ssl/doc/src/using_ssl.xmlsrc113
1 files changed, 113 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/using_ssl.xmlsrc b/lib/ssl/doc/src/using_ssl.xmlsrc
new file mode 100644
index 0000000000..ba74dcfef4
--- /dev/null
+++ b/lib/ssl/doc/src/using_ssl.xmlsrc
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+ <header>
+ <copyright>
+ <year>2003</year><year>2009</year>
+ <holder>Ericsson AB. All Rights Reserved.</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ </legalnotice>
+
+ <title>Using the SSL application</title>
+ <prepared>Peter H&ouml;gfeldt</prepared>
+ <docno></docno>
+ <date>2003-04-23</date>
+ <rev>PA2</rev>
+ <file>using_ssl.xml</file>
+ </header>
+ <p>Here we provide an introduction to using the Erlang/OTP SSL
+ application, which is accessed through the <c>ssl</c> interface
+ module.
+ </p>
+ <p>We also present example code in the Erlang module
+ <c>client_server</c>, also provided in the directory
+ <c>ssl-X.Y.Z/examples</c>, with source code in <c>src</c> and the
+ compiled module in <c>ebin</c> of that directory.
+ </p>
+
+ <section>
+ <title>The ssl Module</title>
+ <p>The <c>ssl</c> module provides the user interface to the Erlang/OTP
+ SSL application. The interface functions provided are very similar
+ to those provided by the <c>gen_tcp</c> and <c>inet</c> modules.
+ </p>
+ <p>Servers use the interface functions <c>listen</c> and
+ <c>accept</c>. The <c>listen</c> function specifies a TCP port
+ to to listen to, and each call to the <c>accept</c> function
+ establishes an incoming connection.
+ </p>
+ <p>Clients use the <c>connect</c> function which specifies the address
+ and port of a server to connect to, and a successful call establishes
+ such a connection.
+ </p>
+ <p>The <c>listen</c> and <c>connect</c> functions have almost all
+ the options that the corresponding functions in <c>gen_tcp/</c> have,
+ but there are also additional options specific to the SSL protocol.
+ </p>
+ <p>The most important SSL specific option is the <c>cacertfile</c>
+ option which specifies a local file containing trusted CA
+ certificates which are and used for peer authentication. This
+ option is used by clients and servers in case they want to
+ authenticate their peers.
+ </p>
+ <p>The <c>certfile</c> option specifies a local path to a file
+ containing the certificate of the holder of the connection
+ endpoint. In case of a server endpoint this option is mandatory
+ since the contents of the sever certificate is needed in the
+ the handshake preceding the establishment of a connection.
+ </p>
+ <p>Similarly, the <c>keyfile</c> option points to a local file
+ containing the private key of the holder of the endpoint. If the
+ <c>certfile</c> option is present, this option has to be
+ specified as well, unless the private key is provided in the
+ same file as specified by the <c>certfile</c> option (a
+ certificate and a private key can thus coexist in the same file).
+ </p>
+ <p>The <c>verify</c> option specifies how the peer should be verified:
+ </p>
+ <taglist>
+ <tag>0</tag>
+ <item>Do not verify the peer,</item>
+ <tag>1</tag>
+ <item>Verify peer,</item>
+ <tag>2</tag>
+ <item>Verify peer, fail the verification if the peer has no
+ certificate. </item>
+ </taglist>
+ <p>The <c>depth</c> option specifies the maximum length of the
+ verification certificate chain. Depth = 0 means the peer
+ certificate, depth = 1 the CA certificate, depth = 2 the next CA
+ certificate etc. If the verification process does not find a
+ trusted CA certificate within the maximum length, the verification
+ fails.
+ </p>
+ <p>The <c>ciphers</c> option specifies which ciphers to use (a
+ string of colon separated cipher names). To obtain a list of
+ available ciphers, evaluate the <c>ssl:ciphers/0</c> function
+ (the SSL application has to be running).
+ </p>
+ </section>
+
+ <section>
+ <title>A Client-Server Example</title>
+ <p>Here is a simple client server example.
+ </p>
+ <codeinclude file="../../examples/src/client_server.erl" tag="" type="erl"></codeinclude>
+ </section>
+</chapter>
+
+
+