aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-12-19 09:39:58 +0100
committerIngela Anderton Andin <[email protected]>2017-12-19 09:39:58 +0100
commit6661739422e8647e28dde4803e8a55f5f9625847 (patch)
tree765eea3c761dba416c01ea6afab7690bd08fba1f /lib
parent6c7bc33453090db7f2853d8778290f51f548ddaa (diff)
parent01c644bbfbc3ac88d45ce5f77a35de9e82067009 (diff)
downloadotp-6661739422e8647e28dde4803e8a55f5f9625847.tar.gz
otp-6661739422e8647e28dde4803e8a55f5f9625847.tar.bz2
otp-6661739422e8647e28dde4803e8a55f5f9625847.zip
Merge branch 'ingela/ssl/engin-ug-doc' into maint
* ingela/ssl/engin-ug-doc: ssl: Add engine use case to Users Guide
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/doc/src/using_ssl.xml37
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/using_ssl.xml b/lib/ssl/doc/src/using_ssl.xml
index f84cd6e391..61918a346d 100644
--- a/lib/ssl/doc/src/using_ssl.xml
+++ b/lib/ssl/doc/src/using_ssl.xml
@@ -152,4 +152,41 @@ Shell got {ssl,{sslsocket,[...]},"foo"}
ok</code>
</section>
</section>
+
+ <section>
+ <title>Using an Engine Stored Key</title>
+
+ <p>Erlang ssl application is able to use private keys provided
+ by OpenSSL engines using the following mechanism:</p>
+
+ <code type="erl">1> ssl:start().
+ok</code>
+
+ <p>Load a crypto engine, should be done once per engine used. For example
+ dynamically load the engine called <c>MyEngine</c>:
+ </p>
+ <code type="erl">2> {ok, EngineRef} =
+crypto:engine_load(&lt;&lt;"dynamic">>,
+ [{&lt;&lt;"SO_PATH">>, "/tmp/user/engines/MyEngine"},&lt;&lt;"LOAD">>],[]).
+{ok,#Ref&lt;0.2399045421.3028942852.173962>}
+ </code>
+
+ <p>Create a map with the engine information and the algorithm used by the engine:</p>
+ <code type="erl">3> PrivKey =
+ #{algorithm => rsa,
+ engine => EngineRef,
+ key_id => "id of the private key in Engine"}.
+ </code>
+ <p>Use the map in the ssl key option:</p>
+ <code type="erl">4> {ok, SSLSocket} =
+ssl:connect("localhost", 9999,
+ [{cacertfile, "cacerts.pem"},
+ {certfile, "cert.pem"},
+ {key, PrivKey}], infinity).
+ </code>
+
+ <p>See also <seealso marker="crypto:engine_load#engine_load"> crypto documentation</seealso> </p>
+
+ </section>
+
</chapter>