From b1024ed7b5b2606bf483e3c672579845a75e8009 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 11 Jun 2010 11:18:46 +0000 Subject: OTP-8695 New ssl default Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application. --- lib/ssl/doc/src/old_ssl.xml | 2 +- lib/ssl/doc/src/using_ssl.xml | 113 --------------------------------------- lib/ssl/doc/src/using_ssl.xmlsrc | 113 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 114 deletions(-) delete mode 100644 lib/ssl/doc/src/using_ssl.xml create mode 100644 lib/ssl/doc/src/using_ssl.xmlsrc (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/old_ssl.xml b/lib/ssl/doc/src/old_ssl.xml index 884e8f67b7..0d2e1afdbd 100644 --- a/lib/ssl/doc/src/old_ssl.xml +++ b/lib/ssl/doc/src/old_ssl.xml @@ -45,7 +45,7 @@ that coexists with the new one until it has been totally phased out.

-

The new implementation can be +

The old implementation can be accessed by providing the option {ssl_imp, old} to the ssl:connect and ssl:listen functions.

diff --git a/lib/ssl/doc/src/using_ssl.xml b/lib/ssl/doc/src/using_ssl.xml deleted file mode 100644 index ba74dcfef4..0000000000 --- a/lib/ssl/doc/src/using_ssl.xml +++ /dev/null @@ -1,113 +0,0 @@ - - - - -
- - 20032009 - Ericsson AB. All Rights Reserved. - - - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. - - - - Using the SSL application - Peter Högfeldt - - 2003-04-23 - PA2 - using_ssl.xml -
-

Here we provide an introduction to using the Erlang/OTP SSL - application, which is accessed through the ssl interface - module. -

-

We also present example code in the Erlang module - client_server, also provided in the directory - ssl-X.Y.Z/examples, with source code in src and the - compiled module in ebin of that directory. -

- -
- The ssl Module -

The ssl module provides the user interface to the Erlang/OTP - SSL application. The interface functions provided are very similar - to those provided by the gen_tcp and inet modules. -

-

Servers use the interface functions listen and - accept. The listen function specifies a TCP port - to to listen to, and each call to the accept function - establishes an incoming connection. -

-

Clients use the connect function which specifies the address - and port of a server to connect to, and a successful call establishes - such a connection. -

-

The listen and connect functions have almost all - the options that the corresponding functions in gen_tcp/ have, - but there are also additional options specific to the SSL protocol. -

-

The most important SSL specific option is the cacertfile - option which specifies a local file containing trusted CA - certificates which are and used for peer authentication. This - option is used by clients and servers in case they want to - authenticate their peers. -

-

The certfile option specifies a local path to a file - containing the certificate of the holder of the connection - endpoint. In case of a server endpoint this option is mandatory - since the contents of the sever certificate is needed in the - the handshake preceding the establishment of a connection. -

-

Similarly, the keyfile option points to a local file - containing the private key of the holder of the endpoint. If the - certfile option is present, this option has to be - specified as well, unless the private key is provided in the - same file as specified by the certfile option (a - certificate and a private key can thus coexist in the same file). -

-

The verify option specifies how the peer should be verified: -

- - 0 - Do not verify the peer, - 1 - Verify peer, - 2 - Verify peer, fail the verification if the peer has no - certificate. - -

The depth option specifies the maximum length of the - verification certificate chain. Depth = 0 means the peer - certificate, depth = 1 the CA certificate, depth = 2 the next CA - certificate etc. If the verification process does not find a - trusted CA certificate within the maximum length, the verification - fails. -

-

The ciphers option specifies which ciphers to use (a - string of colon separated cipher names). To obtain a list of - available ciphers, evaluate the ssl:ciphers/0 function - (the SSL application has to be running). -

-
- -
- A Client-Server Example -

Here is a simple client server example. -

- -
- - - - diff --git a/lib/ssl/doc/src/using_ssl.xmlsrc b/lib/ssl/doc/src/using_ssl.xmlsrc new file mode 100644 index 0000000000..ba74dcfef4 --- /dev/null +++ b/lib/ssl/doc/src/using_ssl.xmlsrc @@ -0,0 +1,113 @@ + + + + +
+ + 20032009 + Ericsson AB. All Rights Reserved. + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + + + Using the SSL application + Peter Högfeldt + + 2003-04-23 + PA2 + using_ssl.xml +
+

Here we provide an introduction to using the Erlang/OTP SSL + application, which is accessed through the ssl interface + module. +

+

We also present example code in the Erlang module + client_server, also provided in the directory + ssl-X.Y.Z/examples, with source code in src and the + compiled module in ebin of that directory. +

+ +
+ The ssl Module +

The ssl module provides the user interface to the Erlang/OTP + SSL application. The interface functions provided are very similar + to those provided by the gen_tcp and inet modules. +

+

Servers use the interface functions listen and + accept. The listen function specifies a TCP port + to to listen to, and each call to the accept function + establishes an incoming connection. +

+

Clients use the connect function which specifies the address + and port of a server to connect to, and a successful call establishes + such a connection. +

+

The listen and connect functions have almost all + the options that the corresponding functions in gen_tcp/ have, + but there are also additional options specific to the SSL protocol. +

+

The most important SSL specific option is the cacertfile + option which specifies a local file containing trusted CA + certificates which are and used for peer authentication. This + option is used by clients and servers in case they want to + authenticate their peers. +

+

The certfile option specifies a local path to a file + containing the certificate of the holder of the connection + endpoint. In case of a server endpoint this option is mandatory + since the contents of the sever certificate is needed in the + the handshake preceding the establishment of a connection. +

+

Similarly, the keyfile option points to a local file + containing the private key of the holder of the endpoint. If the + certfile option is present, this option has to be + specified as well, unless the private key is provided in the + same file as specified by the certfile option (a + certificate and a private key can thus coexist in the same file). +

+

The verify option specifies how the peer should be verified: +

+ + 0 + Do not verify the peer, + 1 + Verify peer, + 2 + Verify peer, fail the verification if the peer has no + certificate. + +

The depth option specifies the maximum length of the + verification certificate chain. Depth = 0 means the peer + certificate, depth = 1 the CA certificate, depth = 2 the next CA + certificate etc. If the verification process does not find a + trusted CA certificate within the maximum length, the verification + fails. +

+

The ciphers option specifies which ciphers to use (a + string of colon separated cipher names). To obtain a list of + available ciphers, evaluate the ssl:ciphers/0 function + (the SSL application has to be running). +

+
+ +
+ A Client-Server Example +

Here is a simple client server example. +

+ +
+ + + + -- cgit v1.2.3