This module contains interface functions to the Secure Socket Layer.
This manual page describes functions that are defined in the ssl module and represents the old ssl implementation that coexists with the new one until it has been totally phased out.
The new implementation can be accessed by providing the option {ssl_imp, old} to the ssl:connect and ssl:listen functions.
The reader is advised to also read the
It is strongly advised to seed the random generator after
the ssl application has been started (see
The following datatypes are used in the functions below:
The socket option
The following socket options are set by default:
Note that the options
The ssl options are for setting specific SSL parameters as follows:
Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc. The value 2 thus means that a chain can at most contain peer cert, CA cert, next CA cert, and an additional CA cert.
The default value is 1.
The type
The owner of a socket is the one that created it by a call to
When a socket is in active mode (the default), data from the socket is delivered to the owner of the socket in the form of messages:
A
Functions listed below may return the value
Hence a return value of
For each SSL socket there is an Erlang process representing the
socket. When a socket is opened, that process links to the
calling client process. Implementations that want to detect
abnormal exits from the socket process by receiving
Returns a string consisting of colon separated cipher designations that are supported by the current SSL library implementation.
The SSL application has to be started to return the string of ciphers.
Closes a socket returned by
Connects to
The
Gets the chosen protocol version and cipher for an established connection (accepted och connected).
Assigns a new controlling process to
Returns a diagnostic string describing an error.
Returns the options the tags of which are
Sets up a socket to listen on port
The listen queue size defaults to 5. If a different value is
wanted, the option
An empty
The returned
Returns the DER encoded peer certificate, the certificate can be decoded with
Returns the address and port number of the peer.
Returns the pid of the socket process. The returned pid should only be used for receiving exit messages.
Receives data on socket
A notable return value is
A positive value of the
If the optional
Seeds the ssl random generator.
It is strongly advised to seed the random generator after the ssl application has been started, and before any connections are established. Although the port program interfacing to the OpenSSL libraries does a "random" seeding of its own in order to make everything work properly, that seeding is by no means random for the world since it has a constant value which is known to everyone reading the source code of the seeding.
A notable return value is
Writes
A notable return value is
Sets options according to
The
Note that the ssl connection is not complete until
Returns the local address and port number of the socket
Accepts an incoming connection request on a listen socket.
The socket returned can only be used with
The accepted socket inherits the options set for
The default value for
Returns the SSL application version (
If the SSL application has not been started,
The possible error reasons and the corresponding diagnostic strings
returned by
Connection closed for the operation in question.
Connection not found (internal error).
Connection not in connect state (internal error).
Wrong broker type (internal error).
Own CA certificate file is invalid.
Own certificate file is invalid.
The chain of certificates provided by peer is too long.
Own list of specified ciphers is invalid.
Own private key file is invalid.
Own private key does not match own certificate.
Cannot find certificate of issuer of certificate provided by peer.
Attempt to do accept without having set own certificate.
Attempt to accept on a non-listening socket.
No proxy socket found (internal error).
The list of options is empty.
The SSL application has not been started.
Invalid list of options.
Certificate provided by peer is in error.
Certificate provided by peer has expired.
Certificate provided by peer is invalid.
Certificate provided by peer is self signed.
Server SSL handshake procedure between client and server failed.
Client SSL handshake procedure between client and server failed.
SSL protocol failure. Typically because of a fatal alert from peer.
Protocol wants to connect, which is not supported in this version of the SSL application.
Protocol wants X.509 lookup, which is not supported in this version of the SSL application.
Call not recognized for current mode (active or passive) and state of socket.
Call not recognized for current mode (active or passive) and state of socket.
Call not recognized for current mode (active or passive) and state of socket.
gen_tcp(3), inet(3) public_key(3)