This module contains interface functions to the Secure Socket Layer.
The following data types are used in the functions below:
For valid options
see
fun(ErrorList) ->
case lists:foldl(fun({bad_cert,unknown_ca}, Acc) ->
Acc;
(Other, Acc) ->
[Other | Acc]
end, [], ErrorList) of
[] ->
true;
[_|_] ->
false
end
end
I.e. by default if the only error found was that the CA-certificate
holder was unknown this will be accepted.
Possible errors in the error list are:
{bad_cert, cert_expired}, {bad_cert, invalid_issuer},
{bad_cert, invalid_signature}, {bad_cert, name_not_permitted},
{bad_cert, unknown_ca},
{bad_cert, cert_expired}, {bad_cert, invalid_issuer},
{bad_cert, invalid_signature}, {bad_cert, name_not_permitted},
{bad_cert, cert_revoked} (not implemented yet),
{bad_cert, unknown_critical_extension} or {bad_cert, term()} (Will
be relevant later when an option is added for the user to be able to verify application specific extensions.)
When a ssl socket is in active mode (the default), data from the socket is delivered to the owner of the socket in the form of messages:
A
Returns a list of supported cipher suites. cipher_suites() is equivalent to cipher_suites(erlang). Type openssl is provided for backwards compatibility with old ssl that used openssl.
Upgrades a gen_tcp, or equivalent, connected socket to a ssl socket e.i performs the client-side ssl handshake.
Opens an ssl connection to Host, Port.
Close a ssl connection.
Assigns a new controlling process to the ssl-socket. A controlling process is the owner of a ssl-socket, and receives all messages from the socket.
Returns the negotiated protocol version and cipher suite.
Presents the error returned by an ssl function as a printable string.
Get the value of the specified socket options, if no options are specified all options are returned.
Creates a ssl listen socket.
The peer certificate is returned as a DER encoded binary.
The certificate can be decoded with
Returns the address and port number of the peer.
This function receives a packet from a socket in passive
mode. A closed socket is indicated by a return value
The
The optional
Initiates a new handshake. A notable return value is
Writes
A notable return value is
Sets options according to
Immediately close a socket in one or two directions.
To be able to handle that the peer has done a shutdown on
the write side, the
The
Upgrades a gen_tcp, or equivalent, socket to a ssl socket e.i performs the ssl server-side handshake.
Returns the local address and port number of the socket
Starts the Ssl application. Default type
is temporary.
Stops the Ssl application.
Accepts an incoming connection request on a listen socket.
The socket returned can only be used with
The accepted socket inherits the options set for
The default
value for
Returns version information relevant for the ssl application.