<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css"> <title>Erlang -- Using the SSL application</title> </head> <body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container"> <script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript"> <!-- function getWinHeight() { var myHeight = 0; if( typeof( window.innerHeight ) == 'number' ) { //Non-IE myHeight = window.innerHeight; } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { //IE 6+ in 'standards compliant mode' myHeight = document.documentElement.clientHeight; } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { //IE 4 compatible myHeight = document.body.clientHeight; } return myHeight; } function setscrollpos() { var objf=document.getElementById('loadscrollpos'); document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2; } function addEvent(obj, evType, fn){ if (obj.addEventListener){ obj.addEventListener(evType, fn, true); return true; } else if (obj.attachEvent){ var r = obj.attachEvent("on"+evType, fn); return r; } else { return false; } } addEvent(window, 'load', setscrollpos); //--></script><div id="leftnav"><div class="innertube"> <img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/ssl-3.10.8.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>Secure Socket Layer </strong><br><strong>User's Guide</strong><br><small>Version 3.10.8</small></p> <br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Chapters</strong></small></p> <ul class="flipMenu" imagepath="../../../../doc/js/flipmenu"> <li id="no" title="The SSL Protocol" expanded="false">The SSL Protocol<ul> <li><a href="ssl_protocol.html"> Top of chapter </a></li> <li title="SSL Connections"><a href="ssl_protocol.html#id2254451">SSL Connections</a></li> <li title="Certificates"><a href="ssl_protocol.html#id2251968">Certificates</a></li> <li title="Encryption Algorithms"><a href="ssl_protocol.html#id2259644">Encryption Algorithms</a></li> <li title="SSL Handshake"><a href="ssl_protocol.html#id2252047">SSL Handshake</a></li> <li title="Authentication"><a href="ssl_protocol.html#id2259261">Authentication</a></li> </ul> </li> <li id="loadscrollpos" title="Using the SSL application" expanded="true">Using the SSL application<ul> <li><a href="using_ssl.html"> Top of chapter </a></li> <li title="The ssl Module"><a href="using_ssl.html#id2255101">The ssl Module</a></li> <li title="A Client-Server Example"><a href="using_ssl.html#id2258745">A Client-Server Example</a></li> </ul> </li> <li id="no" title="PKIX Certificates" expanded="false">PKIX Certificates<ul> <li><a href="pkix_certs.html"> Top of chapter </a></li> <li title="Introduction to Certificates"><a href="pkix_certs.html#id2251860">Introduction to Certificates</a></li> <li title="PKIX Certificates"><a href="pkix_certs.html#id2252755">PKIX Certificates</a></li> </ul> </li> <li id="no" title="Creating Certificates" expanded="false">Creating Certificates<ul> <li><a href="create_certs.html"> Top of chapter </a></li> <li title="The openssl Command"><a href="create_certs.html#id2259452">The openssl Command</a></li> <li title="An Example"><a href="create_certs.html#id2254962">An Example</a></li> </ul> </li> <li id="no" title="Using SSL for Erlang Distribution" expanded="false">Using SSL for Erlang Distribution<ul> <li><a href="ssl_distribution.html"> Top of chapter </a></li> <li title="Introduction"><a href="ssl_distribution.html#id2252297">Introduction</a></li> <li title="Building boot scripts including the SSL application"><a href="ssl_distribution.html#id2252373">Building boot scripts including the SSL application</a></li> <li title="Specifying distribution module for net_kernel"><a href="ssl_distribution.html#id2252502">Specifying distribution module for net_kernel</a></li> <li title="Specifying security options and other SSL options"><a href="ssl_distribution.html#id2257266">Specifying security options and other SSL options</a></li> <li title="Setting up environment to always use SSL"><a href="ssl_distribution.html#id2257363">Setting up environment to always use SSL</a></li> </ul> </li> <li id="no" title="Licenses" expanded="false">Licenses<ul> <li><a href="licenses.html"> Top of chapter </a></li> <li title="OpenSSL License"><a href="licenses.html#id2257489">OpenSSL License</a></li> <li title="SSLeay License"><a href="licenses.html#id2257546">SSLeay License</a></li> </ul> </li> </ul> </div></div> <div id="content"> <div class="innertube"> <h1>2 Using the SSL application</h1> <p>Here we provide an introduction to using the Erlang/OTP SSL application, which is accessed through the <span class="code">ssl</span> interface module. </p> <p>We also present example code in the Erlang module <span class="code">client_server</span>, also provided in the directory <span class="code">ssl-X.Y.Z/examples</span>, with source code in <span class="code">src</span> and the compiled module in <span class="code">ebin</span> of that directory. </p> <h3><a name="id2255101">2.1 The ssl Module</a></h3> <p>The <span class="code">ssl</span> module provides the user interface to the Erlang/OTP SSL application. The interface functions provided are very similar to those provided by the <span class="code">gen_tcp</span> and <span class="code">inet</span> modules. </p> <p>Servers use the interface functions <span class="code">listen</span> and <span class="code">accept</span>. The <span class="code">listen</span> function specifies a TCP port to to listen to, and each call to the <span class="code">accept</span> function establishes an incoming connection. </p> <p>Clients use the <span class="code">connect</span> function which specifies the address and port of a server to connect to, and a successful call establishes such a connection. </p> <p>The <span class="code">listen</span> and <span class="code">connect</span> functions have almost all the options that the corresponding functions in <span class="code">gen_tcp/</span> have, but there are also additional options specific to the SSL protocol. </p> <p>The most important SSL specific option is the <span class="code">cacertfile</span> option which specifies a local file containing trusted CA certificates which are and used for peer authentication. This option is used by clients and servers in case they want to authenticate their peers. </p> <p>The <span class="code">certfile</span> option specifies a local path to a file containing the certificate of the holder of the connection endpoint. In case of a server endpoint this option is mandatory since the contents of the sever certificate is needed in the the handshake preceding the establishment of a connection. </p> <p>Similarly, the <span class="code">keyfile</span> option points to a local file containing the private key of the holder of the endpoint. If the <span class="code">certfile</span> option is present, this option has to be specified as well, unless the private key is provided in the same file as specified by the <span class="code">certfile</span> option (a certificate and a private key can thus coexist in the same file). </p> <p>The <span class="code">verify</span> option specifies how the peer should be verified: </p> <dl> <dt><strong>0</strong></dt> <dd>Do not verify the peer,</dd> <dt><strong>1</strong></dt> <dd>Verify peer,</dd> <dt><strong>2</strong></dt> <dd>Verify peer, fail the verification if the peer has no certificate. </dd> </dl> <p>The <span class="code">depth</span> option specifies the maximum length of the verification certificate chain. Depth = 0 means the peer certificate, depth = 1 the CA certificate, depth = 2 the next CA certificate etc. If the verification process does not find a trusted CA certificate within the maximum length, the verification fails. </p> <p>The <span class="code">ciphers</span> option specifies which ciphers to use (a string of colon separated cipher names). To obtain a list of available ciphers, evaluate the <span class="code">ssl:ciphers/0</span> function (the SSL application has to be running). </p> <h3><a name="id2258745">2.2 A Client-Server Example</a></h3> <p>Here is a simple client server example. </p> </div> <div class="footer"> <hr> <p>Copyright © 1999-2010 Ericsson AB. All Rights Reserved.</p> </div> </div> </div></body> </html>