<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css">
<title>Erlang -- Using the SSL API</title>
</head>
<body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container">
<script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript">
<!--
function getWinHeight() {
var myHeight = 0;
if( typeof( window.innerHeight ) == 'number' ) {
//Non-IE
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth ||
document.documentElement.clientHeight ) ) {
//IE 6+ in 'standards compliant mode'
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
//IE 4 compatible
myHeight = document.body.clientHeight;
}
return myHeight;
}
function setscrollpos() {
var objf=document.getElementById('loadscrollpos');
document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2;
}
function addEvent(obj, evType, fn){
if (obj.addEventListener){
obj.addEventListener(evType, fn, true);
return true;
} else if (obj.attachEvent){
var r = obj.attachEvent("on"+evType, fn);
return r;
} else {
return false;
}
}
addEvent(window, 'load', setscrollpos);
//--></script><div id="leftnav"><div class="innertube">
<img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/ssl-5.1.2.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>Secure Socket Layer </strong><br><strong>User's Guide</strong><br><small>Version 5.1.2</small></p>
<br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Chapters</strong></small></p>
<ul class="flipMenu" imagepath="../../../../doc/js/flipmenu">
<li id="no" title="Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL)" expanded="false">Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL)<ul>
<li><a href="ssl_protocol.html">
Top of chapter
</a></li>
<li title="Security overview"><a href="ssl_protocol.html#id57982">Security overview</a></li>
<li title="Data Privacy and Integrity"><a href="ssl_protocol.html#id56532">Data Privacy and Integrity</a></li>
<li title="Digital Certificates"><a href="ssl_protocol.html#id58292">Digital Certificates</a></li>
<li title="Authentication of Sender"><a href="ssl_protocol.html#id56624">Authentication of Sender</a></li>
<li title="TLS Sessions"><a href="ssl_protocol.html#id56507">TLS Sessions</a></li>
</ul>
</li>
<li id="loadscrollpos" title="Using the SSL API" expanded="true">Using the SSL API<ul>
<li><a href="using_ssl.html">
Top of chapter
</a></li>
<li title="General information"><a href="using_ssl.html#id57223">General information</a></li>
<li title="Setting up connections"><a href="using_ssl.html#id56966">Setting up connections</a></li>
</ul>
</li>
<li id="no" title="Using SSL for Erlang Distribution" expanded="false">Using SSL for Erlang Distribution<ul>
<li><a href="ssl_distribution.html">
Top of chapter
</a></li>
<li title="Introduction"><a href="ssl_distribution.html#id61749">Introduction</a></li>
<li title="Building boot scripts including the SSL application"><a href="ssl_distribution.html#id60782">Building boot scripts including the SSL application</a></li>
<li title="Specifying distribution module for net_kernel"><a href="ssl_distribution.html#id57343">Specifying distribution module for net_kernel</a></li>
<li title="Specifying SSL options"><a href="ssl_distribution.html#id57400">Specifying SSL options</a></li>
<li title="Setting up environment to always use SSL"><a href="ssl_distribution.html#id62020">Setting up environment to always use SSL</a></li>
</ul>
</li>
</ul>
</div></div>
<div id="content">
<div class="innertube">
<h1>2 Using the SSL API</h1>
<h3><a name="id57223">2.1
General information</a></h3>
<p>To see relevant version information for ssl you can
call ssl:versions/0</p>
<p>To see all supported cipher suites
call ssl:cipher_suites/0. Note that available cipher suites
for a connection will depend on your certificate. It is also
possible to specify a specific cipher suite(s) that you
want your connection to use. Default is to use the strongest
available.</p>
<h3><a name="id56966">2.2
Setting up connections</a></h3>
<p>Here follows some small example of how to set up client/server connections
using the erlang shell. The returned value of the sslsocket has been abbreviated with
<span class="code">[...]</span> as it can be fairly large and is opaque.</p>
<h4>Minmal example</h4>
<div class="note">
<div class="label">Note</div>
<div class="content"><p><p> The minimal setup is not the most secure setup of ssl.</p>
</p></div>
</div>
<p> Start server side</p>
<div class="example"><pre>1 server> ssl:start().
ok</pre></div>
<p>Create an ssl listen socket</p>
<div class="example"><pre>2 server> {ok, ListenSocket} =
ssl:listen(9999, [{certfile, "cert.pem"}, {keyfile, "key.pem"},{reuseaddr, true}]).
{ok,{sslsocket, [...]}}</pre></div>
<p>Do a transport accept on the ssl listen socket</p>
<div class="example"><pre>3 server> {ok, Socket} = ssl:transport_accept(ListenSocket).
{ok,{sslsocket, [...]}}</pre></div>
<p>Start client side</p>
<div class="example"><pre>1 client> ssl:start().
ok</pre></div>
<div class="example"><pre>2 client> {ok, Socket} = ssl:connect("localhost", 9999, [], infinity).
{ok,{sslsocket, [...]}}</pre></div>
<p>Do the ssl handshake</p>
<div class="example"><pre>4 server> ok = ssl:ssl_accept(Socket).
ok</pre></div>
<p>Send a messag over ssl</p>
<div class="example"><pre>5 server> ssl:send(Socket, "foo").
ok</pre></div>
<p>Flush the shell message queue to see that we got the message
sent on the server side</p>
<div class="example"><pre>3 client> flush().
Shell got {ssl,{sslsocket,[...]},"foo"}
ok</pre></div>
<h4>Upgrade example</h4>
<div class="note">
<div class="label">Note</div>
<div class="content"><p><p> To upgrade a TCP/IP connection to an ssl connection the
client and server have to aggre to do so. Agreement
may be accompliced by using a protocol such the one used by HTTP
specified in RFC 2817.</p> </p></div>
</div>
<p>Start server side</p>
<div class="example"><pre>1 server> ssl:start().
ok</pre></div>
<p>Create a normal tcp listen socket</p>
<div class="example"><pre>2 server> {ok, ListenSocket} = gen_tcp:listen(9999, [{reuseaddr, true}]).
{ok, #Port<0.475>}</pre></div>
<p>Accept client connection</p>
<div class="example"><pre>3 server> {ok, Socket} = gen_tcp:accept(ListenSocket).
{ok, #Port<0.476>}</pre></div>
<p>Start client side</p>
<div class="example"><pre>1 client> ssl:start().
ok</pre></div>
<div class="example"><pre>2 client> {ok, Socket} = gen_tcp:connect("localhost", 9999, [], infinity).</pre></div>
<p>Make sure active is set to false before trying
to upgrade a connection to an ssl connection, otherwhise
ssl handshake messages may be deliverd to the wrong process.</p>
<div class="example"><pre>4 server> inet:setopts(Socket, [{active, false}]).
ok</pre></div>
<p>Do the ssl handshake.</p>
<div class="example"><pre>5 server> {ok, SSLSocket} = ssl:ssl_accept(Socket, [{cacertfile, "cacerts.pem"},
{certfile, "cert.pem"}, {keyfile, "key.pem"}]).
{ok,{sslsocket,[...]}}</pre></div>
<p> Upgrade to an ssl connection. Note that the client and server
must agree upon the upgrade and the server must call
ssl:accept/2 before the client calls ssl:connect/3.</p>
<div class="example"><pre>3 client>{ok, SSLSocket} = ssl:connect(Socket, [{cacertfile, "cacerts.pem"},
{certfile, "cert.pem"}, {keyfile, "key.pem"}], infinity).
{ok,{sslsocket,[...]}}</pre></div>
<p>Send a messag over ssl</p>
<div class="example"><pre>4 client> ssl:send(SSLSocket, "foo").
ok</pre></div>
<p>Set active true on the ssl socket</p>
<div class="example"><pre>4 server> ssl:setopts(SSLSocket, [{active, true}]).
ok</pre></div>
<p>Flush the shell message queue to see that we got the message
sent on the client side</p>
<div class="example"><pre>5 server> flush().
Shell got {ssl,{sslsocket,[...]},"foo"}
ok</pre></div>
</div>
<div class="footer">
<hr>
<p>Copyright © 1999-2012 Ericsson AB. All Rights Reserved.</p>
</div>
</div>
</div></body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
675c8c8167236dfcf8d66da674f931e8
>
files
>
1374
