SSLContext¶
An SSL context is used to create SSL sessions.
Constructors¶
create¶
Create an SSL context.
Returns¶
- SSLContext ref^
Public Functions¶
client¶
Create a client-side SSL session. If a hostname is supplied, the server side certificate must be valid for that hostname. Raises an error if the context has been disposed.
The session holds the context, so the context lives for as long as the session can handshake.
Parameters¶
- hostname: String val = ""
Returns¶
- SSL iso^ ?
server¶
Create a server-side SSL session. Raises an error if the context has been disposed.
The session holds the context, so the context and the ALPN resolver it installed with OpenSSL live for as long as the session can handshake.
Returns¶
- SSL iso^ ?
set_cert¶
The cert file is a PEM certificate chain. The key file is a private key. Servers must set this. For clients, it is optional. Raises an error if the context has been disposed.
Parameters¶
Returns¶
- None val ?
set_authority¶
Use a PEM file and/or a directory of PEM files to specify certificate authorities. Clients must set this. For servers, it is optional. Use None to indicate no file or no path. Raises an error if these verify locations aren't valid, or if the context has been disposed.
If both file and path are None, on Windows this method loads the
system root certificates. On Posix it raises an error.
fun ref set_authority(
file: (FilePath val | None val),
path: (FilePath val | None val) = reference)
: None val ?
Parameters¶
Returns¶
- None val ?
set_ciphers¶
Set the accepted ciphers. This replaces the existing list. Raises an error if the cipher list is invalid, or if the context has been disposed.
Parameters¶
- ciphers: String val
Returns¶
- None val ?
set_client_verify¶
Set to true to require verification. Defaults to true.
Parameters¶
- state: Bool val
Returns¶
- None val
set_server_verify¶
Set to true to require verification. Defaults to false.
Parameters¶
- state: Bool val
Returns¶
- None val
set_verify_depth¶
Set the verify depth. Defaults to 6. Does nothing if the context has been disposed.
A depth of 2^31 or more arrives at the SSL library as a negative depth. What each backend does with one is undocumented, so do not use a depth that large.
Parameters¶
- depth: U32 val
Returns¶
- None val
set_min_proto_version¶
Set minimum protocol version. Set to SSLAutoVersion, 0, to automatically manage lowest version. Raises an error if the context has been disposed.
Supported versions: SSL3Version, TLS1Version, TLS1u1Version, TLS1u2Version, TLS1u3Version, DTLS1Version, DTLS1u2Version
Parameters¶
- version: ULong val
Returns¶
- None val ?
get_min_proto_version¶
Get minimum protocol version. Returns SSLAutoVersion, 0, when automatically managing lowest version. A disposed context returns SSLAutoVersion.
Supported versions: SSL3Version, TLS1Version, TLS1u1Version, TLS1u2Version, TLS1u3Version, DTLS1Version, DTLS1u2Version
Returns¶
- ILong val
set_max_proto_version¶
Set maximum protocol version. Set to SSLAutoVersion, 0, to automatically manage higest version. Raises an error if the context has been disposed.
Supported versions: SSL3Version, TLS1Version, TLS1u1Version, TLS1u2Version, TLS1u3Version, DTLS1Version, DTLS1u2Version
Parameters¶
- version: ULong val
Returns¶
- None val ?
get_max_proto_version¶
Get maximum protocol version. Returns SSLAutoVersion, 0, when automatically managing highest version. A disposed context returns SSLAutoVersion.
Supported versions: SSL3Version, TLS1Version, TLS1u1Version, TLS1u2Version, TLS1u3Version, DTLS1Version, DTLS1u2Version
Returns¶
- ILong val
alpn_set_resolver¶
Use resolver to choose the protocol to be selected for incoming
connections.
OpenSSL holds a raw pointer to resolver that the Pony garbage collector
cannot see. The context keeps resolver alive, and every session made from
the context keeps the context alive, so resolver lives for as long as any
session that can reach it. The resolver has to be set before any session is
created, which the capabilities enforce: this method needs a mutable
context, and client and server need one that has been made immutable.
Returns true on success. Returns false if the context has been disposed.
Parameters¶
- resolver: ALPNProtocolResolver val
Returns¶
- Bool val
alpn_set_client_protocols¶
Advertise the protocol names in protocols when connecting to a server.
Each name must be between 1 and 255 bytes.
Returns true on success. Returns false if the context has been disposed,
if protocols is empty or holds a name of an unusable size, or if OpenSSL
would not take the list.
Parameters¶
Returns¶
- Bool val
allow_tls_v1¶
Allow TLS v1. Defaults to false. Does nothing if the context has been disposed. Deprecated: use set_min_proto_version and set_max_proto_version
Parameters¶
- state: Bool val
Returns¶
- None val
allow_tls_v1_1¶
Allow TLS v1.1. Defaults to false. Does nothing if the context has been disposed. Deprecated: use set_min_proto_version and set_max_proto_version
Parameters¶
- state: Bool val
Returns¶
- None val
allow_tls_v1_2¶
Allow TLS v1.2. Defaults to true. Does nothing if the context has been disposed. Deprecated: use set_min_proto_version and set_max_proto_version
Parameters¶
- state: Bool val
Returns¶
- None val
dispose¶
Free the SSL context. A disposed context cannot create a session, and no configuration of it can take effect. Every method that hands the context to OpenSSL says in its own docstring what it does once the context has been disposed.
Returns¶
- None val