56 lines
2.2 KiB
Racket
56 lines
2.2 KiB
Racket
#lang scribble/doc
|
|
@(require "common.ss"
|
|
(for-label net/ssl-tcp-unit
|
|
net/tcp-sig))
|
|
|
|
@title[#:tag "ssl-tcp-unit"]{SSL Unit: @scheme[tcp^] via SSL}
|
|
|
|
@defmodule[net/ssl-tcp-unit]{The @schememodname[net/ssl-tcp-unit]
|
|
library provides a function for creating a @scheme[tcp^]
|
|
implementation with @schememodname[openssl] functionality.}
|
|
|
|
@defproc[(make-ssl-tcp@ [server-cert-file (or/c path-string? false/c)]
|
|
[server-key-file (or/c path-string? false/c)]
|
|
[server-root-cert-files (or/c (listof path-string?) false/c)]
|
|
[server-suggest-auth-file path-string?]
|
|
[client-cert-file (or/c path-string? false/c)]
|
|
[client-key-file (or/c path-string? false/c)]
|
|
[client-root-cert-files (listof path-string?)])
|
|
unit?]{
|
|
|
|
Returns a unit that implements @scheme[tcp^] using the SSL functions
|
|
from @schememodname[openssl]. The arguments to @scheme[make-ssl-tcp@]
|
|
control the certificates and keys uses by server and client
|
|
connections:
|
|
|
|
@itemize[
|
|
|
|
@item{@scheme[server-cert-file] --- a PEM file for a server's
|
|
certificate; @scheme[#f] means no certificate (which is unlikely
|
|
to work with any SSL client)}
|
|
|
|
@item{@scheme[server-key-file] --- a private key PEM to go with
|
|
@scheme[server-cert-file]; @scheme[#f] means no key (which is likely
|
|
renders a certificate useless)}
|
|
|
|
@item{@scheme[server-root-cert-files] --- a list of PEM files for
|
|
trusted root certificates; @scheme[#f] disables verification of
|
|
peer client certificates}
|
|
|
|
@item{@scheme[server-suggest-auth-file] --- PEM file for root
|
|
certificates to be suggested to peer clients that must supply
|
|
certificates}
|
|
|
|
@item{@scheme[client-cert-file] --- a PEM file for a client's
|
|
certificate; @scheme[#f] means no certificate (which is usually
|
|
fine)}
|
|
|
|
@item{@scheme[client-key-file] --- a private key PEM to go with
|
|
@scheme[client-cert-file]; @scheme[#f] means no key (which is likely
|
|
renders a certificate useless)}
|
|
|
|
@item{@scheme[client-root-cert-files] --- a list of PEM files for
|
|
trusted root certificates; @scheme[#f] disables verification of
|
|
peer server certificates}
|
|
|
|
]} |