Rhombus SSL:   Secure Communication
On this page:
Port
Port.Input
Port.Output
Port.from_  ports
Port.Mode
Port.Mode.connect
Port.Mode.accept
Port.set_  verify
Port.is_  peer_  verified
Port.peer_  certificate_  hostnames
Port.peer_  check_  hostname
Port.peer_  subject_  name
Port.peer_  issuer_  name
Port.selected_  alpn
Port.addresses
Port.abandon
  top  contents    up   

1 Secure Ports🔗ℹ

annotation

ssl.Port

 

annotation

ssl.Port.Input

 

annotation

ssl.Port.Output

Satisfied by an input port or output that represents an SSL connection. An SSL port also satisifies Port, and it also satisfies either Port.Input or Port.Output.

A pair of ssl.Ports is typically created by ssl.connect or ssl.Listener.accept, but ssl.Ports can also be created as a layer on existing ports via ssl.Port.from_ports.

function

fun ssl.Port.from_ports(

  in :: Port.Input,

  out :: Port.Output,

  ~mode: mode :: ssl.Port.Mode = #'connect,

  ~context: context :: ssl.Context = (if mode == #'connect

                                      | ssl.Context.Client()

                                      | ssl.Context.Server()),

  ~host: host :: maybe(String) = #false,

  ~alpn_protocols: alpn_protocols :: List.of(Bytes) = [],

  ~close_original: close_original = #false,

  ~shutdown_on_close: shutdown_on_close = #false,

  ~exn: exn :: (String, Continuation.Marks) -> Any = Exn.Fail

) :~ values(ssl.Port.Input, ssl.Port.Output)

 

enumeration

enum ssl.Port.Mode:

  connect

  accept

Wraps existing ports to use the SSL protocol. The ssl.connect and ssl.Listener.accept functions are convenience wrappers on network.TCP.connect and network.TCPListener.accept, respectively, plus ssl.Port.from_ports.

The mode argument determines whether the given in and out are wrapped to use the client (#'connect) or server (#'accept) half of the protocol.

The context argument configures properties of the connection, and the kind of context must be consistent with mode. See ssl.Context.Client and ssl.Context.Server for more information.

If hostname verification is enabled (see ssl.Context.set_verify_hostname), the peer’s certificate is checked against host.

A non-empty alpn_protocols argument is used in #'connect mode, in which case the client attempts to use ALPN; see also ssl.connect and ssl.Port.selected_alpn. If mode is #'accept, then alpn_protocols must be empty; use ssl.Context.Server.set_server_alpn to set the ALPN protocols for a server context.

If close_original is a true value, then in and out are closed when both of the returned ports are closed.

If shutdown_on_close is a true value, then when out is closed before in is closed, then a shutdown message is sent to the connection peer. Otherwise, an early close of out is not reported to the connection peer.

If an error is encountered during the protocol initialization, then exn is used to construct the exception that is raised. Supplying Exn.Fail.Network as exn might be useful, for example.

method

method (port :: ssl.Port).set_verify(

  mode :: ssl.Context.VerifyMode = #'always

)

Like ssl.Context.set_verify on the context used to create port, but applicable after the connection is created to renegotiate the connection.

method

method (port :: ssl.Port).is_peer_verified() :: Boolean

Returns #true if the peer of SSL port port has presented a valid and verified certificate, #false otherwise.

method

method (port :: ssl.Port).peer_certificate_hostnames()

  :: List.of(String)

Reports the list of hostnames for which the certificate of port’s peer is valid according to RFC 2818. If the peer has not presented a certificate, [] is returned.

The result list may contain both hostnames such as "www.racket-lang.org" and hostname patterns such as "*.racket-lang.org".

method

method (port :: ssl.Port).peer_check_hostname(host :: String) :: Boolean

Returns #true if the peer certificate of port is valid for hostname according to RFC 2818, #false otherwise.

method

method (port :: ssl.Port).peer_subject_name() :: maybe(Bytes)

 

method

method (port :: ssl.Port).peer_issuer_name() :: maybe(Bytes)

If ssl.Port.is_peer_verified would return #true for port, the result is a byte string for the subject or issuer field of the certificate presented by the SSL port’s peer, otherwise the result is #false.

Use ssl.Port.peer_certificate_hostname or ssl.Port.peer_certificate_hostnames instead to check the validity of an SSL connection.

method

method (port :: ssl.Port).selected_alpn() :~ maybe(Bytes)

Returns the ALPN protocol selected during negotiation, or #false if no protocol was selected.

If a server does not support any of the protocols proposed by a client, it might reject the connection or it might accept the connection without selecting an application protocol. Always check the selected protocol after making a client connection.

method

method (port :: ssl.Port).addresses()

  :: values(String, network.PortNumber, String, network.ListenPortNumber)

 

method

method (port :: ssl.Port).abandon()

Like network.TCP.addresses and network.TCP.abandon.

  top  contents    up