An Async-pipe-based interface with OpenSSL.
This module allows you to create an SSL client and server, with encrypted communication between both.
Creates either an SSL client or server.
version is optional, and allows you to customize the specific version of SSL
that this connection should be using.
name allows you to name this connection, to make errors easier to track down.
If ca_file is not None, it points to a file of CA certificates in PEM format. It
may have more than one certificate.
If ca_path is not None, it points to a directory containing CA certificates in PEM
format. The files each contain one CA certificate. The certificates in ca_path are
only looked up lazily, not eagarly.
If both ca_file and ca_path are specified, the certificates in ca_file will be
searched before the certificates in ca_path.
Any certificate authorities loaded are automatically trusted by OpenSSL.
crt_file and key_file are the on-disk locations of the server's public and
private keys.
Any data written into app_to_ssl will be encrypted with SSL, and the encrypted
data will eventually be written into ssl_to_net.
Similarly, any data written into net_to_ssl will be decrypted with SSL and written
into ssl_to_app.
A picture is probably easier to understand:
app_to_ssl ssl_to_net
+---------------+ ---------> +-------+ ---------> +-----+
| CLIENT/SERVER | | SSL | | NET |
+---------------+ <--------- +-------+ <--------- +-----+
ssl_to_app net_to_ssl
To close the connection and free associated memory, just close the passed pipes.
A unit Deferred.t is returned, which is determined when ssl has cleaned up.