Module Async_ssl.Ffi.Ssl

type t
include sig ... end
val sexp_of_t : t ‑> Sexplib.Sexp.t
val create_exn : Ssl_ctx.t ‑> t

Creates a new SSL connection, with a memory-backed BIO.

val set_method : t ‑> Version.t ‑> unit

Sets a different crypto method for this particular ssl connection.

val set_initial_state : t ‑> [ `Connect | `Accept ] ‑> unit

Prepare the ssl connection for an initial handshake - either as a server (`Accept) or as a client (`Connect).

val connect : t ‑> (unit, Ssl_error.tCore.Result.t
val accept : t ‑> (unit, Ssl_error.tCore.Result.t
val set_bio : t ‑> input:Bio.t ‑> output:Bio.t ‑> unit

Set the binary IO buffers associated with an SSL connection.

val read : t ‑> buf:char Ctypes.ptr ‑> len:int ‑> (int, Ssl_error.tCore.Result.t

Read from the SSL application side.

val write : t ‑> buf:string ‑> len:int ‑> (int, Ssl_error.tCore.Result.t

Write to the SSL application side.

val use_certificate_file : t ‑> crt:string ‑> file_type:[ `PEM | `ASN1 ] ‑> (unit, string list) Core.Result.t Async.Deferred.t

Use a certificate file, signed by a CA (or self-signed if you prefer) to validate you are who you say you are. The file will generally end in .crt.

The 'type' is the encoding of your certificate file. You should know this!

val use_private_key_file : t ‑> key:string ‑> file_type:[ `PEM | `ASN1 ] ‑> (unit, string list) Core.Result.t Async.Deferred.t

For servers, use a private key key for securing communications.

> openssl genrsa -out server.key 4096 # generates a key called server.key

The file will generally end in .key.

The 'type' is the encoding of your certificate file. You should know this!

val check_private_key : t ‑> unit Core.Or_error.t
val set_verify : t ‑> Verify_mode.t list ‑> unit
val get_peer_certificate : t ‑> X509.t option
val get_verify_result : t ‑> unit Core.Or_error.t
val get_version : t ‑> Version.t
val session_reused : t ‑> bool
val set_session : t ‑> Ssl_session.t ‑> unit Core.Or_error.t
val get1_session : t ‑> Ssl_session.t option
val set_tlsext_host_name : t ‑> string ‑> unit Core.Or_error.t

Set the list of available ciphers for client or server connections. This is really SSL_set_cipher_list t (String.concat ~sep:":" ("-ALL" :: ciphers)).

val set_cipher_list_exn : t ‑> string list ‑> unit
val set_tmp_dh_callback : t ‑> f:(is_export:bool ‑> key_length:int ‑> Dh.t) ‑> unit
val set_tmp_ecdh : t ‑> Ec_key.t ‑> unit
val set_tmp_rsa_callback : t ‑> f:(is_export:bool ‑> key_length:int ‑> Rsa.t) ‑> unit
val get_cipher_list : t ‑> string list