Module `Ffi.Ssl_ctx`

type t

val sexp_of_t : t -> Ppx_sexp_conv_lib.Sexp.t

val create_exn : Version.t -> t: Initialize a new SSL context, out of which all SSL connections are allocated.

val set_options : t -> Opt.t list -> unit: Set options on the SSL context, see Opt for available options. Currently used for disabling protocol versions.

val load_verify_locations : ?⁠ca_file:string -> ?⁠ca_path:string -> t -> unit Core.Or_error.t Async.Deferred.t

Specifies the locations for the context, at which CA certificates for verification purposes are located. The certificates available via ca_file and ca_path are trusted.

If ca_file is not None, it points to a file of CA certificates in PEM format. It may have more than one certificate.

If ca_path is not None, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The certificates in ca_path are only looked up lazily, not eagarly.

Prepare the directory /some/where/certs containing several CA certificates for use as ca_path:

{ cd /some/where/certs c_rehash . }

If both ca_file and ca_path are specified, the certificates in ca_file will be searched before the certificates in ca_path.

If this function is not used, set_default_verify_paths should be called to use OpenSSL's compiled-in defaults.

val set_default_verify_paths : t -> unit: Tell OpenSSL to use its compiled-in defaults for locating CA certificates for verification purposes. This should be called if load_verify_locations is not used.

val set_session_id_context : t -> string -> unit

Set context within which session can be reused, e.g. the name of the application and/or the hostname and/or service name, etc. Server side only.

https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_session_id_context.html