ssl

APPLICATION

ssl

APPLICATION SUMMARY

The SSL Application

DESCRIPTION

The Secure Socket Layer (SSL) application provides secure socket communication over TCP/IP.

Environment

The following environment configuration parameters are defined for the SSL application. Refer to application(3) for more information about configuration parameters.

debug = true | false <optional>

Causes debug information to be written to standard output. Default is false.


debugdir = path() | false <optional>

Causes debug information output controlled by debug and msgdebug to be printed to a file named ssl_esock.<pid>.log in the directory specified by debugdir, where <pid> is the operating system specific textual representation of the process indentifier of the external port program of the SSL application. Default is false, i.e. no log file is produced.


msgdebug = true | false <optional>

Sets debug = true and causes also the contents of low level messages to be printed to standard output. Default is false.


port_program = string() | false <optional>

Name of port program. The default is ssl_esock.


pproxylsport = integer() | false <optional>

Define the port number of the listen port of the SSL port program. Almost never is this option needed.


pproxylsbacklog = integer() | false <optional>

Set the listen queue size of the listen port of the SSL port program. The default is 5.

SSL libraries

The current implementation of the SSL application is based on the SSLeay package version 0.9.0 available from various sites, see e.g. http://www.cryptsoft.com.

The user has to fetch the SSLeay package, compile and install the libraries libcrypto.so and libssl.so (UNIX), or the libraries libeay32.dll and ssleay32.dll (WIN32). The WIN32 libraries must be compiled and linked with WinSock2.

In order to build SSLeay-0.9.0 for WinSock2 on Windows NT 4.0 do as follows:

1. In crypto/bio/b_sock.c:int BIO_sock_init() remove the call to WSACancelBlockingCall().
   


2. In crypto/bn/bn.h replace #define BN_ULLONG unsigned _int64 by #define BN_ULLONG unsigned __int64.
   


3. In crypto/bn/bn_mulw.c:bn_add_words() replace return(ll&BN_MASK2); by return (BN_ULONG)(ll&BN_MASK2);.
   


4. In apps/s_socket.c:sock_cleanup() remove call to WSACancelBlockingCall().
   


5. In Configure replace "VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::" by "VC-WIN32","cl:::RC4_INDEX ".$x86_gcc_opts.":::".
   


6. In mf-ddl.nt replace wsock32.lib by ws2_32.lib.
   



The ssl_esock port program has to be built by linking object files and libraries. An example Makefile is provided in the ssl-X.Y/priv/obj directory, where also the object files are found.

There are also commercially available SSL libraries, e.g. C/SSL from Baltimore Technologies Ltd, and SSL-C from RSA Data Security Australia Pty Ltd, which may be supported by the SSL application in the future.

Restrictions

Users must be aware of export restrictions and patent rights concerning cryptographic software.

SEE ALSO

application(3)

AUTHORS

Peter Högfeldt - support@erlang.ericsson.se