DocuSign.SSLOptions (DocuSign v2.2.1)
View SourceProvides SSL configuration options for DocuSign API connections.
This module handles SSL/TLS configuration for secure connections to DocuSign's API, supporting custom certificates, verification options, and client authentication.
Configuration
SSL options can be configured at the application level:
config :docusign, :ssl_options,
verify: :verify_peer,
cacertfile: "/path/to/ca-bundle.crt",
certfile: "/path/to/client-cert.pem",
keyfile: "/path/to/client-key.pem",
depth: 3,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
Options
:verify
- How to verify the server certificate:verify_peer
- Verify the server certificate (default):verify_none
- Don't verify the server certificate (not recommended)
:cacertfile
- Path to CA certificate bundle file:cacerts
- List of DER-encoded CA certificates:certfile
- Path to client certificate file (for mutual TLS):keyfile
- Path to client private key file (for mutual TLS):password
- Password for encrypted private key:depth
- Maximum certificate chain verification depth (default: 3):verify_fun
- Custom verification function:customize_hostname_check
- Hostname verification options:versions
- Allowed TLS versions (default: [:"tlsv1.2", :"tlsv1.3"]):ciphers
- Allowed cipher suites
Security Considerations
- Always use
:verify_peer
in production - Keep CA certificates up to date
- Use strong cipher suites
- Enable hostname verification
Summary
Functions
Builds SSL options from application configuration and runtime options.
Functions
Builds SSL options from application configuration and runtime options.
Examples
iex> opts = DocuSign.SSLOptions.build()
iex> opts[:verify]
:verify_peer
iex> opts[:depth]
3
iex> opts = DocuSign.SSLOptions.build(verify: :verify_none)
iex> opts[:verify]
:verify_none
iex> opts = DocuSign.SSLOptions.build(depth: 5)
iex> opts[:depth]
5