erps v0.2.1 Erps.Transport.OneWayTls View Source
implements a one-way TLS transport strategy.
this transport is equivalent to a traditional http/grpc transport, where a client does not have to be authenticated to a server, but the server must be authenticated to the client.
WARNING: currently, there must exist a high level of trust between the client and the server, as certain attack vectors have not been closed yet. Use at your own risk!
Link to this section Summary
Functions
Callback implementation for Erps.Transport.Api.accept/2
.
Callback implementation for Erps.Transport.Api.connect/3
.
(server) initiates a client upgrade!/2
request, by upgrading to an encrypted connection.
Performs no authentication of the client.
(server) opens a TCP port to listen for incoming connection requests.
Callback implementation for Erps.Transport.Api.send/2
, via :ssl.send/2
(client) responds to a server TLS handshake/2
request, by upgrading to an encrypted connection.
Verifies the identity of the server CA, and reject if it's not a valid peer.
Link to this section Functions
accept(sock, timeout) View Source
Callback implementation for Erps.Transport.Api.accept/2
.
connect(host, port, opts) View Source
Callback implementation for Erps.Transport.Api.connect/3
.
handshake(socket, tls_opts)
View Source
handshake(:inet.socket(), keyword()) ::
{:ok, Erps.Transport.Api.socket()} | {:error, any()}
handshake(:inet.socket(), keyword()) :: {:ok, Erps.Transport.Api.socket()} | {:error, any()}
(server) initiates a client upgrade!/2
request, by upgrading to an encrypted connection.
Performs no authentication of the client.
Callback implementation for Erps.Transport.Api.handshake/2
.
listen(port, opts)
View Source
listen(:inet.port_number(), keyword()) ::
{:ok, :inet.socket()} | {:error, any()}
listen(:inet.port_number(), keyword()) :: {:ok, :inet.socket()} | {:error, any()}
(server) opens a TCP port to listen for incoming connection requests.
Verifies that the tls options :cacertfile
, :certfile
, and :keyfile
exist
under the keyword :tls_opts
, and point to existing files (but not the validity
of their authority chain or their crytographic signing).
Callback implementation for Erps.Transport.Api.listen/2
.
send(sock, content) View Source
Callback implementation for Erps.Transport.Api.send/2
, via :ssl.send/2
upgrade!(socket, tls_opts)
View Source
upgrade!(:inet.socket(), keyword()) :: Erps.Transport.Api.socket()
upgrade!(:inet.socket(), keyword()) :: Erps.Transport.Api.socket()
(client) responds to a server TLS handshake/2
request, by upgrading to an encrypted connection.
Verifies the identity of the server CA, and reject if it's not a valid peer.
Callback implementation for Erps.Transport.Api.upgrade!/2
.