erps v0.2.1 Erps.Transport.OneWayTls View Source

implements a one-way TLS transport strategy.

this transport is equivalent to a traditional http/grpc transport, where a client does not have to be authenticated to a server, but the server must be authenticated to the client.

WARNING: currently, there must exist a high level of trust between the client and the server, as certain attack vectors have not been closed yet. Use at your own risk!

Link to this section Summary

Functions

Callback implementation for Erps.Transport.Api.accept/2.

(server) initiates a client upgrade!/2 request, by upgrading to an encrypted connection. Performs no authentication of the client.

(server) opens a TCP port to listen for incoming connection requests.

Callback implementation for Erps.Transport.Api.send/2, via :ssl.send/2

(client) responds to a server TLS handshake/2 request, by upgrading to an encrypted connection. Verifies the identity of the server CA, and reject if it's not a valid peer.

Link to this section Functions

Callback implementation for Erps.Transport.Api.accept/2.

Link to this function

connect(host, port, opts) View Source

Callback implementation for Erps.Transport.Api.connect/3.

Link to this function

handshake(socket, tls_opts) View Source
handshake(:inet.socket(), keyword()) ::
  {:ok, Erps.Transport.Api.socket()} | {:error, any()}

(server) initiates a client upgrade!/2 request, by upgrading to an encrypted connection. Performs no authentication of the client.

Callback implementation for Erps.Transport.Api.handshake/2.

Link to this function

listen(port, opts) View Source
listen(:inet.port_number(), keyword()) ::
  {:ok, :inet.socket()} | {:error, any()}

(server) opens a TCP port to listen for incoming connection requests.

Verifies that the tls options :cacertfile, :certfile, and :keyfile exist under the keyword :tls_opts, and point to existing files (but not the validity of their authority chain or their crytographic signing).

Callback implementation for Erps.Transport.Api.listen/2.

Callback implementation for Erps.Transport.Api.send/2, via :ssl.send/2

(client) responds to a server TLS handshake/2 request, by upgrading to an encrypted connection. Verifies the identity of the server CA, and reject if it's not a valid peer.

Callback implementation for Erps.Transport.Api.upgrade!/2.