zotonic_ssl_certs (zotonic_ssl v2.0.0)

View Source

SSL support functions, create self-signed certificates

Summary

Functions

Check if the file contains a valid private key.

Return the list of ciphers for http connections.

Decode a certificate file, return map with 'common_name', 'subject_alt_names' and 'not_after'.

Check if all certificates are available in the site's ssl directory

Generate a self signed certificate with the hostname and servername in the options. The hostname and servername both default to inet:gethostname/0. The key type defaults to a 4096 bit RSA key. Set key_type to ecdsa to generate an EC key; elliptic_curve defaults to secp256r1. The key is generated in the PemFile and the certificate in the CertFile. If the directory of the PemFile does not exist then it is created.

Normalize a hostname, filters invalid characters and lowercases the all alphabetic characters.

Types

elliptic_curve/0

-type elliptic_curve() :: secp256r1 | secp384r1.

key_type/0

-type key_type() :: rsa | ecdsa.

options/0

-type options() ::
          #{hostname => string() | binary(),
            servername => string() | binary(),
            key_type => key_type(),
            elliptic_curve => elliptic_curve()}.

Functions

check_keyfile(Filename)

-spec check_keyfile(file:filename_all()) -> ok | {error, Reason}
                       when
                           Reason ::
                               {no_private_keys_found, file:filename_all()} |
                               {cannot_read_pemfile, file:filename_all(), file:posix()}.

Check if the file contains a valid private key.

ciphers()

-spec ciphers() -> [string()].

Return the list of ciphers for http connections.

decode_cert(CertFile)

-spec decode_cert(file:filename_all()) -> {ok, map()} | {error, not_a_certificate}.

Decode a certificate file, return map with 'common_name', 'subject_alt_names' and 'not_after'.

ensure_self_signed(CertFile, PemFile, Options)

-spec ensure_self_signed(file:filename_all(), file:filename_all(), options()) -> ok | {error, term()}.

Check if all certificates are available in the site's ssl directory

generate_self_signed(CertFile, PemFile, Options)

-spec generate_self_signed(file:filename_all(), file:filename_all(), options()) -> ok | {error, term()}.

Generate a self signed certificate with the hostname and servername in the options. The hostname and servername both default to inet:gethostname/0. The key type defaults to a 4096 bit RSA key. Set key_type to ecdsa to generate an EC key; elliptic_curve defaults to secp256r1. The key is generated in the PemFile and the certificate in the CertFile. If the directory of the PemFile does not exist then it is created.

normalize_hostname(Hostname)

-spec normalize_hostname(binary() | string()) -> string().

Normalize a hostname, filters invalid characters and lowercases the all alphabetic characters.