Module basic module

Module ssl

ssl/tls module, module alias: tls

Object

Socket

Create an SslSocket object, see SslSocket

1
SslSocket ssl.Socket;

Handler

Create an SslHandler object, see SslHandler

1
SslHandler ssl.Handler;

Server

Create an SslServer object, see SslServer

1
SslServer ssl.Server;

Static function

connect

Create an SslSocket object and establish a connection

1 2
static Stream ssl.connect(String url, Integer timeout = 0) async;

Call parameters:

  • url : String, specify the connection protocol, it can be: ssl://host:port
  • timeout : Integer, specify the timeout time, the unit is milliseconds, the default is 0

Return result:


Create an SslSocket object and establish a connection

1 2 3 4
static Stream ssl.connect(String url, X509Cert crt, PKey key, Integer timeout = 0) async;

Call parameters:

  • url : String, specify the connection protocol, it can be: ssl://host:port
  • crt : X509Cert , X509Cert certificate, used for client authentication server
  • key : PKey , PKey private key, used to talk to the client
  • timeout : Integer, specify the timeout time, the unit is milliseconds, the default is 0

Return result:


setClientCert

Set default client certificate

1 2
static ssl.setClientCert(X509Cert crt, PKey key);

Call parameters:

  • crt : X509Cert , X509Cert certificate, used for client authentication server
  • key : PKey , PKey private key, used to talk to the client

loadClientCertFile

Load the default client certificate from a file

1 2 3
static ssl.loadClientCertFile(String crtFile, String keyFile, String password = "");

Call parameters:

  • crtFile : String, X509Cert certificate file, used for client authentication server
  • keyFile : String, PKey private key file, used to talk to the client
  • password : String, decrypt password

loadRootCerts

Load the default root certificate that comes with it, which is equivalent to ssl.ca .loadRootCerts

1
static ssl.loadRootCerts();

The content of this certificate is from: http ://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

Static properties

ca

X509Cert , global certificate, used for ssl client mode verification server certificate

1
static readonly X509Cert ssl.ca;

verification

Integer, set the certificate verification mode, the default is VERIFY_REQUIRED

1
static Integer ssl.verification;

min_version

Integer, set the minimum version support, default ssl3

1
static Integer ssl.min_version;

max_version

Integer, set the highest version support, default tls1_1

1
static Integer ssl.max_version;

constant

VERIFY_NONE

Certificate verification mode, no verification

1
const ssl.VERIFY_NONE = 0;

VERIFY_OPTIONAL

Certificate verification mode, optional verification, allowing verification to fail

1
const ssl.VERIFY_OPTIONAL = 1;

VERIFY_REQUIRED

Certificate verification mode, verification is required, if verification fails, it will be interrupted

1
const ssl.VERIFY_REQUIRED = 2;

BADCERT_EXPIRED

Certificate verification result, certificate timeout

1
const ssl.BADCERT_EXPIRED = 1;

BADCERT_REVOKED

Certificate verification result, the certificate was revoked

1
const ssl.BADCERT_REVOKED = 2;

BADCERT_CN_MISMATCH

Certificate verification result, certificate name is wrong

1
const ssl.BADCERT_CN_MISMATCH = 4;

BADCERT_NOT_TRUSTED

Certificate verification result, the certificate is not trusted

1
const ssl.BADCERT_NOT_TRUSTED = 8;

ssl3

ssl protocol version ssl 3.0

1
const ssl.ssl3 = 0;

tls1

ssl protocol version tls 1.0

1
const ssl.tls1 = 1;

tls1_1

ssl protocol version tls 1.1

1
const ssl.tls1_1 = 2;

tls1_2

ssl protocol version tls 1.2

1
const ssl.tls1_2 = 3;