Module basic module

Module ssl

ssl/tls module, module alias: tls

Object

Socket

Create SslSocket Object, see SslSocket

1
SslSocket ssl.Socket;

Handler

Create SslHandler Object, see SslHandler

1
SslHandler ssl.Handler;

Server

Create SslServer Object, see SslServer

1
SslServer ssl.Server;

Static function

connect

Create SslSocket Object and establish a connection

1 2
static Stream ssl.connect(String url, Integer timeout = 0) async;

Call parameters:

  • url: String, specify the connection protocol, it can be: ssl://host:port
  • timeout: Integer, specify the timeout period, the unit is milliseconds, the default is 0

Return result:


Create SslSocket Object and establish a connection

1 2 3 4
static Stream ssl.connect(String url, X509Cert crt, PKey key, Integer timeout = 0) async;

Call parameters:

  • url: String, specify the connection protocol, it can be: ssl://host:port
  • crt: X509Cert, Certificate, used to send to the server to verify the client
  • key: PKey, Private key, used to talk to the client
  • timeout: Integer, specify the timeout period, the unit is milliseconds, the default is 0

Return result:


setClientCert

Set default client certificate

1 2
static ssl.setClientCert(X509Cert crt, PKey key);

Call parameters:

  • crt: X509Cert, Certificate, used to send to the server to verify the client
  • key: PKey, Private key, used to talk to the client

loadClientCertFile

Load the default client certificate from a file

1 2 3
static ssl.loadClientCertFile(String crtFile, String keyFile, String password = "");

Call parameters:

  • crtFile: String, certificate file, used for client authentication server
  • keyFile: String, private key file, used to talk to the client
  • password: String, decrypt password

loadRootCerts

Load the default root certificate that comes with it, which is equivalent to ssl.ca.loadRootCerts

1
static ssl.loadRootCerts();

The content of this certificate comes from: http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

Static properties

ca

X509Cert, Global certificate, used to verify server certificate in ssl client mode

1
static readonly X509Cert ssl.ca;

verification

Integer, set the certificate verification mode, the default is VERIFY_REQUIRED

1
static Integer ssl.verification;

min_version

Integer, set the minimum version support, default ssl3

1
static Integer ssl.min_version;

max_version

Integer, set the highest version support, default tls1_1

1
static Integer ssl.max_version;

constant

VERIFY_NONE

Certificate verification mode, no verification

1
const ssl.VERIFY_NONE = 0;

VERIFY_OPTIONAL

Certificate verification mode, optional verification, allowing verification to fail

1
const ssl.VERIFY_OPTIONAL = 1;

VERIFY_REQUIRED

Certificate verification mode, verification is required, if verification fails, it will be interrupted

1
const ssl.VERIFY_REQUIRED = 2;

BADCERT_EXPIRED

Certificate verification result, certificate timeout

1
const ssl.BADCERT_EXPIRED = 1;

BADCERT_REVOKED

Certificate verification result, the certificate was revoked

1
const ssl.BADCERT_REVOKED = 2;

BADCERT_CN_MISMATCH

Certificate verification result, the certificate name is wrong

1
const ssl.BADCERT_CN_MISMATCH = 4;

BADCERT_NOT_TRUSTED

Certificate verification result, the certificate is not trusted

1
const ssl.BADCERT_NOT_TRUSTED = 8;

ssl3

ssl protocol version ssl 3.0

1
const ssl.ssl3 = 0;

tls1

ssl protocol version tls 1.0

1
const ssl.tls1 = 1;

tls1_1

ssl protocol version tls 1.1

1
const ssl.tls1_1 = 2;

tls1_2

ssl protocol version tls 1.2

1
const ssl.tls1_2 = 3;