[Ericsson Utvecklings AB]

ssl

APPLICATION

ssl

APPLICATION SUMMARY

The SSL Application

DESCRIPTION

The Secure Socket Layer (SSL) application provides secure socket communication over TCP/IP.

Environment

The following environment configuration parameters are defined for the SSL application. Refer to application(3) for more information about configuration parameters.

debug = true | false <optional>
Causes debug information to be written to standard output. Default is false.
debugdir = path() | false <optional>
Causes debug information output controlled by debug and msgdebug to be printed to a file named ssl_esock.<pid>.log in the directory specified by debugdir, where <pid> is the operating system specific textual representation of the process indentifier of the external port program of the SSL application. Default is false, i.e. no log file is produced.
msgdebug = true | false <optional>
Sets debug = true and causes also the contents of low level messages to be printed to standard output. Default is false.
port_program = string() | false <optional>
Name of port program. The default is ssl_esock.
pproxylsport = integer() | false <optional>
Define the port number of the listen port of the SSL port program. Almost never is this option needed.
pproxylsbacklog = integer() | false <optional>
Set the listen queue size of the listen port of the SSL port program. The default is 5.

SSL libraries

The current implementation of the SSL application is based on the SSLeay package version 0.9.0. It can be downloaded from several of the mirror sites listed at the sitehttp://www.openssl.org. For the relation between SSLeay and OpenSSL, see below.

The user has to fetch the SSLeay package, compile and install the libraries libcrypto.so and libssl.so (UNIX), or the libraries libeay32.dll and ssleay32.dll (WIN32). The WIN32 libraries must be compiled and linked with WinSock2.

In order to build SSLeay-0.9.0 for WinSock2 on Windows NT 4.0 do as follows:

  1. In crypto/bio/b_sock.c:int BIO_sock_init() remove the call to WSACancelBlockingCall().
  2. In crypto/bn/bn.h replace #define BN_ULLONG unsigned _int64 by #define BN_ULLONG unsigned __int64.
  3. In crypto/bn/bn_mulw.c:bn_add_words() replace return(ll&BN_MASK2); by return (BN_ULONG)(ll&BN_MASK2);.
  4. In apps/s_socket.c:sock_cleanup() remove call to WSACancelBlockingCall().
  5. In Configure replace "VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::" by "VC-WIN32","cl:::RC4_INDEX ".$x86_gcc_opts.":::".
  6. In mf-ddl.nt replace wsock32.lib by ws2_32.lib.

The ssl_esock port program has to be built by linking object files and libraries. An example Makefile is provided in the ssl-X.Y/priv/obj directory, where also the object files are found.

SSLeay and OpenSSL

The last version of the SSLeay package was 0.9.0b. It was continued by the open source project OpenSSL, and its first release was 0.9.1c.

There should be no problems in using an OpenSSL release instead of the SSLeay 0.9.0 release on Unix (that has however not been tested). For WIN32 there are problems (even if you follow the procedure above). The OpenSSL support for WIN32 seems not to be whole-hearted; in particular the implimenation still relies on the now obsolete Winsock 1.1 interface.

Other SSL packages

There are also commercially available SSL libraries, e.g. C/SSL from Baltimore Technologies Ltd, and SSL-C from RSA Data Security Australia Pty Ltd, which may be supported by the SSL application in the future.

Restrictions

Users must be aware of export restrictions and patent rights concerning cryptographic software.

SEE ALSO

application(3)

AUTHORS

Peter Högfeldt - support@erlang.ericsson.se

ssl 2.3.4
Copyright © 1991-2002 Ericsson Utvecklings AB