On this page:
make-ssl-tcp@

19 SSL Unit: tcp^ via SSL🔗ℹ

The net/ssl-tcp-unit library provides a function for creating a tcp^ implementation with openssl functionality.

procedure

(make-ssl-tcp@ server-cert-file    
  server-key-file    
  server-root-cert-files    
  server-suggest-auth-file    
  client-cert-file    
  client-key-file    
  client-root-cert-files)  unit?
  server-cert-file : (or/c path-string? #f)
  server-key-file : (or/c path-string? #f)
  server-root-cert-files : (or/c (listof path-string?) #f)
  server-suggest-auth-file : path-string?
  client-cert-file : (or/c path-string? #f)
  client-key-file : (or/c path-string? #f)
  client-root-cert-files : (listof path-string?)
Returns a unit that implements tcp^ using the SSL functions from openssl. The arguments to make-ssl-tcp@ control the certificates and keys uses by server and client connections:

  • server-cert-file a PEM file for a server’s certificate; #f means no certificate (which is unlikely to work with any SSL client)

  • server-key-file a private key PEM to go with server-cert-file; #f means no key (which is likely renders a certificate useless)

  • server-root-cert-files a list of PEM files for trusted root certificates; #f disables verification of peer client certificates

  • server-suggest-auth-file PEM file for root certificates to be suggested to peer clients that must supply certificates

  • client-cert-file a PEM file for a client’s certificate; #f means no certificate (which is usually fine)

  • client-key-file a private key PEM to go with client-cert-file; #f means no key (which is likely renders a certificate useless)

  • client-root-cert-files a list of PEM files for trusted root certificates; #f disables verification of peer server certificates