http_ssl_plugin.pl -- SSL plugin for HTTP libraries
This module can be loaded next to library(thread_httpd)
and
library(http_open)
to provide secure HTTP (HTTPS) services and client
access.
An example secure server using self-signed certificates can be found in
the <plbase>/doc/packages/examples/ssl/https.pl
, where <plbase> is the
SWI-Prolog installation directory.
- thread_httpd:make_socket_hook(?Port, :OptionsIn, -OptionsOut) is semidet[multifile]
- Hook into http_server/2 to create an SSL server if the option
ssl(SSLOptions)
is provided. - add_secure_ciphers(+SSLOptions0, -SSLOptions)[private]
- Add ciphers from ssl_secure_ciphers/1 if no ciphers are provided.
- disable_sslv3(+SSLOptions0, -SSLOptions)[private]
- Disable SSLv3, which is considered insecure unless the caller specifies the allowed versions explicitly, so we assume s/he knows what s/he is doing.
- thread_httpd:accept_hook(:Goal, +Options) is semidet[multifile]
- Implement the accept for HTTPS connections.
- http:ssl_server_create_hook(+SSL0, -SSL, +Options) is semidet[multifile]
- Extensible predicate that is called once after creating an HTTPS server. If this predicate succeeds, SSL is the context that is used for negotiating new connections. Otherwise, SSL0 is used, which is the context that was created with the given options.
- http:ssl_server_open_client_hook(+SSL0, -SSL, +Options) is semidet[multifile]
- Extensible predicate that is called before each connection that the server negotiates with a client. If this predicate succeeds, SSL is the context that is used for the new connection. Otherwise, SSL0 is used, which is the context that was created when launching the server.
- http:http_protocol_hook(+Scheme, +Parts, +PlainStreamPair, -StreamPair, +Options) is semidet[multifile]
- Hook for http_open/3 to connect to an HTTPS (SSL-based HTTP)
server. This plugin also passes the default option
cacert_file(system(root_certificates))
to ssl_context/3. - http:open_options(Parts, Options) is nondet[multifile]
- Implementation of the multifile hook http:open_options/2 used by library(http/http_open). By default, we use the system trusted root certificate database for validating an SSL certificate.
- http:http_connection_over_proxy(+Proxy, +Parts, +HostPort, -StreamPair, +OptionsIn, -OptionsOut)[multifile]
- Facilitate an HTTPS connection via a proxy using HTTP CONNECT. Note that most proxies will only support this for connecting on port 443