This class can be used for Sloop::Other connections to ssl/tls servers.
It does not require that the Sloop::Server instance be run in secure mode,
but if it is not,
then you must call
Sloop::Socket::TLS::init() before you call
Currently there are some limitations:
- Only X509 based authentication is available.
- Use of client certificates is not supported.
- Certificate revocation lists (CRLs) are not checked; authenticating the server is done only on the basis of what is in your trust file.
The API is described in Sloop::Other, with a few extra optional arguments to the constructor -- which returns undef if the initial connection fails; there should be a GnuTLS error logged in this case.
This is one of Sloop::Other::Secure::TRUST_CERTIFIED (the default) or ::TRUST_ALL. If the former, the remote server is authenticated using the 'trustFile' passed to
Sloop::Socket::TLS::init(). If the latter, the certificate is not checked..
This is required to authenticate the other server's certificate, unless you use TRUST_ALL (see above). The default is 'localhost'.
This is a string passed as the second argument to
gnutls_priority_set_direct(), defining what ciphers are allowed in order of preference. The default is:
The nature of the string is partially described in 'man gnutls_priority_init', and more thoroughly in the GnuTLS guide: