- error.pl -- Error generating support
- apply.pl -- Apply predicates on a list
- lists.pl -- List Manipulation
- debug.pl -- Print debug messages and test assertions
- broadcast.pl -- Event service
- socket.pl -- Network socket (TCP and UDP) library
- predicate_options.pl -- Access and analyse predicate options
- shlib.pl -- Utility library for loading foreign objects (DLLs, shared objects)
- option.pl -- Option list processing
- uid.pl -- User and group management on Unix systems
- unix.pl -- Unix specific operations
- syslog.pl -- Unix syslog interface
- thread_pool.pl -- Resource bounded thread management
- gensym.pl -- Generate unique symbols
- settings.pl -- Setting management
- arithmetic.pl -- Extensible arithmetic
- main.pl -- Provide entry point for scripts
- readutil.pl -- Read utilities
- ssl.pl -- Secure Socket Layer (SSL) library
- crypto.pl -- Cryptography and authentication library
- filesex.pl -- Extended operations on files
- doc_http.pl -- Documentation server
- pldoc.pl -- Process source documentation
- operators.pl -- Manage operators
- pairs.pl -- Operations on key-value lists
- prolog_source.pl -- Examine Prolog source-files
- sgml.pl -- SGML, XML and HTML parser
- quasi_quotations.pl -- Define Quasi Quotation syntax
- uri.pl -- Process URIs
- url.pl -- Analysing and constructing URL
- www_browser.pl -- Open a URL in the users browser
- prolog_colour.pl -- Prolog syntax colouring support.
- record.pl -- Access compound arguments by name
- prolog_xref.pl -- Prolog cross-referencer data collection
- occurs.pl -- Finding and counting sub-terms
- ordsets.pl -- Ordered set manipulation
- assoc.pl -- Binary associations
- ugraphs.pl -- Graph manipulation library
- xpath.pl -- Select nodes in an XML DOM
- iostream.pl -- Utilities to deal with streams
- atom.pl -- Operations on atoms
- solution_sequences.pl -- Modify solution sequences
- prolog_pack.pl -- A package manager for Prolog
- prolog_config.pl -- Provide configuration information
- process.pl -- Create processes and redirect I/O
- git.pl -- Run GIT commands
- ctypes.pl -- Character code classification
- time.pl -- Time and alarm library
- utf8.pl -- UTF-8 encoding/decoding on lists of character codes.
- base64.pl -- Base64 encoding and decoding
- sha.pl -- SHA secure hashes
- persistency.pl -- Provide persistent dynamic predicates
- pure_input.pl -- Pure Input from files and streams
- nb_set.pl -- Non-backtrackable sets
- xsdp_types.pl -- XML-Schema primitive types
- uuid.pl -- Universally Unique Identifier (UUID) Library
- pcre.pl -- Perl compatible regular expression matching for SWI-Prolog
- aggregate.pl -- Aggregation operators on backtrackable predicates
- rdf_write.pl -- Write RDF/XML from a list of triples
- rdf.pl -- RDF/XML parser
- sgml_write.pl -- XML/SGML writer module
- archive.pl -- Access several archive formats
- csv.pl -- Process CSV (Comma-Separated Values) data
- dialect.pl -- Support multiple Prolog dialects
- apply_macros.pl -- Goal expansion rules to avoid meta-calling
- prolog_code.pl -- Utilities for reasoning about code
- dif.pl -- The dif/2 constraint
- thread.pl -- High level thread primitives
- rdf_triple.pl -- Create triples from intermediate representation
- rbtrees.pl -- Red black trees
- nb_rbtrees.pl -- Non-backtrackable operations on red black trees
- pengines.pl -- Pengines: Web Logic Programming Made Easy
- yall.pl -- Lambda expressions
- sandbox.pl -- Sandboxed Prolog code
- prolog_format.pl -- Analyse format specifications
- random.pl -- Random numbers
- pengines_io.pl -- Provide Prolog I/O for HTML clients
- zlib.pl -- Zlib wrapper for SWI-Prolog
- bdb.pl -- Berkeley DB interface
- hash_stream.pl -- Maintain a hash on a stream
- md5.pl -- MD5 hashes
- pprint.pl -- Pretty Print Prolog terms
- modules.pl -- Module utility predicates
- lazy_lists.pl -- Lazy list handling
- edinburgh.pl -- Some traditional Edinburgh predicates
- prolog_clause.pl -- Get detailed source-information about a clause
- prolog_breakpoints.pl -- Manage Prolog break-points
- dicts.pl -- Dict utilities
- backcomp.pl -- Backward compatibility
- date.pl -- Process dates and times
- snowball.pl -- The Snowball multi-lingual stemmer library
- system.pl -- System utilities
- quintus.pl -- Quintus compatibility
- make.pl -- Reload modified source files
- edit.pl -- Editor interface
- prolog_debug.pl -- User level debugging tools
- intercept.pl -- Intercept and signal interface
- unicode.pl -- Unicode string handling
- udp_broadcast.pl -- A UDP broadcast proxy
- strings.pl -- String utilities
- charsio.pl -- I/O on Lists of Character Codes
- statistics.pl -- Get information about resource usage
- jpl.pl -- A Java interface for SWI Prolog 7.x
- heaps.pl -- heaps/priority queues
- tables.pl -- XSB interface to tables
- increval.pl -- Incremental dynamic predicate modification
- base32.pl -- Base32 encoding and decoding
- prolog_history.pl -- Per-directory persistent commandline history
- readline.pl -- GNU readline interface
- paxos.pl -- A Replicated Data Store
- oset.pl -- Ordered set manipulation
- zip.pl -- Access resource ZIP archives
- redis.pl -- Redis client
- check.pl -- Consistency checking
- prolog_stack.pl -- Examine the Prolog stack
- threadutil.pl -- Interactive thread utilities
- prolog_autoload.pl -- Autoload all dependencies
- qsave.pl -- Save current program as a state or executable
- stomp.pl -- STOMP client.
- redis_streams.pl -- Using Redis streams
- editline.pl -- BSD libedit based command line editing
- optparse.pl -- command line parsing
- win_menu.pl -- Console window menu
- tty.pl -- Terminal operations
- streampool.pl -- Input multiplexing
- plunit.pl -- Unit Testing
- ansi_term.pl -- Print decorated text to ANSI consoles
- listing.pl -- List programs and pretty print clauses
- doc_latex.pl -- PlDoc LaTeX backend
- explain.pl -- Describe Prolog Terms
- prolog_trace.pl -- Print access to predicates
- prolog_wrap.pl -- Wrapping predicates
- wfs.pl -- Well Founded Semantics interface
- prolog_stream.pl -- A stream with Prolog callbacks
- shell.pl -- Elementary shell commands
- terms.pl -- Term manipulation
- when.pl -- Conditional coroutining
- prolog_codewalk.pl -- Prolog code walker
- help.pl -- Text based manual
- varnumbers.pl -- Utilities for numbered terms
- hashtable.pl -- Hash tables
- fastrw.pl -- Fast reading and writing of terms
- isub.pl -- isub: a string similarity measure
- yaml.pl -- Process YAML data
- protobufs.pl -- Google's Protocol Buffers ("protobufs")
- codesio.pl -- I/O on Lists of Character Codes
- coinduction.pl -- Co-Logic Programming
- portray_text.pl -- Portray text
- c14n2.pl -- C14n2 canonical XML documents
- prolog_metainference.pl -- Infer meta-predicate properties
- prolog_jiti.pl -- Just In Time Indexing (JITI) utilities
- writef.pl -- Old-style formatted write
- test_cover.pl -- Clause coverage analysis
- xmlenc.pl -- XML encryption library
- double_metaphone.pl -- Phonetic string matching
- xmldsig.pl -- XML Digital signature
- pwp.pl -- Prolog Well-formed Pages
- cgi.pl -- Read CGI parameters
- doc_files.pl -- Create stand-alone documentation files
- ssl_context(+Role, -SSL, :Options) is det
- Create an SSL context. The context defines several properties
of the SSL connection such as involved keys, preferred
encryption, and passwords. After establishing a context, an SSL
connection can be negotiated using ssl_negotiate/5, turning two
arbitrary plain Prolog streams into encrypted streams. This
predicate processes the options below.
- For the client, the host to which it connects. This option
should be specified when Role is
client. Otherwise, certificate verification may fail when negotiating a secure connection.
- Specify where the certificate file can be found. This can be the
same as the
key_file(+FileName)option. A server must have at least one certificate before clients can connect. A client must have a certificate only if the server demands the client to identify itself with a client certificate using the
peer_cert(true)option. If a certificate is provided, it is necessary to also provide a matching private key via the key_file/1 option. To configure multiple certificates, use the option certificate_key_pairs/1 instead. Alternatively, use ssl_add_certificate_key/4 to add certificates and keys to an existing context.
- Specify where the private key that matches the certificate can
be found. If the key is encrypted with a password, this must
be supplied using the
- Alternative method for specifying certificates and keys. The argument is a list of pairs of the form Certificate-Key, where each component is a string or an atom that holds, respectively, the PEM-encoded certificate and key. To each certificate, further certificates of the chain can be appended. Multiple types of certificates can be present at the same time to enable different ciphers. Using multiple certificate types with completely independent certificate chains requires OpenSSL 1.0.2 or greater.
- Specify the password the private key is protected with (if any). If you do not want to store the password you can also specify an application defined handler to return the password (see next option). Text is either an atom or string. Using a string is preferred as strings are volatile and local resources.
- In case a password is required to access the private key the
supplied predicate will be called to fetch it. The hook is
call(Goal, +SSL, -Password)and typically unifies Password with a string containing the password.
- If true (default is false), then all certificates will be
considered invalid unless they can be verified as not being
revoked. You can do this explicity by passing a list of CRL
filenames via the crl/1 option, or by doing it yourself in
the cert_verify_hook. If you specify
require_crl(true)and provide neither of these options, verification will necessarily fail
- Provide a list of filenames of PEM-encoded CRLs that will be
given to the context to attempt to establish that a chain of
certificates is not revoked. You must also set
require_crl(true)if you want CRLs to actually be checked by OpenSSL.
- Deprecated. Use cacerts/1 instead.
Specify a file containing certificate keys of trusted
certificates. The peer is trusted if its certificate is
signed (ultimately) by one of the provided certificates. Using
system(root_certificates)uses a list of trusted root certificates as provided by the OS. See system_root_certificates/1 for details.
- Specify a list of sources of trusted certificates.
Each element in the list should be one of the following:
file(Filename): A file containing one or more PEM-encoded certificates
certificate(Blob): A certificate blob
system(root_certificates): A special term which refers to the certificates trusted by the host OS.
Additional verification of the peer certificate as well as accepting certificates that are not trusted by the given set can be realised using the hook cert_verify_hook(:Goal).
- The predicate ssl_negotiate/5 calls Goal as follows:
call(Goal, +SSL, +ProblemCertificate, +AllCertificates, +FirstCertificate, +Error)
In case the certificate was verified by one of the provided certifications from the
cacert_fileoption, Error is unified with the atom
verified. Otherwise it contains the error string passed from OpenSSL. Access will be granted iff the predicate succeeds. See load_certificate/2 for a description of the certificate terms. See cert_accept_any/5 for a dummy implementation that accepts any certificate.
- Specify a cipher preference list (one or more cipher strings separated by colons, commas or spaces). See ssl_secure_ciphers/1.
- Specify a curve for ECDHE ciphers. If this option is not
specified, the OpenSSL default parameters are used. With
OpenSSL prior to 1.1.0,
prime256v1is used by default.
- Trigger the request of our peer's certificate while establishing the SSL layer. This option is automatically turned on in a client SSL socket. It can be used in a server to ask the client to identify itself using an SSL certificate.
true, close the raw streams if the SSL streams are closed. Default is
false), the server sends TLS
close_notifywhen closing the connection. In addition, this mitigates truncation attacks for both client and server role: If EOF is encountered without having received a TLS shutdown, an exception is raised. Well-designed protocols are self-terminating, and this attack is therefore very rarely a concern.
- Set the minimum protocol version that can be negotiated.
Atom is one of
tlsv1_3. This option is available with OpenSSL 1.1.0 and later, and should be used instead of disable_ssl_methods/1.
- Set the maximum protocol version that can be negotiated.
Atom is one of
tlsv1_3. This option is available with OpenSSL 1.1.0 and later, and should be used instead of disable_ssl_methods/1.
- A list of methods to disable. Unsupported methods will be
ignored. Methods include
tlsv1_2. This option is deprecated starting with OpenSSL 1.1.0. Use min_protocol_version/1 and max_protocol_version/1 instead.
- Specify the explicit Method to use when negotiating. For
allowed values, see the list for
disable_ssl_methodsabove. Using this option is discouraged. When using OpenSSL 1.1.0 or later, this option is ignored, and a version-flexible method is used to negotiate the connection. Using version-specific methods is deprecated in recent OpenSSL versions, and this option will become obsolete and ignored in the future.
- This option provides Server Name Indication (SNI) for SSL
servers. This means that depending on the host to which a
client connects, different options (certificates etc.) can
be used for the server. This TLS extension allows you to host
different domains using the same IP address and physical
machine. When a TLS connection is negotiated with a client
that has provided a host name via SNI, the hook is called as
call(Goal, +SSL0, +HostName, -SSL)
Given the current context SSL0, and the host name of the client request, the predicate computes SSL which is used as the context for negotiating the connection. The first solution is used. If the predicate fails, the default options are used, which are those of the encompassing ssl_context/3 call. In that case, if no default certificate and key are specified, the client connection is rejected.
- Provide a list of acceptable ALPN protocol identifiers as atoms. ALPN support requires OpenSSL 1.0.2 or greater.
- This options provides a callback for a server context to use to
select an ALPN protocol. It will be called as follows:
call(Goal, +SSLCtx0, +ListOfClientProtocols, -SSLCtx1, -SelectedProtocol)===
If this option is unset and the alpn_protocols/1 option is set, then the first common protocol between client & server will be selected.
Role - is one of
clientand denotes whether the SSL instance will have a server or client role in the established connection.
SSL - is a SWI-Prolog blob of type
ssl_context, i.e., the type-test for an SSL context is