]>
Commit | Line | Data |
---|---|---|
3604a4d3 UM |
1 | |
2 | =pod | |
3 | ||
4 | =head1 NAME | |
5 | ||
6 | SSL - OpenSSL SSL/TLS library | |
7 | ||
8 | =head1 SYNOPSIS | |
9 | ||
11b62699 | 10 | =head1 DESCRIPTION |
3604a4d3 UM |
11 | |
12 | The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and | |
13 | Transport Layer Security (TLS v1) protocols. It provides a rich API which is | |
14 | documented here. | |
15 | ||
9bd3bd22 | 16 | At first the library must be initialized; see |
9b86974e | 17 | L<SSL_library_init(3)>. |
3604a4d3 | 18 | |
9bd3bd22 | 19 | Then an B<SSL_CTX> object is created as a framework to establish |
9b86974e | 20 | TLS/SSL enabled connections (see L<SSL_CTX_new(3)>). |
9bd3bd22 UM |
21 | Various options regarding certificates, algorithms etc. can be set |
22 | in this object. | |
3604a4d3 | 23 | |
9bd3bd22 UM |
24 | When a network connection has been created, it can be assigned to an |
25 | B<SSL> object. After the B<SSL> object has been created using | |
9b86974e RS |
26 | L<SSL_new(3)>, L<SSL_set_fd(3)> or |
27 | L<SSL_set_bio(3)> can be used to associate the network | |
9bd3bd22 | 28 | connection with the object. |
3604a4d3 | 29 | |
9bd3bd22 | 30 | Then the TLS/SSL handshake is performed using |
9b86974e | 31 | L<SSL_accept(3)> or L<SSL_connect(3)> |
9bd3bd22 | 32 | respectively. |
9b86974e | 33 | L<SSL_read(3)> and L<SSL_write(3)> are used |
9bd3bd22 | 34 | to read and write data on the TLS/SSL connection. |
9b86974e | 35 | L<SSL_shutdown(3)> can be used to shut down the |
9bd3bd22 | 36 | TLS/SSL connection. |
3604a4d3 UM |
37 | |
38 | =head1 DATA STRUCTURES | |
39 | ||
40 | Currently the OpenSSL B<ssl> library functions deals with the following data | |
41 | structures: | |
42 | ||
43 | =over 4 | |
44 | ||
45 | =item B<SSL_METHOD> (SSL Method) | |
46 | ||
47 | That's a dispatch structure describing the internal B<ssl> library | |
45f55f6a KR |
48 | methods/functions which implement the various protocol versions (SSLv3 |
49 | TLSv1, ...). It's needed to create an B<SSL_CTX>. | |
3604a4d3 UM |
50 | |
51 | =item B<SSL_CIPHER> (SSL Cipher) | |
52 | ||
53 | This structure holds the algorithm information for a particular cipher which | |
54 | are a core part of the SSL/TLS protocol. The available ciphers are configured | |
55 | on a B<SSL_CTX> basis and the actually used ones are then part of the | |
56 | B<SSL_SESSION>. | |
57 | ||
58 | =item B<SSL_CTX> (SSL Context) | |
59 | ||
60 | That's the global context structure which is created by a server or client | |
61 | once per program life-time and which holds mainly default values for the | |
62 | B<SSL> structures which are later created for the connections. | |
63 | ||
64 | =item B<SSL_SESSION> (SSL Session) | |
65 | ||
37b08e83 | 66 | This is a structure containing the current TLS/SSL session details for a |
3604a4d3 UM |
67 | connection: B<SSL_CIPHER>s, client and server certificates, keys, etc. |
68 | ||
69 | =item B<SSL> (SSL Connection) | |
70 | ||
71 | That's the main SSL/TLS structure which is created by a server or client per | |
72 | established connection. This actually is the core structure in the SSL API. | |
73 | Under run-time the application usually deals with this structure which has | |
74 | links to mostly all other structures. | |
75 | ||
76 | =back | |
77 | ||
9bd3bd22 UM |
78 | |
79 | =head1 HEADER FILES | |
80 | ||
81 | Currently the OpenSSL B<ssl> library provides the following C header files | |
82 | containing the prototypes for the data structures and and functions: | |
83 | ||
84 | =over 4 | |
85 | ||
86 | =item B<ssl.h> | |
87 | ||
88 | That's the common header file for the SSL/TLS API. Include it into your | |
89 | program to make the API of the B<ssl> library available. It internally | |
90 | includes both more private SSL headers and headers from the B<crypto> library. | |
91 | Whenever you need hard-core details on the internals of the SSL API, look | |
92 | inside this header file. | |
93 | ||
94 | =item B<ssl2.h> | |
95 | ||
87d9cafa | 96 | Unused. Present for backwards compatibility only. |
9bd3bd22 UM |
97 | |
98 | =item B<ssl3.h> | |
99 | ||
100 | That's the sub header file dealing with the SSLv3 protocol only. | |
101 | I<Usually you don't have to include it explicitly because | |
102 | it's already included by ssl.h>. | |
103 | ||
9bd3bd22 UM |
104 | =item B<tls1.h> |
105 | ||
106 | That's the sub header file dealing with the TLSv1 protocol only. | |
107 | I<Usually you don't have to include it explicitly because | |
108 | it's already included by ssl.h>. | |
109 | ||
110 | =back | |
111 | ||
3604a4d3 UM |
112 | =head1 API FUNCTIONS |
113 | ||
114 | Currently the OpenSSL B<ssl> library exports 214 API functions. | |
115 | They are documented in the following: | |
116 | ||
117 | =head2 DEALING WITH PROTOCOL METHODS | |
118 | ||
119 | Here we document the various API functions which deal with the SSL/TLS | |
120 | protocol methods defined in B<SSL_METHOD> structures. | |
121 | ||
122 | =over 4 | |
123 | ||
4ebb342f | 124 | =item const SSL_METHOD *B<SSLv3_client_method>(void); |
3604a4d3 UM |
125 | |
126 | Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. | |
127 | ||
4ebb342f | 128 | =item const SSL_METHOD *B<SSLv3_server_method>(void); |
3604a4d3 UM |
129 | |
130 | Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. | |
131 | ||
4ebb342f | 132 | =item const SSL_METHOD *B<SSLv3_method>(void); |
3604a4d3 UM |
133 | |
134 | Constructor for the SSLv3 SSL_METHOD structure for combined client and server. | |
135 | ||
4ebb342f | 136 | =item const SSL_METHOD *B<TLSv1_client_method>(void); |
3604a4d3 UM |
137 | |
138 | Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. | |
139 | ||
735ebc2d | 140 | =item const SSL_METHOD *B<TLSv1_server_method>(void); |
3604a4d3 UM |
141 | |
142 | Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. | |
143 | ||
4ebb342f | 144 | =item const SSL_METHOD *B<TLSv1_method>(void); |
3604a4d3 UM |
145 | |
146 | Constructor for the TLSv1 SSL_METHOD structure for combined client and server. | |
147 | ||
148 | =back | |
149 | ||
150 | =head2 DEALING WITH CIPHERS | |
151 | ||
152 | Here we document the various API functions which deal with the SSL/TLS | |
153 | ciphers defined in B<SSL_CIPHER> structures. | |
154 | ||
155 | =over 4 | |
156 | ||
157 | =item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len); | |
158 | ||
159 | Write a string to I<buf> (with a maximum size of I<len>) containing a human | |
160 | readable description of I<cipher>. Returns I<buf>. | |
161 | ||
162 | =item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits); | |
163 | ||
164 | Determine the number of bits in I<cipher>. Because of export crippled ciphers | |
165 | there are two bits: The bits the algorithm supports in general (stored to | |
166 | I<alg_bits>) and the bits which are actually used (the return value). | |
167 | ||
d49f3797 | 168 | =item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); |
3604a4d3 UM |
169 | |
170 | Return the internal name of I<cipher> as a string. These are the various | |
45f55f6a | 171 | strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
3604a4d3 UM |
172 | definitions in the header files. |
173 | ||
174 | =item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); | |
175 | ||
87d9cafa | 176 | Returns a string like "C<SSLv3>" or "C<TLSv1.2>" which indicates the |
3604a4d3 UM |
177 | SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined |
178 | in the specification the first time). | |
179 | ||
180 | =back | |
181 | ||
182 | =head2 DEALING WITH PROTOCOL CONTEXTS | |
183 | ||
184 | Here we document the various API functions which deal with the SSL/TLS | |
185 | protocol context defined in the B<SSL_CTX> structure. | |
186 | ||
187 | =over 4 | |
188 | ||
189 | =item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x); | |
190 | ||
191 | =item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509); | |
192 | ||
193 | =item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); | |
194 | ||
c3e64028 | 195 | =item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx); |
3604a4d3 UM |
196 | |
197 | =item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); | |
198 | ||
199 | =item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t); | |
200 | ||
201 | =item void B<SSL_CTX_free>(SSL_CTX *a); | |
202 | ||
203 | =item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx); | |
204 | ||
205 | =item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); | |
206 | ||
c3e64028 | 207 | =item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx); |
3604a4d3 UM |
208 | |
209 | =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | |
210 | ||
85074745 MC |
211 | =item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx); |
212 | ||
c3e64028 | 213 | =item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx); |
3604a4d3 UM |
214 | |
215 | =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) | |
216 | ||
217 | =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); | |
218 | ||
c3e64028 | 219 | =item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx); |
3604a4d3 | 220 | |
85074745 MC |
221 | =item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx); |
222 | ||
3604a4d3 UM |
223 | =item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); |
224 | ||
c3e64028 | 225 | =item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx); |
3604a4d3 | 226 | |
c3e64028 | 227 | =item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); |
3604a4d3 UM |
228 | |
229 | =item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); | |
230 | ||
231 | =item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath); | |
232 | ||
233 | =item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx); | |
234 | ||
4ebb342f | 235 | =item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth); |
3604a4d3 UM |
236 | |
237 | =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); | |
238 | ||
239 | =item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); | |
240 | ||
241 | =item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx); | |
242 | ||
243 | =item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx); | |
244 | ||
245 | =item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx); | |
246 | ||
247 | =item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx); | |
248 | ||
249 | =item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx); | |
250 | ||
251 | =item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx); | |
252 | ||
253 | =item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx); | |
254 | ||
255 | =item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx); | |
256 | ||
257 | =item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); | |
258 | ||
259 | =item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); | |
260 | ||
261 | =item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); | |
262 | ||
263 | =item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx); | |
264 | ||
265 | =item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx); | |
266 | ||
267 | =item int B<SSL_CTX_sess_number>(SSL_CTX *ctx); | |
268 | ||
269 | =item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t); | |
270 | ||
271 | =item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); | |
272 | ||
273 | =item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); | |
274 | ||
275 | =item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); | |
276 | ||
277 | =item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx); | |
278 | ||
279 | =item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx); | |
280 | ||
281 | =item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg); | |
282 | ||
283 | =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); | |
284 | ||
c4068186 | 285 | =item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg) |
3604a4d3 UM |
286 | |
287 | =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); | |
288 | ||
289 | =item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list); | |
290 | ||
291 | =item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); | |
292 | ||
293 | =item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void)) | |
294 | ||
295 | =item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m); | |
296 | ||
297 | =item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); | |
298 | ||
631fb6af MC |
299 | Use the default paths to locate trusted CA certificates. There is one default |
300 | directory path and one default file path. Both are set via this call. | |
301 | ||
302 | =item int B<SSL_CTX_set_default_verify_dir>(SSL_CTX *ctx) | |
303 | ||
304 | Use the default directory path to locate trusted CA certficates. | |
305 | ||
306 | =item int B<SSL_CTX_set_default_verify_file>(SSL_CTX *ctx) | |
307 | ||
308 | Use the file path to locate trusted CA certficates. | |
309 | ||
3604a4d3 UM |
310 | =item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); |
311 | ||
312 | =item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); | |
313 | ||
65123f80 BM |
314 | =item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); |
315 | ||
316 | =item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg); | |
317 | ||
3604a4d3 UM |
318 | =item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); |
319 | ||
320 | =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); | |
321 | ||
85074745 MC |
322 | =item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m); |
323 | ||
3604a4d3 UM |
324 | =item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode); |
325 | ||
4ebb342f | 326 | =item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth); |
3604a4d3 UM |
327 | |
328 | =item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t); | |
329 | ||
330 | =item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh); | |
331 | ||
332 | =item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); | |
333 | ||
3604a4d3 UM |
334 | =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) |
335 | ||
336 | =item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); | |
337 | ||
338 | =item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len); | |
339 | ||
340 | =item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type); | |
341 | ||
342 | =item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa); | |
343 | ||
344 | =item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len); | |
345 | ||
346 | =item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type); | |
347 | ||
348 | =item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x); | |
349 | ||
350 | =item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d); | |
351 | ||
352 | =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); | |
353 | ||
a25f9adc DSH |
354 | =item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx); |
355 | ||
356 | =item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx); | |
357 | ||
ddac1974 NL |
358 | =item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); |
359 | ||
360 | =item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint); | |
361 | ||
362 | =item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); | |
363 | ||
364 | ||
365 | ||
366 | ||
3604a4d3 UM |
367 | =back |
368 | ||
369 | =head2 DEALING WITH SESSIONS | |
370 | ||
371 | Here we document the various API functions which deal with the SSL/TLS | |
372 | sessions defined in the B<SSL_SESSION> structures. | |
373 | ||
374 | =over 4 | |
375 | ||
c3e64028 | 376 | =item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b); |
3604a4d3 UM |
377 | |
378 | =item void B<SSL_SESSION_free>(SSL_SESSION *ss); | |
379 | ||
380 | =item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); | |
381 | ||
c3e64028 | 382 | =item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx); |
3604a4d3 UM |
383 | |
384 | =item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) | |
385 | ||
c3e64028 | 386 | =item long B<SSL_SESSION_get_time>(const SSL_SESSION *s); |
3604a4d3 | 387 | |
c3e64028 | 388 | =item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s); |
3604a4d3 | 389 | |
c3e64028 | 390 | =item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a); |
3604a4d3 UM |
391 | |
392 | =item SSL_SESSION *B<SSL_SESSION_new>(void); | |
393 | ||
c3e64028 | 394 | =item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x); |
3604a4d3 | 395 | |
c3e64028 | 396 | =item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x); |
3604a4d3 UM |
397 | |
398 | =item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); | |
399 | ||
400 | =item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg); | |
401 | ||
402 | =item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t); | |
403 | ||
404 | =item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t); | |
405 | ||
406 | =back | |
407 | ||
408 | =head2 DEALING WITH CONNECTIONS | |
409 | ||
410 | Here we document the various API functions which deal with the SSL/TLS | |
411 | connection defined in the B<SSL> structure. | |
412 | ||
413 | =over 4 | |
414 | ||
415 | =item int B<SSL_accept>(SSL *ssl); | |
416 | ||
417 | =item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir); | |
418 | ||
419 | =item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file); | |
420 | ||
421 | =item int B<SSL_add_client_CA>(SSL *ssl, X509 *x); | |
422 | ||
423 | =item char *B<SSL_alert_desc_string>(int value); | |
424 | ||
425 | =item char *B<SSL_alert_desc_string_long>(int value); | |
426 | ||
427 | =item char *B<SSL_alert_type_string>(int value); | |
428 | ||
429 | =item char *B<SSL_alert_type_string_long>(int value); | |
430 | ||
c3e64028 | 431 | =item int B<SSL_check_private_key>(const SSL *ssl); |
3604a4d3 UM |
432 | |
433 | =item void B<SSL_clear>(SSL *ssl); | |
434 | ||
435 | =item long B<SSL_clear_num_renegotiations>(SSL *ssl); | |
436 | ||
437 | =item int B<SSL_connect>(SSL *ssl); | |
438 | ||
17dd65e6 MC |
439 | =item int B<SSL_copy_session_id>(SSL *t, const SSL *f); |
440 | ||
441 | Sets the session details for B<t> to be the same as in B<f>. Returns 1 on | |
442 | success or 0 on failure. | |
3604a4d3 UM |
443 | |
444 | =item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); | |
445 | ||
446 | =item int B<SSL_do_handshake>(SSL *ssl); | |
447 | ||
448 | =item SSL *B<SSL_dup>(SSL *ssl); | |
449 | ||
919ba009 VD |
450 | SSL_dup() allows applications to configure an SSL handle for use |
451 | in multiple SSL connections, and then duplicate it prior to initiating | |
452 | each connection with the duplicated handle. | |
453 | Use of SSL_dup() avoids the need to repeat the configuration of the | |
454 | handles for each connection. | |
455 | This is used internally by L<BIO_s_accept(3)> to construct | |
456 | per-connection SSL handles after L<accept(2)>. | |
457 | ||
458 | For SSL_dup() to work, the connection MUST be in its initial state | |
459 | and MUST NOT have not yet have started the SSL handshake. | |
460 | For connections that are not in their initial state SSL_dup() just | |
461 | increments an internal reference count and returns the I<same> | |
462 | handle. | |
463 | It may be possible to use L<SSL_clear(3)> to recycle an SSL handle | |
464 | that is not in its initial state for re-use, but this is best | |
465 | avoided. | |
466 | Instead, save and restore the session, if desired, and construct a | |
467 | fresh handle for each connection. | |
468 | ||
3604a4d3 UM |
469 | =item STACK *B<SSL_dup_CA_list>(STACK *sk); |
470 | ||
471 | =item void B<SSL_free>(SSL *ssl); | |
472 | ||
c3e64028 | 473 | =item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl); |
3604a4d3 UM |
474 | |
475 | =item char *B<SSL_get_app_data>(SSL *ssl); | |
476 | ||
c3e64028 | 477 | =item X509 *B<SSL_get_certificate>(const SSL *ssl); |
3604a4d3 | 478 | |
c3e64028 | 479 | =item const char *B<SSL_get_cipher>(const SSL *ssl); |
3604a4d3 | 480 | |
c3e64028 | 481 | =item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits); |
3604a4d3 | 482 | |
c3e64028 | 483 | =item char *B<SSL_get_cipher_list>(const SSL *ssl, int n); |
3604a4d3 | 484 | |
c3e64028 | 485 | =item char *B<SSL_get_cipher_name>(const SSL *ssl); |
3604a4d3 | 486 | |
c3e64028 | 487 | =item char *B<SSL_get_cipher_version>(const SSL *ssl); |
3604a4d3 | 488 | |
c3e64028 | 489 | =item STACK *B<SSL_get_ciphers>(const SSL *ssl); |
3604a4d3 | 490 | |
c3e64028 | 491 | =item STACK *B<SSL_get_client_CA_list>(const SSL *ssl); |
3604a4d3 UM |
492 | |
493 | =item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); | |
494 | ||
c3e64028 | 495 | =item long B<SSL_get_default_timeout>(const SSL *ssl); |
3604a4d3 | 496 | |
c3e64028 | 497 | =item int B<SSL_get_error>(const SSL *ssl, int i); |
3604a4d3 | 498 | |
c3e64028 | 499 | =item char *B<SSL_get_ex_data>(const SSL *ssl, int idx); |
3604a4d3 UM |
500 | |
501 | =item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); | |
502 | ||
503 | =item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) | |
504 | ||
c3e64028 | 505 | =item int B<SSL_get_fd>(const SSL *ssl); |
3604a4d3 | 506 | |
c3e64028 | 507 | =item void (*B<SSL_get_info_callback>(const SSL *ssl);)() |
3604a4d3 | 508 | |
c3e64028 | 509 | =item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl); |
3604a4d3 | 510 | |
c3e64028 | 511 | =item X509 *B<SSL_get_peer_certificate>(const SSL *ssl); |
3604a4d3 | 512 | |
a25f9adc | 513 | =item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl); |
3604a4d3 | 514 | |
c3e64028 | 515 | =item int B<SSL_get_quiet_shutdown>(const SSL *ssl); |
3604a4d3 | 516 | |
c3e64028 | 517 | =item BIO *B<SSL_get_rbio>(const SSL *ssl); |
3604a4d3 | 518 | |
c3e64028 | 519 | =item int B<SSL_get_read_ahead>(const SSL *ssl); |
3604a4d3 | 520 | |
c3e64028 | 521 | =item SSL_SESSION *B<SSL_get_session>(const SSL *ssl); |
3604a4d3 | 522 | |
c3e64028 | 523 | =item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len); |
3604a4d3 | 524 | |
c3e64028 | 525 | =item int B<SSL_get_shutdown>(const SSL *ssl); |
3604a4d3 | 526 | |
4ebb342f | 527 | =item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); |
3604a4d3 | 528 | |
c3e64028 | 529 | =item int B<SSL_get_state>(const SSL *ssl); |
3604a4d3 | 530 | |
c3e64028 | 531 | =item long B<SSL_get_time>(const SSL *ssl); |
3604a4d3 | 532 | |
c3e64028 | 533 | =item long B<SSL_get_timeout>(const SSL *ssl); |
3604a4d3 | 534 | |
c3e64028 | 535 | =item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *) |
3604a4d3 | 536 | |
c3e64028 | 537 | =item int B<SSL_get_verify_mode>(const SSL *ssl); |
3604a4d3 | 538 | |
c3e64028 | 539 | =item long B<SSL_get_verify_result>(const SSL *ssl); |
3604a4d3 | 540 | |
c3e64028 | 541 | =item char *B<SSL_get_version>(const SSL *ssl); |
3604a4d3 | 542 | |
c3e64028 | 543 | =item BIO *B<SSL_get_wbio>(const SSL *ssl); |
3604a4d3 UM |
544 | |
545 | =item int B<SSL_in_accept_init>(SSL *ssl); | |
546 | ||
547 | =item int B<SSL_in_before>(SSL *ssl); | |
548 | ||
549 | =item int B<SSL_in_connect_init>(SSL *ssl); | |
550 | ||
551 | =item int B<SSL_in_init>(SSL *ssl); | |
552 | ||
553 | =item int B<SSL_is_init_finished>(SSL *ssl); | |
554 | ||
555 | =item STACK *B<SSL_load_client_CA_file>(char *file); | |
556 | ||
557 | =item void B<SSL_load_error_strings>(void); | |
558 | ||
559 | =item SSL *B<SSL_new>(SSL_CTX *ctx); | |
560 | ||
561 | =item long B<SSL_num_renegotiations>(SSL *ssl); | |
562 | ||
e34cfcf7 | 563 | =item int B<SSL_peek>(SSL *ssl, void *buf, int num); |
3604a4d3 | 564 | |
c3e64028 | 565 | =item int B<SSL_pending>(const SSL *ssl); |
3604a4d3 | 566 | |
e34cfcf7 | 567 | =item int B<SSL_read>(SSL *ssl, void *buf, int num); |
3604a4d3 UM |
568 | |
569 | =item int B<SSL_renegotiate>(SSL *ssl); | |
570 | ||
571 | =item char *B<SSL_rstate_string>(SSL *ssl); | |
572 | ||
573 | =item char *B<SSL_rstate_string_long>(SSL *ssl); | |
574 | ||
575 | =item long B<SSL_session_reused>(SSL *ssl); | |
576 | ||
577 | =item void B<SSL_set_accept_state>(SSL *ssl); | |
578 | ||
579 | =item void B<SSL_set_app_data>(SSL *ssl, char *arg); | |
580 | ||
581 | =item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio); | |
582 | ||
583 | =item int B<SSL_set_cipher_list>(SSL *ssl, char *str); | |
584 | ||
585 | =item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list); | |
586 | ||
587 | =item void B<SSL_set_connect_state>(SSL *ssl); | |
588 | ||
589 | =item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg); | |
590 | ||
591 | =item int B<SSL_set_fd>(SSL *ssl, int fd); | |
592 | ||
593 | =item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void)) | |
594 | ||
65123f80 BM |
595 | =item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); |
596 | ||
597 | =item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg); | |
598 | ||
3604a4d3 UM |
599 | =item void B<SSL_set_options>(SSL *ssl, unsigned long op); |
600 | ||
601 | =item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); | |
602 | ||
603 | =item void B<SSL_set_read_ahead>(SSL *ssl, int yes); | |
604 | ||
605 | =item int B<SSL_set_rfd>(SSL *ssl, int fd); | |
606 | ||
607 | =item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session); | |
608 | ||
609 | =item void B<SSL_set_shutdown>(SSL *ssl, int mode); | |
610 | ||
4ebb342f | 611 | =item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth); |
3604a4d3 UM |
612 | |
613 | =item void B<SSL_set_time>(SSL *ssl, long t); | |
614 | ||
615 | =item void B<SSL_set_timeout>(SSL *ssl, long t); | |
616 | ||
617 | =item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void)) | |
618 | ||
619 | =item void B<SSL_set_verify_result>(SSL *ssl, long arg); | |
620 | ||
621 | =item int B<SSL_set_wfd>(SSL *ssl, int fd); | |
622 | ||
623 | =item int B<SSL_shutdown>(SSL *ssl); | |
624 | ||
5998e290 | 625 | =item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl); |
f3b9257f MC |
626 | |
627 | Returns the current handshake state. | |
3604a4d3 | 628 | |
c3e64028 | 629 | =item char *B<SSL_state_string>(const SSL *ssl); |
3604a4d3 | 630 | |
c3e64028 | 631 | =item char *B<SSL_state_string_long>(const SSL *ssl); |
3604a4d3 UM |
632 | |
633 | =item long B<SSL_total_renegotiations>(SSL *ssl); | |
634 | ||
635 | =item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey); | |
636 | ||
637 | =item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len); | |
638 | ||
639 | =item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type); | |
640 | ||
641 | =item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa); | |
642 | ||
643 | =item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len); | |
644 | ||
645 | =item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type); | |
646 | ||
647 | =item int B<SSL_use_certificate>(SSL *ssl, X509 *x); | |
648 | ||
649 | =item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d); | |
650 | ||
651 | =item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); | |
652 | ||
c3e64028 | 653 | =item int B<SSL_version>(const SSL *ssl); |
3604a4d3 | 654 | |
c3e64028 | 655 | =item int B<SSL_want>(const SSL *ssl); |
3604a4d3 | 656 | |
c3e64028 | 657 | =item int B<SSL_want_nothing>(const SSL *ssl); |
3604a4d3 | 658 | |
c3e64028 | 659 | =item int B<SSL_want_read>(const SSL *ssl); |
3604a4d3 | 660 | |
c3e64028 | 661 | =item int B<SSL_want_write>(const SSL *ssl); |
3604a4d3 | 662 | |
c3e64028 | 663 | =item int B<SSL_want_x509_lookup>(const SSL *ssl); |
3604a4d3 | 664 | |
e34cfcf7 | 665 | =item int B<SSL_write>(SSL *ssl, const void *buf, int num); |
3604a4d3 | 666 | |
ddac1974 NL |
667 | =item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); |
668 | ||
669 | =item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint); | |
670 | ||
671 | =item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); | |
672 | ||
673 | =item const char *B<SSL_get_psk_identity_hint>(SSL *ssl); | |
674 | ||
675 | =item const char *B<SSL_get_psk_identity>(SSL *ssl); | |
676 | ||
3604a4d3 UM |
677 | =back |
678 | ||
679 | =head1 SEE ALSO | |
680 | ||
9b86974e RS |
681 | L<openssl(1)>, L<crypto(3)>, |
682 | L<SSL_accept(3)>, L<SSL_clear(3)>, | |
683 | L<SSL_connect(3)>, | |
684 | L<SSL_CIPHER_get_name(3)>, | |
685 | L<SSL_COMP_add_compression_method(3)>, | |
686 | L<SSL_CTX_add_extra_chain_cert(3)>, | |
687 | L<SSL_CTX_add_session(3)>, | |
688 | L<SSL_CTX_ctrl(3)>, | |
689 | L<SSL_CTX_flush_sessions(3)>, | |
690 | L<SSL_CTX_get_ex_new_index(3)>, | |
691 | L<SSL_CTX_get_verify_mode(3)>, | |
692 | L<SSL_CTX_load_verify_locations(3)> | |
693 | L<SSL_CTX_new(3)>, | |
694 | L<SSL_CTX_sess_number(3)>, | |
695 | L<SSL_CTX_sess_set_cache_size(3)>, | |
696 | L<SSL_CTX_sess_set_get_cb(3)>, | |
697 | L<SSL_CTX_sessions(3)>, | |
698 | L<SSL_CTX_set_cert_store(3)>, | |
699 | L<SSL_CTX_set_cert_verify_callback(3)>, | |
700 | L<SSL_CTX_set_cipher_list(3)>, | |
701 | L<SSL_CTX_set_client_CA_list(3)>, | |
702 | L<SSL_CTX_set_client_cert_cb(3)>, | |
703 | L<SSL_CTX_set_default_passwd_cb(3)>, | |
704 | L<SSL_CTX_set_generate_session_id(3)>, | |
705 | L<SSL_CTX_set_info_callback(3)>, | |
706 | L<SSL_CTX_set_max_cert_list(3)>, | |
707 | L<SSL_CTX_set_mode(3)>, | |
708 | L<SSL_CTX_set_msg_callback(3)>, | |
709 | L<SSL_CTX_set_options(3)>, | |
710 | L<SSL_CTX_set_quiet_shutdown(3)>, | |
711 | L<SSL_CTX_set_read_ahead(3)>, | |
712 | L<SSL_CTX_set_session_cache_mode(3)>, | |
713 | L<SSL_CTX_set_session_id_context(3)>, | |
714 | L<SSL_CTX_set_ssl_version(3)>, | |
715 | L<SSL_CTX_set_timeout(3)>, | |
9b86974e RS |
716 | L<SSL_CTX_set_tmp_dh_callback(3)>, |
717 | L<SSL_CTX_set_verify(3)>, | |
718 | L<SSL_CTX_use_certificate(3)>, | |
719 | L<SSL_alert_type_string(3)>, | |
720 | L<SSL_do_handshake(3)>, | |
721 | L<SSL_get_SSL_CTX(3)>, | |
722 | L<SSL_get_ciphers(3)>, | |
723 | L<SSL_get_client_CA_list(3)>, | |
724 | L<SSL_get_default_timeout(3)>, | |
725 | L<SSL_get_error(3)>, | |
726 | L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>, | |
727 | L<SSL_get_ex_new_index(3)>, | |
728 | L<SSL_get_fd(3)>, | |
729 | L<SSL_get_peer_cert_chain(3)>, | |
730 | L<SSL_get_rbio(3)>, | |
731 | L<SSL_get_session(3)>, | |
732 | L<SSL_get_verify_result(3)>, | |
733 | L<SSL_get_version(3)>, | |
734 | L<SSL_library_init(3)>, | |
735 | L<SSL_load_client_CA_file(3)>, | |
736 | L<SSL_new(3)>, | |
737 | L<SSL_pending(3)>, | |
738 | L<SSL_read(3)>, | |
739 | L<SSL_rstate_string(3)>, | |
740 | L<SSL_session_reused(3)>, | |
741 | L<SSL_set_bio(3)>, | |
742 | L<SSL_set_connect_state(3)>, | |
743 | L<SSL_set_fd(3)>, | |
744 | L<SSL_set_session(3)>, | |
745 | L<SSL_set_shutdown(3)>, | |
746 | L<SSL_shutdown(3)>, | |
747 | L<SSL_state_string(3)>, | |
748 | L<SSL_want(3)>, | |
749 | L<SSL_write(3)>, | |
750 | L<SSL_SESSION_free(3)>, | |
751 | L<SSL_SESSION_get_ex_new_index(3)>, | |
752 | L<SSL_SESSION_get_time(3)>, | |
753 | L<d2i_SSL_SESSION(3)>, | |
754 | L<SSL_CTX_set_psk_client_callback(3)>, | |
755 | L<SSL_CTX_use_psk_identity_hint(3)>, | |
ca7256fb | 756 | L<SSL_get_psk_identity(3)>, |
7795475f | 757 | L<DTLSv1_listen(3)> |
3604a4d3 UM |
758 | |
759 | =head1 HISTORY | |
760 | ||
45f55f6a KR |
761 | B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> where removed |
762 | in OpenSSL 1.1.0. | |
763 | ||
17dd65e6 MC |
764 | The return type of B<SSL_copy_session_id> was changed from void to int in |
765 | OpenSSL 1.1.0. | |
766 | ||
3604a4d3 UM |
767 | =cut |
768 |