98=head1 API FUNCTIONS 99 100Currently the OpenSSL B<ssl> library exports 214 API functions. 101They are documented in the following: 102 103=head2 DEALING WITH PROTOCOL METHODS 104 105Here we document the various API functions which deal with the SSL/TLS 106protocol methods defined in B<SSL_METHOD> structures. 107 108=over 4 109 110=item SSL_METHOD *B<SSLv2_client_method>(void); 111 112Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. 113 114=item SSL_METHOD *B<SSLv2_server_method>(void); 115 116Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. 117 118=item SSL_METHOD *B<SSLv2_method>(void); 119 120Constructor for the SSLv2 SSL_METHOD structure for combined client and server. 121 122=item SSL_METHOD *B<SSLv3_client_method>(void); 123 124Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. 125 126=item SSL_METHOD *B<SSLv3_server_method>(void); 127 128Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. 129 130=item SSL_METHOD *B<SSLv3_method>(void); 131 132Constructor for the SSLv3 SSL_METHOD structure for combined client and server. 133 134=item SSL_METHOD *B<TLSv1_client_method>(void); 135 136Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. 137 138=item SSL_METHOD *B<TLSv1_server_method>(void); 139 140Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. 141 142=item SSL_METHOD *B<TLSv1_method>(void); 143 144Constructor for the TLSv1 SSL_METHOD structure for combined client and server. 145 146=back 147 148=head2 DEALING WITH CIPHERS 149 150Here we document the various API functions which deal with the SSL/TLS 151ciphers defined in B<SSL_CIPHER> structures. 152 153=over 4 154 155=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len); 156 157Write a string to I<buf> (with a maximum size of I<len>) containing a human 158readable description of I<cipher>. Returns I<buf>. 159 160=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits); 161 162Determine the number of bits in I<cipher>. Because of export crippled ciphers 163there are two bits: The bits the algorithm supports in general (stored to 164I<alg_bits>) and the bits which are actually used (the return value). 165 166=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); 167 168Return the internal name of I<cipher> as a string. These are the various 169strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> 170definitions in the header files. 171 172=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); 173 174Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the 175SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined 176in the specification the first time). 177 178=back 179 180=head2 DEALING WITH PROTOCOL CONTEXTS 181 182Here we document the various API functions which deal with the SSL/TLS 183protocol context defined in the B<SSL_CTX> structure. 184 185=over 4 186 187=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x); 188 189=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509); 190 191=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); 192 193=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx); 194 195=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); 196 197=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t); 198 199=item void B<SSL_CTX_free>(SSL_CTX *a); 200 201=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx); 202 203=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); 204 205=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx); 206 207=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 208 209=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx); 210 211=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 212 213=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); 214 215=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx); 216 217=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); 218 219=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx); 220 221=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); 222 223=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); 224 225=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath); 226 227=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx); 228 229=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth); 230 231=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); 232 233=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); 234 235=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx); 236 237=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx); 238 239=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx); 240 241=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx); 242 243=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx); 244 245=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx); 246 247=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx); 248 249=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx); 250 251=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); 252 253=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); 254 255=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); 256 257=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx); 258 259=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx); 260 261=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx); 262 263=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t); 264 265=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); 266 267=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); 268 269=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); 270 271=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx); 272 273=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx); 274 275=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg); 276 277=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); 278 279=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg) 280 281=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); 282 283=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list); 284 285=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 286 287=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void)) 288 289=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m); 290 291=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); 292 293=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); 294 295=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); 296 297=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); 298 299=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); 300 301=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode); 302 303=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth); 304 305=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t); 306 307=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh); 308 309=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); 310 311=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa); 312 313=item SSL_CTX_set_tmp_rsa_callback 314 315C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));> 316 317Sets the callback which will be called when a temporary private key is 318required. The B<C<export>> flag will be set if the reason for needing 319a temp key is that an export ciphersuite is in use, in which case, 320B<C<keylength>> will contain the required keylength in bits. Generate a key of 321appropriate size (using ???) and return it. 322 323=item SSL_set_tmp_rsa_callback 324 325long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); 326 327The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL 328session instead of a context. 329 330=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) 331 332=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); 333 334=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len); 335 336=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type); 337 338=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa); 339 340=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len); 341 342=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type); 343 344=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x); 345 346=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d); 347 348=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); 349 350=back 351 352=head2 DEALING WITH SESSIONS 353 354Here we document the various API functions which deal with the SSL/TLS 355sessions defined in the B<SSL_SESSION> structures. 356 357=over 4 358 359=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b); 360 361=item void B<SSL_SESSION_free>(SSL_SESSION *ss); 362 363=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); 364 365=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx); 366 367=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 368 369=item long B<SSL_SESSION_get_time>(SSL_SESSION *s); 370 371=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s); 372 373=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a); 374 375=item SSL_SESSION *B<SSL_SESSION_new>(void); 376 377=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x); 378 379=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x); 380 381=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); 382 383=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg); 384 385=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t); 386 387=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t); 388 389=back 390 391=head2 DEALING WITH CONNECTIONS 392 393Here we document the various API functions which deal with the SSL/TLS 394connection defined in the B<SSL> structure. 395 396=over 4 397 398=item int B<SSL_accept>(SSL *ssl); 399 400=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir); 401 402=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file); 403 404=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x); 405 406=item char *B<SSL_alert_desc_string>(int value); 407 408=item char *B<SSL_alert_desc_string_long>(int value); 409 410=item char *B<SSL_alert_type_string>(int value); 411 412=item char *B<SSL_alert_type_string_long>(int value); 413 414=item int B<SSL_check_private_key>(SSL *ssl); 415 416=item void B<SSL_clear>(SSL *ssl); 417 418=item long B<SSL_clear_num_renegotiations>(SSL *ssl); 419 420=item int B<SSL_connect>(SSL *ssl); 421 422=item void B<SSL_copy_session_id>(SSL *t, SSL *f); 423 424=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); 425 426=item int B<SSL_do_handshake>(SSL *ssl); 427 428=item SSL *B<SSL_dup>(SSL *ssl); 429 430=item STACK *B<SSL_dup_CA_list>(STACK *sk); 431 432=item void B<SSL_free>(SSL *ssl); 433 434=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl); 435 436=item char *B<SSL_get_app_data>(SSL *ssl); 437 438=item X509 *B<SSL_get_certificate>(SSL *ssl); 439 440=item const char *B<SSL_get_cipher>(SSL *ssl); 441 442=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits); 443 444=item char *B<SSL_get_cipher_list>(SSL *ssl, int n); 445 446=item char *B<SSL_get_cipher_name>(SSL *ssl); 447 448=item char *B<SSL_get_cipher_version>(SSL *ssl); 449 450=item STACK *B<SSL_get_ciphers>(SSL *ssl); 451 452=item STACK *B<SSL_get_client_CA_list>(SSL *ssl); 453 454=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); 455 456=item long B<SSL_get_default_timeout>(SSL *ssl); 457 458=item int B<SSL_get_error>(SSL *ssl, int i); 459 460=item char *B<SSL_get_ex_data>(SSL *ssl, int idx); 461 462=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); 463 464=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 465 466=item int B<SSL_get_fd>(SSL *ssl); 467 468=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void) 469 470=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl); 471 472=item X509 *B<SSL_get_peer_certificate>(SSL *ssl); 473 474=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); 475 476=item int B<SSL_get_quiet_shutdown>(SSL *ssl); 477 478=item BIO *B<SSL_get_rbio>(SSL *ssl); 479 480=item int B<SSL_get_read_ahead>(SSL *ssl); 481 482=item SSL_SESSION *B<SSL_get_session>(SSL *ssl); 483 484=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len); 485 486=item int B<SSL_get_shutdown>(SSL *ssl); 487 488=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); 489 490=item int B<SSL_get_state>(SSL *ssl); 491 492=item long B<SSL_get_time>(SSL *ssl); 493 494=item long B<SSL_get_timeout>(SSL *ssl); 495 496=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void) 497 498=item int B<SSL_get_verify_mode>(SSL *ssl); 499 500=item long B<SSL_get_verify_result>(SSL *ssl); 501 502=item char *B<SSL_get_version>(SSL *ssl); 503 504=item BIO *B<SSL_get_wbio>(SSL *ssl); 505 506=item int B<SSL_in_accept_init>(SSL *ssl); 507 508=item int B<SSL_in_before>(SSL *ssl); 509 510=item int B<SSL_in_connect_init>(SSL *ssl); 511 512=item int B<SSL_in_init>(SSL *ssl); 513 514=item int B<SSL_is_init_finished>(SSL *ssl); 515 516=item STACK *B<SSL_load_client_CA_file>(char *file); 517 518=item void B<SSL_load_error_strings>(void); 519 520=item SSL *B<SSL_new>(SSL_CTX *ctx); 521 522=item long B<SSL_num_renegotiations>(SSL *ssl); 523 524=item int B<SSL_peek>(SSL *ssl, char *buf, int num); 525 526=item int B<SSL_pending>(SSL *ssl); 527 528=item int B<SSL_read>(SSL *ssl, char *buf, int num); 529 530=item int B<SSL_renegotiate>(SSL *ssl); 531 532=item char *B<SSL_rstate_string>(SSL *ssl); 533 534=item char *B<SSL_rstate_string_long>(SSL *ssl); 535 536=item long B<SSL_session_reused>(SSL *ssl); 537 538=item void B<SSL_set_accept_state>(SSL *ssl); 539 540=item void B<SSL_set_app_data>(SSL *ssl, char *arg); 541 542=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio); 543 544=item int B<SSL_set_cipher_list>(SSL *ssl, char *str); 545 546=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list); 547 548=item void B<SSL_set_connect_state>(SSL *ssl); 549 550=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg); 551 552=item int B<SSL_set_fd>(SSL *ssl, int fd); 553 554=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void)) 555 556=item void B<SSL_set_options>(SSL *ssl, unsigned long op); 557 558=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); 559 560=item void B<SSL_set_read_ahead>(SSL *ssl, int yes); 561 562=item int B<SSL_set_rfd>(SSL *ssl, int fd); 563 564=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session); 565 566=item void B<SSL_set_shutdown>(SSL *ssl, int mode); 567 568=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth); 569 570=item void B<SSL_set_time>(SSL *ssl, long t); 571 572=item void B<SSL_set_timeout>(SSL *ssl, long t); 573 574=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void)) 575 576=item void B<SSL_set_verify_result>(SSL *ssl, long arg); 577 578=item int B<SSL_set_wfd>(SSL *ssl, int fd); 579 580=item int B<SSL_shutdown>(SSL *ssl); 581 582=item int B<SSL_state>(SSL *ssl); 583 584=item char *B<SSL_state_string>(SSL *ssl); 585 586=item char *B<SSL_state_string_long>(SSL *ssl); 587 588=item long B<SSL_total_renegotiations>(SSL *ssl); 589 590=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey); 591 592=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len); 593 594=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type); 595 596=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa); 597 598=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len); 599 600=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type); 601 602=item int B<SSL_use_certificate>(SSL *ssl, X509 *x); 603 604=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d); 605 606=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); 607 608=item int B<SSL_version>(SSL *ssl); 609 610=item int B<SSL_want>(SSL *ssl); 611 612=item int B<SSL_want_nothing>(SSL *ssl); 613 614=item int B<SSL_want_read>(SSL *ssl); 615 616=item int B<SSL_want_write>(SSL *ssl); 617 618=item int B<SSL_want_x509_lookup>(s); 619 620=item int B<SSL_write>(SSL *ssl, char *buf, int num); 621 622=back 623 624=head1 SEE ALSO 625 626L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, 627L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
| 121=head1 API FUNCTIONS 122 123Currently the OpenSSL B<ssl> library exports 214 API functions. 124They are documented in the following: 125 126=head2 DEALING WITH PROTOCOL METHODS 127 128Here we document the various API functions which deal with the SSL/TLS 129protocol methods defined in B<SSL_METHOD> structures. 130 131=over 4 132 133=item SSL_METHOD *B<SSLv2_client_method>(void); 134 135Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. 136 137=item SSL_METHOD *B<SSLv2_server_method>(void); 138 139Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. 140 141=item SSL_METHOD *B<SSLv2_method>(void); 142 143Constructor for the SSLv2 SSL_METHOD structure for combined client and server. 144 145=item SSL_METHOD *B<SSLv3_client_method>(void); 146 147Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. 148 149=item SSL_METHOD *B<SSLv3_server_method>(void); 150 151Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. 152 153=item SSL_METHOD *B<SSLv3_method>(void); 154 155Constructor for the SSLv3 SSL_METHOD structure for combined client and server. 156 157=item SSL_METHOD *B<TLSv1_client_method>(void); 158 159Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. 160 161=item SSL_METHOD *B<TLSv1_server_method>(void); 162 163Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. 164 165=item SSL_METHOD *B<TLSv1_method>(void); 166 167Constructor for the TLSv1 SSL_METHOD structure for combined client and server. 168 169=back 170 171=head2 DEALING WITH CIPHERS 172 173Here we document the various API functions which deal with the SSL/TLS 174ciphers defined in B<SSL_CIPHER> structures. 175 176=over 4 177 178=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len); 179 180Write a string to I<buf> (with a maximum size of I<len>) containing a human 181readable description of I<cipher>. Returns I<buf>. 182 183=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits); 184 185Determine the number of bits in I<cipher>. Because of export crippled ciphers 186there are two bits: The bits the algorithm supports in general (stored to 187I<alg_bits>) and the bits which are actually used (the return value). 188 189=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); 190 191Return the internal name of I<cipher> as a string. These are the various 192strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> 193definitions in the header files. 194 195=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); 196 197Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the 198SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined 199in the specification the first time). 200 201=back 202 203=head2 DEALING WITH PROTOCOL CONTEXTS 204 205Here we document the various API functions which deal with the SSL/TLS 206protocol context defined in the B<SSL_CTX> structure. 207 208=over 4 209 210=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x); 211 212=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509); 213 214=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); 215 216=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx); 217 218=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); 219 220=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t); 221 222=item void B<SSL_CTX_free>(SSL_CTX *a); 223 224=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx); 225 226=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); 227 228=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx); 229 230=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 231 232=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx); 233 234=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 235 236=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); 237 238=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx); 239 240=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); 241 242=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx); 243 244=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); 245 246=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); 247 248=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath); 249 250=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx); 251 252=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth); 253 254=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); 255 256=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); 257 258=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx); 259 260=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx); 261 262=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx); 263 264=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx); 265 266=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx); 267 268=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx); 269 270=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx); 271 272=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx); 273 274=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); 275 276=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); 277 278=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); 279 280=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx); 281 282=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx); 283 284=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx); 285 286=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t); 287 288=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); 289 290=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); 291 292=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); 293 294=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx); 295 296=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx); 297 298=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg); 299 300=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); 301 302=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg) 303 304=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); 305 306=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list); 307 308=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 309 310=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void)) 311 312=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m); 313 314=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); 315 316=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); 317 318=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); 319 320=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); 321 322=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); 323 324=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode); 325 326=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth); 327 328=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t); 329 330=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh); 331 332=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); 333 334=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa); 335 336=item SSL_CTX_set_tmp_rsa_callback 337 338C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));> 339 340Sets the callback which will be called when a temporary private key is 341required. The B<C<export>> flag will be set if the reason for needing 342a temp key is that an export ciphersuite is in use, in which case, 343B<C<keylength>> will contain the required keylength in bits. Generate a key of 344appropriate size (using ???) and return it. 345 346=item SSL_set_tmp_rsa_callback 347 348long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); 349 350The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL 351session instead of a context. 352 353=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) 354 355=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); 356 357=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len); 358 359=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type); 360 361=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa); 362 363=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len); 364 365=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type); 366 367=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x); 368 369=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d); 370 371=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); 372 373=back 374 375=head2 DEALING WITH SESSIONS 376 377Here we document the various API functions which deal with the SSL/TLS 378sessions defined in the B<SSL_SESSION> structures. 379 380=over 4 381 382=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b); 383 384=item void B<SSL_SESSION_free>(SSL_SESSION *ss); 385 386=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); 387 388=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx); 389 390=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 391 392=item long B<SSL_SESSION_get_time>(SSL_SESSION *s); 393 394=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s); 395 396=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a); 397 398=item SSL_SESSION *B<SSL_SESSION_new>(void); 399 400=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x); 401 402=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x); 403 404=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); 405 406=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg); 407 408=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t); 409 410=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t); 411 412=back 413 414=head2 DEALING WITH CONNECTIONS 415 416Here we document the various API functions which deal with the SSL/TLS 417connection defined in the B<SSL> structure. 418 419=over 4 420 421=item int B<SSL_accept>(SSL *ssl); 422 423=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir); 424 425=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file); 426 427=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x); 428 429=item char *B<SSL_alert_desc_string>(int value); 430 431=item char *B<SSL_alert_desc_string_long>(int value); 432 433=item char *B<SSL_alert_type_string>(int value); 434 435=item char *B<SSL_alert_type_string_long>(int value); 436 437=item int B<SSL_check_private_key>(SSL *ssl); 438 439=item void B<SSL_clear>(SSL *ssl); 440 441=item long B<SSL_clear_num_renegotiations>(SSL *ssl); 442 443=item int B<SSL_connect>(SSL *ssl); 444 445=item void B<SSL_copy_session_id>(SSL *t, SSL *f); 446 447=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); 448 449=item int B<SSL_do_handshake>(SSL *ssl); 450 451=item SSL *B<SSL_dup>(SSL *ssl); 452 453=item STACK *B<SSL_dup_CA_list>(STACK *sk); 454 455=item void B<SSL_free>(SSL *ssl); 456 457=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl); 458 459=item char *B<SSL_get_app_data>(SSL *ssl); 460 461=item X509 *B<SSL_get_certificate>(SSL *ssl); 462 463=item const char *B<SSL_get_cipher>(SSL *ssl); 464 465=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits); 466 467=item char *B<SSL_get_cipher_list>(SSL *ssl, int n); 468 469=item char *B<SSL_get_cipher_name>(SSL *ssl); 470 471=item char *B<SSL_get_cipher_version>(SSL *ssl); 472 473=item STACK *B<SSL_get_ciphers>(SSL *ssl); 474 475=item STACK *B<SSL_get_client_CA_list>(SSL *ssl); 476 477=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); 478 479=item long B<SSL_get_default_timeout>(SSL *ssl); 480 481=item int B<SSL_get_error>(SSL *ssl, int i); 482 483=item char *B<SSL_get_ex_data>(SSL *ssl, int idx); 484 485=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); 486 487=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 488 489=item int B<SSL_get_fd>(SSL *ssl); 490 491=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void) 492 493=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl); 494 495=item X509 *B<SSL_get_peer_certificate>(SSL *ssl); 496 497=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); 498 499=item int B<SSL_get_quiet_shutdown>(SSL *ssl); 500 501=item BIO *B<SSL_get_rbio>(SSL *ssl); 502 503=item int B<SSL_get_read_ahead>(SSL *ssl); 504 505=item SSL_SESSION *B<SSL_get_session>(SSL *ssl); 506 507=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len); 508 509=item int B<SSL_get_shutdown>(SSL *ssl); 510 511=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); 512 513=item int B<SSL_get_state>(SSL *ssl); 514 515=item long B<SSL_get_time>(SSL *ssl); 516 517=item long B<SSL_get_timeout>(SSL *ssl); 518 519=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void) 520 521=item int B<SSL_get_verify_mode>(SSL *ssl); 522 523=item long B<SSL_get_verify_result>(SSL *ssl); 524 525=item char *B<SSL_get_version>(SSL *ssl); 526 527=item BIO *B<SSL_get_wbio>(SSL *ssl); 528 529=item int B<SSL_in_accept_init>(SSL *ssl); 530 531=item int B<SSL_in_before>(SSL *ssl); 532 533=item int B<SSL_in_connect_init>(SSL *ssl); 534 535=item int B<SSL_in_init>(SSL *ssl); 536 537=item int B<SSL_is_init_finished>(SSL *ssl); 538 539=item STACK *B<SSL_load_client_CA_file>(char *file); 540 541=item void B<SSL_load_error_strings>(void); 542 543=item SSL *B<SSL_new>(SSL_CTX *ctx); 544 545=item long B<SSL_num_renegotiations>(SSL *ssl); 546 547=item int B<SSL_peek>(SSL *ssl, char *buf, int num); 548 549=item int B<SSL_pending>(SSL *ssl); 550 551=item int B<SSL_read>(SSL *ssl, char *buf, int num); 552 553=item int B<SSL_renegotiate>(SSL *ssl); 554 555=item char *B<SSL_rstate_string>(SSL *ssl); 556 557=item char *B<SSL_rstate_string_long>(SSL *ssl); 558 559=item long B<SSL_session_reused>(SSL *ssl); 560 561=item void B<SSL_set_accept_state>(SSL *ssl); 562 563=item void B<SSL_set_app_data>(SSL *ssl, char *arg); 564 565=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio); 566 567=item int B<SSL_set_cipher_list>(SSL *ssl, char *str); 568 569=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list); 570 571=item void B<SSL_set_connect_state>(SSL *ssl); 572 573=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg); 574 575=item int B<SSL_set_fd>(SSL *ssl, int fd); 576 577=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void)) 578 579=item void B<SSL_set_options>(SSL *ssl, unsigned long op); 580 581=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); 582 583=item void B<SSL_set_read_ahead>(SSL *ssl, int yes); 584 585=item int B<SSL_set_rfd>(SSL *ssl, int fd); 586 587=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session); 588 589=item void B<SSL_set_shutdown>(SSL *ssl, int mode); 590 591=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth); 592 593=item void B<SSL_set_time>(SSL *ssl, long t); 594 595=item void B<SSL_set_timeout>(SSL *ssl, long t); 596 597=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void)) 598 599=item void B<SSL_set_verify_result>(SSL *ssl, long arg); 600 601=item int B<SSL_set_wfd>(SSL *ssl, int fd); 602 603=item int B<SSL_shutdown>(SSL *ssl); 604 605=item int B<SSL_state>(SSL *ssl); 606 607=item char *B<SSL_state_string>(SSL *ssl); 608 609=item char *B<SSL_state_string_long>(SSL *ssl); 610 611=item long B<SSL_total_renegotiations>(SSL *ssl); 612 613=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey); 614 615=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len); 616 617=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type); 618 619=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa); 620 621=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len); 622 623=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type); 624 625=item int B<SSL_use_certificate>(SSL *ssl, X509 *x); 626 627=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d); 628 629=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); 630 631=item int B<SSL_version>(SSL *ssl); 632 633=item int B<SSL_want>(SSL *ssl); 634 635=item int B<SSL_want_nothing>(SSL *ssl); 636 637=item int B<SSL_want_read>(SSL *ssl); 638 639=item int B<SSL_want_write>(SSL *ssl); 640 641=item int B<SSL_want_x509_lookup>(s); 642 643=item int B<SSL_write>(SSL *ssl, char *buf, int num); 644 645=back 646 647=head1 SEE ALSO 648 649L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, 650L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
|