1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37
| 1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
|
2.\" 3.\" Standard preamble: 4.\" ========================================================================
| 2.\" 3.\" Standard preamble: 4.\" ========================================================================
|
5.de Sh \" Subsection heading 6.br 7.if t .Sp 8.ne 5 9.PP 10\fB\\$1\fR 11.PP 12..
| |
13.de Sp \" Vertical space (when we can't use .PP) 14.if t .sp .5v 15.if n .sp 16.. 17.de Vb \" Begin verbatim text 18.ft CW 19.nf 20.ne \\$1 21.. 22.de Ve \" End verbatim text 23.ft R 24.fi 25.. 26.\" Set up some character translations and predefined strings. \*(-- will 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
| 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
28.\" double quote, and \*(R" will give a right double quote. | will give a 29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 31.\" expand to `' in nroff, nothing in troff, for use with C<>. 32.tr \(*W-|\(bv\*(Tr
| 20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W-
|
33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 34.ie n \{\ 35. ds -- \(*W- 36. ds PI pi 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 39. ds L" "" 40. ds R" "" 41. ds C` "" 42. ds C' "" 43'br\} 44.el\{\ 45. ds -- \|\(em\| 46. ds PI \(*p 47. ds L" `` 48. ds R" '' 49'br\} 50.\"
| 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\"
|
| 43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\"
|
51.\" If the F register is turned on, we'll generate index entries on stderr for
| 47.\" If the F register is turned on, we'll generate index entries on stderr for
|
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
| 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
|
53.\" entries marked with X<> in POD. Of course, you'll have to process the 54.\" output yourself in some meaningful fashion.
| 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion.
|
55.if \nF \{\
| 51.ie \nF \{\
|
56. de IX 57. tm Index:\\$1\t\\n%\t"\\$2" 58.. 59. nr % 0 60. rr F 61.\}
| 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\}
|
| 58.el \{\ 59. de IX 60.. 61.\}
|
62.\"
| 62.\"
|
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 64.\" way too many mistakes in technical documents. 65.hy 0 66.if n .na 67.\"
| |
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 69.\" Fear. Run. Save yourself. No user-serviceable parts. 70. \" fudge factors for nroff and troff 71.if n \{\ 72. ds #H 0 73. ds #V .8m 74. ds #F .3m 75. ds #[ \f1 76. ds #] \fP 77.\} 78.if t \{\ 79. ds #H ((1u-(\\\\n(.fu%2u))*.13m) 80. ds #V .6m 81. ds #F 0 82. ds #[ \& 83. ds #] \& 84.\} 85. \" simple accents for nroff and troff 86.if n \{\ 87. ds ' \& 88. ds ` \& 89. ds ^ \& 90. ds , \& 91. ds ~ ~ 92. ds / 93.\} 94.if t \{\ 95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" 96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' 97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' 98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' 99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' 100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' 101.\} 102. \" troff and (daisy-wheel) nroff accents 103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' 104.ds 8 \h'\*(#H'\(*b\h'-\*(#H' 105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] 106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' 107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' 108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] 109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] 110.ds ae a\h'-(\w'a'u*4/10)'e 111.ds Ae A\h'-(\w'A'u*4/10)'E 112. \" corrections for vroff 113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' 114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' 115. \" for low resolution devices (crt and lpr) 116.if \n(.H>23 .if \n(.V>19 \ 117\{\ 118. ds : e 119. ds 8 ss 120. ds o a 121. ds d- d\h'-1'\(ga 122. ds D- D\h'-1'\(hy 123. ds th \o'bp' 124. ds Th \o'LP' 125. ds ae ae 126. ds Ae AE 127.\} 128.rm #[ #] #H #V #F C 129.\" ======================================================================== 130.\" 131.IX Title "BIO_f_ssl 3"
| 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 71. ds #] \fP 72.\} 73.if t \{\ 74. ds #H ((1u-(\\\\n(.fu%2u))*.13m) 75. ds #V .6m 76. ds #F 0 77. ds #[ \& 78. ds #] \& 79.\} 80. \" simple accents for nroff and troff 81.if n \{\ 82. ds ' \& 83. ds ` \& 84. ds ^ \& 85. ds , \& 86. ds ~ ~ 87. ds / 88.\} 89.if t \{\ 90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" 91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' 92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' 93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' 94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' 95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' 96.\} 97. \" troff and (daisy-wheel) nroff accents 98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' 99.ds 8 \h'\*(#H'\(*b\h'-\*(#H' 100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] 101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' 102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' 103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] 104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] 105.ds ae a\h'-(\w'a'u*4/10)'e 106.ds Ae A\h'-(\w'A'u*4/10)'E 107. \" corrections for vroff 108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' 109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' 110. \" for low resolution devices (crt and lpr) 111.if \n(.H>23 .if \n(.V>19 \ 112\{\ 113. ds : e 114. ds 8 ss 115. ds o a 116. ds d- d\h'-1'\(ga 117. ds D- D\h'-1'\(hy 118. ds th \o'bp' 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "BIO_f_ssl 3"
|
132.TH BIO_f_ssl 3 "2010-03-24" "0.9.8n" "OpenSSL"
| 127.TH BIO_f_ssl 3 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh
|
133.SH "NAME" 134BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, 135BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, 136BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, 137BIO_ssl_shutdown \- SSL BIO 138.SH "SYNOPSIS" 139.IX Header "SYNOPSIS" 140.Vb 2 141\& #include <openssl/bio.h> 142\& #include <openssl/ssl.h>
| 132.SH "NAME" 133BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, 134BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, 135BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, 136BIO_ssl_shutdown \- SSL BIO 137.SH "SYNOPSIS" 138.IX Header "SYNOPSIS" 139.Vb 2 140\& #include <openssl/bio.h> 141\& #include <openssl/ssl.h>
|
143.Ve 144.PP 145.Vb 1
| 142\&
|
146\& BIO_METHOD *BIO_f_ssl(void);
| 143\& BIO_METHOD *BIO_f_ssl(void);
|
147.Ve 148.PP 149.Vb 9
| 144\&
|
150\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) 151\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) 152\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) 153\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e 154\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); 155\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e 156\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); 157\& #define BIO_get_num_renegotiates(b) \e 158\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
| 145\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) 146\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) 147\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) 148\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e 149\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); 150\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e 151\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); 152\& #define BIO_get_num_renegotiates(b) \e 153\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
|
159.Ve 160.PP 161.Vb 5
| 154\&
|
162\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client); 163\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 164\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 165\& int BIO_ssl_copy_session_id(BIO *to,BIO *from); 166\& void BIO_ssl_shutdown(BIO *bio);
| 155\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client); 156\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 157\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 158\& int BIO_ssl_copy_session_id(BIO *to,BIO *from); 159\& void BIO_ssl_shutdown(BIO *bio);
|
167.Ve 168.PP 169.Vb 1
| 160\&
|
170\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) 171.Ve 172.SH "DESCRIPTION" 173.IX Header "DESCRIPTION" 174\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which 175is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
| 161\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) 162.Ve 163.SH "DESCRIPTION" 164.IX Header "DESCRIPTION" 165\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which 166is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
|
176\&\s-1SSL\s0 I/O.
| 167\&\s-1SSL\s0 I/O.
|
177.PP 178I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with 179the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established 180then an attempt is made to establish one on the first I/O call. 181.PP 182If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically 183used as the \s-1SSL\s0 BIOs read and write BIOs. 184.PP 185Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection 186by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in 187the chain: this will typically disconnect the underlying transport. 188The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. 189.PP 190If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal 191\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. 192.PP 193\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using 194the close flag \fBc\fR. 195.PP 196\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be 197manipulated using the standard \s-1SSL\s0 library functions. 198.PP 199\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR 200is 1 client mode is set. If \fBclient\fR is 0 server mode is set. 201.PP 202\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count 203to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) 204the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at 205least 512 bytes. 206.PP 207\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to 208\&\fBseconds\fR. When the renegotiate timeout elapses the session is 209automatically renegotiated. 210.PP 211\&\fIBIO_get_num_renegotiates()\fR returns the total number of session 212renegotiations due to I/O or timeout. 213.PP 214\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using 215client mode if \fBclient\fR is non zero. 216.PP 217\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an 218\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. 219.PP 220\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting 221of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect 222\&\s-1BIO\s0. 223.PP 224\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between 225\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the 226\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on 227the internal \s-1SSL\s0 pointer. 228.PP 229\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 230chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the 231chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 232pointer. 233.PP 234\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the 235supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 236if the connection was established successfully. A zero or negative 237value is returned if the connection could not be established, the 238call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs 239to determine if the call should be retried. If an \s-1SSL\s0 connection has 240already been established this call has no effect. 241.SH "NOTES" 242.IX Header "NOTES" 243\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport 244is non blocking they can still request a retry in exceptional 245circumstances. Specifically this will happen if a session 246renegotiation takes place during a \fIBIO_read()\fR operation, one 247case where this happens is when \s-1SGC\s0 or step up occurs. 248.PP 249In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be 250set to disable this behaviour. That is when this flag is set 251an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a 252retry. 253.PP 254Since unknown \fIBIO_ctrl()\fR operations are sent through filter 255BIOs the servers name and port can be set using \fIBIO_set_host()\fR 256on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having 257to locate the connect \s-1BIO\s0 first. 258.PP 259Applications do not have to call \fIBIO_do_handshake()\fR but may wish 260to do so to separate the handshake process from other I/O 261processing. 262.SH "RETURN VALUES" 263.IX Header "RETURN VALUES" 264\&\s-1TBA\s0 265.SH "EXAMPLE" 266.IX Header "EXAMPLE" 267This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an 268\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the 269unencrypted example in \fIBIO_s_connect\fR\|(3). 270.PP 271.Vb 5 272\& BIO *sbio, *out; 273\& int len; 274\& char tmpbuf[1024]; 275\& SSL_CTX *ctx; 276\& SSL *ssl;
| 168.PP 169I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with 170the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established 171then an attempt is made to establish one on the first I/O call. 172.PP 173If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically 174used as the \s-1SSL\s0 BIOs read and write BIOs. 175.PP 176Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection 177by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in 178the chain: this will typically disconnect the underlying transport. 179The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. 180.PP 181If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal 182\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. 183.PP 184\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using 185the close flag \fBc\fR. 186.PP 187\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be 188manipulated using the standard \s-1SSL\s0 library functions. 189.PP 190\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR 191is 1 client mode is set. If \fBclient\fR is 0 server mode is set. 192.PP 193\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count 194to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) 195the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at 196least 512 bytes. 197.PP 198\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to 199\&\fBseconds\fR. When the renegotiate timeout elapses the session is 200automatically renegotiated. 201.PP 202\&\fIBIO_get_num_renegotiates()\fR returns the total number of session 203renegotiations due to I/O or timeout. 204.PP 205\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using 206client mode if \fBclient\fR is non zero. 207.PP 208\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an 209\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. 210.PP 211\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting 212of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect 213\&\s-1BIO\s0. 214.PP 215\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between 216\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the 217\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on 218the internal \s-1SSL\s0 pointer. 219.PP 220\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 221chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the 222chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 223pointer. 224.PP 225\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the 226supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 227if the connection was established successfully. A zero or negative 228value is returned if the connection could not be established, the 229call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs 230to determine if the call should be retried. If an \s-1SSL\s0 connection has 231already been established this call has no effect. 232.SH "NOTES" 233.IX Header "NOTES" 234\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport 235is non blocking they can still request a retry in exceptional 236circumstances. Specifically this will happen if a session 237renegotiation takes place during a \fIBIO_read()\fR operation, one 238case where this happens is when \s-1SGC\s0 or step up occurs. 239.PP 240In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be 241set to disable this behaviour. That is when this flag is set 242an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a 243retry. 244.PP 245Since unknown \fIBIO_ctrl()\fR operations are sent through filter 246BIOs the servers name and port can be set using \fIBIO_set_host()\fR 247on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having 248to locate the connect \s-1BIO\s0 first. 249.PP 250Applications do not have to call \fIBIO_do_handshake()\fR but may wish 251to do so to separate the handshake process from other I/O 252processing. 253.SH "RETURN VALUES" 254.IX Header "RETURN VALUES" 255\&\s-1TBA\s0 256.SH "EXAMPLE" 257.IX Header "EXAMPLE" 258This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an 259\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the 260unencrypted example in \fIBIO_s_connect\fR\|(3). 261.PP 262.Vb 5 263\& BIO *sbio, *out; 264\& int len; 265\& char tmpbuf[1024]; 266\& SSL_CTX *ctx; 267\& SSL *ssl;
|
277.Ve 278.PP 279.Vb 3
| 268\&
|
280\& ERR_load_crypto_strings(); 281\& ERR_load_SSL_strings(); 282\& OpenSSL_add_all_algorithms();
| 269\& ERR_load_crypto_strings(); 270\& ERR_load_SSL_strings(); 271\& OpenSSL_add_all_algorithms();
|
283.Ve 284.PP 285.Vb 3 286\& /* We would seed the PRNG here if the platform didn't
| 272\& 273\& /* We would seed the PRNG here if the platform didn\*(Aqt
|
287\& * do it automatically 288\& */
| 274\& * do it automatically 275\& */
|
289.Ve 290.PP 291.Vb 1
| 276\&
|
292\& ctx = SSL_CTX_new(SSLv23_client_method());
| 277\& ctx = SSL_CTX_new(SSLv23_client_method());
|
293.Ve 294.PP 295.Vb 4 296\& /* We'd normally set some stuff like the verify paths and
| 278\& 279\& /* We\*(Aqd normally set some stuff like the verify paths and
|
297\& * mode here because as things stand this will connect to 298\& * any server whose certificate is signed by any CA. 299\& */
| 280\& * mode here because as things stand this will connect to 281\& * any server whose certificate is signed by any CA. 282\& */
|
300.Ve 301.PP 302.Vb 1
| 283\&
|
303\& sbio = BIO_new_ssl_connect(ctx);
| 284\& sbio = BIO_new_ssl_connect(ctx);
|
304.Ve 305.PP 306.Vb 1
| 285\&
|
307\& BIO_get_ssl(sbio, &ssl);
| 286\& BIO_get_ssl(sbio, &ssl);
|
308.Ve 309.PP 310.Vb 4
| 287\&
|
311\& if(!ssl) {
| 288\& if(!ssl) {
|
312\& fprintf(stderr, "Can't locate SSL pointer\en");
| 289\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
|
313\& /* whatever ... */ 314\& }
| 290\& /* whatever ... */ 291\& }
|
315.Ve 316.PP 317.Vb 2 318\& /* Don't want any retries */
| 292\& 293\& /* Don\*(Aqt want any retries */
|
319\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
| 294\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
320.Ve 321.PP 322.Vb 1
| 295\&
|
323\& /* We might want to do other things with ssl here */
| 296\& /* We might want to do other things with ssl here */
|
324.Ve 325.PP 326.Vb 1
| 297\&
|
327\& BIO_set_conn_hostname(sbio, "localhost:https");
| 298\& BIO_set_conn_hostname(sbio, "localhost:https");
|
328.Ve 329.PP 330.Vb 6
| 299\&
|
331\& out = BIO_new_fp(stdout, BIO_NOCLOSE); 332\& if(BIO_do_connect(sbio) <= 0) { 333\& fprintf(stderr, "Error connecting to server\en"); 334\& ERR_print_errors_fp(stderr); 335\& /* whatever ... */ 336\& }
| 300\& out = BIO_new_fp(stdout, BIO_NOCLOSE); 301\& if(BIO_do_connect(sbio) <= 0) { 302\& fprintf(stderr, "Error connecting to server\en"); 303\& ERR_print_errors_fp(stderr); 304\& /* whatever ... */ 305\& }
|
337.Ve 338.PP 339.Vb 5
| 306\&
|
340\& if(BIO_do_handshake(sbio) <= 0) { 341\& fprintf(stderr, "Error establishing SSL connection\en"); 342\& ERR_print_errors_fp(stderr); 343\& /* whatever ... */ 344\& }
| 307\& if(BIO_do_handshake(sbio) <= 0) { 308\& fprintf(stderr, "Error establishing SSL connection\en"); 309\& ERR_print_errors_fp(stderr); 310\& /* whatever ... */ 311\& }
|
345.Ve 346.PP 347.Vb 1
| 312\&
|
348\& /* Could examine ssl here to get connection info */
| 313\& /* Could examine ssl here to get connection info */
|
349.Ve 350.PP 351.Vb 8
| 314\&
|
352\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); 353\& for(;;) { 354\& len = BIO_read(sbio, tmpbuf, 1024); 355\& if(len <= 0) break; 356\& BIO_write(out, tmpbuf, len); 357\& } 358\& BIO_free_all(sbio); 359\& BIO_free(out); 360.Ve 361.PP 362Here is a simple server example. It makes use of a buffering 363\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. 364It creates a pseudo web page containing the actual request from 365a client and also echoes the request to standard output. 366.PP 367.Vb 5 368\& BIO *sbio, *bbio, *acpt, *out; 369\& int len; 370\& char tmpbuf[1024]; 371\& SSL_CTX *ctx; 372\& SSL *ssl;
| 315\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); 316\& for(;;) { 317\& len = BIO_read(sbio, tmpbuf, 1024); 318\& if(len <= 0) break; 319\& BIO_write(out, tmpbuf, len); 320\& } 321\& BIO_free_all(sbio); 322\& BIO_free(out); 323.Ve 324.PP 325Here is a simple server example. It makes use of a buffering 326\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. 327It creates a pseudo web page containing the actual request from 328a client and also echoes the request to standard output. 329.PP 330.Vb 5 331\& BIO *sbio, *bbio, *acpt, *out; 332\& int len; 333\& char tmpbuf[1024]; 334\& SSL_CTX *ctx; 335\& SSL *ssl;
|
373.Ve 374.PP 375.Vb 3
| 336\&
|
376\& ERR_load_crypto_strings(); 377\& ERR_load_SSL_strings(); 378\& OpenSSL_add_all_algorithms();
| 337\& ERR_load_crypto_strings(); 338\& ERR_load_SSL_strings(); 339\& OpenSSL_add_all_algorithms();
|
379.Ve 380.PP 381.Vb 1
| 340\&
|
382\& /* Might seed PRNG here */
| 341\& /* Might seed PRNG here */
|
383.Ve 384.PP 385.Vb 1
| 342\&
|
386\& ctx = SSL_CTX_new(SSLv23_server_method());
| 343\& ctx = SSL_CTX_new(SSLv23_server_method());
|
387.Ve 388.PP 389.Vb 3
| 344\&
|
390\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) 391\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) 392\& || !SSL_CTX_check_private_key(ctx)) {
| 345\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) 346\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) 347\& || !SSL_CTX_check_private_key(ctx)) {
|
393.Ve 394.PP 395.Vb 4
| 348\&
|
396\& fprintf(stderr, "Error setting up SSL_CTX\en"); 397\& ERR_print_errors_fp(stderr); 398\& return 0; 399\& }
| 349\& fprintf(stderr, "Error setting up SSL_CTX\en"); 350\& ERR_print_errors_fp(stderr); 351\& return 0; 352\& }
|
400.Ve 401.PP 402.Vb 3
| 353\&
|
403\& /* Might do other things here like setting verify locations and 404\& * DH and/or RSA temporary key callbacks 405\& */
| 354\& /* Might do other things here like setting verify locations and 355\& * DH and/or RSA temporary key callbacks 356\& */
|
406.Ve 407.PP 408.Vb 2
| 357\&
|
409\& /* New SSL BIO setup as server */ 410\& sbio=BIO_new_ssl(ctx,0);
| 358\& /* New SSL BIO setup as server */ 359\& sbio=BIO_new_ssl(ctx,0);
|
411.Ve 412.PP 413.Vb 1
| 360\&
|
414\& BIO_get_ssl(sbio, &ssl);
| 361\& BIO_get_ssl(sbio, &ssl);
|
415.Ve 416.PP 417.Vb 4
| 362\&
|
418\& if(!ssl) {
| 363\& if(!ssl) {
|
419\& fprintf(stderr, "Can't locate SSL pointer\en");
| 364\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
|
420\& /* whatever ... */ 421\& }
| 365\& /* whatever ... */ 366\& }
|
422.Ve 423.PP 424.Vb 2 425\& /* Don't want any retries */
| 367\& 368\& /* Don\*(Aqt want any retries */
|
426\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
| 369\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
427.Ve 428.PP 429.Vb 1
| 370\&
|
430\& /* Create the buffering BIO */
| 371\& /* Create the buffering BIO */
|
431.Ve 432.PP 433.Vb 1
| 372\&
|
434\& bbio = BIO_new(BIO_f_buffer());
| 373\& bbio = BIO_new(BIO_f_buffer());
|
435.Ve 436.PP 437.Vb 2
| 374\&
|
438\& /* Add to chain */ 439\& sbio = BIO_push(bbio, sbio);
| 375\& /* Add to chain */ 376\& sbio = BIO_push(bbio, sbio);
|
440.Ve 441.PP 442.Vb 1
| 377\&
|
443\& acpt=BIO_new_accept("4433");
| 378\& acpt=BIO_new_accept("4433");
|
444.Ve 445.PP 446.Vb 5
| 379\&
|
447\& /* By doing this when a new connection is established 448\& * we automatically have sbio inserted into it. The
| 380\& /* By doing this when a new connection is established 381\& * we automatically have sbio inserted into it. The
|
449\& * BIO chain is now 'swallowed' by the accept BIO and
| 382\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and
|
450\& * will be freed when the accept BIO is freed. 451\& */
| 383\& * will be freed when the accept BIO is freed. 384\& */
|
452.Ve 453.PP 454.Vb 1
| 385\&
|
455\& BIO_set_accept_bios(acpt,sbio);
| 386\& BIO_set_accept_bios(acpt,sbio);
|
456.Ve 457.PP 458.Vb 1
| 387\&
|
459\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
| 388\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
460.Ve 461.PP 462.Vb 6
| 389\&
|
463\& /* Setup accept BIO */ 464\& if(BIO_do_accept(acpt) <= 0) { 465\& fprintf(stderr, "Error setting up accept BIO\en"); 466\& ERR_print_errors_fp(stderr); 467\& return 0; 468\& }
| 390\& /* Setup accept BIO */ 391\& if(BIO_do_accept(acpt) <= 0) { 392\& fprintf(stderr, "Error setting up accept BIO\en"); 393\& ERR_print_errors_fp(stderr); 394\& return 0; 395\& }
|
469.Ve 470.PP 471.Vb 6
| 396\&
|
472\& /* Now wait for incoming connection */ 473\& if(BIO_do_accept(acpt) <= 0) { 474\& fprintf(stderr, "Error in connection\en"); 475\& ERR_print_errors_fp(stderr); 476\& return 0; 477\& }
| 397\& /* Now wait for incoming connection */ 398\& if(BIO_do_accept(acpt) <= 0) { 399\& fprintf(stderr, "Error in connection\en"); 400\& ERR_print_errors_fp(stderr); 401\& return 0; 402\& }
|
478.Ve 479.PP 480.Vb 3
| 403\&
|
481\& /* We only want one connection so remove and free 482\& * accept BIO 483\& */
| 404\& /* We only want one connection so remove and free 405\& * accept BIO 406\& */
|
484.Ve 485.PP 486.Vb 1
| 407\&
|
487\& sbio = BIO_pop(acpt);
| 408\& sbio = BIO_pop(acpt);
|
488.Ve 489.PP 490.Vb 1
| 409\&
|
491\& BIO_free_all(acpt);
| 410\& BIO_free_all(acpt);
|
492.Ve 493.PP 494.Vb 5
| 411\&
|
495\& if(BIO_do_handshake(sbio) <= 0) { 496\& fprintf(stderr, "Error in SSL handshake\en"); 497\& ERR_print_errors_fp(stderr); 498\& return 0; 499\& }
| 412\& if(BIO_do_handshake(sbio) <= 0) { 413\& fprintf(stderr, "Error in SSL handshake\en"); 414\& ERR_print_errors_fp(stderr); 415\& return 0; 416\& }
|
500.Ve 501.PP 502.Vb 3 503\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en");
| 417\& 418\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en");
|
504\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
| 419\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
|
505\& BIO_puts(sbio, "--------------------------------------------------\er\en"); 506.Ve 507.PP 508.Vb 8
| 420\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); 421\&
|
509\& for(;;) { 510\& len = BIO_gets(sbio, tmpbuf, 1024); 511\& if(len <= 0) break; 512\& BIO_write(sbio, tmpbuf, len); 513\& BIO_write(out, tmpbuf, len); 514\& /* Look for blank line signifying end of headers*/
| 422\& for(;;) { 423\& len = BIO_gets(sbio, tmpbuf, 1024); 424\& if(len <= 0) break; 425\& BIO_write(sbio, tmpbuf, len); 426\& BIO_write(out, tmpbuf, len); 427\& /* Look for blank line signifying end of headers*/
|
515\& if((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) break;
| 428\& if((tmpbuf[0] == \*(Aq\er\*(Aq) || (tmpbuf[0] == \*(Aq\en\*(Aq)) break;
|
516\& }
| 429\& }
|
517.Ve 518.PP 519.Vb 2 520\& BIO_puts(sbio, "--------------------------------------------------\er\en");
| 430\& 431\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en");
|
521\& BIO_puts(sbio, "\er\en");
| 432\& BIO_puts(sbio, "\er\en");
|
522.Ve 523.PP 524.Vb 2
| 433\&
|
525\& /* Since there is a buffering BIO present we had better flush it */ 526\& BIO_flush(sbio);
| 434\& /* Since there is a buffering BIO present we had better flush it */ 435\& BIO_flush(sbio);
|
527.Ve 528.PP 529.Vb 1
| 436\&
|
530\& BIO_free_all(sbio); 531.Ve 532.SH "SEE ALSO" 533.IX Header "SEE ALSO" 534\&\s-1TBA\s0
| 437\& BIO_free_all(sbio); 438.Ve 439.SH "SEE ALSO" 440.IX Header "SEE ALSO" 441\&\s-1TBA\s0
|