1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) |
2.\" 3.\" Standard preamble: 4.\" ======================================================================== |
5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W- |
25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\" |
43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" |
47.\" If the F register is turned on, we'll generate index entries on stderr for |
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
51.ie \nF \{\ |
52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\} |
58.el \{\ 59. de IX 60.. 61.\} |
62.\" |
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "BIO_f_ssl 3" |
127.TH BIO_f_ssl 3 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh |
132.SH "NAME" 133BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, 134BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, 135BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, 136BIO_ssl_shutdown \- SSL BIO 137.SH "SYNOPSIS" 138.IX Header "SYNOPSIS" 139.Vb 2 140\& #include <openssl/bio.h> 141\& #include <openssl/ssl.h> |
142\& |
143\& BIO_METHOD *BIO_f_ssl(void); |
144\& |
145\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) 146\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) 147\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) 148\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e 149\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); 150\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e 151\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); 152\& #define BIO_get_num_renegotiates(b) \e 153\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); |
154\& |
155\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client); 156\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 157\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 158\& int BIO_ssl_copy_session_id(BIO *to,BIO *from); 159\& void BIO_ssl_shutdown(BIO *bio); |
160\& |
161\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) 162.Ve 163.SH "DESCRIPTION" 164.IX Header "DESCRIPTION" 165\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which 166is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to |
167\&\s-1SSL\s0 I/O. |
168.PP 169I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with 170the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established 171then an attempt is made to establish one on the first I/O call. 172.PP 173If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically 174used as the \s-1SSL\s0 BIOs read and write BIOs. 175.PP --- 84 unchanged lines hidden (view full) --- 260unencrypted example in \fIBIO_s_connect\fR\|(3). 261.PP 262.Vb 5 263\& BIO *sbio, *out; 264\& int len; 265\& char tmpbuf[1024]; 266\& SSL_CTX *ctx; 267\& SSL *ssl; |
268\& |
269\& ERR_load_crypto_strings(); 270\& ERR_load_SSL_strings(); 271\& OpenSSL_add_all_algorithms(); |
272\& 273\& /* We would seed the PRNG here if the platform didn\*(Aqt |
274\& * do it automatically 275\& */ |
276\& |
277\& ctx = SSL_CTX_new(SSLv23_client_method()); |
278\& 279\& /* We\*(Aqd normally set some stuff like the verify paths and |
280\& * mode here because as things stand this will connect to 281\& * any server whose certificate is signed by any CA. 282\& */ |
283\& |
284\& sbio = BIO_new_ssl_connect(ctx); |
285\& |
286\& BIO_get_ssl(sbio, &ssl); |
287\& |
288\& if(!ssl) { |
289\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); |
290\& /* whatever ... */ 291\& } |
292\& 293\& /* Don\*(Aqt want any retries */ |
294\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
295\& |
296\& /* We might want to do other things with ssl here */ |
297\& |
298\& BIO_set_conn_hostname(sbio, "localhost:https"); |
299\& |
300\& out = BIO_new_fp(stdout, BIO_NOCLOSE); 301\& if(BIO_do_connect(sbio) <= 0) { 302\& fprintf(stderr, "Error connecting to server\en"); 303\& ERR_print_errors_fp(stderr); 304\& /* whatever ... */ 305\& } |
306\& |
307\& if(BIO_do_handshake(sbio) <= 0) { 308\& fprintf(stderr, "Error establishing SSL connection\en"); 309\& ERR_print_errors_fp(stderr); 310\& /* whatever ... */ 311\& } |
312\& |
313\& /* Could examine ssl here to get connection info */ |
314\& |
315\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); 316\& for(;;) { 317\& len = BIO_read(sbio, tmpbuf, 1024); 318\& if(len <= 0) break; 319\& BIO_write(out, tmpbuf, len); 320\& } 321\& BIO_free_all(sbio); 322\& BIO_free(out); --- 5 unchanged lines hidden (view full) --- 328a client and also echoes the request to standard output. 329.PP 330.Vb 5 331\& BIO *sbio, *bbio, *acpt, *out; 332\& int len; 333\& char tmpbuf[1024]; 334\& SSL_CTX *ctx; 335\& SSL *ssl; |
336\& |
337\& ERR_load_crypto_strings(); 338\& ERR_load_SSL_strings(); 339\& OpenSSL_add_all_algorithms(); |
340\& |
341\& /* Might seed PRNG here */ |
342\& |
343\& ctx = SSL_CTX_new(SSLv23_server_method()); |
344\& |
345\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) 346\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) 347\& || !SSL_CTX_check_private_key(ctx)) { |
348\& |
349\& fprintf(stderr, "Error setting up SSL_CTX\en"); 350\& ERR_print_errors_fp(stderr); 351\& return 0; 352\& } |
353\& |
354\& /* Might do other things here like setting verify locations and 355\& * DH and/or RSA temporary key callbacks 356\& */ |
357\& |
358\& /* New SSL BIO setup as server */ 359\& sbio=BIO_new_ssl(ctx,0); |
360\& |
361\& BIO_get_ssl(sbio, &ssl); |
362\& |
363\& if(!ssl) { |
364\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); |
365\& /* whatever ... */ 366\& } |
367\& 368\& /* Don\*(Aqt want any retries */ |
369\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
370\& |
371\& /* Create the buffering BIO */ |
372\& |
373\& bbio = BIO_new(BIO_f_buffer()); |
374\& |
375\& /* Add to chain */ 376\& sbio = BIO_push(bbio, sbio); |
377\& |
378\& acpt=BIO_new_accept("4433"); |
379\& |
380\& /* By doing this when a new connection is established 381\& * we automatically have sbio inserted into it. The |
382\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and |
383\& * will be freed when the accept BIO is freed. 384\& */ |
385\& |
386\& BIO_set_accept_bios(acpt,sbio); |
387\& |
388\& out = BIO_new_fp(stdout, BIO_NOCLOSE); |
389\& |
390\& /* Setup accept BIO */ 391\& if(BIO_do_accept(acpt) <= 0) { 392\& fprintf(stderr, "Error setting up accept BIO\en"); 393\& ERR_print_errors_fp(stderr); 394\& return 0; 395\& } |
396\& |
397\& /* Now wait for incoming connection */ 398\& if(BIO_do_accept(acpt) <= 0) { 399\& fprintf(stderr, "Error in connection\en"); 400\& ERR_print_errors_fp(stderr); 401\& return 0; 402\& } |
403\& |
404\& /* We only want one connection so remove and free 405\& * accept BIO 406\& */ |
407\& |
408\& sbio = BIO_pop(acpt); |
409\& |
410\& BIO_free_all(acpt); |
411\& |
412\& if(BIO_do_handshake(sbio) <= 0) { 413\& fprintf(stderr, "Error in SSL handshake\en"); 414\& ERR_print_errors_fp(stderr); 415\& return 0; 416\& } |
417\& 418\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); |
419\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); |
420\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); 421\& |
422\& for(;;) { 423\& len = BIO_gets(sbio, tmpbuf, 1024); 424\& if(len <= 0) break; 425\& BIO_write(sbio, tmpbuf, len); 426\& BIO_write(out, tmpbuf, len); 427\& /* Look for blank line signifying end of headers*/ |
428\& if((tmpbuf[0] == \*(Aq\er\*(Aq) || (tmpbuf[0] == \*(Aq\en\*(Aq)) break; |
429\& } |
430\& 431\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); |
432\& BIO_puts(sbio, "\er\en"); |
433\& |
434\& /* Since there is a buffering BIO present we had better flush it */ 435\& BIO_flush(sbio); |
436\& |
437\& BIO_free_all(sbio); 438.Ve 439.SH "SEE ALSO" 440.IX Header "SEE ALSO" 441\&\s-1TBA\s0 |