PolarSSL v1.1.4
|
SSL/TLS functions. More...
#include <time.h>
#include "net.h"
#include "dhm.h"
#include "rsa.h"
#include "md5.h"
#include "sha1.h"
#include "x509.h"
#include "config.h"
Go to the source code of this file.
Data Structures | |
struct | _ssl_session |
struct | _ssl_context |
Defines | |
#define | POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
The requested feature is not available. | |
#define | POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 |
Bad input parameters to function. | |
#define | POLARSSL_ERR_SSL_INVALID_MAC -0x7180 |
Verification of the message MAC failed. | |
#define | POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 |
An invalid SSL record was received. | |
#define | POLARSSL_ERR_SSL_CONN_EOF -0x7280 |
The connection indicated an EOF. | |
#define | POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
An unknown cipher was received. | |
#define | POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
The server has no ciphersuites in common with the client. | |
#define | POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 |
No session to recover was found. | |
#define | POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
No client certification received from the client, but required by the authentication mode. | |
#define | POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
Our own certificate(s) is/are too large to send in an SSL message. | |
#define | POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
The own certificate is not set, but needed by the server. | |
#define | POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
The own private key is not set, but needed. | |
#define | POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
No CA Chain is set, but required to operate. | |
#define | POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
An unexpected message was received from our peer. | |
#define | POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
A fatal alert message was received from our peer. | |
#define | POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
Verification of our peer failed. | |
#define | POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
The peer notified us that the connection is going to be closed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
Processing of the ClientHello handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
Processing of the ServerHello handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
Processing of the Certificate handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
Processing of the CertificateRequest handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
Processing of the ServerKeyExchange handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
Processing of the ServerHelloDone handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
Processing of the ClientKeyExchange handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 |
Processing of the ClientKeyExchange handshake message failed in DHM Read Public. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 |
Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
Processing of the CertificateVerify handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
Processing of the ChangeCipherSpec handshake message failed. | |
#define | POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
Processing of the Finished handshake message failed. | |
#define | POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 |
Memory allocation failed. | |
#define | SSL_MAJOR_VERSION_3 3 |
#define | SSL_MINOR_VERSION_0 0 |
#define | SSL_MINOR_VERSION_1 1 |
#define | SSL_MINOR_VERSION_2 2 |
#define | SSL_IS_CLIENT 0 |
#define | SSL_IS_SERVER 1 |
#define | SSL_COMPRESS_NULL 0 |
#define | SSL_VERIFY_NONE 0 |
#define | SSL_VERIFY_OPTIONAL 1 |
#define | SSL_VERIFY_REQUIRED 2 |
#define | SSL_MAX_CONTENT_LEN 16384 |
#define | SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) |
#define | SSL_RSA_RC4_128_MD5 0x04 |
#define | SSL_RSA_RC4_128_SHA 0x05 |
#define | SSL_RSA_DES_168_SHA 0x0A |
#define | SSL_EDH_RSA_DES_168_SHA 0x16 |
#define | SSL_RSA_AES_128_SHA 0x2F |
#define | SSL_EDH_RSA_AES_128_SHA 0x33 |
#define | SSL_RSA_AES_256_SHA 0x35 |
#define | SSL_EDH_RSA_AES_256_SHA 0x39 |
#define | SSL_RSA_CAMELLIA_128_SHA 0x41 |
#define | SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 |
#define | SSL_RSA_CAMELLIA_256_SHA 0x84 |
#define | SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 |
#define | SSL_MSG_CHANGE_CIPHER_SPEC 20 |
#define | SSL_MSG_ALERT 21 |
#define | SSL_MSG_HANDSHAKE 22 |
#define | SSL_MSG_APPLICATION_DATA 23 |
#define | SSL_ALERT_LEVEL_WARNING 1 |
#define | SSL_ALERT_LEVEL_FATAL 2 |
#define | SSL_ALERT_MSG_CLOSE_NOTIFY 0 |
#define | SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 |
#define | SSL_ALERT_MSG_BAD_RECORD_MAC 20 |
#define | SSL_ALERT_MSG_DECRYPTION_FAILED 21 |
#define | SSL_ALERT_MSG_RECORD_OVERFLOW 22 |
#define | SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 |
#define | SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 |
#define | SSL_ALERT_MSG_NO_CERT 41 |
#define | SSL_ALERT_MSG_BAD_CERT 42 |
#define | SSL_ALERT_MSG_UNSUPPORTED_CERT 43 |
#define | SSL_ALERT_MSG_CERT_REVOKED 44 |
#define | SSL_ALERT_MSG_CERT_EXPIRED 45 |
#define | SSL_ALERT_MSG_CERT_UNKNOWN 46 |
#define | SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 |
#define | SSL_ALERT_MSG_UNKNOWN_CA 48 |
#define | SSL_ALERT_MSG_ACCESS_DENIED 49 |
#define | SSL_ALERT_MSG_DECODE_ERROR 50 |
#define | SSL_ALERT_MSG_DECRYPT_ERROR 51 |
#define | SSL_ALERT_MSG_EXPORT_RESTRICTION 60 |
#define | SSL_ALERT_MSG_PROTOCOL_VERSION 70 |
#define | SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 |
#define | SSL_ALERT_MSG_INTERNAL_ERROR 80 |
#define | SSL_ALERT_MSG_USER_CANCELED 90 |
#define | SSL_ALERT_MSG_NO_RENEGOTIATION 100 |
#define | SSL_HS_HELLO_REQUEST 0 |
#define | SSL_HS_CLIENT_HELLO 1 |
#define | SSL_HS_SERVER_HELLO 2 |
#define | SSL_HS_CERTIFICATE 11 |
#define | SSL_HS_SERVER_KEY_EXCHANGE 12 |
#define | SSL_HS_CERTIFICATE_REQUEST 13 |
#define | SSL_HS_SERVER_HELLO_DONE 14 |
#define | SSL_HS_CERTIFICATE_VERIFY 15 |
#define | SSL_HS_CLIENT_KEY_EXCHANGE 16 |
#define | SSL_HS_FINISHED 20 |
#define | TLS_EXT_SERVERNAME 0 |
#define | TLS_EXT_SERVERNAME_HOSTNAME 0 |
Typedefs | |
typedef struct _ssl_session | ssl_session |
typedef struct _ssl_context | ssl_context |
Enumerations | |
enum | ssl_states { SSL_HELLO_REQUEST, SSL_CLIENT_HELLO, SSL_SERVER_HELLO, SSL_SERVER_CERTIFICATE, SSL_SERVER_KEY_EXCHANGE, SSL_CERTIFICATE_REQUEST, SSL_SERVER_HELLO_DONE, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_KEY_EXCHANGE, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_FLUSH_BUFFERS, SSL_HANDSHAKE_OVER } |
Functions | |
static const int * | ssl_list_ciphersuites (void) |
Returns the list of ciphersuites supported by the SSL/TLS module. | |
const char * | ssl_get_ciphersuite_name (const int ciphersuite_id) |
Return the name of the ciphersuite associated with the given ID. | |
int | ssl_get_ciphersuite_id (const char *ciphersuite_name) |
Return the ID of the ciphersuite associated with the given name. | |
int | ssl_init (ssl_context *ssl) |
Initialize an SSL context. | |
void | ssl_session_reset (ssl_context *ssl) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. | |
void | ssl_set_endpoint (ssl_context *ssl, int endpoint) |
Set the current endpoint type. | |
void | ssl_set_authmode (ssl_context *ssl, int authmode) |
Set the certificate verification mode. | |
void | ssl_set_verify (ssl_context *ssl, int(*f_vrfy)(void *, x509_cert *, int, int), void *p_vrfy) |
Set the verification callback (Optional). | |
void | ssl_set_rng (ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Set the random number generator callback. | |
void | ssl_set_dbg (ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg) |
Set the debug callback. | |
void | ssl_set_bio (ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send) |
Set the underlying BIO read and write callbacks. | |
void | ssl_set_scb (ssl_context *ssl, int(*s_get)(ssl_context *), int(*s_set)(ssl_context *)) |
Set the session callbacks (server-side only) | |
void | ssl_set_session (ssl_context *ssl, int resume, int timeout, ssl_session *session) |
Set the session resuming flag, timeout and data. | |
void | ssl_set_ciphersuites (ssl_context *ssl, int *ciphersuites) |
Set the list of allowed ciphersuites. | |
void | ssl_set_ca_chain (ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn) |
Set the data required to verify peer certificate. | |
void | ssl_set_own_cert (ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key) |
Set own certificate and private key. | |
int | ssl_set_dh_param (ssl_context *ssl, const char *dhm_P, const char *dhm_G) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) | |
int | ssl_set_dh_param_ctx (ssl_context *ssl, dhm_context *dhm_ctx) |
Set the Diffie-Hellman public P and G values, read from existing context (server-side only) | |
int | ssl_set_hostname (ssl_context *ssl, const char *hostname) |
Set hostname for ServerName TLS Extension. | |
void | ssl_set_max_version (ssl_context *ssl, int major, int minor) |
Set the maximum supported version sent from the client side. | |
size_t | ssl_get_bytes_avail (const ssl_context *ssl) |
Return the number of data bytes available to read. | |
int | ssl_get_verify_result (const ssl_context *ssl) |
Return the result of the certificate verification. | |
const char * | ssl_get_ciphersuite (const ssl_context *ssl) |
Return the name of the current ciphersuite. | |
const char * | ssl_get_version (const ssl_context *ssl) |
Return the current SSL version (SSLv3/TLSv1/etc) | |
int | ssl_handshake (ssl_context *ssl) |
Perform the SSL handshake. | |
int | ssl_read (ssl_context *ssl, unsigned char *buf, size_t len) |
Read at most 'len' application data bytes. | |
int | ssl_write (ssl_context *ssl, const unsigned char *buf, size_t len) |
Write exactly 'len' application data bytes. | |
int | ssl_close_notify (ssl_context *ssl) |
Notify the peer that the connection is being closed. | |
void | ssl_free (ssl_context *ssl) |
Free an SSL context. | |
int | ssl_handshake_client (ssl_context *ssl) |
int | ssl_handshake_server (ssl_context *ssl) |
int | ssl_derive_keys (ssl_context *ssl) |
void | ssl_calc_verify (ssl_context *ssl, unsigned char hash[36]) |
int | ssl_read_record (ssl_context *ssl) |
int | ssl_fetch_input (ssl_context *ssl, size_t nb_want) |
int | ssl_write_record (ssl_context *ssl) |
int | ssl_flush_output (ssl_context *ssl) |
int | ssl_parse_certificate (ssl_context *ssl) |
int | ssl_write_certificate (ssl_context *ssl) |
int | ssl_parse_change_cipher_spec (ssl_context *ssl) |
int | ssl_write_change_cipher_spec (ssl_context *ssl) |
int | ssl_parse_finished (ssl_context *ssl) |
int | ssl_write_finished (ssl_context *ssl) |
Variables | |
int | ssl_default_ciphersuites [] |
SSL/TLS functions.
Copyright (C) 2006-2010, Brainspark B.V.
This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Definition in file ssl.h.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 |
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 |
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 |
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 |
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 |
#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 |
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 |
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 |
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
#define SSL_ALERT_LEVEL_FATAL 2 |
#define SSL_ALERT_LEVEL_WARNING 1 |
#define SSL_ALERT_MSG_ACCESS_DENIED 49 |
#define SSL_ALERT_MSG_BAD_CERT 42 |
#define SSL_ALERT_MSG_BAD_RECORD_MAC 20 |
#define SSL_ALERT_MSG_CERT_EXPIRED 45 |
#define SSL_ALERT_MSG_CERT_REVOKED 44 |
#define SSL_ALERT_MSG_CERT_UNKNOWN 46 |
#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 |
#define SSL_ALERT_MSG_DECODE_ERROR 50 |
#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 |
#define SSL_ALERT_MSG_DECRYPT_ERROR 51 |
#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 |
#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 |
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 |
#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 |
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 |
#define SSL_ALERT_MSG_INTERNAL_ERROR 80 |
#define SSL_ALERT_MSG_NO_CERT 41 |
#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 |
#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 |
#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 |
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 |
#define SSL_ALERT_MSG_UNKNOWN_CA 48 |
#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 |
#define SSL_ALERT_MSG_USER_CANCELED 90 |
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) |
#define SSL_COMPRESS_NULL 0 |
#define SSL_EDH_RSA_AES_128_SHA 0x33 |
#define SSL_EDH_RSA_AES_256_SHA 0x39 |
#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 |
#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 |
#define SSL_EDH_RSA_DES_168_SHA 0x16 |
#define SSL_HS_CERTIFICATE 11 |
#define SSL_HS_CERTIFICATE_REQUEST 13 |
#define SSL_HS_CERTIFICATE_VERIFY 15 |
#define SSL_HS_CLIENT_HELLO 1 |
#define SSL_HS_CLIENT_KEY_EXCHANGE 16 |
#define SSL_HS_FINISHED 20 |
#define SSL_HS_HELLO_REQUEST 0 |
#define SSL_HS_SERVER_HELLO 2 |
#define SSL_HS_SERVER_HELLO_DONE 14 |
#define SSL_HS_SERVER_KEY_EXCHANGE 12 |
#define SSL_IS_CLIENT 0 |
#define SSL_IS_SERVER 1 |
#define SSL_MAJOR_VERSION_3 3 |
#define SSL_MAX_CONTENT_LEN 16384 |
#define SSL_MINOR_VERSION_0 0 |
#define SSL_MINOR_VERSION_1 1 |
#define SSL_MINOR_VERSION_2 2 |
#define SSL_MSG_ALERT 21 |
#define SSL_MSG_APPLICATION_DATA 23 |
#define SSL_MSG_CHANGE_CIPHER_SPEC 20 |
#define SSL_MSG_HANDSHAKE 22 |
#define SSL_RSA_AES_128_SHA 0x2F |
#define SSL_RSA_AES_256_SHA 0x35 |
#define SSL_RSA_CAMELLIA_128_SHA 0x41 |
#define SSL_RSA_CAMELLIA_256_SHA 0x84 |
#define SSL_RSA_DES_168_SHA 0x0A |
#define SSL_RSA_RC4_128_MD5 0x04 |
#define SSL_RSA_RC4_128_SHA 0x05 |
#define SSL_VERIFY_NONE 0 |
#define SSL_VERIFY_OPTIONAL 1 |
#define SSL_VERIFY_REQUIRED 2 |
#define TLS_EXT_SERVERNAME 0 |
#define TLS_EXT_SERVERNAME_HOSTNAME 0 |
typedef struct _ssl_context ssl_context |
typedef struct _ssl_session ssl_session |
enum ssl_states |
void ssl_calc_verify | ( | ssl_context * | ssl, |
unsigned char | hash[36] | ||
) |
int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
ssl | SSL context |
int ssl_derive_keys | ( | ssl_context * | ssl | ) |
int ssl_fetch_input | ( | ssl_context * | ssl, |
size_t | nb_want | ||
) |
int ssl_flush_output | ( | ssl_context * | ssl | ) |
void ssl_free | ( | ssl_context * | ssl | ) |
Free an SSL context.
ssl | SSL context |
size_t ssl_get_bytes_avail | ( | const ssl_context * | ssl | ) |
Return the number of data bytes available to read.
ssl | SSL context |
const char* ssl_get_ciphersuite | ( | const ssl_context * | ssl | ) |
Return the name of the current ciphersuite.
ssl | SSL context |
int ssl_get_ciphersuite_id | ( | const char * | ciphersuite_name | ) |
Return the ID of the ciphersuite associated with the given name.
ciphersuite_name | SSL ciphersuite name |
const char* ssl_get_ciphersuite_name | ( | const int | ciphersuite_id | ) |
Return the name of the ciphersuite associated with the given ID.
ciphersuite_id | SSL ciphersuite ID |
int ssl_get_verify_result | ( | const ssl_context * | ssl | ) |
Return the result of the certificate verification.
ssl | SSL context |
const char* ssl_get_version | ( | const ssl_context * | ssl | ) |
Return the current SSL version (SSLv3/TLSv1/etc)
ssl | SSL context |
int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
ssl | SSL context |
int ssl_handshake_client | ( | ssl_context * | ssl | ) |
int ssl_handshake_server | ( | ssl_context * | ssl | ) |
int ssl_init | ( | ssl_context * | ssl | ) |
Initialize an SSL context.
ssl | SSL context |
static const int* ssl_list_ciphersuites | ( | void | ) | [inline, static] |
int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
int ssl_parse_finished | ( | ssl_context * | ssl | ) |
int ssl_read | ( | ssl_context * | ssl, |
unsigned char * | buf, | ||
size_t | len | ||
) |
Read at most 'len' application data bytes.
ssl | SSL context |
buf | buffer that will hold the data |
len | how many bytes must be read |
int ssl_read_record | ( | ssl_context * | ssl | ) |
void ssl_session_reset | ( | ssl_context * | ssl | ) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
ssl | SSL context |
void ssl_set_authmode | ( | ssl_context * | ssl, |
int | authmode | ||
) |
Set the certificate verification mode.
ssl | SSL context |
authmode | can be: |
SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.
SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed.
void ssl_set_bio | ( | ssl_context * | ssl, |
int(*)(void *, unsigned char *, size_t) | f_recv, | ||
void * | p_recv, | ||
int(*)(void *, const unsigned char *, size_t) | f_send, | ||
void * | p_send | ||
) |
Set the underlying BIO read and write callbacks.
ssl | SSL context |
f_recv | read callback |
p_recv | read parameter |
f_send | write callback |
p_send | write parameter |
void ssl_set_ca_chain | ( | ssl_context * | ssl, |
x509_cert * | ca_chain, | ||
x509_crl * | ca_crl, | ||
const char * | peer_cn | ||
) |
Set the data required to verify peer certificate.
ssl | SSL context |
ca_chain | trusted CA chain |
ca_crl | trusted CA CRLs |
peer_cn | expected peer CommonName (or NULL) |
void ssl_set_ciphersuites | ( | ssl_context * | ssl, |
int * | ciphersuites | ||
) |
Set the list of allowed ciphersuites.
ssl | SSL context |
ciphersuites | 0-terminated list of allowed ciphersuites |
void ssl_set_dbg | ( | ssl_context * | ssl, |
void(*)(void *, int, const char *) | f_dbg, | ||
void * | p_dbg | ||
) |
Set the debug callback.
ssl | SSL context |
f_dbg | debug function |
p_dbg | debug parameter |
int ssl_set_dh_param | ( | ssl_context * | ssl, |
const char * | dhm_P, | ||
const char * | dhm_G | ||
) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)
ssl | SSL context |
dhm_P | Diffie-Hellman-Merkle modulus |
dhm_G | Diffie-Hellman-Merkle generator |
int ssl_set_dh_param_ctx | ( | ssl_context * | ssl, |
dhm_context * | dhm_ctx | ||
) |
Set the Diffie-Hellman public P and G values, read from existing context (server-side only)
ssl | SSL context |
dhm_ctx | Diffie-Hellman-Merkle context |
void ssl_set_endpoint | ( | ssl_context * | ssl, |
int | endpoint | ||
) |
Set the current endpoint type.
ssl | SSL context |
endpoint | must be SSL_IS_CLIENT or SSL_IS_SERVER |
int ssl_set_hostname | ( | ssl_context * | ssl, |
const char * | hostname | ||
) |
Set hostname for ServerName TLS Extension.
ssl | SSL context |
hostname | the server hostname |
void ssl_set_max_version | ( | ssl_context * | ssl, |
int | major, | ||
int | minor | ||
) |
Set the maximum supported version sent from the client side.
ssl | SSL context |
major | Major version number (only SSL_MAJOR_VERSION_3 supported) |
minor | Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported) |
void ssl_set_own_cert | ( | ssl_context * | ssl, |
x509_cert * | own_cert, | ||
rsa_context * | rsa_key | ||
) |
Set own certificate and private key.
ssl | SSL context |
own_cert | own public certificate |
rsa_key | own private RSA key |
void ssl_set_rng | ( | ssl_context * | ssl, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Set the random number generator callback.
ssl | SSL context |
f_rng | RNG function |
p_rng | RNG parameter |
void ssl_set_scb | ( | ssl_context * | ssl, |
int(*)(ssl_context *) | s_get, | ||
int(*)(ssl_context *) | s_set | ||
) |
Set the session callbacks (server-side only)
ssl | SSL context |
s_get | session get callback |
s_set | session set callback |
void ssl_set_session | ( | ssl_context * | ssl, |
int | resume, | ||
int | timeout, | ||
ssl_session * | session | ||
) |
Set the session resuming flag, timeout and data.
ssl | SSL context |
resume | if 0 (default), the session will not be resumed |
timeout | session timeout in seconds, or 0 (no timeout) |
session | session context |
void ssl_set_verify | ( | ssl_context * | ssl, |
int(*)(void *, x509_cert *, int, int) | f_vrfy, | ||
void * | p_vrfy | ||
) |
Set the verification callback (Optional).
If set, the verification callback is called once for every certificate in the chain. The verification function has the following parameter: (void *parameter, x509_cert certificate, int certifcate_depth, int preverify_ok). It should return 0 on SUCCESS.
ssl | SSL context |
f_vrfy | verification function |
p_vrfy | verification parameter |
int ssl_write | ( | ssl_context * | ssl, |
const unsigned char * | buf, | ||
size_t | len | ||
) |
Write exactly 'len' application data bytes.
ssl | SSL context |
buf | buffer holding the data |
len | how many bytes must be written |
int ssl_write_certificate | ( | ssl_context * | ssl | ) |
int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
int ssl_write_finished | ( | ssl_context * | ssl | ) |
int ssl_write_record | ( | ssl_context * | ssl | ) |
int ssl_default_ciphersuites[] |