mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
1c8171c3e8
Plus other minor update, make openssl aware of current modes (SSL_set_mode) Update coding style in examples and tests, including copyright notices
1905 lines
38 KiB
C
1905 lines
38 KiB
C
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#ifndef _SSL_H_
|
|
#define _SSL_H_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include "internal/ssl_x509.h"
|
|
#include "internal/ssl_pkey.h"
|
|
#include "openssl/bio.h"
|
|
#include "openssl/err.h"
|
|
|
|
/*
|
|
{
|
|
*/
|
|
|
|
#define SSL_CB_ALERT 0x4000
|
|
|
|
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT (1 << 0)
|
|
#define X509_CHECK_FLAG_NO_WILDCARDS (1 << 1)
|
|
#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (1 << 2)
|
|
#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS (1 << 3)
|
|
#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS (1 << 4)
|
|
|
|
/**
|
|
* @brief create a SSL context
|
|
*
|
|
* @param method - the SSL context method point
|
|
*
|
|
* @return the context point
|
|
*/
|
|
SSL_CTX* SSL_CTX_new(const SSL_METHOD *method);
|
|
|
|
/**
|
|
* @brief free a SSL context
|
|
*
|
|
* @param method - the SSL context point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_free(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief create a SSL
|
|
*
|
|
* @param ctx - the SSL context point
|
|
*
|
|
* @return the SSL point
|
|
*/
|
|
SSL* SSL_new(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief free the SSL
|
|
*
|
|
* @param ssl - the SSL point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_free(SSL *ssl);
|
|
|
|
/**
|
|
* @brief connect to the remote SSL server
|
|
*
|
|
* @param ssl - the SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* -1 : failed
|
|
*/
|
|
int SSL_connect(SSL *ssl);
|
|
|
|
/**
|
|
* @brief accept the remote connection
|
|
*
|
|
* @param ssl - the SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* -1 : failed
|
|
*/
|
|
int SSL_accept(SSL *ssl);
|
|
|
|
/**
|
|
* @brief read data from to remote
|
|
*
|
|
* @param ssl - the SSL point which has been connected
|
|
* @param buffer - the received data buffer point
|
|
* @param len - the received data length
|
|
*
|
|
* @return result
|
|
* > 0 : OK, and return received data bytes
|
|
* = 0 : connection is closed
|
|
* < 0 : an error catch
|
|
*/
|
|
int SSL_read(SSL *ssl, void *buffer, int len);
|
|
|
|
/**
|
|
* @brief send the data to remote
|
|
*
|
|
* @param ssl - the SSL point which has been connected
|
|
* @param buffer - the send data buffer point
|
|
* @param len - the send data length
|
|
*
|
|
* @return result
|
|
* > 0 : OK, and return sent data bytes
|
|
* = 0 : connection is closed
|
|
* < 0 : an error catch
|
|
*/
|
|
int SSL_write(SSL *ssl, const void *buffer, int len);
|
|
|
|
/**
|
|
* @brief get the verifying result of the SSL certification
|
|
*
|
|
* @param ssl - the SSL point
|
|
*
|
|
* @return the result of verifying
|
|
*/
|
|
long SSL_get_verify_result(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief shutdown the connection
|
|
*
|
|
* @param ssl - the SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : shutdown is not finished
|
|
* -1 : an error catch
|
|
*/
|
|
int SSL_shutdown(SSL *ssl);
|
|
|
|
/**
|
|
* @brief bind the socket file description into the SSL
|
|
*
|
|
* @param ssl - the SSL point
|
|
* @param fd - socket handle
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_set_fd(SSL *ssl, int fd);
|
|
|
|
/**
|
|
* @brief Set the hostname for SNI
|
|
*
|
|
* @param ssl - the SSL context point
|
|
* @param hostname - pointer to the hostname
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname);
|
|
|
|
/**
|
|
* @brief These functions load the private key into the SSL_CTX or SSL object
|
|
*
|
|
* @param ctx - the SSL context point
|
|
* @param pkey - private key object point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
|
|
|
|
/**
|
|
* @brief These functions load the certification into the SSL_CTX or SSL object
|
|
*
|
|
* @param ctx - the SSL context point
|
|
* @param pkey - certification object point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
|
|
|
|
/**
|
|
* @brief create the target SSL context client method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the SSLV2.3 version SSL context client method
|
|
*/
|
|
const SSL_METHOD* SSLv23_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context client method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.0 version SSL context client method
|
|
*/
|
|
const SSL_METHOD* TLSv1_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context client method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the SSLV1.0 version SSL context client method
|
|
*/
|
|
const SSL_METHOD* SSLv3_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context client method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.1 version SSL context client method
|
|
*/
|
|
const SSL_METHOD* TLSv1_1_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context client method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.2 version SSL context client method
|
|
*/
|
|
const SSL_METHOD* TLSv1_2_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLS any version SSL context client method
|
|
*/
|
|
const SSL_METHOD* TLS_client_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the SSLV2.3 version SSL context server method
|
|
*/
|
|
const SSL_METHOD* SSLv23_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.1 version SSL context server method
|
|
*/
|
|
const SSL_METHOD* TLSv1_1_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.2 version SSL context server method
|
|
*/
|
|
const SSL_METHOD* TLSv1_2_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLSV1.0 version SSL context server method
|
|
*/
|
|
const SSL_METHOD* TLSv1_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the SSLV3.0 version SSL context server method
|
|
*/
|
|
const SSL_METHOD* SSLv3_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context server method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the TLS any version SSL context server method
|
|
*/
|
|
const SSL_METHOD* TLS_server_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @return the TLS any version SSL context method
|
|
*/
|
|
const SSL_METHOD* TLS_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @return the TLS1.2 version SSL context method
|
|
*/
|
|
const SSL_METHOD* TLSv1_2_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @return the TLS1.1 version SSL context method
|
|
*/
|
|
const SSL_METHOD* TLSv1_1_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @return the TLS1.0 version SSL context method
|
|
*/
|
|
const SSL_METHOD* TLSv1_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @return the SSLV3.0 version SSL context method
|
|
*/
|
|
const SSL_METHOD* SSLv3_method(void);
|
|
|
|
/**
|
|
* @brief create the target SSL context method
|
|
*
|
|
* @param none
|
|
*
|
|
* @return the SSLV2.3 version SSL context method
|
|
*/
|
|
const SSL_METHOD* SSLv23_method(void);
|
|
|
|
/**
|
|
* @brief Set minimum protocol version for defined context
|
|
*
|
|
* @param ctx SSL context
|
|
*
|
|
* @return 1 on success
|
|
*/
|
|
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
|
|
|
|
/**
|
|
* @brief Set maximum protocol version for defined context
|
|
*
|
|
* @param ctx SSL context
|
|
*
|
|
* @return 1 on success
|
|
*/
|
|
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
|
|
|
|
/**
|
|
* @brief set the SSL context ALPN select callback function
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param cb - ALPN select callback function
|
|
* @param arg - ALPN select callback function entry private data point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
|
|
int (*cb) (SSL *ssl,
|
|
const unsigned char **out,
|
|
unsigned char *outlen,
|
|
const unsigned char *in,
|
|
unsigned int inlen,
|
|
void *arg),
|
|
void *arg);
|
|
|
|
|
|
/**
|
|
* @brief set the SSL context ALPN select protocol
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param protos - ALPN protocol name
|
|
* @param protos_len - ALPN protocol name bytes
|
|
*
|
|
* @return result
|
|
* 0 : OK
|
|
* 1 : failed
|
|
*/
|
|
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len);
|
|
|
|
/**
|
|
* @brief set the SSL context next ALPN select callback function
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param cb - ALPN select callback function
|
|
* @param arg - ALPN select callback function entry private data point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
|
|
int (*cb) (SSL *ssl,
|
|
unsigned char **out,
|
|
unsigned char *outlen,
|
|
const unsigned char *in,
|
|
unsigned int inlen,
|
|
void *arg),
|
|
void *arg);
|
|
|
|
/**
|
|
* @brief initialize the SSL library
|
|
*
|
|
* @param none
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_library_init(void);
|
|
|
|
/**
|
|
* @brief generates a human-readable string representing the error code e
|
|
* and store it into the "ret" point memory
|
|
*
|
|
* @param e - error code
|
|
* @param ret - memory point to store the string
|
|
*
|
|
* @return the result string point
|
|
*/
|
|
char *ERR_error_string(unsigned long e, char *ret);
|
|
|
|
/**
|
|
* @brief add the SSL context option
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param opt - new SSL context option
|
|
*
|
|
* @return the SSL context option
|
|
*/
|
|
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt);
|
|
|
|
/**
|
|
* @brief add the SSL context mode
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param mod - new SSL context mod
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_mode(SSL_CTX *ctx, int mod);
|
|
|
|
/*
|
|
}
|
|
*/
|
|
|
|
/**
|
|
* @brief perform the SSL handshake
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
* -1 : a error catch
|
|
*/
|
|
int SSL_do_handshake(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL current version
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return the version string
|
|
*/
|
|
const char *SSL_get_version(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL context version
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param meth - SSL method point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
|
|
|
/**
|
|
* @brief get the bytes numbers which are to be read
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return bytes number
|
|
*/
|
|
int SSL_pending(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief check if SSL want nothing
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 0 : false
|
|
* 1 : true
|
|
*/
|
|
int SSL_want_nothing(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief check if SSL want to read
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 0 : false
|
|
* 1 : true
|
|
*/
|
|
int SSL_want_read(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief check if SSL want to write
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 0 : false
|
|
* 1 : true
|
|
*/
|
|
int SSL_want_write(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL context current method
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return the SSL context current method
|
|
*/
|
|
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief get the SSL current method
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return the SSL current method
|
|
*/
|
|
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL method
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param meth - SSL method point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method);
|
|
|
|
/**
|
|
* @brief add CA client certification into the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param x - CA certification point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_add_client_CA(SSL *ssl, X509 *x);
|
|
|
|
/**
|
|
* @brief add CA client certification into the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param x - CA certification point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
|
|
|
|
/**
|
|
* @brief set the SSL CA certification list
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param name_list - CA certification list
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list);
|
|
|
|
/**
|
|
* @brief set the SSL context CA certification list
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param name_list - CA certification list
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
|
|
|
|
/**
|
|
* @briefget the SSL CA certification list
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return CA certification list
|
|
*/
|
|
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL context CA certification list
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return CA certification list
|
|
*/
|
|
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief get the SSL certification point
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL certification point
|
|
*/
|
|
X509 *SSL_get_certificate(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL private key point
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL private key point
|
|
*/
|
|
EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL information callback function
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param cb - information callback function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val));
|
|
|
|
/**
|
|
* @brief get the SSL state
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL state
|
|
*/
|
|
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL context read buffer length
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param len - read buffer length
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
|
|
|
|
/**
|
|
* @brief set the SSL read buffer length
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param len - read buffer length
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_default_read_buffer_len(SSL *ssl, size_t len);
|
|
|
|
/**
|
|
* @brief set the SSL security level
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param level - security level
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_security_level(SSL *ssl, int level);
|
|
|
|
/**
|
|
* @brief get the SSL security level
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return security level
|
|
*/
|
|
int SSL_get_security_level(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL verifying mode of the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return verifying mode
|
|
*/
|
|
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief get the SSL verifying depth of the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return verifying depth
|
|
*/
|
|
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set the SSL context verifying of the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param mode - verifying mode
|
|
* @param verify_callback - verifying callback function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *));
|
|
|
|
/**
|
|
* @brief set the SSL verifying of the SSL context
|
|
*
|
|
* @param ctx - SSL point
|
|
* @param mode - verifying mode
|
|
* @param verify_callback - verifying callback function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *));
|
|
|
|
/**
|
|
* @brief set the SSL verify depth of the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param depth - verifying depth
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
|
|
|
|
/**
|
|
* @brief certification verifying callback function
|
|
*
|
|
* @param preverify_ok - verifying result
|
|
* @param x509_ctx - X509 certification point
|
|
*
|
|
* @return verifying result
|
|
*/
|
|
int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
|
|
|
|
/**
|
|
* @brief set the session timeout time
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param t - new session timeout time
|
|
*
|
|
* @return old session timeout time
|
|
*/
|
|
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
|
|
|
|
/**
|
|
* @brief get the session timeout time
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return current session timeout time
|
|
*/
|
|
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set the SSL context cipher through the list string
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param str - cipher controller list string
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
|
|
|
|
/**
|
|
* @brief set the SSL cipher through the list string
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param str - cipher controller list string
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_set_cipher_list(SSL *ssl, const char *str);
|
|
|
|
/**
|
|
* @brief get the SSL cipher list string
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return cipher controller list string
|
|
*/
|
|
const char *SSL_get_cipher_list(const SSL *ssl, int n);
|
|
|
|
/**
|
|
* @brief get the SSL cipher
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return current cipher
|
|
*/
|
|
const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL cipher string
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return cipher string
|
|
*/
|
|
const char *SSL_get_cipher(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL context object X509 certification storage
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return x509 certification storage
|
|
*/
|
|
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set the SSL context object X509 certification store
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param store - X509 certification store
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
|
|
|
|
/**
|
|
* @brief get the SSL specifical statement
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return specifical statement
|
|
*/
|
|
int SSL_want(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief check if the SSL is SSL_X509_LOOKUP state
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_want_x509_lookup(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief reset the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_clear(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the socket handle of the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* >= 0 : yes, and return socket handle
|
|
* < 0 : a error catch
|
|
*/
|
|
int SSL_get_fd(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the read only socket handle of the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* >= 0 : yes, and return socket handle
|
|
* < 0 : a error catch
|
|
*/
|
|
int SSL_get_rfd(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the write only socket handle of the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* >= 0 : yes, and return socket handle
|
|
* < 0 : a error catch
|
|
*/
|
|
int SSL_get_wfd(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL if we can read as many as data
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param yes - enable the function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_read_ahead(SSL *s, int yes);
|
|
|
|
/**
|
|
* @brief set the SSL context if we can read as many as data
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param yes - enbale the function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
|
|
|
|
/**
|
|
* @brief get the SSL ahead signal if we can read as many as data
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL context ahead signal
|
|
*/
|
|
int SSL_get_read_ahead(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the SSL context ahead signal if we can read as many as data
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return SSL context ahead signal
|
|
*/
|
|
long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief check if some data can be read
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return
|
|
* 1 : there are bytes to be read
|
|
* 0 : no data
|
|
*/
|
|
int SSL_has_pending(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief load the X509 certification into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param x - X509 certification point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx
|
|
|
|
/**
|
|
* @brief load the ASN1 certification into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param len - certification length
|
|
* @param d - data point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
|
|
|
|
/**
|
|
* @brief load the certification file into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param file - certification file name
|
|
* @param type - certification encoding type
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
|
|
|
|
/**
|
|
* @brief load the certification chain file into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param file - certification chain file name
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
|
|
|
|
|
|
/**
|
|
* @brief load the ASN1 private key into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param d - data point
|
|
* @param len - private key length
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx
|
|
|
|
/**
|
|
* @brief load the private key file into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param file - private key file name
|
|
* @param type - private key encoding type
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
|
|
|
/**
|
|
* @brief load the RSA private key into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param x - RSA private key point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
|
|
|
|
/**
|
|
* @brief load the RSA ASN1 private key into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param d - data point
|
|
* @param len - RSA private key length
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
|
|
|
|
/**
|
|
* @brief load the RSA private key file into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param file - RSA private key file name
|
|
* @param type - private key encoding type
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
|
|
|
|
|
|
/**
|
|
* @brief check if the private key and certification is matched
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set the SSL context server information
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param serverinfo - server information string
|
|
* @param serverinfo_length - server information length
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length);
|
|
|
|
/**
|
|
* @brief load the SSL context server infomation file into SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param file - server information file
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
|
|
|
|
/**
|
|
* @brief SSL select next function
|
|
*
|
|
* @param out - point of output data point
|
|
* @param outlen - output data length
|
|
* @param in - input data
|
|
* @param inlen - input data length
|
|
* @param client - client data point
|
|
* @param client_len -client data length
|
|
*
|
|
* @return NPN state
|
|
* OPENSSL_NPN_UNSUPPORTED : not support
|
|
* OPENSSL_NPN_NEGOTIATED : negotiated
|
|
* OPENSSL_NPN_NO_OVERLAP : no overlap
|
|
*/
|
|
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
|
|
const unsigned char *in, unsigned int inlen,
|
|
const unsigned char *client, unsigned int client_len);
|
|
|
|
/**
|
|
* @brief load the extra certification chain into the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param x509 - X509 certification
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *);
|
|
|
|
/**
|
|
* @brief control the SSL context
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param cmd - command
|
|
* @param larg - parameter length
|
|
* @param parg - parameter point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
|
|
|
|
/**
|
|
* @brief get the SSL context cipher
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return SSL context cipher
|
|
*/
|
|
STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief check if the SSL context can read as many as data
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief get the SSL context extra data
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param idx - index
|
|
*
|
|
* @return data point
|
|
*/
|
|
char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
|
|
|
|
/**
|
|
* @brief get the SSL context quiet shutdown option
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return quiet shutdown option
|
|
*/
|
|
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief load the SSL context CA file
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param CAfile - CA certification file
|
|
* @param CApath - CA certification file path
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
|
|
|
|
/**
|
|
* @brief add SSL context reference count by '1'
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_up_ref(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set SSL context application private data
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param arg - private data
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
|
|
|
|
/**
|
|
* @brief set SSL context client certification callback function
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param cb - callback function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
|
|
|
|
/**
|
|
* @brief set the SSL context if we can read as many as data
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param m - enable the fuction
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
|
|
|
|
/**
|
|
* @brief set SSL context default verifying path
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set SSL context default verifying directory
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set SSL context default verifying file
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set SSL context extra data
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param idx - data index
|
|
* @param arg - data point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
|
|
|
|
/**
|
|
* @brief clear the SSL context option bit of "op"
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param op - option
|
|
*
|
|
* @return SSL context option
|
|
*/
|
|
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
|
|
|
|
/**
|
|
* @brief get the SSL context option
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param op - option
|
|
*
|
|
* @return SSL context option
|
|
*/
|
|
unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set the SSL context quiet shutdown mode
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param mode - mode
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
|
|
|
|
/**
|
|
* @brief get the SSL context X509 certification
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return X509 certification
|
|
*/
|
|
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief get the SSL context private key
|
|
*
|
|
* @param ctx - SSL context point
|
|
*
|
|
* @return private key
|
|
*/
|
|
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief set SSL context PSK identity hint
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param hint - PSK identity hint
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
|
|
|
|
/**
|
|
* @brief set SSL context PSK server callback function
|
|
*
|
|
* @param ctx - SSL context point
|
|
* @param callback - callback function
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
|
|
unsigned int (*callback)(SSL *ssl,
|
|
const char *identity,
|
|
unsigned char *psk,
|
|
int max_psk_len));
|
|
/**
|
|
* @brief get alert description string
|
|
*
|
|
* @param value - alert value
|
|
*
|
|
* @return alert description string
|
|
*/
|
|
const char *SSL_alert_desc_string(int value);
|
|
|
|
/**
|
|
* @brief get alert description long string
|
|
*
|
|
* @param value - alert value
|
|
*
|
|
* @return alert description long string
|
|
*/
|
|
const char *SSL_alert_desc_string_long(int value);
|
|
|
|
/**
|
|
* @brief get alert type string
|
|
*
|
|
* @param value - alert value
|
|
*
|
|
* @return alert type string
|
|
*/
|
|
const char *SSL_alert_type_string(int value);
|
|
|
|
/**
|
|
* @brief get alert type long string
|
|
*
|
|
* @param value - alert value
|
|
*
|
|
* @return alert type long string
|
|
*/
|
|
const char *SSL_alert_type_string_long(int value);
|
|
|
|
/**
|
|
* @brief get SSL context of the SSL
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL context
|
|
*/
|
|
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL application data
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return application data
|
|
*/
|
|
void *SSL_get_app_data(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL error code
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param ret_code - SSL return code
|
|
*
|
|
* @return SSL error number
|
|
*/
|
|
int SSL_get_error(const SSL *ssl, int ret_code);
|
|
|
|
/**
|
|
* @brief get SSL cipher bits
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param alg_bits - algorithm bits
|
|
*
|
|
* @return strength bits
|
|
*/
|
|
int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
|
|
|
|
/**
|
|
* @brief get SSL cipher name
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL cipher name
|
|
*/
|
|
char *SSL_get_cipher_name(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL cipher version
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL cipher version
|
|
*/
|
|
char *SSL_get_cipher_version(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL extra data
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param idx - data index
|
|
*
|
|
* @return extra data
|
|
*/
|
|
char *SSL_get_ex_data(const SSL *ssl, int idx);
|
|
|
|
/**
|
|
* @brief get index of the SSL extra data X509 storage context
|
|
*
|
|
* @param none
|
|
*
|
|
* @return data index
|
|
*/
|
|
int SSL_get_ex_data_X509_STORE_CTX_idx(void);
|
|
|
|
/**
|
|
* @brief get peer certification chain
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return certification chain
|
|
*/
|
|
STACK *SSL_get_peer_cert_chain(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get peer certification
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return certification
|
|
*/
|
|
X509 *SSL_get_peer_certificate(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL quiet shutdown mode
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return quiet shutdown mode
|
|
*/
|
|
int SSL_get_quiet_shutdown(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL read only IO handle
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return IO handle
|
|
*/
|
|
BIO *SSL_get_rbio(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL shared ciphers
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param buf - buffer to store the ciphers
|
|
* @param len - buffer len
|
|
*
|
|
* @return shared ciphers
|
|
*/
|
|
char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);
|
|
|
|
/**
|
|
* @brief get SSL shutdown mode
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return shutdown mode
|
|
*/
|
|
int SSL_get_shutdown(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL session time
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return session time
|
|
*/
|
|
long SSL_get_time(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL session timeout time
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return session timeout time
|
|
*/
|
|
long SSL_get_timeout(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL verifying mode
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return verifying mode
|
|
*/
|
|
int SSL_get_verify_mode(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL verify parameters
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return verify parameters
|
|
*/
|
|
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
|
|
|
|
/**
|
|
* @brief set expected hostname the peer cert CN should have
|
|
*
|
|
* @param param - verify parameters from SSL_get0_param()
|
|
*
|
|
* @param name - the expected hostname
|
|
*
|
|
* @param namelen - the length of the hostname, or 0 if NUL terminated
|
|
*
|
|
* @return verify parameters
|
|
*/
|
|
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
|
const char *name, size_t namelen);
|
|
|
|
/**
|
|
* @brief set parameters for X509 host verify action
|
|
*
|
|
* @param param -verify parameters from SSL_get0_param()
|
|
*
|
|
* @param flags - bitfield of X509_CHECK_FLAG_... parameters to set
|
|
*
|
|
* @return 1 for success, 0 for failure
|
|
*/
|
|
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
|
unsigned long flags);
|
|
|
|
/**
|
|
* @brief clear parameters for X509 host verify action
|
|
*
|
|
* @param param -verify parameters from SSL_get0_param()
|
|
*
|
|
* @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear
|
|
*
|
|
* @return 1 for success, 0 for failure
|
|
*/
|
|
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
|
|
unsigned long flags);
|
|
|
|
/**
|
|
* @brief get SSL write only IO handle
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return IO handle
|
|
*/
|
|
BIO *SSL_get_wbio(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief load SSL client CA certification file
|
|
*
|
|
* @param file - file name
|
|
*
|
|
* @return certification loading object
|
|
*/
|
|
STACK *SSL_load_client_CA_file(const char *file);
|
|
|
|
/**
|
|
* @brief add SSL reference by '1'
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_up_ref(SSL *ssl);
|
|
|
|
/**
|
|
* @brief read and put data into buf, but not clear the SSL low-level storage
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param buf - storage buffer point
|
|
* @param num - data bytes
|
|
*
|
|
* @return result
|
|
* > 0 : OK, and return read bytes
|
|
* = 0 : connect is closed
|
|
* < 0 : a error catch
|
|
*/
|
|
int SSL_peek(SSL *ssl, void *buf, int num);
|
|
|
|
/**
|
|
* @brief make SSL renegotiate
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_renegotiate(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the state string where SSL is reading
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return state string
|
|
*/
|
|
const char *SSL_rstate_string(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get the statement long string where SSL is reading
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return statement long string
|
|
*/
|
|
const char *SSL_rstate_string_long(SSL *ssl);
|
|
|
|
/**
|
|
* @brief set SSL accept statement
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_accept_state(SSL *ssl);
|
|
|
|
/**
|
|
* @brief set SSL application data
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param arg - SSL application data point
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_app_data(SSL *ssl, void *arg);
|
|
|
|
/**
|
|
* @brief set SSL BIO
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param rbio - read only IO
|
|
* @param wbio - write only IO
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
|
|
|
|
/**
|
|
* @brief clear SSL option
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param op - clear option
|
|
*
|
|
* @return SSL option
|
|
*/
|
|
unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
|
|
|
|
/**
|
|
* @brief get SSL option
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL option
|
|
*/
|
|
unsigned long SSL_get_options(SSL *ssl);
|
|
|
|
/**
|
|
* @brief clear SSL option
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param op - setting option
|
|
*
|
|
* @return SSL option
|
|
*/
|
|
unsigned long SSL_set_options(SSL *ssl, unsigned long op);
|
|
|
|
/**
|
|
* @brief set SSL quiet shutdown mode
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param mode - quiet shutdown mode
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
|
|
|
|
/**
|
|
* @brief set SSL shutdown mode
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param mode - shutdown mode
|
|
*
|
|
* @return none
|
|
*/
|
|
void SSL_set_shutdown(SSL *ssl, int mode);
|
|
|
|
/**
|
|
* @brief set SSL session time
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param t - session time
|
|
*
|
|
* @return session time
|
|
*/
|
|
void SSL_set_time(SSL *ssl, long t);
|
|
|
|
/**
|
|
* @brief set SSL session timeout time
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param t - session timeout time
|
|
*
|
|
* @return session timeout time
|
|
*/
|
|
void SSL_set_timeout(SSL *ssl, long t);
|
|
|
|
/**
|
|
* @brief get SSL statement string
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL statement string
|
|
*/
|
|
const char *SSL_state_string(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL statement long string
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL statement long string
|
|
*/
|
|
char *SSL_state_string_long(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL renegotiation count
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return renegotiation count
|
|
*/
|
|
long SSL_total_renegotiations(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL version
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return SSL version
|
|
*/
|
|
int SSL_version(const SSL *ssl);
|
|
|
|
/**
|
|
* @brief set SSL PSK identity hint
|
|
*
|
|
* @param ssl - SSL point
|
|
* @param hint - identity hint
|
|
*
|
|
* @return result
|
|
* 1 : OK
|
|
* 0 : failed
|
|
*/
|
|
int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
|
|
|
|
/**
|
|
* @brief get SSL PSK identity hint
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return identity hint
|
|
*/
|
|
const char *SSL_get_psk_identity_hint(SSL *ssl);
|
|
|
|
/**
|
|
* @brief get SSL PSK identity
|
|
*
|
|
* @param ssl - SSL point
|
|
*
|
|
* @return identity
|
|
*/
|
|
const char *SSL_get_psk_identity(SSL *ssl);
|
|
|
|
/**
|
|
* @brief set the SSL verify depth of the SSL
|
|
*
|
|
* @param ssl - SSL context
|
|
* @param depth - Depth level to verify
|
|
*
|
|
*/
|
|
void SSL_set_verify_depth(SSL *ssl, int depth);
|
|
|
|
/**
|
|
* @brief Get default verify callback
|
|
*
|
|
* @param ctx - SSL context
|
|
* @return verify_callback - verifying callback function
|
|
*
|
|
*/
|
|
openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
|
|
|
|
/**
|
|
* @brief Get default verify callback
|
|
*
|
|
* @param ctx - SSL context
|
|
* @return verify_callback - verifying callback function
|
|
*
|
|
*/
|
|
openssl_verify_callback SSL_get_verify_callback(const SSL *s);
|
|
|
|
/**
|
|
* @brief Frees RSA object
|
|
*
|
|
* Current implementation calls directly EVP_PKEY free
|
|
*
|
|
* @param r RSA object
|
|
*
|
|
*/
|
|
void RSA_free(RSA *r);
|
|
|
|
/**
|
|
* @brief Sets SSL mode, partially implemented
|
|
*
|
|
* @param ssl SSL context
|
|
*
|
|
* @return the new mode bitmask after adding mode
|
|
*/
|
|
uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif
|