SSL/TLS functions. More...
#include <time.h>#include "net.h"#include "dhm.h"#include "rsa.h"#include "md5.h"#include "sha1.h"#include "x509.h"#include "config.h"
Include dependency graph for ssl.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Data Structures | |
| struct | _ssl_session |
| struct | _ssl_context |
Macros | |
| #define | POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
| The requested feature is not available. | |
| #define | POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 |
| Bad input parameters to function. | |
| #define | POLARSSL_ERR_SSL_INVALID_MAC -0x7180 |
| Verification of the message MAC failed. | |
| #define | POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 |
| An invalid SSL record was received. | |
| #define | POLARSSL_ERR_SSL_CONN_EOF -0x7280 |
| The connection indicated an EOF. | |
| #define | POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
| An unknown cipher was received. | |
| #define | POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
| The server has no ciphersuites in common with the client. | |
| #define | POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 |
| No session to recover was found. | |
| #define | POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
| No client certification received from the client, but required by the authentication mode. | |
| #define | POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
| Our own certificate(s) is/are too large to send in an SSL message. | |
| #define | POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
| The own certificate is not set, but needed by the server. | |
| #define | POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
| The own private key is not set, but needed. | |
| #define | POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
| No CA Chain is set, but required to operate. | |
| #define | POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
| An unexpected message was received from our peer. | |
| #define | POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
| A fatal alert message was received from our peer. | |
| #define | POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
| Verification of our peer failed. | |
| #define | POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
| The peer notified us that the connection is going to be closed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
| Processing of the ClientHello handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
| Processing of the ServerHello handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
| Processing of the Certificate handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
| Processing of the CertificateRequest handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
| Processing of the ServerKeyExchange handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
| Processing of the ServerHelloDone handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
| Processing of the ClientKeyExchange handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 |
| Processing of the ClientKeyExchange handshake message failed in DHM Read Public. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 |
| Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
| Processing of the CertificateVerify handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
| Processing of the ChangeCipherSpec handshake message failed. | |
| #define | POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
| Processing of the Finished handshake message failed. | |
| #define | POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 |
| Memory allocation failed. | |
| #define | SSL_MAJOR_VERSION_3 3 |
| #define | SSL_MINOR_VERSION_0 0 |
| #define | SSL_MINOR_VERSION_1 1 |
| #define | SSL_MINOR_VERSION_2 2 |
| #define | SSL_IS_CLIENT 0 |
| #define | SSL_IS_SERVER 1 |
| #define | SSL_COMPRESS_NULL 0 |
| #define | SSL_VERIFY_NONE 0 |
| #define | SSL_VERIFY_OPTIONAL 1 |
| #define | SSL_VERIFY_REQUIRED 2 |
| #define | SSL_MAX_CONTENT_LEN 16384 |
| #define | SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) |
| #define | SSL_RSA_RC4_128_MD5 0x04 |
| #define | SSL_RSA_RC4_128_SHA 0x05 |
| #define | SSL_RSA_DES_168_SHA 0x0A |
| #define | SSL_EDH_RSA_DES_168_SHA 0x16 |
| #define | SSL_RSA_AES_128_SHA 0x2F |
| #define | SSL_EDH_RSA_AES_128_SHA 0x33 |
| #define | SSL_RSA_AES_256_SHA 0x35 |
| #define | SSL_EDH_RSA_AES_256_SHA 0x39 |
| #define | SSL_RSA_CAMELLIA_128_SHA 0x41 |
| #define | SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 |
| #define | SSL_RSA_CAMELLIA_256_SHA 0x84 |
| #define | SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 |
| #define | SSL_MSG_CHANGE_CIPHER_SPEC 20 |
| #define | SSL_MSG_ALERT 21 |
| #define | SSL_MSG_HANDSHAKE 22 |
| #define | SSL_MSG_APPLICATION_DATA 23 |
| #define | SSL_ALERT_LEVEL_WARNING 1 |
| #define | SSL_ALERT_LEVEL_FATAL 2 |
| #define | SSL_ALERT_MSG_CLOSE_NOTIFY 0 |
| #define | SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 |
| #define | SSL_ALERT_MSG_BAD_RECORD_MAC 20 |
| #define | SSL_ALERT_MSG_DECRYPTION_FAILED 21 |
| #define | SSL_ALERT_MSG_RECORD_OVERFLOW 22 |
| #define | SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 |
| #define | SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 |
| #define | SSL_ALERT_MSG_NO_CERT 41 |
| #define | SSL_ALERT_MSG_BAD_CERT 42 |
| #define | SSL_ALERT_MSG_UNSUPPORTED_CERT 43 |
| #define | SSL_ALERT_MSG_CERT_REVOKED 44 |
| #define | SSL_ALERT_MSG_CERT_EXPIRED 45 |
| #define | SSL_ALERT_MSG_CERT_UNKNOWN 46 |
| #define | SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 |
| #define | SSL_ALERT_MSG_UNKNOWN_CA 48 |
| #define | SSL_ALERT_MSG_ACCESS_DENIED 49 |
| #define | SSL_ALERT_MSG_DECODE_ERROR 50 |
| #define | SSL_ALERT_MSG_DECRYPT_ERROR 51 |
| #define | SSL_ALERT_MSG_EXPORT_RESTRICTION 60 |
| #define | SSL_ALERT_MSG_PROTOCOL_VERSION 70 |
| #define | SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 |
| #define | SSL_ALERT_MSG_INTERNAL_ERROR 80 |
| #define | SSL_ALERT_MSG_USER_CANCELED 90 |
| #define | SSL_ALERT_MSG_NO_RENEGOTIATION 100 |
| #define | SSL_HS_HELLO_REQUEST 0 |
| #define | SSL_HS_CLIENT_HELLO 1 |
| #define | SSL_HS_SERVER_HELLO 2 |
| #define | SSL_HS_CERTIFICATE 11 |
| #define | SSL_HS_SERVER_KEY_EXCHANGE 12 |
| #define | SSL_HS_CERTIFICATE_REQUEST 13 |
| #define | SSL_HS_SERVER_HELLO_DONE 14 |
| #define | SSL_HS_CERTIFICATE_VERIFY 15 |
| #define | SSL_HS_CLIENT_KEY_EXCHANGE 16 |
| #define | SSL_HS_FINISHED 20 |
| #define | TLS_EXT_SERVERNAME 0 |
| #define | TLS_EXT_SERVERNAME_HOSTNAME 0 |
Typedefs | |
| typedef struct _ssl_session | ssl_session |
| typedef struct _ssl_context | ssl_context |
Functions | |
| static const int * | ssl_list_ciphersuites (void) |
| Returns the list of ciphersuites supported by the SSL/TLS module. | |
| const char * | ssl_get_ciphersuite_name (const int ciphersuite_id) |
| Return the name of the ciphersuite associated with the given ID. | |
| int | ssl_get_ciphersuite_id (const char *ciphersuite_name) |
| Return the ID of the ciphersuite associated with the given name. | |
| int | ssl_init (ssl_context *ssl) |
| Initialize an SSL context. | |
| void | ssl_session_reset (ssl_context *ssl) |
| Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. | |
| void | ssl_set_endpoint (ssl_context *ssl, int endpoint) |
| Set the current endpoint type. | |
| void | ssl_set_authmode (ssl_context *ssl, int authmode) |
| Set the certificate verification mode. | |
| void | ssl_set_verify (ssl_context *ssl, int(*f_vrfy)(void *, x509_cert *, int, int), void *p_vrfy) |
| Set the verification callback (Optional). | |
| void | ssl_set_rng (ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Set the random number generator callback. | |
| void | ssl_set_dbg (ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg) |
| Set the debug callback. | |
| void | ssl_set_bio (ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send) |
| Set the underlying BIO read and write callbacks. | |
| void | ssl_set_scb (ssl_context *ssl, int(*s_get)(ssl_context *), int(*s_set)(ssl_context *)) |
| Set the session callbacks (server-side only) | |
| void | ssl_set_session (ssl_context *ssl, int resume, int timeout, ssl_session *session) |
| Set the session resuming flag, timeout and data. | |
| void | ssl_set_ciphersuites (ssl_context *ssl, int *ciphersuites) |
| Set the list of allowed ciphersuites. | |
| void | ssl_set_ca_chain (ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn) |
| Set the data required to verify peer certificate. | |
| void | ssl_set_own_cert (ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key) |
| Set own certificate and private key. | |
| int | ssl_set_dh_param (ssl_context *ssl, const char *dhm_P, const char *dhm_G) |
| Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) | |
| int | ssl_set_dh_param_ctx (ssl_context *ssl, dhm_context *dhm_ctx) |
| Set the Diffie-Hellman public P and G values, read from existing context (server-side only) | |
| int | ssl_set_hostname (ssl_context *ssl, const char *hostname) |
| Set hostname for ServerName TLS Extension. | |
| void | ssl_set_max_version (ssl_context *ssl, int major, int minor) |
| Set the maximum supported version sent from the client side. | |
| size_t | ssl_get_bytes_avail (const ssl_context *ssl) |
| Return the number of data bytes available to read. | |
| int | ssl_get_verify_result (const ssl_context *ssl) |
| Return the result of the certificate verification. | |
| const char * | ssl_get_ciphersuite (const ssl_context *ssl) |
| Return the name of the current ciphersuite. | |
| const char * | ssl_get_version (const ssl_context *ssl) |
| Return the current SSL version (SSLv3/TLSv1/etc) | |
| int | ssl_handshake (ssl_context *ssl) |
| Perform the SSL handshake. | |
| int | ssl_read (ssl_context *ssl, unsigned char *buf, size_t len) |
| Read at most 'len' application data bytes. | |
| int | ssl_write (ssl_context *ssl, const unsigned char *buf, size_t len) |
| Write exactly 'len' application data bytes. | |
| int | ssl_close_notify (ssl_context *ssl) |
| Notify the peer that the connection is being closed. | |
| void | ssl_free (ssl_context *ssl) |
| Free an SSL context. | |
| int | ssl_handshake_client (ssl_context *ssl) |
| int | ssl_handshake_server (ssl_context *ssl) |
| int | ssl_derive_keys (ssl_context *ssl) |
| void | ssl_calc_verify (ssl_context *ssl, unsigned char hash[36]) |
| int | ssl_read_record (ssl_context *ssl) |
| int | ssl_fetch_input (ssl_context *ssl, size_t nb_want) |
| int | ssl_write_record (ssl_context *ssl) |
| int | ssl_flush_output (ssl_context *ssl) |
| int | ssl_parse_certificate (ssl_context *ssl) |
| int | ssl_write_certificate (ssl_context *ssl) |
| int | ssl_parse_change_cipher_spec (ssl_context *ssl) |
| int | ssl_write_change_cipher_spec (ssl_context *ssl) |
| int | ssl_parse_finished (ssl_context *ssl) |
| int | ssl_write_finished (ssl_context *ssl) |
Variables | |
| int | ssl_default_ciphersuites [] |
Detailed Description
SSL/TLS functions.
Copyright (C) 2006-2010, Brainspark B.V.
This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Definition in file ssl.h.
Macro Definition Documentation
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
| #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 |
| #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
| #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 |
| #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
| #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
| #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
| #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 |
| #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
| #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
| #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 |
| #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 |
| #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 |
| #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
| #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
| #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 |
| #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
| #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
| #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
| #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
| #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
| #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) |
Typedef Documentation
| typedef struct _ssl_context ssl_context |
| typedef struct _ssl_session ssl_session |
Enumeration Type Documentation
| enum ssl_states |
- Enumerator:
Function Documentation
| void ssl_calc_verify | ( | ssl_context * | ssl, |
| unsigned char | hash[36] | ||
| ) |
| int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
- Parameters
-
ssl SSL context
| int ssl_derive_keys | ( | ssl_context * | ssl | ) |
| int ssl_fetch_input | ( | ssl_context * | ssl, |
| size_t | nb_want | ||
| ) |
- Returns
- 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or another negative error code.
| int ssl_flush_output | ( | ssl_context * | ssl | ) |
| void ssl_free | ( | ssl_context * | ssl | ) |
Free an SSL context.
- Parameters
-
ssl SSL context
| size_t ssl_get_bytes_avail | ( | const ssl_context * | ssl | ) |
Return the number of data bytes available to read.
- Parameters
-
ssl SSL context
- Returns
- how many bytes are available in the read buffer
| const char* ssl_get_ciphersuite | ( | const ssl_context * | ssl | ) |
Return the name of the current ciphersuite.
- Parameters
-
ssl SSL context
- Returns
- a string containing the ciphersuite name
| int ssl_get_ciphersuite_id | ( | const char * | ciphersuite_name | ) |
Return the ID of the ciphersuite associated with the given name.
- Parameters
-
ciphersuite_name SSL ciphersuite name
- Returns
- the ID with the ciphersuite or 0 if not found
| const char* ssl_get_ciphersuite_name | ( | const int | ciphersuite_id | ) |
Return the name of the ciphersuite associated with the given ID.
- Parameters
-
ciphersuite_id SSL ciphersuite ID
- Returns
- a string containing the ciphersuite name
| int ssl_get_verify_result | ( | const ssl_context * | ssl | ) |
Return the result of the certificate verification.
- Parameters
-
ssl SSL context
- Returns
- 0 if successful, or a combination of: BADCERT_EXPIRED BADCERT_REVOKED BADCERT_CN_MISMATCH BADCERT_NOT_TRUSTED
| const char* ssl_get_version | ( | const ssl_context * | ssl | ) |
Return the current SSL version (SSLv3/TLSv1/etc)
- Parameters
-
ssl SSL context
- Returns
- a string containing the SSL version
| int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
- Parameters
-
ssl SSL context
- Returns
- 0 if successful, POLARSSL_ERR_NET_WANT_READ, POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
| int ssl_handshake_client | ( | ssl_context * | ssl | ) |
| int ssl_handshake_server | ( | ssl_context * | ssl | ) |
| int ssl_init | ( | ssl_context * | ssl | ) |
Initialize an SSL context.
- Parameters
-
ssl SSL context
- Returns
- 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed
|
inlinestatic |
| int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
| int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
| int ssl_parse_finished | ( | ssl_context * | ssl | ) |
| int ssl_read | ( | ssl_context * | ssl, |
| unsigned char * | buf, | ||
| size_t | len | ||
| ) |
Read at most 'len' application data bytes.
- Parameters
-
ssl SSL context buf buffer that will hold the data len how many bytes must be read
- Returns
- This function returns the number of bytes read, 0 for EOF, or a negative error code.
| int ssl_read_record | ( | ssl_context * | ssl | ) |
| void ssl_session_reset | ( | ssl_context * | ssl | ) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
- Parameters
-
ssl SSL context
| void ssl_set_authmode | ( | ssl_context * | ssl, |
| int | authmode | ||
| ) |
Set the certificate verification mode.
- Parameters
-
ssl SSL context authmode can be:
SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.
SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed.
| void ssl_set_bio | ( | ssl_context * | ssl, |
| int(*)(void *, unsigned char *, size_t) | f_recv, | ||
| void * | p_recv, | ||
| int(*)(void *, const unsigned char *, size_t) | f_send, | ||
| void * | p_send | ||
| ) |
Set the underlying BIO read and write callbacks.
- Parameters
-
ssl SSL context f_recv read callback p_recv read parameter f_send write callback p_send write parameter
| void ssl_set_ca_chain | ( | ssl_context * | ssl, |
| x509_cert * | ca_chain, | ||
| x509_crl * | ca_crl, | ||
| const char * | peer_cn | ||
| ) |
Set the data required to verify peer certificate.
- Parameters
-
ssl SSL context ca_chain trusted CA chain ca_crl trusted CA CRLs peer_cn expected peer CommonName (or NULL)
- Note
- TODO: add two more parameters: depth and crl
| void ssl_set_ciphersuites | ( | ssl_context * | ssl, |
| int * | ciphersuites | ||
| ) |
Set the list of allowed ciphersuites.
- Parameters
-
ssl SSL context ciphersuites 0-terminated list of allowed ciphersuites
| void ssl_set_dbg | ( | ssl_context * | ssl, |
| void(*)(void *, int, const char *) | f_dbg, | ||
| void * | p_dbg | ||
| ) |
Set the debug callback.
- Parameters
-
ssl SSL context f_dbg debug function p_dbg debug parameter
Referenced by FCT_BGN().
| int ssl_set_dh_param | ( | ssl_context * | ssl, |
| const char * | dhm_P, | ||
| const char * | dhm_G | ||
| ) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)
- Parameters
-
ssl SSL context dhm_P Diffie-Hellman-Merkle modulus dhm_G Diffie-Hellman-Merkle generator
- Returns
- 0 if successful
| int ssl_set_dh_param_ctx | ( | ssl_context * | ssl, |
| dhm_context * | dhm_ctx | ||
| ) |
Set the Diffie-Hellman public P and G values, read from existing context (server-side only)
- Parameters
-
ssl SSL context dhm_ctx Diffie-Hellman-Merkle context
- Returns
- 0 if successful
| void ssl_set_endpoint | ( | ssl_context * | ssl, |
| int | endpoint | ||
| ) |
Set the current endpoint type.
- Parameters
-
ssl SSL context endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
| int ssl_set_hostname | ( | ssl_context * | ssl, |
| const char * | hostname | ||
| ) |
Set hostname for ServerName TLS Extension.
- Parameters
-
ssl SSL context hostname the server hostname
- Returns
- 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
| void ssl_set_max_version | ( | ssl_context * | ssl, |
| int | major, | ||
| int | minor | ||
| ) |
Set the maximum supported version sent from the client side.
- Parameters
-
ssl SSL context major Major version number (only SSL_MAJOR_VERSION_3 supported) minor Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
| void ssl_set_own_cert | ( | ssl_context * | ssl, |
| x509_cert * | own_cert, | ||
| rsa_context * | rsa_key | ||
| ) |
Set own certificate and private key.
- Parameters
-
ssl SSL context own_cert own public certificate rsa_key own private RSA key
| void ssl_set_rng | ( | ssl_context * | ssl, |
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Set the random number generator callback.
- Parameters
-
ssl SSL context f_rng RNG function p_rng RNG parameter
| void ssl_set_scb | ( | ssl_context * | ssl, |
| int(*)(ssl_context *) | s_get, | ||
| int(*)(ssl_context *) | s_set | ||
| ) |
Set the session callbacks (server-side only)
- Parameters
-
ssl SSL context s_get session get callback s_set session set callback
| void ssl_set_session | ( | ssl_context * | ssl, |
| int | resume, | ||
| int | timeout, | ||
| ssl_session * | session | ||
| ) |
Set the session resuming flag, timeout and data.
- Parameters
-
ssl SSL context resume if 0 (default), the session will not be resumed timeout session timeout in seconds, or 0 (no timeout) session session context
| void ssl_set_verify | ( | ssl_context * | ssl, |
| int(*)(void *, x509_cert *, int, int) | f_vrfy, | ||
| void * | p_vrfy | ||
| ) |
Set the verification callback (Optional).
If set, the verification callback is called once for every
certificate in the chain. The verification function has the
following parameter: (void *parameter, x509_cert certificate,
int certifcate_depth, int preverify_ok). It should
return 0 on SUCCESS.
- Parameters
-
ssl SSL context f_vrfy verification function p_vrfy verification parameter
| int ssl_write | ( | ssl_context * | ssl, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
Write exactly 'len' application data bytes.
- Parameters
-
ssl SSL context buf buffer holding the data len how many bytes must be written
- Returns
- This function returns the number of bytes written, or a negative error code.
- Note
- When this function returns POLARSSL_ERR_NET_WANT_WRITE, it must be called later with the same arguments, until it returns a positive value.
| int ssl_write_certificate | ( | ssl_context * | ssl | ) |
| int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
| int ssl_write_finished | ( | ssl_context * | ssl | ) |
| int ssl_write_record | ( | ssl_context * | ssl | ) |
Variable Documentation
| int ssl_default_ciphersuites[] |
