1 2=pod 3 4=head1 NAME 5 6SSL - OpenSSL SSL/TLS library 7 8=head1 SYNOPSIS 9 10=head1 DESCRIPTION 11 12The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and 13Transport Layer Security (TLS v1) protocols. It provides a rich API which is 14documented here. 15 16At first the library must be initialized; see 17L<SSL_library_init(3)|SSL_library_init(3)>. 18 19Then an B<SSL_CTX> object is created as a framework to establish 20TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>). 21Various options regarding certificates, algorithms etc. can be set 22in this object. 23 24When a network connection has been created, it can be assigned to an 25B<SSL> object. After the B<SSL> object has been created using 26L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or 27L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network 28connection with the object. 29 30Then the TLS/SSL handshake is performed using 31L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)> 32respectively. 33L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used 34to read and write data on the TLS/SSL connection. 35L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the 36TLS/SSL connection. 37 38=head1 DATA STRUCTURES 39 40Currently the OpenSSL B<ssl> library functions deals with the following data 41structures: 42 43=over 4 44 45=item B<SSL_METHOD> (SSL Method) 46 47That's a dispatch structure describing the internal B<ssl> library 48methods/functions which implement the various protocol versions (SSLv1, SSLv2 49and TLSv1). It's needed to create an B<SSL_CTX>. 50 51=item B<SSL_CIPHER> (SSL Cipher) 52 53This structure holds the algorithm information for a particular cipher which 54are a core part of the SSL/TLS protocol. The available ciphers are configured 55on a B<SSL_CTX> basis and the actually used ones are then part of the 56B<SSL_SESSION>. 57 58=item B<SSL_CTX> (SSL Context) 59 60That's the global context structure which is created by a server or client 61once per program life-time and which holds mainly default values for the 62B<SSL> structures which are later created for the connections. 63 64=item B<SSL_SESSION> (SSL Session) 65 66This is a structure containing the current TLS/SSL session details for a 67connection: B<SSL_CIPHER>s, client and server certificates, keys, etc. 68 69=item B<SSL> (SSL Connection) 70 71That's the main SSL/TLS structure which is created by a server or client per 72established connection. This actually is the core structure in the SSL API. 73Under run-time the application usually deals with this structure which has 74links to mostly all other structures. 75 76=back 77 78 79=head1 HEADER FILES 80 81Currently the OpenSSL B<ssl> library provides the following C header files 82containing the prototypes for the data structures and and functions: 83 84=over 4 85 86=item B<ssl.h> 87 88That's the common header file for the SSL/TLS API. Include it into your 89program to make the API of the B<ssl> library available. It internally 90includes both more private SSL headers and headers from the B<crypto> library. 91Whenever you need hard-core details on the internals of the SSL API, look 92inside this header file. 93 94=item B<ssl2.h> 95 96That's the sub header file dealing with the SSLv2 protocol only. 97I<Usually you don't have to include it explicitly because 98it's already included by ssl.h>. 99 100=item B<ssl3.h> 101 102That's the sub header file dealing with the SSLv3 protocol only. 103I<Usually you don't have to include it explicitly because 104it's already included by ssl.h>. 105 106=item B<ssl23.h> 107 108That's the sub header file dealing with the combined use of the SSLv2 and 109SSLv3 protocols. 110I<Usually you don't have to include it explicitly because 111it's already included by ssl.h>. 112 113=item B<tls1.h> 114 115That's the sub header file dealing with the TLSv1 protocol only. 116I<Usually you don't have to include it explicitly because 117it's already included by ssl.h>. 118 119=back 120 121=head1 API FUNCTIONS 122 123Currently the OpenSSL B<ssl> library exports 214 API functions. 124They are documented in the following: 125 126=head2 DEALING WITH PROTOCOL METHODS 127 128Here we document the various API functions which deal with the SSL/TLS 129protocol methods defined in B<SSL_METHOD> structures. 130 131=over 4 132 133=item const SSL_METHOD *B<SSLv23_method>(void); 134 135Constructor for the I<version-flexible> SSL_METHOD structure for 136clients, servers or both. 137See L<SSL_CTX_new(3)> for details. 138 139=item const SSL_METHOD *B<SSLv23_client_method>(void); 140 141Constructor for the I<version-flexible> SSL_METHOD structure for 142clients. 143 144=item const SSL_METHOD *B<SSLv23_client_method>(void); 145 146Constructor for the I<version-flexible> SSL_METHOD structure for 147servers. 148 149=item const SSL_METHOD *B<TLSv1_2_method>(void); 150 151Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers 152or both. 153 154=item const SSL_METHOD *B<TLSv1_2_client_method>(void); 155 156Constructor for the TLSv1.2 SSL_METHOD structure for clients. 157 158=item const SSL_METHOD *B<TLSv1_2_server_method>(void); 159 160Constructor for the TLSv1.2 SSL_METHOD structure for servers. 161 162=item const SSL_METHOD *B<TLSv1_1_method>(void); 163 164Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers 165or both. 166 167=item const SSL_METHOD *B<TLSv1_1_client_method>(void); 168 169Constructor for the TLSv1.1 SSL_METHOD structure for clients. 170 171=item const SSL_METHOD *B<TLSv1_1_server_method>(void); 172 173Constructor for the TLSv1.1 SSL_METHOD structure for servers. 174 175=item const SSL_METHOD *B<TLSv1_method>(void); 176 177Constructor for the TLSv1 SSL_METHOD structure for clients, servers 178or both. 179 180=item const SSL_METHOD *B<TLSv1_client_method>(void); 181 182Constructor for the TLSv1 SSL_METHOD structure for clients. 183 184=item const SSL_METHOD *B<TLSv1_server_method>(void); 185 186Constructor for the TLSv1 SSL_METHOD structure for servers. 187 188=item const SSL_METHOD *B<SSLv3_method>(void); 189 190Constructor for the SSLv3 SSL_METHOD structure for clients, servers 191or both. 192 193=item const SSL_METHOD *B<SSLv3_client_method>(void); 194 195Constructor for the SSLv3 SSL_METHOD structure for clients. 196 197=item const SSL_METHOD *B<SSLv3_server_method>(void); 198 199Constructor for the SSLv3 SSL_METHOD structure for servers. 200 201=item const SSL_METHOD *B<SSLv2_method>(void); 202 203Constructor for the SSLv2 SSL_METHOD structure for clients, servers 204or both. 205 206=item const SSL_METHOD *B<SSLv2_client_method>(void); 207 208Constructor for the SSLv2 SSL_METHOD structure for clients. 209 210=item const SSL_METHOD *B<SSLv2_server_method>(void); 211 212Constructor for the SSLv2 SSL_METHOD structure for servers. 213 214=back 215 216=head2 DEALING WITH CIPHERS 217 218Here we document the various API functions which deal with the SSL/TLS 219ciphers defined in B<SSL_CIPHER> structures. 220 221=over 4 222 223=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len); 224 225Write a string to I<buf> (with a maximum size of I<len>) containing a human 226readable description of I<cipher>. Returns I<buf>. 227 228=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits); 229 230Determine the number of bits in I<cipher>. Because of export crippled ciphers 231there are two bits: The bits the algorithm supports in general (stored to 232I<alg_bits>) and the bits which are actually used (the return value). 233 234=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); 235 236Return the internal name of I<cipher> as a string. These are the various 237strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> 238definitions in the header files. 239 240=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); 241 242Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the 243SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined 244in the specification the first time). 245 246=back 247 248=head2 DEALING WITH PROTOCOL CONTEXTS 249 250Here we document the various API functions which deal with the SSL/TLS 251protocol context defined in the B<SSL_CTX> structure. 252 253=over 4 254 255=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x); 256 257=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509); 258 259=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c); 260 261=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx); 262 263=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg); 264 265=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t); 266 267=item void B<SSL_CTX_free>(SSL_CTX *a); 268 269=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx); 270 271=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); 272 273=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx); 274 275=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 276 277=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx); 278 279=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx); 280 281=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 282 283=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); 284 285=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx); 286 287=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx); 288 289=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx); 290 291=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx); 292 293=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); 294 295=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx); 296 297=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath); 298 299=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx); 300 301=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth); 302 303=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); 304 305=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); 306 307=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx); 308 309=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx); 310 311=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx); 312 313=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx); 314 315=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx); 316 317=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx); 318 319=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx); 320 321=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx); 322 323=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); 324 325=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); 326 327=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); 328 329=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx); 330 331=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx); 332 333=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx); 334 335=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t); 336 337=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); 338 339=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); 340 341=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); 342 343=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx); 344 345=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx); 346 347=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg); 348 349=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); 350 351=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg) 352 353=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); 354 355=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list); 356 357=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 358 359=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void)) 360 361=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m); 362 363=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); 364 365=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); 366 367=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); 368 369=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 370 371=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg); 372 373=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); 374 375=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); 376 377=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m); 378 379=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode); 380 381=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth); 382 383=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t); 384 385=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh); 386 387=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); 388 389=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa); 390 391=item SSL_CTX_set_tmp_rsa_callback 392 393C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));> 394 395Sets the callback which will be called when a temporary private key is 396required. The B<C<export>> flag will be set if the reason for needing 397a temp key is that an export ciphersuite is in use, in which case, 398B<C<keylength>> will contain the required keylength in bits. Generate a key of 399appropriate size (using ???) and return it. 400 401=item SSL_set_tmp_rsa_callback 402 403long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); 404 405The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL 406session instead of a context. 407 408=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) 409 410=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); 411 412=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len); 413 414=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type); 415 416=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa); 417 418=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len); 419 420=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type); 421 422=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x); 423 424=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d); 425 426=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); 427 428=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); 429 430=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint); 431 432=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); 433 434 435 436 437=back 438 439=head2 DEALING WITH SESSIONS 440 441Here we document the various API functions which deal with the SSL/TLS 442sessions defined in the B<SSL_SESSION> structures. 443 444=over 4 445 446=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b); 447 448=item void B<SSL_SESSION_free>(SSL_SESSION *ss); 449 450=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s); 451 452=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx); 453 454=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 455 456=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s); 457 458=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s); 459 460=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a); 461 462=item SSL_SESSION *B<SSL_SESSION_new>(void); 463 464=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x); 465 466=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x); 467 468=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a); 469 470=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg); 471 472=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t); 473 474=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t); 475 476=back 477 478=head2 DEALING WITH CONNECTIONS 479 480Here we document the various API functions which deal with the SSL/TLS 481connection defined in the B<SSL> structure. 482 483=over 4 484 485=item int B<SSL_accept>(SSL *ssl); 486 487=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir); 488 489=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file); 490 491=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x); 492 493=item char *B<SSL_alert_desc_string>(int value); 494 495=item char *B<SSL_alert_desc_string_long>(int value); 496 497=item char *B<SSL_alert_type_string>(int value); 498 499=item char *B<SSL_alert_type_string_long>(int value); 500 501=item int B<SSL_check_private_key>(const SSL *ssl); 502 503=item void B<SSL_clear>(SSL *ssl); 504 505=item long B<SSL_clear_num_renegotiations>(SSL *ssl); 506 507=item int B<SSL_connect>(SSL *ssl); 508 509=item void B<SSL_copy_session_id>(SSL *t, const SSL *f); 510 511=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg); 512 513=item int B<SSL_do_handshake>(SSL *ssl); 514 515=item SSL *B<SSL_dup>(SSL *ssl); 516 517=item STACK *B<SSL_dup_CA_list>(STACK *sk); 518 519=item void B<SSL_free>(SSL *ssl); 520 521=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl); 522 523=item char *B<SSL_get_app_data>(SSL *ssl); 524 525=item X509 *B<SSL_get_certificate>(const SSL *ssl); 526 527=item const char *B<SSL_get_cipher>(const SSL *ssl); 528 529=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits); 530 531=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n); 532 533=item char *B<SSL_get_cipher_name>(const SSL *ssl); 534 535=item char *B<SSL_get_cipher_version>(const SSL *ssl); 536 537=item STACK *B<SSL_get_ciphers>(const SSL *ssl); 538 539=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl); 540 541=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl); 542 543=item long B<SSL_get_default_timeout>(const SSL *ssl); 544 545=item int B<SSL_get_error>(const SSL *ssl, int i); 546 547=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx); 548 549=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void); 550 551=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) 552 553=item int B<SSL_get_fd>(const SSL *ssl); 554 555=item void (*B<SSL_get_info_callback>(const SSL *ssl);)() 556 557=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl); 558 559=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl); 560 561=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); 562 563=item int B<SSL_get_quiet_shutdown>(const SSL *ssl); 564 565=item BIO *B<SSL_get_rbio>(const SSL *ssl); 566 567=item int B<SSL_get_read_ahead>(const SSL *ssl); 568 569=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl); 570 571=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len); 572 573=item int B<SSL_get_shutdown>(const SSL *ssl); 574 575=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl); 576 577=item int B<SSL_get_state>(const SSL *ssl); 578 579=item long B<SSL_get_time>(const SSL *ssl); 580 581=item long B<SSL_get_timeout>(const SSL *ssl); 582 583=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *) 584 585=item int B<SSL_get_verify_mode>(const SSL *ssl); 586 587=item long B<SSL_get_verify_result>(const SSL *ssl); 588 589=item char *B<SSL_get_version>(const SSL *ssl); 590 591=item BIO *B<SSL_get_wbio>(const SSL *ssl); 592 593=item int B<SSL_in_accept_init>(SSL *ssl); 594 595=item int B<SSL_in_before>(SSL *ssl); 596 597=item int B<SSL_in_connect_init>(SSL *ssl); 598 599=item int B<SSL_in_init>(SSL *ssl); 600 601=item int B<SSL_is_init_finished>(SSL *ssl); 602 603=item STACK *B<SSL_load_client_CA_file>(char *file); 604 605=item void B<SSL_load_error_strings>(void); 606 607=item SSL *B<SSL_new>(SSL_CTX *ctx); 608 609=item long B<SSL_num_renegotiations>(SSL *ssl); 610 611=item int B<SSL_peek>(SSL *ssl, void *buf, int num); 612 613=item int B<SSL_pending>(const SSL *ssl); 614 615=item int B<SSL_read>(SSL *ssl, void *buf, int num); 616 617=item int B<SSL_renegotiate>(SSL *ssl); 618 619=item char *B<SSL_rstate_string>(SSL *ssl); 620 621=item char *B<SSL_rstate_string_long>(SSL *ssl); 622 623=item long B<SSL_session_reused>(SSL *ssl); 624 625=item void B<SSL_set_accept_state>(SSL *ssl); 626 627=item void B<SSL_set_app_data>(SSL *ssl, char *arg); 628 629=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio); 630 631=item int B<SSL_set_cipher_list>(SSL *ssl, char *str); 632 633=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list); 634 635=item void B<SSL_set_connect_state>(SSL *ssl); 636 637=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg); 638 639=item int B<SSL_set_fd>(SSL *ssl, int fd); 640 641=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void)) 642 643=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 644 645=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg); 646 647=item void B<SSL_set_options>(SSL *ssl, unsigned long op); 648 649=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); 650 651=item void B<SSL_set_read_ahead>(SSL *ssl, int yes); 652 653=item int B<SSL_set_rfd>(SSL *ssl, int fd); 654 655=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session); 656 657=item void B<SSL_set_shutdown>(SSL *ssl, int mode); 658 659=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth); 660 661=item void B<SSL_set_time>(SSL *ssl, long t); 662 663=item void B<SSL_set_timeout>(SSL *ssl, long t); 664 665=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void)) 666 667=item void B<SSL_set_verify_result>(SSL *ssl, long arg); 668 669=item int B<SSL_set_wfd>(SSL *ssl, int fd); 670 671=item int B<SSL_shutdown>(SSL *ssl); 672 673=item int B<SSL_state>(const SSL *ssl); 674 675=item char *B<SSL_state_string>(const SSL *ssl); 676 677=item char *B<SSL_state_string_long>(const SSL *ssl); 678 679=item long B<SSL_total_renegotiations>(SSL *ssl); 680 681=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey); 682 683=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len); 684 685=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type); 686 687=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa); 688 689=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len); 690 691=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type); 692 693=item int B<SSL_use_certificate>(SSL *ssl, X509 *x); 694 695=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d); 696 697=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type); 698 699=item int B<SSL_version>(const SSL *ssl); 700 701=item int B<SSL_want>(const SSL *ssl); 702 703=item int B<SSL_want_nothing>(const SSL *ssl); 704 705=item int B<SSL_want_read>(const SSL *ssl); 706 707=item int B<SSL_want_write>(const SSL *ssl); 708 709=item int B<SSL_want_x509_lookup>(const SSL *ssl); 710 711=item int B<SSL_write>(SSL *ssl, const void *buf, int num); 712 713=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); 714 715=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint); 716 717=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); 718 719=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl); 720 721=item const char *B<SSL_get_psk_identity>(SSL *ssl); 722 723=back 724 725=head1 SEE ALSO 726 727L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, 728L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>, 729L<SSL_connect(3)|SSL_connect(3)>, 730L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>, 731L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>, 732L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, 733L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, 734L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>, 735L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, 736L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>, 737L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>, 738L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 739L<SSL_CTX_new(3)|SSL_CTX_new(3)>, 740L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, 741L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, 742L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, 743L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>, 744L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>, 745L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>, 746L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, 747L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, 748L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, 749L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>, 750L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>, 751L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>, 752L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>, 753L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, 754L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>, 755L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, 756L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, 757L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, 758L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, 759L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, 760L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>, 761L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, 762L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, 763L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, 764L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, 765L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, 766L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>, 767L<SSL_do_handshake(3)|SSL_do_handshake(3)>, 768L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>, 769L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, 770L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, 771L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>, 772L<SSL_get_error(3)|SSL_get_error(3)>, 773L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>, 774L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>, 775L<SSL_get_fd(3)|SSL_get_fd(3)>, 776L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>, 777L<SSL_get_rbio(3)|SSL_get_rbio(3)>, 778L<SSL_get_session(3)|SSL_get_session(3)>, 779L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, 780L<SSL_get_version(3)|SSL_get_version(3)>, 781L<SSL_library_init(3)|SSL_library_init(3)>, 782L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, 783L<SSL_new(3)|SSL_new(3)>, 784L<SSL_pending(3)|SSL_pending(3)>, 785L<SSL_read(3)|SSL_read(3)>, 786L<SSL_rstate_string(3)|SSL_rstate_string(3)>, 787L<SSL_session_reused(3)|SSL_session_reused(3)>, 788L<SSL_set_bio(3)|SSL_set_bio(3)>, 789L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, 790L<SSL_set_fd(3)|SSL_set_fd(3)>, 791L<SSL_set_session(3)|SSL_set_session(3)>, 792L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, 793L<SSL_shutdown(3)|SSL_shutdown(3)>, 794L<SSL_state_string(3)|SSL_state_string(3)>, 795L<SSL_want(3)|SSL_want(3)>, 796L<SSL_write(3)|SSL_write(3)>, 797L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, 798L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>, 799L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, 800L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, 801L<SSL_CTX_set_psk_client_callback(3)|SSL_CTX_set_psk_client_callback(3)>, 802L<SSL_CTX_use_psk_identity_hint(3)|SSL_CTX_use_psk_identity_hint(3)>, 803L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)> 804 805=head1 HISTORY 806 807The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2 808 809=cut 810 811