1SSL(7) OpenSSL SSL(7)
2
3
4
6 ssl - OpenSSL SSL/TLS library
7
9 See the individual manual pages for details.
10
12 The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3)
13 and Transport Layer Security (TLS v1) protocols. It provides a rich API
14 which is documented here.
15
16 An SSL_CTX object is created as a framework to establish TLS/SSL
17 enabled connections (see SSL_CTX_new(3)). Various options regarding
18 certificates, algorithms etc. can be set in this object.
19
20 When a network connection has been created, it can be assigned to an
21 SSL object. After the SSL object has been created using SSL_new(3),
22 SSL_set_fd(3) or SSL_set_bio(3) can be used to associate the network
23 connection with the object.
24
25 When the TLS/SSL handshake is performed using SSL_accept(3) or
26 SSL_connect(3) respectively. SSL_read_ex(3), SSL_read(3),
27 SSL_write_ex(3) and SSL_write(3) are used to read and write data on the
28 TLS/SSL connection. SSL_shutdown(3) can be used to shut down the
29 TLS/SSL connection.
30
32 Currently the OpenSSL ssl library functions deals with the following
33 data structures:
34
35 SSL_METHOD (SSL Method)
36 This is a dispatch structure describing the internal ssl library
37 methods/functions which implement the various protocol versions
38 (SSLv3 TLSv1, ...). It's needed to create an SSL_CTX.
39
40 SSL_CIPHER (SSL Cipher)
41 This structure holds the algorithm information for a particular
42 cipher which are a core part of the SSL/TLS protocol. The available
43 ciphers are configured on a SSL_CTX basis and the actual ones used
44 are then part of the SSL_SESSION.
45
46 SSL_CTX (SSL Context)
47 This is the global context structure which is created by a server
48 or client once per program life-time and which holds mainly default
49 values for the SSL structures which are later created for the
50 connections.
51
52 SSL_SESSION (SSL Session)
53 This is a structure containing the current TLS/SSL session details
54 for a connection: SSL_CIPHERs, client and server certificates,
55 keys, etc.
56
57 SSL (SSL Connection)
58 This is the main SSL/TLS structure which is created by a server or
59 client per established connection. This actually is the core
60 structure in the SSL API. At run-time the application usually
61 deals with this structure which has links to mostly all other
62 structures.
63
65 Currently the OpenSSL ssl library provides the following C header files
66 containing the prototypes for the data structures and functions:
67
68 ssl.h
69 This is the common header file for the SSL/TLS API. Include it
70 into your program to make the API of the ssl library available. It
71 internally includes both more private SSL headers and headers from
72 the crypto library. Whenever you need hard-core details on the
73 internals of the SSL API, look inside this header file.
74
75 ssl2.h
76 Unused. Present for backwards compatibility only.
77
78 ssl3.h
79 This is the sub header file dealing with the SSLv3 protocol only.
80 Usually you don't have to include it explicitly because it's
81 already included by ssl.h.
82
83 tls1.h
84 This is the sub header file dealing with the TLSv1 protocol only.
85 Usually you don't have to include it explicitly because it's
86 already included by ssl.h.
87
89 Currently the OpenSSL ssl library exports 214 API functions. They are
90 documented in the following:
91
92 Dealing with Protocol Methods
93 Here we document the various API functions which deal with the SSL/TLS
94 protocol methods defined in SSL_METHOD structures.
95
96 const SSL_METHOD *TLS_method(void);
97 Constructor for the version-flexible SSL_METHOD structure for
98 clients, servers or both. See SSL_CTX_new(3) for details.
99
100 const SSL_METHOD *TLS_client_method(void);
101 Constructor for the version-flexible SSL_METHOD structure for
102 clients. Must be used to support the TLSv1.3 protocol.
103
104 const SSL_METHOD *TLS_server_method(void);
105 Constructor for the version-flexible SSL_METHOD structure for
106 servers. Must be used to support the TLSv1.3 protocol.
107
108 const SSL_METHOD *TLSv1_2_method(void);
109 Constructor for the TLSv1.2 SSL_METHOD structure for clients,
110 servers or both.
111
112 const SSL_METHOD *TLSv1_2_client_method(void);
113 Constructor for the TLSv1.2 SSL_METHOD structure for clients.
114
115 const SSL_METHOD *TLSv1_2_server_method(void);
116 Constructor for the TLSv1.2 SSL_METHOD structure for servers.
117
118 const SSL_METHOD *TLSv1_1_method(void);
119 Constructor for the TLSv1.1 SSL_METHOD structure for clients,
120 servers or both.
121
122 const SSL_METHOD *TLSv1_1_client_method(void);
123 Constructor for the TLSv1.1 SSL_METHOD structure for clients.
124
125 const SSL_METHOD *TLSv1_1_server_method(void);
126 Constructor for the TLSv1.1 SSL_METHOD structure for servers.
127
128 const SSL_METHOD *TLSv1_method(void);
129 Constructor for the TLSv1 SSL_METHOD structure for clients, servers
130 or both.
131
132 const SSL_METHOD *TLSv1_client_method(void);
133 Constructor for the TLSv1 SSL_METHOD structure for clients.
134
135 const SSL_METHOD *TLSv1_server_method(void);
136 Constructor for the TLSv1 SSL_METHOD structure for servers.
137
138 const SSL_METHOD *SSLv3_method(void);
139 Constructor for the SSLv3 SSL_METHOD structure for clients, servers
140 or both.
141
142 const SSL_METHOD *SSLv3_client_method(void);
143 Constructor for the SSLv3 SSL_METHOD structure for clients.
144
145 const SSL_METHOD *SSLv3_server_method(void);
146 Constructor for the SSLv3 SSL_METHOD structure for servers.
147
148 Dealing with Ciphers
149 Here we document the various API functions which deal with the SSL/TLS
150 ciphers defined in SSL_CIPHER structures.
151
152 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);
153 Write a string to buf (with a maximum size of len) containing a
154 human readable description of cipher. Returns buf.
155
156 int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
157 Determine the number of bits in cipher. Because of export crippled
158 ciphers there are two bits: The bits the algorithm supports in
159 general (stored to alg_bits) and the bits which are actually used
160 (the return value).
161
162 const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
163 Return the internal name of cipher as a string. These are the
164 various strings defined by the SSL3_TXT_xxx and TLS1_TXT_xxx
165 definitions in the header files.
166
167 const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
168 Returns a string like ""SSLv3"" or ""TLSv1.2"" which indicates the
169 SSL/TLS protocol version to which cipher belongs (i.e. where it was
170 defined in the specification the first time).
171
172 Dealing with Protocol Contexts
173 Here we document the various API functions which deal with the SSL/TLS
174 protocol context defined in the SSL_CTX structure.
175
176 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
177 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
178 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
179 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
180 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
181 void SSL_CTX_flush_sessions(SSL_CTX *s, long t);
182 void SSL_CTX_free(SSL_CTX *a);
183 char *SSL_CTX_get_app_data(SSL_CTX *ctx);
184 X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
185 STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
186 STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
187 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
188 EVP_PKEY **pkey);
189 void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
190 char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
191 int SSL_CTX_get_ex_new_index(long argl, char *argp, int
192 (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
193 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int
194 ret);
195 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
196 void SSL_CTX_get_read_ahead(SSL_CTX *ctx);
197 int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);
198 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
199 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok,
200 X509_STORE_CTX *ctx);
201 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
202 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
203 const char *CApath);
204 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
205 int SSL_CTX_up_ref(SSL_CTX *ctx);
206 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
207 int SSL_CTX_sess_accept(SSL_CTX *ctx);
208 int SSL_CTX_sess_accept_good(SSL_CTX *ctx);
209 int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
210 int SSL_CTX_sess_cache_full(SSL_CTX *ctx);
211 int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
212 int SSL_CTX_sess_connect(SSL_CTX *ctx);
213 int SSL_CTX_sess_connect_good(SSL_CTX *ctx);
214 int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
215 int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
216 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
217 unsigned char *data, int len, int *copy);
218 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION
219 *sess);
220 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx,
221 SSL_SESSION *sess);
222 int SSL_CTX_sess_hits(SSL_CTX *ctx);
223 int SSL_CTX_sess_misses(SSL_CTX *ctx);
224 int SSL_CTX_sess_number(SSL_CTX *ctx);
225 void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);
226 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl,
227 unsigned char *data, int len, int *copy));
228 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
229 SSL_SESSION *sess));
230 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx,
231 SSL_SESSION *sess));
232 int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
233 LHASH *SSL_CTX_sessions(SSL_CTX *ctx);
234 int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
235 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);
236 void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);
237 void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)
238 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);
239 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
240 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509
241 **x509, EVP_PKEY **pkey));
242 int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
243 ssl_ct_validation_cb callback, void *arg);
244 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))
245 void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
246 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
247 Use the default paths to locate trusted CA certificates. There is
248 one default directory path and one default file path. Both are set
249 via this call.
250
251 int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
252 Use the default directory path to locate trusted CA certificates.
253
254 int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
255 Use the file path to locate trusted CA certificates.
256
257 int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
258 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int
259 cb, int ret));
260 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int
261 version, int content_type, const void *buf, size_t len, SSL *ssl, void
262 *arg));
263 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
264 unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
265 unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
266 unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
267 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
268 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);
269 void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);
270 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
271 void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
272 long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);
273 long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));
274 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))
275 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
276 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char
277 *d, long len);
278 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int
279 type);
280 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
281 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long
282 len);
283 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int
284 type);
285 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
286 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char
287 *d);
288 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int
289 type);
290 int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey,
291 STACK_OF(X509) *chain, int override);
292 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
293 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
294 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int
295 (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int
296 max_identity_len, unsigned char *psk, unsigned int max_psk_len));
297 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
298 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int
299 (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int
300 max_psk_len));
301
302 Dealing with Sessions
303 Here we document the various API functions which deal with the SSL/TLS
304 sessions defined in the SSL_SESSION structures.
305
306 int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);
307 void SSL_SESSION_free(SSL_SESSION *ss);
308 char *SSL_SESSION_get_app_data(SSL_SESSION *s);
309 char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
310 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int
311 (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
312 long SSL_SESSION_get_time(const SSL_SESSION *s);
313 long SSL_SESSION_get_timeout(const SSL_SESSION *s);
314 unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
315 SSL_SESSION *SSL_SESSION_new(void);
316 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);
317 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);
318 int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);
319 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);
320 long SSL_SESSION_set_time(SSL_SESSION *s, long t);
321 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
322
323 Dealing with Connections
324 Here we document the various API functions which deal with the SSL/TLS
325 connection defined in the SSL structure.
326
327 int SSL_accept(SSL *ssl);
328 int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);
329 int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char
330 *file);
331 int SSL_add_client_CA(SSL *ssl, X509 *x);
332 char *SSL_alert_desc_string(int value);
333 char *SSL_alert_desc_string_long(int value);
334 char *SSL_alert_type_string(int value);
335 char *SSL_alert_type_string_long(int value);
336 int SSL_check_private_key(const SSL *ssl);
337 void SSL_clear(SSL *ssl);
338 long SSL_clear_num_renegotiations(SSL *ssl);
339 int SSL_connect(SSL *ssl);
340 int SSL_copy_session_id(SSL *t, const SSL *f);
341 Sets the session details for t to be the same as in f. Returns 1 on
342 success or 0 on failure.
343
344 long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
345 int SSL_do_handshake(SSL *ssl);
346 SSL *SSL_dup(SSL *ssl);
347 SSL_dup() allows applications to configure an SSL handle for use in
348 multiple SSL connections, and then duplicate it prior to initiating
349 each connection with the duplicated handle. Use of SSL_dup()
350 avoids the need to repeat the configuration of the handles for each
351 connection.
352
353 For SSL_dup() to work, the connection MUST be in its initial state
354 and MUST NOT have not yet have started the SSL handshake. For
355 connections that are not in their initial state SSL_dup() just
356 increments an internal reference count and returns the same handle.
357 It may be possible to use SSL_clear(3) to recycle an SSL handle
358 that is not in its initial state for re-use, but this is best
359 avoided. Instead, save and restore the session, if desired, and
360 construct a fresh handle for each connection.
361
362 STACK *SSL_dup_CA_list(STACK *sk);
363 void SSL_free(SSL *ssl);
364 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
365 char *SSL_get_app_data(SSL *ssl);
366 X509 *SSL_get_certificate(const SSL *ssl);
367 const char *SSL_get_cipher(const SSL *ssl);
368 int SSL_is_dtls(const SSL *ssl);
369 int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
370 char *SSL_get_cipher_list(const SSL *ssl, int n);
371 char *SSL_get_cipher_name(const SSL *ssl);
372 char *SSL_get_cipher_version(const SSL *ssl);
373 STACK *SSL_get_ciphers(const SSL *ssl);
374 STACK *SSL_get_client_CA_list(const SSL *ssl);
375 SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
376 long SSL_get_default_timeout(const SSL *ssl);
377 int SSL_get_error(const SSL *ssl, int i);
378 char *SSL_get_ex_data(const SSL *ssl, int idx);
379 int SSL_get_ex_data_X509_STORE_CTX_idx(void);
380 int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void),
381 int (*dup_func)(void), void (*free_func)(void))
382 int SSL_get_fd(const SSL *ssl);
383 void (*SSL_get_info_callback(const SSL *ssl);)()
384 int SSL_get_key_update_type(SSL *s);
385 STACK *SSL_get_peer_cert_chain(const SSL *ssl);
386 X509 *SSL_get_peer_certificate(const SSL *ssl);
387 const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
388 EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
389 int SSL_get_quiet_shutdown(const SSL *ssl);
390 BIO *SSL_get_rbio(const SSL *ssl);
391 int SSL_get_read_ahead(const SSL *ssl);
392 SSL_SESSION *SSL_get_session(const SSL *ssl);
393 char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);
394 int SSL_get_shutdown(const SSL *ssl);
395 const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
396 int SSL_get_state(const SSL *ssl);
397 long SSL_get_time(const SSL *ssl);
398 long SSL_get_timeout(const SSL *ssl);
399 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)
400 int SSL_get_verify_mode(const SSL *ssl);
401 long SSL_get_verify_result(const SSL *ssl);
402 char *SSL_get_version(const SSL *ssl);
403 BIO *SSL_get_wbio(const SSL *ssl);
404 int SSL_in_accept_init(SSL *ssl);
405 int SSL_in_before(SSL *ssl);
406 int SSL_in_connect_init(SSL *ssl);
407 int SSL_in_init(SSL *ssl);
408 int SSL_is_init_finished(SSL *ssl);
409 int SSL_key_update(SSL *s, int updatetype);
410 STACK *SSL_load_client_CA_file(const char *file);
411 SSL *SSL_new(SSL_CTX *ctx);
412 int SSL_up_ref(SSL *s);
413 long SSL_num_renegotiations(SSL *ssl);
414 int SSL_peek(SSL *ssl, void *buf, int num);
415 int SSL_pending(const SSL *ssl);
416 int SSL_read(SSL *ssl, void *buf, int num);
417 int SSL_renegotiate(SSL *ssl);
418 char *SSL_rstate_string(SSL *ssl);
419 char *SSL_rstate_string_long(SSL *ssl);
420 long SSL_session_reused(SSL *ssl);
421 void SSL_set_accept_state(SSL *ssl);
422 void SSL_set_app_data(SSL *ssl, char *arg);
423 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
424 int SSL_set_cipher_list(SSL *ssl, char *str);
425 void SSL_set_client_CA_list(SSL *ssl, STACK *list);
426 void SSL_set_connect_state(SSL *ssl);
427 int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb
428 callback, void *arg);
429 int SSL_set_ex_data(SSL *ssl, int idx, char *arg);
430 int SSL_set_fd(SSL *ssl, int fd);
431 void SSL_set_info_callback(SSL *ssl, void (*cb);(void))
432 void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int
433 version, int content_type, const void *buf, size_t len, SSL *ssl, void
434 *arg));
435 void SSL_set_msg_callback_arg(SSL *ctx, void *arg);
436 unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
437 unsigned long SSL_get_options(SSL *ssl);
438 unsigned long SSL_set_options(SSL *ssl, unsigned long op);
439 void SSL_set_quiet_shutdown(SSL *ssl, int mode);
440 void SSL_set_read_ahead(SSL *ssl, int yes);
441 int SSL_set_rfd(SSL *ssl, int fd);
442 int SSL_set_session(SSL *ssl, SSL_SESSION *session);
443 void SSL_set_shutdown(SSL *ssl, int mode);
444 int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);
445 void SSL_set_time(SSL *ssl, long t);
446 void SSL_set_timeout(SSL *ssl, long t);
447 void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))
448 void SSL_set_verify_result(SSL *ssl, long arg);
449 int SSL_set_wfd(SSL *ssl, int fd);
450 int SSL_shutdown(SSL *ssl);
451 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
452 Returns the current handshake state.
453
454 char *SSL_state_string(const SSL *ssl);
455 char *SSL_state_string_long(const SSL *ssl);
456 long SSL_total_renegotiations(SSL *ssl);
457 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
458 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long
459 len);
460 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
461 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
462 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
463 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
464 int SSL_use_certificate(SSL *ssl, X509 *x);
465 int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
466 int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
467 int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey,
468 STACK_OF(X509) *chain, int override);
469 int SSL_version(const SSL *ssl);
470 int SSL_want(const SSL *ssl);
471 int SSL_want_nothing(const SSL *ssl);
472 int SSL_want_read(const SSL *ssl);
473 int SSL_want_write(const SSL *ssl);
474 int SSL_want_x509_lookup(const SSL *ssl);
475 int SSL_write(SSL *ssl, const void *buf, int num);
476 void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL
477 *ssl, const char *hint, char *identity, unsigned int max_identity_len,
478 unsigned char *psk, unsigned int max_psk_len));
479 int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
480 void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL
481 *ssl, const char *identity, unsigned char *psk, int max_psk_len));
482 const char *SSL_get_psk_identity_hint(SSL *ssl);
483 const char *SSL_get_psk_identity(SSL *ssl);
484
486 See the individual manual pages for details.
487
489 openssl(1), crypto(7), CRYPTO_get_ex_new_index(3), SSL_accept(3),
490 SSL_clear(3), SSL_connect(3), SSL_CIPHER_get_name(3),
491 SSL_COMP_add_compression_method(3), SSL_CTX_add_extra_chain_cert(3),
492 SSL_CTX_add_session(3), SSL_CTX_ctrl(3), SSL_CTX_flush_sessions(3),
493 SSL_CTX_get_verify_mode(3), SSL_CTX_load_verify_locations(3)
494 SSL_CTX_new(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3),
495 SSL_CTX_sess_set_get_cb(3), SSL_CTX_sessions(3),
496 SSL_CTX_set_cert_store(3), SSL_CTX_set_cert_verify_callback(3),
497 SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3),
498 SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3),
499 SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3),
500 SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3),
501 SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3),
502 SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_read_ahead(3),
503 SSL_CTX_set_security_level(3), SSL_CTX_set_session_cache_mode(3),
504 SSL_CTX_set_session_id_context(3), SSL_CTX_set_ssl_version(3),
505 SSL_CTX_set_timeout(3), SSL_CTX_set_tmp_dh_callback(3),
506 SSL_CTX_set_verify(3), SSL_CTX_use_certificate(3),
507 SSL_alert_type_string(3), SSL_do_handshake(3), SSL_enable_ct(3),
508 SSL_get_SSL_CTX(3), SSL_get_ciphers(3), SSL_get_client_CA_list(3),
509 SSL_get_default_timeout(3), SSL_get_error(3),
510 SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_get_fd(3),
511 SSL_get_peer_cert_chain(3), SSL_get_rbio(3), SSL_get_session(3),
512 SSL_get_verify_result(3), SSL_get_version(3),
513 SSL_load_client_CA_file(3), SSL_new(3), SSL_pending(3), SSL_read_ex(3),
514 SSL_read(3), SSL_rstate_string(3), SSL_session_reused(3),
515 SSL_set_bio(3), SSL_set_connect_state(3), SSL_set_fd(3),
516 SSL_set_session(3), SSL_set_shutdown(3), SSL_shutdown(3),
517 SSL_state_string(3), SSL_want(3), SSL_write_ex(3), SSL_write(3),
518 SSL_SESSION_free(3), SSL_SESSION_get_time(3), d2i_SSL_SESSION(3),
519 SSL_CTX_set_psk_client_callback(3), SSL_CTX_use_psk_identity_hint(3),
520 SSL_get_psk_identity(3), DTLSv1_listen(3)
521
523 SSLv2_client_method, SSLv2_server_method and SSLv2_method were removed
524 in OpenSSL 1.1.0.
525
526 The return type of SSL_copy_session_id was changed from void to int in
527 OpenSSL 1.1.0.
528
530 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
531
532 Licensed under the OpenSSL license (the "License"). You may not use
533 this file except in compliance with the License. You can obtain a copy
534 in the file LICENSE in the source distribution or at
535 <https://www.openssl.org/source/license.html>.
536
537
538
5391.1.1 2018-09-11 SSL(7)