1SSL(7)                              OpenSSL                             SSL(7)
2
3
4

NAME

6       ssl - OpenSSL SSL/TLS library
7

SYNOPSIS

9       See the individual manual pages for details.
10

DESCRIPTION

12       The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3)
13       and Transport Layer Security (TLS v1) protocols. It provides a rich API
14       which is documented here.
15
16       An SSL_CTX object is created as a framework to establish TLS/SSL
17       enabled connections (see SSL_CTX_new(3)).  Various options regarding
18       certificates, algorithms etc. can be set in this object.
19
20       When a network connection has been created, it can be assigned to an
21       SSL object. After the SSL object has been created using SSL_new(3),
22       SSL_set_fd(3) or SSL_set_bio(3) can be used to associate the network
23       connection with the object.
24
25       When the TLS/SSL handshake is performed using SSL_accept(3) or
26       SSL_connect(3) respectively.  SSL_read_ex(3), SSL_read(3),
27       SSL_write_ex(3) and SSL_write(3) are used to read and write data on the
28       TLS/SSL connection.  SSL_shutdown(3) can be used to shut down the
29       TLS/SSL connection.
30

DATA STRUCTURES

32       Currently the OpenSSL ssl library functions deals with the following
33       data structures:
34
35       SSL_METHOD (SSL Method)
36           This is a dispatch structure describing the internal ssl library
37           methods/functions which implement the various protocol versions
38           (SSLv3 TLSv1, ...). It's needed to create an SSL_CTX.
39
40       SSL_CIPHER (SSL Cipher)
41           This structure holds the algorithm information for a particular
42           cipher which are a core part of the SSL/TLS protocol. The available
43           ciphers are configured on a SSL_CTX basis and the actual ones used
44           are then part of the SSL_SESSION.
45
46       SSL_CTX (SSL Context)
47           This is the global context structure which is created by a server
48           or client once per program life-time and which holds mainly default
49           values for the SSL structures which are later created for the
50           connections.
51
52       SSL_SESSION (SSL Session)
53           This is a structure containing the current TLS/SSL session details
54           for a connection: SSL_CIPHERs, client and server certificates,
55           keys, etc.
56
57       SSL (SSL Connection)
58           This is the main SSL/TLS structure which is created by a server or
59           client per established connection. This actually is the core
60           structure in the SSL API.  At run-time the application usually
61           deals with this structure which has links to mostly all other
62           structures.
63

HEADER FILES

65       Currently the OpenSSL ssl library provides the following C header files
66       containing the prototypes for the data structures and functions:
67
68       ssl.h
69           This is the common header file for the SSL/TLS API.  Include it
70           into your program to make the API of the ssl library available. It
71           internally includes both more private SSL headers and headers from
72           the crypto library.  Whenever you need hard-core details on the
73           internals of the SSL API, look inside this header file.
74
75       ssl2.h
76           Unused. Present for backwards compatibility only.
77
78       ssl3.h
79           This is the sub header file dealing with the SSLv3 protocol only.
80           Usually you don't have to include it explicitly because it's
81           already included by ssl.h.
82
83       tls1.h
84           This is the sub header file dealing with the TLSv1 protocol only.
85           Usually you don't have to include it explicitly because it's
86           already included by ssl.h.
87

API FUNCTIONS

89       Currently the OpenSSL ssl library exports 214 API functions.  They are
90       documented in the following:
91
92   Dealing with Protocol Methods
93       Here we document the various API functions which deal with the SSL/TLS
94       protocol methods defined in SSL_METHOD structures.
95
96       const SSL_METHOD *TLS_method(void);
97           Constructor for the version-flexible SSL_METHOD structure for
98           clients, servers or both.  See SSL_CTX_new(3) for details.
99
100       const SSL_METHOD *TLS_client_method(void);
101           Constructor for the version-flexible SSL_METHOD structure for
102           clients.  Must be used to support the TLSv1.3 protocol.
103
104       const SSL_METHOD *TLS_server_method(void);
105           Constructor for the version-flexible SSL_METHOD structure for
106           servers.  Must be used to support the TLSv1.3 protocol.
107
108       const SSL_METHOD *TLSv1_2_method(void);
109           Constructor for the TLSv1.2 SSL_METHOD structure for clients,
110           servers or both.
111
112       const SSL_METHOD *TLSv1_2_client_method(void);
113           Constructor for the TLSv1.2 SSL_METHOD structure for clients.
114
115       const SSL_METHOD *TLSv1_2_server_method(void);
116           Constructor for the TLSv1.2 SSL_METHOD structure for servers.
117
118       const SSL_METHOD *TLSv1_1_method(void);
119           Constructor for the TLSv1.1 SSL_METHOD structure for clients,
120           servers or both.
121
122       const SSL_METHOD *TLSv1_1_client_method(void);
123           Constructor for the TLSv1.1 SSL_METHOD structure for clients.
124
125       const SSL_METHOD *TLSv1_1_server_method(void);
126           Constructor for the TLSv1.1 SSL_METHOD structure for servers.
127
128       const SSL_METHOD *TLSv1_method(void);
129           Constructor for the TLSv1 SSL_METHOD structure for clients, servers
130           or both.
131
132       const SSL_METHOD *TLSv1_client_method(void);
133           Constructor for the TLSv1 SSL_METHOD structure for clients.
134
135       const SSL_METHOD *TLSv1_server_method(void);
136           Constructor for the TLSv1 SSL_METHOD structure for servers.
137
138       const SSL_METHOD *SSLv3_method(void);
139           Constructor for the SSLv3 SSL_METHOD structure for clients, servers
140           or both.
141
142       const SSL_METHOD *SSLv3_client_method(void);
143           Constructor for the SSLv3 SSL_METHOD structure for clients.
144
145       const SSL_METHOD *SSLv3_server_method(void);
146           Constructor for the SSLv3 SSL_METHOD structure for servers.
147
148   Dealing with Ciphers
149       Here we document the various API functions which deal with the SSL/TLS
150       ciphers defined in SSL_CIPHER structures.
151
152       char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);
153           Write a string to buf (with a maximum size of len) containing a
154           human readable description of cipher. Returns buf.
155
156       int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
157           Determine the number of bits in cipher. Because of export crippled
158           ciphers there are two bits: The bits the algorithm supports in
159           general (stored to alg_bits) and the bits which are actually used
160           (the return value).
161
162       const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
163           Return the internal name of cipher as a string. These are the
164           various strings defined by the SSL3_TXT_xxx and TLS1_TXT_xxx
165           definitions in the header files.
166
167       const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
168           Returns a string like ""SSLv3"" or ""TLSv1.2"" which indicates the
169           SSL/TLS protocol version to which cipher belongs (i.e. where it was
170           defined in the specification the first time).
171
172   Dealing with Protocol Contexts
173       Here we document the various API functions which deal with the SSL/TLS
174       protocol context defined in the SSL_CTX structure.
175
176       int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
177       long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
178       int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
179       int SSL_CTX_check_private_key(const SSL_CTX *ctx);
180       long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
181       void SSL_CTX_flush_sessions(SSL_CTX *s, long t);
182       void SSL_CTX_free(SSL_CTX *a);
183       char *SSL_CTX_get_app_data(SSL_CTX *ctx);
184       X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
185       STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
186       STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
187       int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
188       EVP_PKEY **pkey);
189       void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
190       char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
191       int SSL_CTX_get_ex_new_index(long argl, char *argp, int
192       (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
193       void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int
194       ret);
195       int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
196       void SSL_CTX_get_read_ahead(SSL_CTX *ctx);
197       int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);
198       long SSL_CTX_get_timeout(const SSL_CTX *ctx);
199       int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok,
200       X509_STORE_CTX *ctx);
201       int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
202       int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
203       const char *CApath);
204       SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
205       int SSL_CTX_up_ref(SSL_CTX *ctx);
206       int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
207       int SSL_CTX_sess_accept(SSL_CTX *ctx);
208       int SSL_CTX_sess_accept_good(SSL_CTX *ctx);
209       int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
210       int SSL_CTX_sess_cache_full(SSL_CTX *ctx);
211       int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
212       int SSL_CTX_sess_connect(SSL_CTX *ctx);
213       int SSL_CTX_sess_connect_good(SSL_CTX *ctx);
214       int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
215       int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
216       SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
217       unsigned char *data, int len, int *copy);
218       int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION
219       *sess);
220       void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx,
221       SSL_SESSION *sess);
222       int SSL_CTX_sess_hits(SSL_CTX *ctx);
223       int SSL_CTX_sess_misses(SSL_CTX *ctx);
224       int SSL_CTX_sess_number(SSL_CTX *ctx);
225       void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);
226       void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl,
227       unsigned char *data, int len, int *copy));
228       void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
229       SSL_SESSION *sess));
230       void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx,
231       SSL_SESSION *sess));
232       int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
233       LHASH *SSL_CTX_sessions(SSL_CTX *ctx);
234       int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
235       void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);
236       void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);
237       void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)
238       int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);
239       void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
240       void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509
241       **x509, EVP_PKEY **pkey));
242       int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
243       ssl_ct_validation_cb callback, void *arg);
244       void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))
245       void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
246       int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
247           Use the default paths to locate trusted CA certificates. There is
248           one default directory path and one default file path. Both are set
249           via this call.
250
251       int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
252           Use the default directory path to locate trusted CA certificates.
253
254       int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
255           Use the file path to locate trusted CA certificates.
256
257       int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
258       void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int
259       cb, int ret));
260       void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int
261       version, int content_type, const void *buf, size_t len, SSL *ssl, void
262       *arg));
263       void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
264       unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
265       unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
266       unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
267       void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
268       void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);
269       void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);
270       int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
271       void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
272       long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);
273       long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));
274       void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))
275       int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
276       int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char
277       *d, long len);
278       int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int
279       type);
280       int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
281       int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long
282       len);
283       int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int
284       type);
285       int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
286       int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char
287       *d);
288       int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int
289       type);
290       int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey,
291       STACK_OF(X509) *chain, int override);
292       X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
293       EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
294       void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int
295       (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int
296       max_identity_len, unsigned char *psk, unsigned int max_psk_len));
297       int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
298       void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int
299       (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int
300       max_psk_len));
301
302   Dealing with Sessions
303       Here we document the various API functions which deal with the SSL/TLS
304       sessions defined in the SSL_SESSION structures.
305
306       int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);
307       void SSL_SESSION_free(SSL_SESSION *ss);
308       char *SSL_SESSION_get_app_data(SSL_SESSION *s);
309       char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
310       int SSL_SESSION_get_ex_new_index(long argl, char *argp, int
311       (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
312       long SSL_SESSION_get_time(const SSL_SESSION *s);
313       long SSL_SESSION_get_timeout(const SSL_SESSION *s);
314       unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
315       SSL_SESSION *SSL_SESSION_new(void);
316       int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);
317       int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);
318       int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);
319       int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);
320       long SSL_SESSION_set_time(SSL_SESSION *s, long t);
321       long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
322
323   Dealing with Connections
324       Here we document the various API functions which deal with the SSL/TLS
325       connection defined in the SSL structure.
326
327       int SSL_accept(SSL *ssl);
328       int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);
329       int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char
330       *file);
331       int SSL_add_client_CA(SSL *ssl, X509 *x);
332       char *SSL_alert_desc_string(int value);
333       char *SSL_alert_desc_string_long(int value);
334       char *SSL_alert_type_string(int value);
335       char *SSL_alert_type_string_long(int value);
336       int SSL_check_private_key(const SSL *ssl);
337       void SSL_clear(SSL *ssl);
338       long SSL_clear_num_renegotiations(SSL *ssl);
339       int SSL_connect(SSL *ssl);
340       int SSL_copy_session_id(SSL *t, const SSL *f);
341           Sets the session details for t to be the same as in f. Returns 1 on
342           success or 0 on failure.
343
344       long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
345       int SSL_do_handshake(SSL *ssl);
346       SSL *SSL_dup(SSL *ssl);
347           SSL_dup() allows applications to configure an SSL handle for use in
348           multiple SSL connections, and then duplicate it prior to initiating
349           each connection with the duplicated handle.  Use of SSL_dup()
350           avoids the need to repeat the configuration of the handles for each
351           connection.
352
353           For SSL_dup() to work, the connection MUST be in its initial state
354           and MUST NOT have not yet have started the SSL handshake.  For
355           connections that are not in their initial state SSL_dup() just
356           increments an internal reference count and returns the same handle.
357           It may be possible to use SSL_clear(3) to recycle an SSL handle
358           that is not in its initial state for re-use, but this is best
359           avoided.  Instead, save and restore the session, if desired, and
360           construct a fresh handle for each connection.
361
362       STACK *SSL_dup_CA_list(STACK *sk);
363       void SSL_free(SSL *ssl);
364       SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
365       char *SSL_get_app_data(SSL *ssl);
366       X509 *SSL_get_certificate(const SSL *ssl);
367       const char *SSL_get_cipher(const SSL *ssl);
368       int SSL_is_dtls(const SSL *ssl);
369       int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
370       char *SSL_get_cipher_list(const SSL *ssl, int n);
371       char *SSL_get_cipher_name(const SSL *ssl);
372       char *SSL_get_cipher_version(const SSL *ssl);
373       STACK *SSL_get_ciphers(const SSL *ssl);
374       STACK *SSL_get_client_CA_list(const SSL *ssl);
375       SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
376       long SSL_get_default_timeout(const SSL *ssl);
377       int SSL_get_error(const SSL *ssl, int i);
378       char *SSL_get_ex_data(const SSL *ssl, int idx);
379       int SSL_get_ex_data_X509_STORE_CTX_idx(void);
380       int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void),
381       int (*dup_func)(void), void (*free_func)(void))
382       int SSL_get_fd(const SSL *ssl);
383       void (*SSL_get_info_callback(const SSL *ssl);)()
384       int SSL_get_key_update_type(SSL *s);
385       STACK *SSL_get_peer_cert_chain(const SSL *ssl);
386       X509 *SSL_get_peer_certificate(const SSL *ssl);
387       const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
388       EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
389       int SSL_get_quiet_shutdown(const SSL *ssl);
390       BIO *SSL_get_rbio(const SSL *ssl);
391       int SSL_get_read_ahead(const SSL *ssl);
392       SSL_SESSION *SSL_get_session(const SSL *ssl);
393       char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);
394       int SSL_get_shutdown(const SSL *ssl);
395       const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
396       int SSL_get_state(const SSL *ssl);
397       long SSL_get_time(const SSL *ssl);
398       long SSL_get_timeout(const SSL *ssl);
399       int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)
400       int SSL_get_verify_mode(const SSL *ssl);
401       long SSL_get_verify_result(const SSL *ssl);
402       char *SSL_get_version(const SSL *ssl);
403       BIO *SSL_get_wbio(const SSL *ssl);
404       int SSL_in_accept_init(SSL *ssl);
405       int SSL_in_before(SSL *ssl);
406       int SSL_in_connect_init(SSL *ssl);
407       int SSL_in_init(SSL *ssl);
408       int SSL_is_init_finished(SSL *ssl);
409       int SSL_key_update(SSL *s, int updatetype);
410       STACK *SSL_load_client_CA_file(const char *file);
411       SSL *SSL_new(SSL_CTX *ctx);
412       int SSL_up_ref(SSL *s);
413       long SSL_num_renegotiations(SSL *ssl);
414       int SSL_peek(SSL *ssl, void *buf, int num);
415       int SSL_pending(const SSL *ssl);
416       int SSL_read(SSL *ssl, void *buf, int num);
417       int SSL_renegotiate(SSL *ssl);
418       char *SSL_rstate_string(SSL *ssl);
419       char *SSL_rstate_string_long(SSL *ssl);
420       long SSL_session_reused(SSL *ssl);
421       void SSL_set_accept_state(SSL *ssl);
422       void SSL_set_app_data(SSL *ssl, char *arg);
423       void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
424       int SSL_set_cipher_list(SSL *ssl, char *str);
425       void SSL_set_client_CA_list(SSL *ssl, STACK *list);
426       void SSL_set_connect_state(SSL *ssl);
427       int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb
428       callback, void *arg);
429       int SSL_set_ex_data(SSL *ssl, int idx, char *arg);
430       int SSL_set_fd(SSL *ssl, int fd);
431       void SSL_set_info_callback(SSL *ssl, void (*cb);(void))
432       void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int
433       version, int content_type, const void *buf, size_t len, SSL *ssl, void
434       *arg));
435       void SSL_set_msg_callback_arg(SSL *ctx, void *arg);
436       unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
437       unsigned long SSL_get_options(SSL *ssl);
438       unsigned long SSL_set_options(SSL *ssl, unsigned long op);
439       void SSL_set_quiet_shutdown(SSL *ssl, int mode);
440       void SSL_set_read_ahead(SSL *ssl, int yes);
441       int SSL_set_rfd(SSL *ssl, int fd);
442       int SSL_set_session(SSL *ssl, SSL_SESSION *session);
443       void SSL_set_shutdown(SSL *ssl, int mode);
444       int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);
445       void SSL_set_time(SSL *ssl, long t);
446       void SSL_set_timeout(SSL *ssl, long t);
447       void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))
448       void SSL_set_verify_result(SSL *ssl, long arg);
449       int SSL_set_wfd(SSL *ssl, int fd);
450       int SSL_shutdown(SSL *ssl);
451       OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
452           Returns the current handshake state.
453
454       char *SSL_state_string(const SSL *ssl);
455       char *SSL_state_string_long(const SSL *ssl);
456       long SSL_total_renegotiations(SSL *ssl);
457       int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
458       int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long
459       len);
460       int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
461       int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
462       int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
463       int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
464       int SSL_use_certificate(SSL *ssl, X509 *x);
465       int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
466       int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
467       int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey,
468       STACK_OF(X509) *chain, int override);
469       int SSL_version(const SSL *ssl);
470       int SSL_want(const SSL *ssl);
471       int SSL_want_nothing(const SSL *ssl);
472       int SSL_want_read(const SSL *ssl);
473       int SSL_want_write(const SSL *ssl);
474       int SSL_want_x509_lookup(const SSL *ssl);
475       int SSL_write(SSL *ssl, const void *buf, int num);
476       void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL
477       *ssl, const char *hint, char *identity, unsigned int max_identity_len,
478       unsigned char *psk, unsigned int max_psk_len));
479       int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
480       void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL
481       *ssl, const char *identity, unsigned char *psk, int max_psk_len));
482       const char *SSL_get_psk_identity_hint(SSL *ssl);
483       const char *SSL_get_psk_identity(SSL *ssl);
484

RETURN VALUES

486       See the individual manual pages for details.
487

SEE ALSO

489       openssl(1), crypto(7), CRYPTO_get_ex_new_index(3), SSL_accept(3),
490       SSL_clear(3), SSL_connect(3), SSL_CIPHER_get_name(3),
491       SSL_COMP_add_compression_method(3), SSL_CTX_add_extra_chain_cert(3),
492       SSL_CTX_add_session(3), SSL_CTX_ctrl(3), SSL_CTX_flush_sessions(3),
493       SSL_CTX_get_verify_mode(3), SSL_CTX_load_verify_locations(3)
494       SSL_CTX_new(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3),
495       SSL_CTX_sess_set_get_cb(3), SSL_CTX_sessions(3),
496       SSL_CTX_set_cert_store(3), SSL_CTX_set_cert_verify_callback(3),
497       SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3),
498       SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3),
499       SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3),
500       SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3),
501       SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3),
502       SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_read_ahead(3),
503       SSL_CTX_set_security_level(3), SSL_CTX_set_session_cache_mode(3),
504       SSL_CTX_set_session_id_context(3), SSL_CTX_set_ssl_version(3),
505       SSL_CTX_set_timeout(3), SSL_CTX_set_tmp_dh_callback(3),
506       SSL_CTX_set_verify(3), SSL_CTX_use_certificate(3),
507       SSL_alert_type_string(3), SSL_do_handshake(3), SSL_enable_ct(3),
508       SSL_get_SSL_CTX(3), SSL_get_ciphers(3), SSL_get_client_CA_list(3),
509       SSL_get_default_timeout(3), SSL_get_error(3),
510       SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_get_fd(3),
511       SSL_get_peer_cert_chain(3), SSL_get_rbio(3), SSL_get_session(3),
512       SSL_get_verify_result(3), SSL_get_version(3),
513       SSL_load_client_CA_file(3), SSL_new(3), SSL_pending(3), SSL_read_ex(3),
514       SSL_read(3), SSL_rstate_string(3), SSL_session_reused(3),
515       SSL_set_bio(3), SSL_set_connect_state(3), SSL_set_fd(3),
516       SSL_set_session(3), SSL_set_shutdown(3), SSL_shutdown(3),
517       SSL_state_string(3), SSL_want(3), SSL_write_ex(3), SSL_write(3),
518       SSL_SESSION_free(3), SSL_SESSION_get_time(3), d2i_SSL_SESSION(3),
519       SSL_CTX_set_psk_client_callback(3), SSL_CTX_use_psk_identity_hint(3),
520       SSL_get_psk_identity(3), DTLSv1_listen(3)
521

HISTORY

523       SSLv2_client_method, SSLv2_server_method and SSLv2_method were removed
524       in OpenSSL 1.1.0.
525
526       The return type of SSL_copy_session_id was changed from void to int in
527       OpenSSL 1.1.0.
528
530       Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
531
532       Licensed under the OpenSSL license (the "License").  You may not use
533       this file except in compliance with the License.  You can obtain a copy
534       in the file LICENSE in the source distribution or at
535       <https://www.openssl.org/source/license.html>.
536
537
538
5391.1.1                             2018-09-11                            SSL(7)
Impressum