1Net::SSLeay(3)        User Contributed Perl Documentation       Net::SSLeay(3)
2
3
4

NAME

6       Net::SSLeay - Perl extension for using OpenSSL
7

SYNOPSIS

9         use Net::SSLeay qw(get_https post_https sslcat make_headers make_form);
10
11         ($page) = get_https('www.bacus.pt', 443, '/');                 # Case 1
12
13         ($page, $response, %reply_headers)
14                = get_https('www.bacus.pt', 443, '/',                   # Case 2
15                       make_headers(User-Agent => 'Cryptozilla/5.0b1',
16                                    Referer    => 'https://www.bacus.pt'
17                       ));
18
19         ($page, $result, %headers) =                                   # Case 2b
20                = get_https('www.bacus.pt', 443, '/protected.html',
21                     make_headers(Authorization =>
22                                  'Basic ' . MIME::Base64::encode("$user:$pass",''))
23                     );
24
25         ($page, $response, %reply_headers)
26                = post_https('www.bacus.pt', 443, '/foo.cgi', '',       # Case 3
27                       make_form(OK   => '1',
28                                 name => 'Sampo'
29                       ));
30
31         $reply = sslcat($host, $port, $request);                       # Case 4
32
33         ($reply, $err, $server_cert) = sslcat($host, $port, $request); # Case 5
34
35         $Net::SSLeay::trace = 2;  # 0=no debugging, 1=ciphers, 2=trace, 3=dump data
36
37         Net::SSLeay::initialize(); # Initialize ssl library once
38

DESCRIPTION

40       This module provides Perl bindings for libssl (an SSL/TLS API) and
41       libcrypto (a cryptography API).
42

COMPATIBILITY

44       Net::SSLeay supports the following libssl implementations:
45
46       •   Any stable release of OpenSSL <https://www.openssl.org> in the
47           0.9.8 - 1.1.1 branches, except for OpenSSL 0.9.8 - 0.9.8b.
48
49       •   Any stable release of LibreSSL <https://www.libressl.org> in the
50           2.0 - 3.1 series.
51
52       Net::SSLeay may not function as expected with newer releases than the
53       ones listed above due to libssl API incompatibilities, or, in the case
54       of LibreSSL, because of deviations from the libssl API.
55
56       Net::SSLeay is only as secure as the underlying libssl implementation
57       you use.  Although Net::SSLeay maintains compatibility with old
58       versions of OpenSSL and LibreSSL, it is strongly recommended that you
59       use a version of OpenSSL or LibreSSL that is supported by the
60       OpenSSL/LibreSSL developers and/or your operating system vendor. Many
61       unsupported versions of OpenSSL and LibreSSL are known to contain
62       severe security vulnerabilities. Refer to the OpenSSL Release Strategy
63       <https://www.openssl.org/policies/releasestrat.html> and LibreSSL
64       Support Schedule <https://www.libressl.org/releases.html> for
65       information on which versions are currently supported.
66
67       The libssl API has changed significantly since OpenSSL 0.9.8: hundreds
68       of functions have been added, deprecated or removed in the intervening
69       versions.  Although this documentation lists all of the functions and
70       constants that Net::SSLeay may expose, they will not be available for
71       use if they are missing from the underlying libssl implementation.
72       Refer to the compatibility notes in this documentation, as well as the
73       OpenSSL/LibreSSL manual pages, for information on which
74       OpenSSL/LibreSSL versions support each function or constant. At run-
75       time, you can check whether a function or constant is exposed before
76       calling it using the following convention:
77
78           if ( defined &Net::SSLeay::libssl_function ) {
79               # libssl_function() (or SSL_libssl_function()) is available
80               Net::SSLeay::libssl_function(...);
81           }
82

OVERVIEW

84       Net::SSLeay module basically comprise of:
85
86       •   High level functions for accessing web servers (by using
87           HTTP/HTTPS)
88
89       •   Low level API (mostly mapped 1:1 to openssl's C functions)
90
91       •   Convenience functions (related to low level API but with more perl
92           friendly interface)
93
94       There is also a related module called Net::SSLeay::Handle included in
95       this distribution that you might want to use instead. It has its own
96       pod documentation.
97
98   High level functions for accessing web servers
99       This module offers some high level convenience functions for accessing
100       web pages on SSL servers (for symmetry, the same API is offered for
101       accessing http servers, too), an "sslcat()" function for writing your
102       own clients, and finally access to the SSL api of the SSLeay/OpenSSL
103       package so you can write servers or clients for more complicated
104       applications.
105
106       For high level functions it is most convenient to import them into your
107       main namespace as indicated in the synopsis.
108
109       Basic set of functions
110
111       •   get_https
112
113       •   post_https
114
115       •   put_https
116
117       •   head_https
118
119       •   do_https
120
121       •   sslcat
122
123       •   https_cat
124
125       •   make_form
126
127       •   make_headers
128
129       Case 1 (in SYNOPSIS) demonstrates the typical invocation of get_https()
130       to fetch an HTML page from secure server. The first argument provides
131       the hostname or IP in dotted decimal notation of the remote server to
132       contact. The second argument is the TCP port at the remote end (your
133       own port is picked arbitrarily from high numbered ports as usual for
134       TCP). The third argument is the URL of the page without the host name
135       part. If in doubt consult the HTTP specifications at
136       <http://www.w3c.org>.
137
138       Case 2 (in SYNOPSIS) demonstrates full fledged use of "get_https()". As
139       can be seen, "get_https()" parses the response and response headers and
140       returns them as a list, which can be captured in a hash for later
141       reference. Also a fourth argument to "get_https()" is used to insert
142       some additional headers in the request. "make_headers()" is a function
143       that will convert a list or hash to such headers. By default
144       "get_https()" supplies "Host" (to make virtual hosting easy) and
145       "Accept" (reportedly needed by IIS) headers.
146
147       Case 2b (in SYNOPSIS) demonstrates how to get a password protected
148       page. Refer to the HTTP protocol specifications for further details
149       (e.g. RFC-2617).
150
151       Case 3 (in SYNOPSIS) invokes "post_https()" to submit a HTML/CGI form
152       to a secure server. The first four arguments are equal to "get_https()"
153       (note that the empty string ('') is passed as header argument).  The
154       fifth argument is the contents of the form formatted according to CGI
155       specification.  Do not post UTF-8 data as content: use utf8::downgrade
156       first. In this case the helper function "make_https()" is used to do
157       the formatting, but you could pass any string. "post_https()"
158       automatically adds "Content-Type" and "Content-Length" headers to the
159       request.
160
161       Case 4 (in SYNOPSIS) shows the fundamental "sslcat()" function
162       (inspired in spirit by the "netcat" utility :-). It's your swiss army
163       knife that allows you to easily contact servers, send some data, and
164       then get the response. You are responsible for formatting the data and
165       parsing the response - "sslcat()" is just a transport.
166
167       Case 5 (in SYNOPSIS) is a full invocation of "sslcat()" which allows
168       the return of errors as well as the server (peer) certificate.
169
170       The $trace global variable can be used to control the verbosity of the
171       high level functions. Level 0 guarantees silence, level 1 (the default)
172       only emits error messages.
173
174       Alternate versions of high-level API
175
176       •   get_https3
177
178       •   post_https3
179
180       •   put_https3
181
182       •   get_https4
183
184       •   post_https4
185
186       •   put_https4
187
188       The above mentioned functions actually return the response headers as a
189       list, which only gets converted to hash upon assignment (this
190       assignment looses information if the same header occurs twice, as may
191       be the case with cookies). There are also other variants of the
192       functions that return unprocessed headers and that return a reference
193       to a hash.
194
195         ($page, $response, @headers) = get_https('www.bacus.pt', 443, '/');
196         for ($i = 0; $i < $#headers; $i+=2) {
197             print "$headers[$i] = " . $headers[$i+1] . "\n";
198         }
199
200         ($page, $response, $headers, $server_cert)
201           = get_https3('www.bacus.pt', 443, '/');
202         print "$headers\n";
203
204         ($page, $response, $headers_ref)
205           = get_https4('www.bacus.pt', 443, '/');
206         for $k (sort keys %{$headers_ref}) {
207             for $v (@{$$headers_ref{$k}}) {
208                 print "$k = $v\n";
209             }
210         }
211
212       All of the above code fragments accomplish the same thing: display all
213       values of all headers. The API functions ending in "3" return the
214       headers simply as a scalar string and it is up to the application to
215       split them up. The functions ending in "4" return a reference to a hash
216       of arrays (see perlref and perllol if you are not familiar with complex
217       perl data structures). To access a single value of such a header hash
218       you would do something like
219
220         print $$headers_ref{COOKIE}[0];
221
222       Variants 3 and 4 also allow you to discover the server certificate in
223       case you would like to store or display it, e.g.
224
225         ($p, $resp, $hdrs, $server_cert) = get_https3('www.bacus.pt', 443, '/');
226         if (!defined($server_cert) || ($server_cert == 0)) {
227             warn "Subject Name: undefined, Issuer  Name: undefined";
228         } else {
229             warn 'Subject Name: '
230                 . Net::SSLeay::X509_NAME_oneline(
231                        Net::SSLeay::X509_get_subject_name($server_cert))
232                     . 'Issuer  Name: '
233                         . Net::SSLeay::X509_NAME_oneline(
234                                Net::SSLeay::X509_get_issuer_name($server_cert));
235         }
236
237       Beware that this method only allows after the fact verification of the
238       certificate: by the time "get_https3()" has returned the https request
239       has already been sent to the server, whether you decide to trust it or
240       not. To do the verification correctly you must either employ the
241       OpenSSL certificate verification framework or use the lower level API
242       to first connect and verify the certificate and only then send the http
243       data. See the implementation of "ds_https3()" for guidance on how to do
244       this.
245
246       Using client certificates
247
248       Secure web communications are encrypted using symmetric crypto keys
249       exchanged using encryption based on the certificate of the server.
250       Therefore in all SSL connections the server must have a certificate.
251       This serves both to authenticate the server to the clients and to
252       perform the key exchange.
253
254       Sometimes it is necessary to authenticate the client as well. Two
255       options are available: HTTP basic authentication and a client side
256       certificate. The basic authentication over HTTPS is actually quite safe
257       because HTTPS guarantees that the password will not travel in the
258       clear. Never-the-less, problems like easily guessable passwords remain.
259       The client certificate method involves authentication of the client at
260       the SSL level using a certificate. For this to work, both the client
261       and the server have certificates (which typically are different) and
262       private keys.
263
264       The API functions outlined above accept additional arguments that allow
265       one to supply the client side certificate and key files. The format of
266       these files is the same as used for server certificates and the caveat
267       about encrypting private keys applies.
268
269         ($page, $result, %headers) =                                   # 2c
270                = get_https('www.bacus.pt', 443, '/protected.html',
271                     make_headers(Authorization =>
272                                  'Basic ' . MIME::Base64::encode("$user:$pass",'')),
273                     '', $mime_type6, $path_to_crt7, $path_to_key8);
274
275         ($page, $response, %reply_headers)
276                = post_https('www.bacus.pt', 443, '/foo.cgi',           # 3b
277                     make_headers('Authorization' =>
278                                  'Basic ' . MIME::Base64::encode("$user:$pass",'')),
279                     make_form(OK   => '1', name => 'Sampo'),
280                     $mime_type6, $path_to_crt7, $path_to_key8);
281
282       Case 2c (in SYNOPSIS) demonstrates getting a password protected page
283       that also requires a client certificate, i.e. it is possible to use
284       both authentication methods simultaneously.
285
286       Case 3b (in SYNOPSIS) is a full blown POST to a secure server that
287       requires both password authentication and a client certificate, just
288       like in case 2c.
289
290       Note: The client will not send a certificate unless the server requests
291       one.  This is typically achieved by setting the verify mode to
292       "VERIFY_PEER" on the server:
293
294         Net::SSLeay::set_verify(ssl, Net::SSLeay::VERIFY_PEER, 0);
295
296       See "perldoc ~openssl/doc/ssl/SSL_CTX_set_verify.pod" for a full
297       description.
298
299       Working through a web proxy
300
301       •   set_proxy
302
303       "Net::SSLeay" can use a web proxy to make its connections. You need to
304       first set the proxy host and port using "set_proxy()" and then just use
305       the normal API functions, e.g:
306
307         Net::SSLeay::set_proxy('gateway.myorg.com', 8080);
308         ($page) = get_https('www.bacus.pt', 443, '/');
309
310       If your proxy requires authentication, you can supply a username and
311       password as well
312
313         Net::SSLeay::set_proxy('gateway.myorg.com', 8080, 'joe', 'salainen');
314         ($page, $result, %headers) =
315                = get_https('www.bacus.pt', 443, '/protected.html',
316                     make_headers(Authorization =>
317                                  'Basic ' . MIME::Base64::encode("susie:pass",''))
318                     );
319
320       This example demonstrates the case where we authenticate to the proxy
321       as "joe" and to the final web server as "susie". Proxy authentication
322       requires the "MIME::Base64" module to work.
323
324       HTTP (without S) API
325
326       •   get_http
327
328       •   post_http
329
330       •   tcpcat
331
332       •   get_httpx
333
334       •   post_httpx
335
336       •   tcpxcat
337
338       Over the years it has become clear that it would be convenient to use
339       the light-weight flavour API of "Net::SSLeay" for normal HTTP as well
340       (see "LWP" for the heavy-weight object-oriented approach). In fact it
341       would be nice to be able to flip https on and off on the fly. Thus
342       regular HTTP support was evolved.
343
344         use Net::SSLeay qw(get_http post_http tcpcat
345                             get_httpx post_httpx tcpxcat
346                             make_headers make_form);
347
348         ($page, $result, %headers)
349                = get_http('www.bacus.pt', 443, '/protected.html',
350                     make_headers(Authorization =>
351                                  'Basic ' . MIME::Base64::encode("$user:$pass",''))
352                     );
353
354         ($page, $response, %reply_headers)
355                = post_http('www.bacus.pt', 443, '/foo.cgi', '',
356                       make_form(OK   => '1',
357                                 name => 'Sampo'
358                       ));
359
360         ($reply, $err) = tcpcat($host, $port, $request);
361
362         ($page, $result, %headers)
363                = get_httpx($usessl, 'www.bacus.pt', 443, '/protected.html',
364                     make_headers(Authorization =>
365                                  'Basic ' . MIME::Base64::encode("$user:$pass",''))
366                     );
367
368         ($page, $response, %reply_headers)
369                = post_httpx($usessl, 'www.bacus.pt', 443, '/foo.cgi', '',
370                       make_form(OK   => '1',  name => 'Sampo' ));
371
372         ($reply, $err, $server_cert) = tcpxcat($usessl, $host, $port, $request);
373
374       As can be seen, the "x" family of APIs takes as the first argument a
375       flag which indicates whether SSL is used or not.
376
377   Certificate verification and Certificate Revocation Lists (CRLs)
378       OpenSSL supports the ability to verify peer certificates. It can also
379       optionally check the peer certificate against a Certificate Revocation
380       List (CRL) from the certificates issuer. A CRL is a file, created by
381       the certificate issuer that lists all the certificates that it
382       previously signed, but which it now revokes. CRLs are in PEM format.
383
384       You can enable "Net::SSLeay CRL" checking like this:
385
386                   &Net::SSLeay::X509_STORE_set_flags
387                       (&Net::SSLeay::CTX_get_cert_store($ssl),
388                        &Net::SSLeay::X509_V_FLAG_CRL_CHECK);
389
390       After setting this flag, if OpenSSL checks a peer's certificate, then
391       it will attempt to find a CRL for the issuer. It does this by looking
392       for a specially named file in the search directory specified by
393       CTX_load_verify_locations.  CRL files are named with the hash of the
394       issuer's subject name, followed by ".r0", ".r1" etc.  For example
395       "ab1331b2.r0", "ab1331b2.r1". It will read all the .r files for the
396       issuer, and then check for a revocation of the peer certificate in all
397       of them.  (You can also force it to look in a specific named CRL file.,
398       see below).  You can find out the hash of the issuer subject name in a
399       CRL with
400
401               openssl crl -in crl.pem -hash -noout
402
403       If the peer certificate does not pass the revocation list, or if no CRL
404       is found, then the handshaking fails with an error.
405
406       You can also force OpenSSL to look for CRLs in one or more arbitrarily
407       named files.
408
409           my $bio = Net::SSLeay::BIO_new_file($crlfilename, 'r');
410           my $crl = Net::SSLeay::PEM_read_bio_X509_CRL($bio);
411           if ($crl) {
412               Net::SSLeay::X509_STORE_add_crl(
413                    Net::SSLeay::CTX_get_cert_store($ssl, $crl)
414               );
415           } else {
416               error reading CRL....
417           }
418
419       Usually the URLs where you can download the CRLs is contained in the
420       certificate itself and you can extract them with
421
422           my @url = Net::SSLeay::P_X509_get_crl_distribution_points($cert)
423
424       But there is no automatic downloading of the CRLs and often these CRLs
425       are too huge to just download them to verify a single certificate.
426       Also, these CRLs are often in DER format which you need to convert to
427       PEM before you can use it:
428
429           openssl crl -in crl.der -inform der -out crl.pem
430
431       So as an alternative for faster and timely revocation checks you better
432       use the Online Status Revocation Protocol (OCSP).
433
434   Certificate verification and Online Status Revocation Protocol (OCSP)
435       While checking for revoked certificates is possible and fast with
436       Certificate Revocation Lists, you need to download the complete and
437       often huge list before you can verify a single certificate.
438
439       A faster way is to ask the CA to check the revocation of just a single
440       or a few certificates using OCSP. Basically you generate for each
441       certificate an OCSP_CERTID based on the certificate itself and its
442       issuer, put the ids togetether into an OCSP_REQUEST and send the
443       request to the URL given in the certificate.
444
445       As a result you get back an OCSP_RESPONSE and need to check the status
446       of the response, check that it is valid (e.g. signed by the CA) and
447       finally extract the information about each OCSP_CERTID to find out if
448       the certificate is still valid or got revoked.
449
450       With Net::SSLeay this can be done like this:
451
452           # get id(s) for given certs, like from get_peer_certificate
453           # or get_peer_cert_chain. This will croak if
454           # - one tries to make an OCSP_CERTID for a self-signed certificate
455           # - the issuer of the certificate cannot be found in the SSL objects
456           #   store, nor in the current certificate chain
457           my $cert = Net::SSLeay::get_peer_certificate($ssl);
458           my $id = eval { Net::SSLeay::OCSP_cert2ids($ssl,$cert) };
459           die "failed to make OCSP_CERTID: $@" if $@;
460
461           # create OCSP_REQUEST from id(s)
462           # Multiple can be put into the same request, if the same OCSP responder
463           # is responsible for them.
464           my $req = Net::SSLeay::OCSP_ids2req($id);
465
466           # determine URI of OCSP responder
467           my $uri = Net::SSLeay::P_X509_get_ocsp_uri($cert);
468
469           # Send stringified OCSP_REQUEST with POST to $uri.
470           # We can ignore certificate verification for https, because the OCSP
471           # response itself is signed.
472           my $ua = HTTP::Tiny->new(verify_SSL => 0);
473           my $res = $ua->request( 'POST',$uri, {
474               headers => { 'Content-type' => 'application/ocsp-request' },
475               content => Net::SSLeay::i2d_OCSP_REQUEST($req)
476           });
477           my $content = $res && $res->{success} && $res->{content}
478               or die "query failed";
479
480           # Extract OCSP_RESPONSE.
481           # this will croak if the string is not an OCSP_RESPONSE
482           my $resp = eval { Net::SSLeay::d2i_OCSP_RESPONSE($content) };
483
484           # Check status of response.
485           my $status = Net::SSLeay::OCSP_response_status($resp);
486           if ($status != Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL())
487               die "OCSP response failed: ".
488                   Net::SSLeay::OCSP_response_status_str($status);
489           }
490
491           # Verify signature of response and if nonce matches request.
492           # This will croak if there is a nonce in the response, but it does not match
493           # the request. It will return false if the signature could not be verified,
494           # in which case details can be retrieved with Net::SSLeay::ERR_get_error.
495           # It will not complain if the response does not contain a nonce, which is
496           # usually the case with pre-signed responses.
497           if ( ! eval { Net::SSLeay::OCSP_response_verify($ssl,$resp,$req) }) {
498               die "OCSP response verification failed";
499           }
500
501           # Extract information from OCSP_RESPONSE for each of the ids.
502
503           # If called in scalar context it will return the time (as time_t), when the
504           # next update is due (minimum of all successful responses inside $resp). It
505           # will croak on the following problems:
506           # - response is expired or not yet valid
507           # - no response for given OCSP_CERTID
508           # - certificate status is not good (e.g. revoked or unknown)
509           if ( my $nextupd = eval { Net::SSLeay::OCSP_response_results($resp,$id) }) {
510               warn "certificate is valid, next update in ".
511                   ($nextupd-time())." seconds\n";
512           } else {
513               die "certificate is not valid: $@";
514           }
515
516           # But in array context it will return detailed information about each given
517           # OCSP_CERTID instead croaking on errors:
518           # if no @ids are given it will return information about all single responses
519           # in the OCSP_RESPONSE
520           my @results = Net::SSLeay::OCSP_response_results($resp,@ids);
521           for my $r (@results) {
522               print Dumper($r);
523               # @results are in the same order as the @ids and contain:
524               # $r->[0] - OCSP_CERTID
525               # $r->[1] - undef if no error (certificate good) OR error message as string
526               # $r->[2] - hash with details:
527               #   thisUpdate - time_t of this single response
528               #   nextUpdate - time_t when update is expected
529               #   statusType - integer:
530               #      V_OCSP_CERTSTATUS_GOOD(0)
531               #      V_OCSP_CERTSTATUS_REVOKED(1)
532               #      V_OCSP_CERTSTATUS_UNKNOWN(2)
533               #   revocationTime - time_t (only if revoked)
534               #   revocationReason - integer (only if revoked)
535               #   revocationReason_str - reason as string (only if revoked)
536           }
537
538       To further speed up certificate revocation checking one can use a TLS
539       extension to instruct the server to staple the OCSP response:
540
541           # set TLS extension before doing SSL_connect
542           Net::SSLeay::set_tlsext_status_type($ssl,
543               Net::SSLeay::TLSEXT_STATUSTYPE_ocsp());
544
545           # setup callback to verify OCSP response
546           my $cert_valid = undef;
547           Net::SSLeay::CTX_set_tlsext_status_cb($context,sub {
548               my ($ssl,$resp) = @_;
549               if (!$resp) {
550                   # Lots of servers don't return an OCSP response.
551                   # In this case we must check the OCSP status outside the SSL
552                   # handshake.
553                   warn "server did not return stapled OCSP response\n";
554                   return 1;
555               }
556               # verify status
557               my $status = Net::SSLeay::OCSP_response_status($resp);
558               if ($status != Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL()) {
559                   warn "OCSP response failure: $status\n";
560                   return 1;
561               }
562               # verify signature - we have no OCSP_REQUEST here to check nonce
563               if (!eval { Net::SSLeay::OCSP_response_verify($ssl,$resp) }) {
564                   warn "OCSP response verify failed\n";
565                   return 1;
566               }
567               # check if the certificate is valid
568               # we should check here against the peer_certificate
569               my $cert = Net::SSLeay::get_peer_certificate();
570               my $certid = eval { Net::SSLeay::OCSP_cert2ids($ssl,$cert) } or do {
571                   warn "cannot get certid from cert: $@";
572                   $cert_valid = -1;
573                   return 1;
574               };
575
576               if ( $nextupd = eval {
577                   Net::SSLeay::OCSP_response_results($resp,$certid) }) {
578                   warn "certificate not revoked\n";
579                   $cert_valid = 1;
580               } else {
581                   warn "certificate not valid: $@";
582                   $cert_valid = 0;
583               }
584           });
585
586           # do SSL handshake here
587           ....
588           # check if certificate revocation was checked already
589           if ( ! defined $cert_valid) {
590               # check revocation outside of SSL handshake by asking OCSP responder
591               ...
592           } elsif ( ! $cert_valid ) {
593               die "certificate not valid - closing SSL connection";
594           } elsif ( $cert_valid<0 ) {
595               die "cannot verify certificate revocation - self-signed ?";
596           } else {
597               # everything fine
598               ...
599           }
600
601   Using Net::SSLeay in multi-threaded applications
602       IMPORTANT: versions 1.42 or earlier are not thread-safe!
603
604       Net::SSLeay module implements all necessary stuff to be ready for
605       multi-threaded environment - it requires openssl-0.9.7 or newer. The
606       implementation fully follows thread safety related requirements of
607       openssl library(see <http://www.openssl.org/docs/crypto/threads.html>).
608
609       If you are about to use Net::SSLeay (or any other module based on
610       Net::SSLeay) in multi-threaded perl application it is recommended to
611       follow this best-practice:
612
613       Initialization
614
615       Load and initialize Net::SSLeay module in the main thread:
616
617           use threads;
618           use Net::SSLeay;
619
620           Net::SSLeay::load_error_strings();
621           Net::SSLeay::SSLeay_add_ssl_algorithms();
622           Net::SSLeay::randomize();
623
624           sub do_master_job {
625             #... call whatever from Net::SSLeay
626           }
627
628           sub do_worker_job {
629             #... call whatever from Net::SSLeay
630           }
631
632           #start threads
633           my $master  = threads->new(\&do_master_job, 'param1', 'param2');
634           my @workers = threads->new(\&do_worker_job, 'arg1', 'arg2') for (1..10);
635
636           #waiting for all threads to finish
637           $_->join() for (threads->list);
638
639       NOTE: Openssl's "int SSL_library_init(void)" function (which is also
640       aliased as "SSLeay_add_ssl_algorithms", "OpenSSL_add_ssl_algorithms"
641       and "add_ssl_algorithms") is not re-entrant and multiple calls can
642       cause a crash in threaded application.  Net::SSLeay implements flags
643       preventing repeated calls to this function, therefore even multiple
644       initialization via Net::SSLeay::SSLeay_add_ssl_algorithms() should work
645       without trouble.
646
647       Using callbacks
648
649       Do not use callbacks across threads (the module blocks cross-thread
650       callback operations and throws a warning). Always do the callback
651       setup, callback use and callback destruction within the same thread.
652
653       Using openssl elements
654
655       All openssl elements (X509, SSL_CTX, ...) can be directly passed
656       between threads.
657
658           use threads;
659           use Net::SSLeay;
660
661           Net::SSLeay::load_error_strings();
662           Net::SSLeay::SSLeay_add_ssl_algorithms();
663           Net::SSLeay::randomize();
664
665           sub do_job {
666             my $context = shift;
667             Net::SSLeay::CTX_set_default_passwd_cb($context, sub { "secret" });
668             #...
669           }
670
671           my $c = Net::SSLeay::CTX_new();
672           threads->create(\&do_job, $c);
673
674       Or:
675
676           use threads;
677           use Net::SSLeay;
678
679           my $context; #does not need to be 'shared'
680
681           Net::SSLeay::load_error_strings();
682           Net::SSLeay::SSLeay_add_ssl_algorithms();
683           Net::SSLeay::randomize();
684
685           sub do_job {
686             Net::SSLeay::CTX_set_default_passwd_cb($context, sub { "secret" });
687             #...
688           }
689
690           $context = Net::SSLeay::CTX_new();
691           threads->create(\&do_job);
692
693       Using other perl modules based on Net::SSLeay
694
695       It should be fine to use any other module based on Net::SSLeay (like
696       IO::Socket::SSL) in multi-threaded applications. It is generally
697       recommended to do any global initialization of such a module in the
698       main thread before calling "threads->new(..)" or "threads->create(..)"
699       but it might differ module by module.
700
701       To be safe you can load and init Net::SSLeay explicitly in the main
702       thread:
703
704           use Net::SSLeay;
705           use Other::SSLeay::Based::Module;
706
707           Net::SSLeay::load_error_strings();
708           Net::SSLeay::SSLeay_add_ssl_algorithms();
709           Net::SSLeay::randomize();
710
711       Or even safer:
712
713           use Net::SSLeay;
714           use Other::SSLeay::Based::Module;
715
716           BEGIN {
717             Net::SSLeay::load_error_strings();
718             Net::SSLeay::SSLeay_add_ssl_algorithms();
719             Net::SSLeay::randomize();
720           }
721
722       Combining Net::SSLeay with other modules linked with openssl
723
724       BEWARE: This might be a big trouble! This is not guaranteed be thread-
725       safe!
726
727       There are many other (XS) modules linked directly to openssl library
728       (like Crypt::SSLeay).
729
730       As it is expected that also "another" module will call
731       "SSLeay_add_ssl_algorithms" at some point we have again a trouble with
732       multiple openssl initialization by Net::SSLeay and "another" module.
733
734       As you can expect Net::SSLeay is not able to avoid multiple
735       initialization of openssl library called by "another" module, thus you
736       have to handle this on your own (in some cases it might not be possible
737       at all to avoid this).
738
739       Threading with get_https and friends
740
741       The convenience functions get_https, post_https etc all initialize the
742       SSL library by calling Net::SSLeay::initialize which does the
743       conventional library initialization:
744
745           Net::SSLeay::load_error_strings();
746           Net::SSLeay::SSLeay_add_ssl_algorithms();
747           Net::SSLeay::randomize();
748
749       Net::SSLeay::initialize initializes the SSL library at most once.  You
750       can override the Net::SSLeay::initialize function if you desire some
751       other type of initialization behaviour by get_https and friends.  You
752       can call Net::SSLeay::initialize from your own code if you desire this
753       conventional library initialization.
754
755   Convenience routines
756       To be used with Low level API
757
758           Net::SSLeay::randomize($rn_seed_file,$additional_seed);
759           Net::SSLeay::set_cert_and_key($ctx, $cert_path, $key_path);
760           $cert = Net::SSLeay::dump_peer_certificate($ssl);
761           Net::SSLeay::ssl_write_all($ssl, $message) or die "ssl write failure";
762           $got = Net::SSLeay::ssl_read_all($ssl) or die "ssl read failure";
763
764           $got = Net::SSLeay::ssl_read_CRLF($ssl [, $max_length]);
765           $got = Net::SSLeay::ssl_read_until($ssl [, $delimit [, $max_length]]);
766           Net::SSLeay::ssl_write_CRLF($ssl, $message);
767
768       •   randomize
769
770           seeds the openssl PRNG with "/dev/urandom" (see the top of
771           "SSLeay.pm" for how to change or configure this) and optionally
772           with user provided data. It is very important to properly seed your
773           random numbers, so do not forget to call this. The high level API
774           functions automatically call "randomize()" so it is not needed with
775           them. See also caveats.
776
777       •   set_cert_and_key
778
779           takes two file names as arguments and sets the certificate and
780           private key to those. This can be used to set either server
781           certificates or client certificates.
782
783       •   dump_peer_certificate
784
785           allows you to get a plaintext description of the certificate the
786           peer (usually the server) presented to us.
787
788       •   ssl_read_all
789
790           see ssl_write_all (below)
791
792       •   ssl_write_all
793
794           "ssl_read_all()" and "ssl_write_all()" provide true blocking
795           semantics for these operations (see limitation, below, for
796           explanation). These are much preferred to the low level API
797           equivalents (which implement BSD blocking semantics). The message
798           argument to "ssl_write_all()" can be a reference. This is helpful
799           to avoid unnecessary copying when writing something big, e.g:
800
801               $data = 'A' x 1000000000;
802               Net::SSLeay::ssl_write_all($ssl, \$data) or die "ssl write failed";
803
804       •   ssl_read_CRLF
805
806           uses "ssl_read_all()" to read in a line terminated with a carriage
807           return followed by a linefeed (CRLF).  The CRLF is included in the
808           returned scalar.
809
810       •   ssl_read_until
811
812           uses "ssl_read_all()" to read from the SSL input stream until it
813           encounters a programmer specified delimiter.  If the delimiter is
814           undefined, $/ is used.  If $/ is undefined, "\n" is used.  One can
815           optionally set a maximum length of bytes to read from the SSL input
816           stream.
817
818       •   ssl_write_CRLF
819
820           writes $message and appends CRLF to the SSL output stream.
821
822   Initialization
823       In order to use the low level API you should start your programs with
824       the following incantation:
825
826               use Net::SSLeay qw(die_now die_if_ssl_error);
827               Net::SSLeay::load_error_strings();
828               Net::SSLeay::SSLeay_add_ssl_algorithms();    # Important!
829               Net::SSLeay::ENGINE_load_builtin_engines();  # If you want built-in engines
830               Net::SSLeay::ENGINE_register_all_complete(); # If you want built-in engines
831               Net::SSLeay::randomize();
832
833   Error handling functions
834       I can not emphasize the need to check for error enough. Use these
835       functions even in the most simple programs, they will reduce debugging
836       time greatly. Do not ask questions on the mailing list without having
837       first sprinkled these in your code.
838
839       •   die_now
840
841       •   die_if_ssl_error
842
843           "die_now()" and "die_if_ssl_error()" are used to conveniently print
844           the SSLeay error stack when something goes wrong:
845
846                   Net::SSLeay::connect($ssl) or die_now("Failed SSL connect ($!)");
847
848
849                   Net::SSLeay::write($ssl, "foo") or die_if_ssl_error("SSL write ($!)");
850
851       •   print_errs
852
853           You can also use "Net::SSLeay::print_errs()" to dump the error
854           stack without exiting the program. As can be seen, your code
855           becomes much more readable if you import the error reporting
856           functions into your main name space.
857
858   Sockets
859       Perl uses file handles for all I/O. While SSLeay has a quite flexible
860       BIO mechanism and perl has an evolved PerlIO mechanism, this module
861       still sticks to using file descriptors. Thus to attach SSLeay to a
862       socket you should use "fileno()" to extract the underlying file
863       descriptor:
864
865           Net::SSLeay::set_fd($ssl, fileno(S));   # Must use fileno
866
867       You should also set $| to 1 to eliminate STDIO buffering so you do not
868       get confused if you use perl I/O functions to manipulate your socket
869       handle.
870
871       If you need to select(2) on the socket, go right ahead, but be warned
872       that OpenSSL does some internal buffering so SSL_read does not always
873       return data even if the socket selected for reading (just keep on
874       selecting and trying to read). "Net::SSLeay" is no different from the C
875       language OpenSSL in this respect.
876
877   Callbacks
878       You can establish a per-context verify callback function something like
879       this:
880
881               sub verify {
882                   my ($ok, $x509_store_ctx) = @_;
883                   print "Verifying certificate...\n";
884                       ...
885                   return $ok;
886               }
887
888       It is used like this:
889
890               Net::SSLeay::set_verify ($ssl, Net::SSLeay::VERIFY_PEER, \&verify);
891
892       Per-context callbacks for decrypting private keys are implemented.
893
894               Net::SSLeay::CTX_set_default_passwd_cb($ctx, sub { "top-secret" });
895               Net::SSLeay::CTX_use_PrivateKey_file($ctx, "key.pem",
896                                                    Net::SSLeay::FILETYPE_PEM)
897                   or die "Error reading private key";
898               Net::SSLeay::CTX_set_default_passwd_cb($ctx, undef);
899
900       If Hello Extensions are supported by your OpenSSL, a session secret
901       callback can be set up to be called when a session secret is set by
902       openssl.
903
904       Establish it like this:
905           Net::SSLeay::set_session_secret_cb($ssl, \&session_secret_cb,
906       $somedata);
907
908       It will be called like this:
909
910           sub session_secret_cb
911           {
912               my ($secret, \@cipherlist, \$preferredcipher, $somedata) = @_;
913           }
914
915       No other callbacks are implemented. You do not need to use any callback
916       for simple (i.e. normal) cases where the SSLeay built-in verify
917       mechanism satisfies your needs.
918
919       It is required to reset these callbacks to undef immediately after use
920       to prevent memory leaks, thread safety problems and crashes on exit
921       that can occur if different threads set different callbacks.
922
923       If you want to use callback stuff, see examples/callback.pl! It's the
924       only one I am able to make work reliably.
925
926   Low level API
927       In addition to the high level functions outlined above, this module
928       contains straight-forward access to CRYPTO and SSL parts of OpenSSL C
929       API.
930
931       See the "*.h" headers from OpenSSL C distribution for a list of low
932       level SSLeay functions to call (check SSLeay.xs to see if some function
933       has been implemented). The module strips the initial "SSL_" off of the
934       SSLeay names.  Generally you should use "Net::SSLeay::" in its place.
935
936       Note that some functions are prefixed with "P_" - these are very close
937       to the original API however contain some kind of a wrapper making its
938       interface more perl friendly.
939
940       For example:
941
942       In C:
943
944               #include <ssl.h>
945
946               err = SSL_set_verify (ssl, SSL_VERIFY_CLIENT_ONCE,
947                                          &your_call_back_here);
948
949       In Perl:
950
951               use Net::SSLeay;
952
953               $err = Net::SSLeay::set_verify ($ssl,
954                                               Net::SSLeay::VERIFY_CLIENT_ONCE,
955                                               \&your_call_back_here);
956
957       If the function does not start with "SSL_" you should use the full
958       function name, e.g.:
959
960               $err = Net::SSLeay::ERR_get_error;
961
962       The following new functions behave in perlish way:
963
964               $got = Net::SSLeay::read($ssl);
965                                           # Performs SSL_read, but returns $got
966                                           # resized according to data received.
967                                           # Returns undef on failure.
968
969               Net::SSLeay::write($ssl, $foo) || die;
970                                           # Performs SSL_write, but automatically
971                                           # figures out the size of $foo
972
973       Low level API: Version related functions
974
975       •   SSLeay
976
977           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
978
979           Gives version number (numeric) of underlaying openssl library.
980
981            my $ver_number = Net::SSLeay::SSLeay();
982            # returns: the number identifying the openssl release
983            #
984            # 0x00903100 => openssl-0.9.3
985            # 0x00904100 => openssl-0.9.4
986            # 0x00905100 => openssl-0.9.5
987            # 0x0090600f => openssl-0.9.6
988            # 0x0090601f => openssl-0.9.6a
989            # 0x0090602f => openssl-0.9.6b
990            # ...
991            # 0x009060df => openssl-0.9.6m
992            # 0x0090700f => openssl-0.9.7
993            # 0x0090701f => openssl-0.9.7a
994            # 0x0090702f => openssl-0.9.7b
995            # ...
996            # 0x009070df => openssl-0.9.7m
997            # 0x0090800f => openssl-0.9.8
998            # 0x0090801f => openssl-0.9.8a
999            # 0x0090802f => openssl-0.9.8b
1000            # ...
1001            # 0x0090814f => openssl-0.9.8t
1002            # 0x1000000f => openssl-1.0.0
1003            # 0x1000004f => openssl-1.0.0d
1004            # 0x1000007f => openssl-1.0.0g
1005
1006           You can use it like this:
1007
1008             if (Net::SSLeay::SSLeay() < 0x0090800f) {
1009               die "you need openssl-0.9.8 or higher";
1010             }
1011
1012       •   SSLeay_version
1013
1014           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
1015
1016           Gives version number (string) of underlaying openssl library.
1017
1018            my $ver_string = Net::SSLeay::SSLeay_version($type);
1019            # $type
1020            #   SSLEAY_VERSION  - e.g. 'OpenSSL 1.0.0d 8 Feb 2011'
1021            #   SSLEAY_CFLAGS   - e.g. 'compiler: gcc -D_WINDLL -DOPENSSL_USE_APPLINK .....'
1022            #   SSLEAY_BUILT_ON - e.g. 'built on: Fri May  6 00:00:46 GMT 2011'
1023            #   SSLEAY_PLATFORM - e.g. 'platform: mingw'
1024            #   SSLEAY_DIR      - e.g. 'OPENSSLDIR: "z:/...."'
1025            #
1026            # returns: string
1027
1028            Net::SSLeay::SSLeay_version();
1029            #is equivalent to
1030            Net::SSLeay::SSLeay_version(SSLEAY_VERSION);
1031
1032           Check openssl doc
1033           <https://www.openssl.org/docs/man1.0.2/crypto/SSLeay_version.html>
1034
1035       •   OpenSSL_version_num
1036
1037           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
1038           requires at least OpenSSL 1.1.0
1039
1040           Gives version number (numeric) of underlaying openssl library. See
1041           "SSLeay" for interpreting the result.
1042
1043            my $ver_number = Net::SSLeay::OpenSSL_version_num();
1044            # returns: the number identifying the openssl release
1045
1046       •   OpenSSL_version
1047
1048           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
1049           requires at least OpenSSL 1.1.0
1050
1051           Gives version number (string) of underlaying openssl library.
1052
1053            my $ver_string = Net::SSLeay::OpenSSL_version($t);
1054            # $t
1055            #   OPENSSL_VERSION     - e.g. 'OpenSSL 1.1.0g  2 Nov 2017'
1056            #   OPENSSL_CFLAGS      - e.g. 'compiler: cc -DDSO_DLFCN -DHAVE_DLFCN_H .....'
1057            #   OPENSSL_BUILT_ON    - e.g. 'built on: reproducible build, date unspecified'
1058            #   OPENSSL_PLATFORM    - e.g. 'platform: darwin64-x86_64-cc'
1059            #   OPENSSL_DIR         - e.g. 'OPENSSLDIR: "/opt/openssl-1.1.0g"'
1060            #   OPENSSL_ENGINES_DIR - e.g. 'ENGINESDIR: "/opt/openssl-1.1.0g/lib/engines-1.1"'
1061            #
1062            # returns: string
1063
1064            Net::SSLeay::OpenSSL_version();
1065            #is equivalent to
1066            Net::SSLeay::OpenSSL_version(OPENSSL_VERSION);
1067
1068           Check openssl doc
1069           <https://www.openssl.org/docs/crypto/OpenSSL_version.html>
1070
1071       Low level API: Initialization related functions
1072
1073       •   library_init
1074
1075           Initialize SSL library by registering algorithms.
1076
1077            my $rv = Net::SSLeay::library_init();
1078
1079           Check openssl doc
1080           <http://www.openssl.org/docs/ssl/SSL_library_init.html>
1081
1082           While the original function from OpenSSL always returns 1,
1083           Net::SSLeay adds a wrapper around it to make sure that the OpenSSL
1084           function is only called once.  Thus the function will return 1 if
1085           initialization was done and 0 if not, i.e. if initialization was
1086           done already before.
1087
1088       •   add_ssl_algorithms
1089
1090           The alias for "library_init"
1091
1092            Net::SSLeay::add_ssl_algorithms();
1093
1094       •   OpenSSL_add_ssl_algorithms
1095
1096           The alias for "library_init"
1097
1098            Net::SSLeay::OpenSSL_add_ssl_algorithms();
1099
1100       •   SSLeay_add_ssl_algorithms
1101
1102           The alias for "library_init"
1103
1104            Net::SSLeay::SSLeay_add_ssl_algorithms();
1105
1106       •   load_error_strings
1107
1108           Registers the error strings for all libcrypto + libssl related
1109           functions.
1110
1111            Net::SSLeay::load_error_strings();
1112            #
1113            # returns: no return value
1114
1115           Check openssl doc
1116           <http://www.openssl.org/docs/crypto/ERR_load_crypto_strings.html>
1117
1118       •   ERR_load_crypto_strings
1119
1120           Registers the error strings for all libcrypto functions. No need to
1121           call this function if you have already called "load_error_strings".
1122
1123            Net::SSLeay::ERR_load_crypto_strings();
1124            #
1125            # returns: no return value
1126
1127           Check openssl doc
1128           <http://www.openssl.org/docs/crypto/ERR_load_crypto_strings.html>
1129
1130       •   ERR_load_RAND_strings
1131
1132           Registers the error strings for RAND related functions. No need to
1133           call this function if you have already called "load_error_strings".
1134
1135            Net::SSLeay::ERR_load_RAND_strings();
1136            #
1137            # returns: no return value
1138
1139       •   ERR_load_SSL_strings
1140
1141           Registers the error strings for SSL related functions. No need to
1142           call this function if you have already called "load_error_strings".
1143
1144            Net::SSLeay::ERR_load_SSL_strings();
1145            #
1146            # returns: no return value
1147
1148       •   OpenSSL_add_all_algorithms
1149
1150           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1151
1152           Add algorithms to internal table.
1153
1154            Net::SSLeay::OpenSSL_add_all_algorithms();
1155            #
1156            # returns: no return value
1157
1158           Check openssl doc
1159           <http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html>
1160
1161       •   OPENSSL_add_all_algorithms_conf
1162
1163           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1164
1165           Similar to "OpenSSL_add_all_algorithms" - will ALWAYS load the
1166           config file
1167
1168            Net::SSLeay::OPENSSL_add_all_algorithms_conf();
1169            #
1170            # returns: no return value
1171
1172       •   OPENSSL_add_all_algorithms_noconf
1173
1174           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1175
1176           Similar to "OpenSSL_add_all_algorithms" - will NEVER load the
1177           config file
1178
1179            Net::SSLeay::OPENSSL_add_all_algorithms_noconf();
1180            #
1181            # returns: no return value
1182
1183       Low level API: ERR_* and SSL_alert_* related functions
1184
1185       NOTE: Please note that SSL_alert_* function have "SSL_" part stripped
1186       from their names.
1187
1188       •   ERR_clear_error
1189
1190           Clear the error queue.
1191
1192            Net::SSLeay::ERR_clear_error();
1193            #
1194            # returns: no return value
1195
1196           Check openssl doc
1197           <http://www.openssl.org/docs/crypto/ERR_clear_error.html>
1198
1199       •   ERR_error_string
1200
1201           Generates a human-readable string representing the error code
1202           $error.
1203
1204            my $rv = Net::SSLeay::ERR_error_string($error);
1205            # $error - (unsigned integer) error code
1206            #
1207            # returns: string
1208
1209           Check openssl doc
1210           <http://www.openssl.org/docs/crypto/ERR_error_string.html>
1211
1212       •   ERR_get_error
1213
1214           Returns the earliest error code from the thread's error queue and
1215           removes the entry.  This function can be called repeatedly until
1216           there are no more error codes to return.
1217
1218            my $rv = Net::SSLeay::ERR_get_error();
1219            #
1220            # returns: (unsigned integer) error code
1221
1222           Check openssl doc
1223           <http://www.openssl.org/docs/crypto/ERR_get_error.html>
1224
1225       •   ERR_peek_error
1226
1227           Returns the earliest error code from the thread's error queue
1228           without modifying it.
1229
1230            my $rv = Net::SSLeay::ERR_peek_error();
1231            #
1232            # returns: (unsigned integer) error code
1233
1234           Check openssl doc
1235           <http://www.openssl.org/docs/crypto/ERR_get_error.html>
1236
1237       •   ERR_put_error
1238
1239           Adds an error code to the thread's error queue. It signals that the
1240           error of $reason code reason occurred in function $func of library
1241           $lib, in line number $line of $file.
1242
1243            Net::SSLeay::ERR_put_error($lib, $func, $reason, $file, $line);
1244            # $lib - (integer) library id (check openssl/err.h for constants e.g. ERR_LIB_SSL)
1245            # $func - (integer) function id (check openssl/ssl.h for constants e.g. SSL_F_SSL23_READ)
1246            # $reason - (integer) reason id (check openssl/ssl.h for constants e.g. SSL_R_SSL_HANDSHAKE_FAILURE)
1247            # $file - (string) file name
1248            # $line - (integer) line number in $file
1249            #
1250            # returns: no return value
1251
1252           Check openssl doc
1253           <http://www.openssl.org/docs/crypto/ERR_put_error.html> and
1254           <http://www.openssl.org/docs/crypto/err.html>
1255
1256       •   alert_desc_string
1257
1258           Returns a two letter string as a short form describing the reason
1259           of the alert specified by value.
1260
1261            my $rv = Net::SSLeay::alert_desc_string($value);
1262            # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants)
1263            #
1264            # returns: description string (2 letters)
1265
1266           Check openssl doc
1267           <http://www.openssl.org/docs/ssl/SSL_alert_type_string.html>
1268
1269       •   alert_desc_string_long
1270
1271           Returns a string describing the reason of the alert specified by
1272           value.
1273
1274            my $rv = Net::SSLeay::alert_desc_string_long($value);
1275            # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants)
1276            #
1277            # returns: description string
1278
1279           Check openssl doc
1280           <http://www.openssl.org/docs/ssl/SSL_alert_type_string.html>
1281
1282       •   alert_type_string
1283
1284           Returns a one letter string indicating the type of the alert
1285           specified by value.
1286
1287            my $rv = Net::SSLeay::alert_type_string($value);
1288            # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants)
1289            #
1290            # returns: string (1 letter)
1291
1292           Check openssl doc
1293           <http://www.openssl.org/docs/ssl/SSL_alert_type_string.html>
1294
1295       •   alert_type_string_long
1296
1297           Returns a string indicating the type of the alert specified by
1298           value.
1299
1300            my $rv = Net::SSLeay::alert_type_string_long($value);
1301            # $value - (integer) allert id (check openssl/ssl.h for SSL3_AD_* and TLS1_AD_* constants)
1302            #
1303            # returns: string
1304
1305           Check openssl doc
1306           <http://www.openssl.org/docs/ssl/SSL_alert_type_string.html>
1307
1308       Low level API: SSL_METHOD_* related functions
1309
1310       •   SSLv23_method, SSLv23_server_method and SSLv23_client_method
1311
1312           COMPATIBILITY: not available in Net-SSLeay-1.82 and before.
1313
1314           Returns SSL_METHOD structure corresponding to general-purpose
1315           version-flexible TLS method, the return value can be later used as
1316           a param of "CTX_new_with_method".
1317
1318           NOTE: Consider using TLS_method, TLS_server_method or
1319           TLS_client_method with new code.
1320
1321            my $rv = Net::SSLeay::SSLv2_method();
1322            #
1323            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1324
1325       •   SSLv2_method
1326
1327           Returns SSL_METHOD structure corresponding to SSLv2 method, the
1328           return value can be later used as a param of "CTX_new_with_method".
1329           Only available where supported by the underlying openssl.
1330
1331            my $rv = Net::SSLeay::SSLv2_method();
1332            #
1333            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1334
1335       •   SSLv3_method
1336
1337           Returns SSL_METHOD structure corresponding to SSLv3 method, the
1338           return value can be later used as a param of "CTX_new_with_method".
1339
1340            my $rv = Net::SSLeay::SSLv3_method();
1341            #
1342            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1343
1344           Check openssl doc
1345           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
1346
1347       •   TLSv1_method, TLSv1_server_method and TLSv1_client_method
1348
1349           COMPATIBILITY: Server and client methods not available in
1350           Net-SSLeay-1.82 and before.
1351
1352           Returns SSL_METHOD structure corresponding to TLSv1 method, the
1353           return value can be later used as a param of "CTX_new_with_method".
1354
1355            my $rv = Net::SSLeay::TLSv1_method();
1356            #
1357            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1358
1359           Check openssl doc
1360           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
1361
1362       •   TLSv1_1_method, TLSv1_1_server_method and TLSv1_1_client_method
1363
1364           COMPATIBILITY: Server and client methods not available in
1365           Net-SSLeay-1.82 and before.
1366
1367           Returns SSL_METHOD structure corresponding to TLSv1_1 method, the
1368           return value can be later used as a param of "CTX_new_with_method".
1369           Only available where supported by the underlying openssl.
1370
1371            my $rv = Net::SSLeay::TLSv1_1_method();
1372            #
1373            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1374
1375           Check openssl doc
1376           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
1377
1378       •   TLSv1_2_method, TLSv1_2_server_method and TLSv1_2_client_method
1379
1380           COMPATIBILITY: Server and client methods not available in
1381           Net-SSLeay-1.82 and before.
1382
1383           Returns SSL_METHOD structure corresponding to TLSv1_2 method, the
1384           return value can be later used as a param of "CTX_new_with_method".
1385           Only available where supported by the underlying openssl.
1386
1387            my $rv = Net::SSLeay::TLSv1_2_method();
1388            #
1389            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1390
1391           Check openssl doc
1392           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
1393
1394       •   TLS_method, TLS_server_method and TLS_client_method
1395
1396           COMPATIBILITY: Not available in Net-SSLeay-1.82 and before.
1397
1398           Returns SSL_METHOD structure corresponding to general-purpose
1399           version-flexible TLS method, the return value can be later used as
1400           a param of "CTX_new_with_method". Only available where supported by
1401           the underlying openssl.
1402
1403            my $rv = Net::SSLeay::TLS_method();
1404            #
1405            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
1406
1407           Check openssl doc
1408           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
1409
1410       Low level API: ENGINE_* related functions
1411
1412       •   ENGINE_load_builtin_engines
1413
1414           COMPATIBILITY: Requires an OpenSSL build with dynamic engine
1415           loading support.
1416
1417           Load all bundled ENGINEs into memory and make them visible.
1418
1419            Net::SSLeay::ENGINE_load_builtin_engines();
1420            #
1421            # returns: no return value
1422
1423           Check openssl doc <http://www.openssl.org/docs/crypto/engine.html>
1424
1425       •   ENGINE_register_all_complete
1426
1427           COMPATIBILITY: Requires an OpenSSL build with dynamic engine
1428           loading support.
1429
1430           Register all loaded ENGINEs for every algorithm they collectively
1431           implement.
1432
1433            Net::SSLeay::ENGINE_register_all_complete();
1434            #
1435            # returns: no return value
1436
1437           Check openssl doc <http://www.openssl.org/docs/crypto/engine.html>
1438
1439       •   ENGINE_set_default
1440
1441           COMPATIBILITY: Requires an OpenSSL build with dynamic engine
1442           loading support.
1443
1444           Set default engine to $e + set its flags to $flags.
1445
1446            my $rv = Net::SSLeay::ENGINE_set_default($e, $flags);
1447            # $e - value corresponding to openssl's ENGINE structure
1448            # $flags - (integer) engine flags
1449            #          flags value can be made by bitwise "OR"ing:
1450            #          0x0001 - ENGINE_METHOD_RSA
1451            #          0x0002 - ENGINE_METHOD_DSA
1452            #          0x0004 - ENGINE_METHOD_DH
1453            #          0x0008 - ENGINE_METHOD_RAND
1454            #          0x0010 - ENGINE_METHOD_ECDH
1455            #          0x0020 - ENGINE_METHOD_ECDSA
1456            #          0x0040 - ENGINE_METHOD_CIPHERS
1457            #          0x0080 - ENGINE_METHOD_DIGESTS
1458            #          0x0100 - ENGINE_METHOD_STORE
1459            #          0x0200 - ENGINE_METHOD_PKEY_METHS
1460            #          0x0400 - ENGINE_METHOD_PKEY_ASN1_METHS
1461            #          Obvious all-or-nothing cases:
1462            #          0xFFFF - ENGINE_METHOD_ALL
1463            #          0x0000 - ENGINE_METHOD_NONE
1464            #
1465            # returns: 1 on success, 0 on failure
1466
1467           Check openssl doc <http://www.openssl.org/docs/crypto/engine.html>
1468
1469       •   ENGINE_by_id
1470
1471           Get ENGINE by its identification $id.
1472
1473           COMPATIBILITY: Requires an OpenSSL build with dynamic engine
1474           loading support.
1475
1476            my $rv = Net::SSLeay::ENGINE_by_id($id);
1477            # $id - (string) engine identification e.g. "dynamic"
1478            #
1479            # returns: value corresponding to openssl's ENGINE structure (0 on failure)
1480
1481           Check openssl doc <http://www.openssl.org/docs/crypto/engine.html>
1482
1483       Low level API: EVP_PKEY_* related functions
1484
1485       •   EVP_PKEY_copy_parameters
1486
1487           Copies the parameters from key $from to key $to.
1488
1489            my $rv = Net::SSLeay::EVP_PKEY_copy_parameters($to, $from);
1490            # $to - value corresponding to openssl's EVP_PKEY structure
1491            # $from - value corresponding to openssl's EVP_PKEY structure
1492            #
1493            # returns: 1 on success, 0 on failure
1494
1495           Check openssl doc
1496           <http://www.openssl.org/docs/crypto/EVP_PKEY_cmp.html>
1497
1498       •   EVP_PKEY_new
1499
1500           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1501
1502           Creates a new EVP_PKEY structure.
1503
1504            my $rv = Net::SSLeay::EVP_PKEY_new();
1505            #
1506            # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure)
1507
1508           Check openssl doc
1509           <http://www.openssl.org/docs/crypto/EVP_PKEY_new.html>
1510
1511       •   EVP_PKEY_free
1512
1513           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1514
1515           Free an allocated EVP_PKEY structure.
1516
1517            Net::SSLeay::EVP_PKEY_free($pkey);
1518            # $pkey - value corresponding to openssl's EVP_PKEY structure
1519            #
1520            # returns: no return value
1521
1522           Check openssl doc
1523           <http://www.openssl.org/docs/crypto/EVP_PKEY_new.html>
1524
1525       •   EVP_PKEY_assign_RSA
1526
1527           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1528
1529           Set the key referenced by $pkey to $key
1530
1531           NOTE: No reference counter will be increased, i.e. $key will be
1532           freed if $pkey is freed.
1533
1534            my $rv = Net::SSLeay::EVP_PKEY_assign_RSA($pkey, $key);
1535            # $pkey - value corresponding to openssl's EVP_PKEY structure
1536            # $key - value corresponding to openssl's RSA structure
1537            #
1538            # returns: 1 on success, 0 on failure
1539
1540           Check openssl doc
1541           <http://www.openssl.org/docs/crypto/EVP_PKEY_assign_RSA.html>
1542
1543       •   EVP_PKEY_assign_EC_KEY
1544
1545           COMPATIBILITY: not available in Net-SSLeay-1.74 and before
1546
1547           Set the key referenced by $pkey to $key
1548
1549           NOTE: No reference counter will be increased, i.e. $key will be
1550           freed if $pkey is freed.
1551
1552            my $rv = Net::SSLeay::EVP_PKEY_assign_EC_KEY($pkey, $key);
1553            # $pkey - value corresponding to openssl's EVP_PKEY structure
1554            # $key - value corresponding to openssl's EC_KEY structure
1555            #
1556            # returns: 1 on success, 0 on failure
1557
1558           Check openssl doc
1559           <http://www.openssl.org/docs/crypto/EVP_PKEY_assign_EC_KEY.html>
1560
1561       •   EVP_PKEY_bits
1562
1563           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1564
1565           Returns the size of the key $pkey in bits.
1566
1567            my $rv = Net::SSLeay::EVP_PKEY_bits($pkey);
1568            # $pkey - value corresponding to openssl's EVP_PKEY structure
1569            #
1570            # returns: size in bits
1571
1572       •   EVP_PKEY_size
1573
1574           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1575
1576           Returns the maximum size of a signature in bytes. The actual
1577           signature may be smaller.
1578
1579            my $rv = Net::SSLeay::EVP_PKEY_size($pkey);
1580            # $pkey - value corresponding to openssl's EVP_PKEY structure
1581            #
1582            # returns: the maximum size in bytes
1583
1584           Check openssl doc
1585           <http://www.openssl.org/docs/crypto/EVP_SignInit.html>
1586
1587       •   EVP_PKEY_id
1588
1589           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
1590           requires at least openssl-1.0.0
1591
1592           Returns $pkey type (integer value of corresponding NID).
1593
1594            my $rv = Net::SSLeay::EVP_PKEY_id($pkey);
1595            # $pkey - value corresponding to openssl's EVP_PKEY structure
1596            #
1597            # returns: (integer) key type
1598
1599           Example:
1600
1601            my $pubkey = Net::SSLeay::X509_get_pubkey($x509);
1602            my $type = Net::SSLeay::EVP_PKEY_id($pubkey);
1603            print Net::SSLeay::OBJ_nid2sn($type);             #prints e.g. 'rsaEncryption'
1604
1605       Low level API: PEM_* related functions
1606
1607       Check openssl doc <http://www.openssl.org/docs/crypto/pem.html>
1608
1609       •   PEM_read_bio_X509
1610
1611           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1612
1613           Loads PEM formatted X509 certificate via given BIO structure.
1614
1615            my $rv = Net::SSLeay::PEM_read_bio_X509($bio);
1616            # $bio - value corresponding to openssl's BIO structure
1617            #
1618            # returns: value corresponding to openssl's X509 structure (0 on failure)
1619
1620           Example:
1621
1622            my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
1623            my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
1624            Net::SSLeay::BIO_free($bio);
1625
1626       •   PEM_read_bio_X509_REQ
1627
1628           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1629
1630           Loads PEM formatted X509_REQ object via given BIO structure.
1631
1632            my $rv = Net::SSLeay::PEM_read_bio_X509_REQ($bio, $x=NULL, $cb=NULL, $u=NULL);
1633            # $bio - value corresponding to openssl's BIO structure
1634            #
1635            # returns: value corresponding to openssl's X509_REQ structure (0 on failure)
1636
1637           Example:
1638
1639            my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
1640            my $x509_req = Net::SSLeay::PEM_read_bio_X509_REQ($bio);
1641            Net::SSLeay::BIO_free($bio);
1642
1643       •   PEM_read_bio_DHparams
1644
1645           Reads DH structure from BIO.
1646
1647            my $rv = Net::SSLeay::PEM_read_bio_DHparams($bio);
1648            # $bio - value corresponding to openssl's BIO structure
1649            #
1650            # returns: value corresponding to openssl's DH structure (0 on failure)
1651
1652       •   PEM_read_bio_X509_CRL
1653
1654           Reads X509_CRL structure from BIO.
1655
1656            my $rv = Net::SSLeay::PEM_read_bio_X509_CRL($bio);
1657            # $bio - value corresponding to openssl's BIO structure
1658            #
1659            # returns: value corresponding to openssl's X509_CRL structure (0 on failure)
1660
1661       •   PEM_read_bio_PrivateKey
1662
1663           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1664
1665           Loads PEM formatted private key via given BIO structure.
1666
1667            my $rv = Net::SSLeay::PEM_read_bio_PrivateKey($bio, $cb, $data);
1668            # $bio - value corresponding to openssl's BIO structure
1669            # $cb - reference to perl callback function
1670            # $data - data that will be passed to callback function (see examples below)
1671            #
1672            # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure)
1673
1674           Example:
1675
1676            my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
1677            my $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio); #ask for password if needed
1678            Net::SSLeay::BIO_free($bio);
1679
1680           To use password you have the following options:
1681
1682            $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&callback_func); # use callback func for getting password
1683            $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&callback_func, $data); # use callback_func + pass $data to callback_func
1684            $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, undef, "secret"); # use password "secret"
1685            $privkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio, undef, "");       # use empty password
1686
1687           Callback function signature:
1688
1689            sub callback_func {
1690              my ($max_passwd_size, $rwflag, $data) = @_;
1691              # $max_passwd_size - maximum size of returned password (longer values will be discarded)
1692              # $rwflag - indicates whether we are loading (0) or storing (1) - for PEM_read_bio_PrivateKey always 0
1693              # $data - the data passed to PEM_read_bio_PrivateKey as 3rd parameter
1694
1695              return "secret";
1696            }
1697
1698       •   PEM_X509_INFO_read_bio
1699
1700           Reads a BIO containing a PEM formatted file into a
1701           STACK_OF(X509_INFO) structure.
1702
1703            my $rv = Net::SSLeay::PEM_X509_INFO_read_bio($bio);
1704            # $bio - value corresponding to openssl's BIO structure
1705            #
1706            # returns: value corresponding to openssl's STACK_OF(X509_INFO) structure.
1707
1708           Example:
1709
1710            my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
1711            my $sk_x509_info = Net::SSLeay::PEM_X509_INFO_read_bio($bio);
1712            Net::SSLeay::BIO_free($bio);
1713
1714       •   PEM_get_string_X509
1715
1716           NOTE: Does not exactly correspond to any low level API function
1717
1718           Converts/exports X509 certificate to string (PEM format).
1719
1720            Net::SSLeay::PEM_get_string_X509($x509);
1721            # $x509 - value corresponding to openssl's X509 structure
1722            #
1723            # returns: string with $x509 in PEM format
1724
1725       •   PEM_get_string_PrivateKey
1726
1727           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1728
1729           Converts public key $pk into PEM formatted string (optionally
1730           protected with password).
1731
1732            my $rv = Net::SSLeay::PEM_get_string_PrivateKey($pk, $passwd, $enc_alg);
1733            # $pk - value corresponding to openssl's EVP_PKEY structure
1734            # $passwd - [optional] (string) password to use for key encryption
1735            # $enc_alg - [optional] algorithm to use for key encryption (default: DES_CBC) - value corresponding to openssl's EVP_CIPHER structure
1736            #
1737            # returns: PEM formatted string
1738
1739           Examples:
1740
1741            $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk);
1742            $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk, "secret");
1743            $pem_privkey = Net::SSLeay::PEM_get_string_PrivateKey($pk, "secret", Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC"));
1744
1745       •   PEM_get_string_X509_CRL
1746
1747           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1748
1749           Converts X509_CRL object $x509_crl into PEM formatted string.
1750
1751            Net::SSLeay::PEM_get_string_X509_CRL($x509_crl);
1752            # $x509_crl - value corresponding to openssl's X509_CRL structure
1753            #
1754            # returns: no return value
1755
1756       •   PEM_get_string_X509_REQ
1757
1758           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1759
1760           Converts X509_REQ object $x509_crl into PEM formatted string.
1761
1762            Net::SSLeay::PEM_get_string_X509_REQ($x509_req);
1763            # $x509_req - value corresponding to openssl's X509_REQ structure
1764            #
1765            # returns: no return value
1766
1767       Low level API: d2i_* (DER format) related functions
1768
1769       •   d2i_X509_bio
1770
1771           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1772
1773           Loads DER formatted X509 certificate via given BIO structure.
1774
1775            my $rv = Net::SSLeay::d2i_X509_bio($bp);
1776            # $bp - value corresponding to openssl's BIO structure
1777            #
1778            # returns: value corresponding to openssl's X509 structure (0 on failure)
1779
1780           Example:
1781
1782            my $bio = Net::SSLeay::BIO_new_file($filename, 'rb');
1783            my $x509 = Net::SSLeay::d2i_X509_bio($bio);
1784            Net::SSLeay::BIO_free($bio);
1785
1786           Check openssl doc
1787           <http://www.openssl.org/docs/crypto/d2i_X509.html>
1788
1789       •   d2i_X509_CRL_bio
1790
1791           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1792
1793           Loads DER formatted X509_CRL object via given BIO structure.
1794
1795            my $rv = Net::SSLeay::d2i_X509_CRL_bio($bp);
1796            # $bp - value corresponding to openssl's BIO structure
1797            #
1798            # returns: value corresponding to openssl's X509_CRL structure (0 on failure)
1799
1800           Example:
1801
1802            my $bio = Net::SSLeay::BIO_new_file($filename, 'rb');
1803            my $x509_crl = Net::SSLeay::d2i_X509_CRL_bio($bio);
1804            Net::SSLeay::BIO_free($bio);
1805
1806       •   d2i_X509_REQ_bio
1807
1808           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1809
1810           Loads DER formatted X509_REQ object via given BIO structure.
1811
1812            my $rv = Net::SSLeay::d2i_X509_REQ_bio($bp);
1813            # $bp - value corresponding to openssl's BIO structure
1814            #
1815            # returns: value corresponding to openssl's X509_REQ structure (0 on failure)
1816
1817           Example:
1818
1819            my $bio = Net::SSLeay::BIO_new_file($filename, 'rb');
1820            my $x509_req = Net::SSLeay::d2i_X509_REQ_bio($bio);
1821            Net::SSLeay::BIO_free($bio);
1822
1823       Low level API: PKCS12 related functions
1824
1825       •   P_PKCS12_load_file
1826
1827           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
1828
1829           Loads X509 certificate + private key + certificates of CA chain (if
1830           present in PKCS12 file).
1831
1832            my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, $load_chain, $password);
1833            # $filename - name of PKCS12 file
1834            # $load_chain - [optional] whether load (1) or not(0) CA chain (default: 0)
1835            # $password - [optional] password for private key
1836            #
1837            # returns: triplet ($privkey, $cert, @cachain)
1838            #          $privkey - value corresponding to openssl's EVP_PKEY structure
1839            #          $cert - value corresponding to openssl's X509 structure
1840            #          @cachain - array of values corresponding to openssl's X509 structure (empty if no CA chain in PKCS12)
1841
1842           IMPORTANT NOTE: after you do the job you need to call X509_free()
1843           on $privkey + all members of @cachain and EVP_PKEY_free() on
1844           $privkey.
1845
1846           Examples:
1847
1848            my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename);
1849            #or
1850            my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename, 0, $password);
1851            #or
1852            my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, 1);
1853            #or
1854            my ($privkey, $cert, @cachain) = Net::SSLeay::P_PKCS12_load_file($filename, 1, $password);
1855
1856            #BEWARE: THIS IS WRONG - MEMORY LEAKS! (you cannot free @cachain items)
1857            my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename, 1, $password);
1858
1859           NOTE With some combinations of Windows, perl, compiler and compiler
1860           options, you may see a runtime error "no OPENSSL_Applink", when
1861           calling Net::SSLeay::P_PKCS12_load_file. See README.Win32 for more
1862           details.
1863
1864       Low level API: SESSION_* related functions
1865
1866       •   d2i_SSL_SESSION
1867
1868           COMPATIBILITY: does not work in Net-SSLeay-1.85 and before
1869
1870           Transforms the binary ASN1 representation string of an SSL/TLS
1871           session into an SSL_SESSION object.
1872
1873            my $ses = Net::SSLeay::d2i_SSL_SESSION($data);
1874            # $data - the session as ASN1 representation string
1875            #
1876            # returns: $ses - the new SSL_SESSION
1877
1878           Check openssl doc
1879           <https://www.openssl.org/docs/ssl/i2d_SSL_SESSION.html>
1880
1881       •   i2d_SSL_SESSION
1882
1883           COMPATIBILITY: does not work in Net-SSLeay-1.85 and before
1884
1885           Transforms the SSL_SESSION object in into the ASN1 representation
1886           and returns it as string.
1887
1888            my $data = Net::SSLeay::i2d_SSL_SESSION($ses);
1889            # $ses - value corresponding to openssl's SSL_SESSION structure
1890            #
1891            # returns: $data - session as string
1892
1893           Check openssl doc
1894           <https://www.openssl.org/docs/ssl/d2i_SSL_SESSION.html>
1895
1896       •   SESSION_new
1897
1898           Creates a new SSL_SESSION structure.
1899
1900            my $rv = Net::SSLeay::SESSION_new();
1901            #
1902            # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure)
1903
1904       •   SESSION_free
1905
1906           Free an allocated SSL_SESSION structure.
1907
1908            Net::SSLeay::SESSION_free($ses);
1909            # $ses - value corresponding to openssl's SSL_SESSION structure
1910            #
1911            # returns: no return value
1912
1913           Check openssl doc
1914           <http://www.openssl.org/docs/ssl/SSL_SESSION_free.html>
1915
1916       •   SESSION_up_ref
1917
1918           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
1919           requires at least OpenSSL 1.1.0-pre4 or LibreSSL 2.7.0
1920
1921           Increases the reference counter on a SSL_SESSION structure.
1922
1923            Net::SSLeay::SESSION_up_ref($ses);
1924            # $ses - value corresponding to openssl's SSL_SESSION structure
1925            #
1926            # returns: 1 on success else 0
1927
1928           Check openssl doc
1929           <https://www.openssl.org/docs/ssl/SSL_SESSION_up_ref.html>
1930
1931       •   SESSION_dup
1932
1933           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
1934           requires at least OpenSSL 1.1.1, not in LibreSSL
1935
1936           Duplicates a SSL_SESSION structure.
1937
1938            Net::SSLeay::SESSION_dup($ses);
1939            # $ses - value corresponding to openssl's SSL_SESSION structure
1940            #
1941            # returns: the duplicated session
1942
1943           Check openssl doc
1944           <https://www.openssl.org/docs/ssl/SSL_SESSION_dup.html>
1945
1946       •   SESSION_is_resumable
1947
1948           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
1949           requires at least OpenSSL 1.1.1, not in LibreSSL
1950
1951           Determine whether an SSL_SESSION object can be used for resumption.
1952
1953            Net::SSLeay::SESSION_is_resumable($ses);
1954            # $ses - value corresponding to openssl's SSL_SESSION structure
1955            #
1956            # returns: (integer) 1 if it can or 0 if not
1957
1958           Check openssl doc
1959           <https://www.openssl.org/docs/manmaster/man3/SSL_SESSION_is_resumable.html>
1960
1961       •   SESSION_cmp
1962
1963           Compare two SSL_SESSION structures.
1964
1965            my $rv = Net::SSLeay::SESSION_cmp($sesa, $sesb);
1966            # $sesa - value corresponding to openssl's SSL_SESSION structure
1967            # $sesb - value corresponding to openssl's SSL_SESSION structure
1968            #
1969            # returns: 0 if the two structures are the same
1970
1971           NOTE: Not available in openssl 1.0 or later
1972
1973       •   SESSION_get_app_data
1974
1975           Can be used to get application defined value/data.
1976
1977            my $rv = Net::SSLeay::SESSION_get_app_data($ses);
1978            # $ses - value corresponding to openssl's SSL_SESSION structure
1979            #
1980            # returns: string/buffer/pointer ???
1981
1982       •   SESSION_set_app_data
1983
1984           Can be used to set some application defined value/data.
1985
1986            my $rv = Net::SSLeay::SESSION_set_app_data($s, $a);
1987            # $s - value corresponding to openssl's SSL_SESSION structure
1988            # $a - (string/buffer/pointer ???) data
1989            #
1990            # returns: ???
1991
1992       •   SESSION_get_ex_data
1993
1994           Is used to retrieve the information for $idx from session $ses.
1995
1996            my $rv = Net::SSLeay::SESSION_get_ex_data($ses, $idx);
1997            # $ses - value corresponding to openssl's SSL_SESSION structure
1998            # $idx - (integer) index for application specific data
1999            #
2000            # returns: pointer to ???
2001
2002           Check openssl doc
2003           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_ex_new_index.html>
2004
2005       •   SESSION_set_ex_data
2006
2007           Is used to store application data at arg for idx into the session
2008           object.
2009
2010            my $rv = Net::SSLeay::SESSION_set_ex_data($ss, $idx, $data);
2011            # $ss - value corresponding to openssl's SSL_SESSION structure
2012            # $idx - (integer) ???
2013            # $data - (pointer) ???
2014            #
2015            # returns: 1 on success, 0 on failure
2016
2017           Check openssl doc
2018           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_ex_new_index.html>
2019
2020       •   SESSION_get_ex_new_index
2021
2022           Is used to register a new index for application specific data.
2023
2024            my $rv = Net::SSLeay::SESSION_get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func);
2025            # $argl - (long) ???
2026            # $argp - (pointer) ???
2027            # $new_func - function pointer ??? (CRYPTO_EX_new *)
2028            # $dup_func - function pointer ??? (CRYPTO_EX_dup *)
2029            # $free_func - function pointer ??? (CRYPTO_EX_free *)
2030            #
2031            # returns: (integer) ???
2032
2033           Check openssl doc
2034           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_ex_new_index.html>
2035
2036       •   SESSION_get_master_key
2037
2038           NOTE: Does not exactly correspond to any low level API function
2039
2040           Returns 'master_key' value from SSL_SESSION structure $s
2041
2042            Net::SSLeay::SESSION_get_master_key($s);
2043            # $s - value corresponding to openssl's SSL_SESSION structure
2044            #
2045            # returns: master key (binary data)
2046
2047       •   SESSION_set_master_key
2048
2049           Sets 'master_key' value for SSL_SESSION structure $s
2050
2051            Net::SSLeay::SESSION_set_master_key($s, $key);
2052            # $s - value corresponding to openssl's SSL_SESSION structure
2053            # $key - master key (binary data)
2054            #
2055            # returns: no return value
2056
2057           Not available with OpenSSL 1.1 and later.  Code that previously
2058           used
2059                  SESSION_set_master_key must now set $secret in the
2060           session_secret
2061                  callback set with SSL_set_session_secret_cb.
2062
2063       •   SESSION_get_time
2064
2065           Returns the time at which the session s was established.  The time
2066           is given in seconds since 1.1.1970.
2067
2068            my $rv = Net::SSLeay::SESSION_get_time($s);
2069            # $s - value corresponding to openssl's SSL_SESSION structure
2070            #
2071            # returns: timestamp (seconds since 1.1.1970)
2072
2073           Check openssl doc
2074           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_time.html>
2075
2076       •   get_time
2077
2078           Technically the same functionality as "SESSION_get_time".
2079
2080            my $rv = Net::SSLeay::get_time($s);
2081
2082       •   SESSION_get_timeout
2083
2084           Returns the timeout value set for session $s in seconds.
2085
2086            my $rv = Net::SSLeay::SESSION_get_timeout($s);
2087            # $s - value corresponding to openssl's SSL_SESSION structure
2088            #
2089            # returns: timeout (in seconds)
2090
2091           Check openssl doc
2092           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_time.html>
2093
2094       •   get_timeout
2095
2096           Technically the same functionality as "SESSION_get_timeout".
2097
2098            my $rv = Net::SSLeay::get_timeout($s);
2099
2100       •   SESSION_print
2101
2102           NOTE: Does not exactly correspond to any low level API function
2103
2104           Prints session details (e.g. protocol version, cipher, session-id
2105           ...) to BIO.
2106
2107            my $rv = Net::SSLeay::SESSION_print($fp, $ses);
2108            # $fp - value corresponding to openssl's BIO structure
2109            # $ses - value corresponding to openssl's SSL_SESSION structure
2110            #
2111            # returns: 1 on success, 0 on failure
2112
2113           You have to use necessary BIO functions like this:
2114
2115            # let us have $ssl corresponding to openssl's SSL structure
2116            my $ses = Net::SSLeay::get_session($ssl);
2117            my $bio = Net::SSLeay::BIO_new(&Net::SSLeay::BIO_s_mem);
2118            Net::SSLeay::SESSION_print($bio, $ses);
2119            print Net::SSLeay::BIO_read($bio);
2120
2121       •   SESSION_print_fp
2122
2123           Prints session details (e.g. protocol version, cipher, session-id
2124           ...) to file handle.
2125
2126            my $rv = Net::SSLeay::SESSION_print_fp($fp, $ses);
2127            # $fp - perl file handle
2128            # $ses - value corresponding to openssl's SSL_SESSION structure
2129            #
2130            # returns: 1 on success, 0 on failure
2131
2132           Example:
2133
2134            # let us have $ssl corresponding to openssl's SSL structure
2135            my $ses = Net::SSLeay::get_session($ssl);
2136            open my $fh, ">", "output.txt";
2137            Net::SSLeay::SESSION_print_fp($fh,$ses);
2138
2139       •   SESSION_set_time
2140
2141           Replaces the creation time of the session s with the chosen value
2142           $t (seconds since 1.1.1970).
2143
2144            my $rv = Net::SSLeay::SESSION_set_time($ses, $t);
2145            # $ses - value corresponding to openssl's SSL_SESSION structure
2146            # $t - time value
2147            #
2148            # returns: 1 on success
2149
2150           Check openssl doc
2151           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_time.html>
2152
2153       •   set_time
2154
2155           Technically the same functionality as "SESSION_set_time".
2156
2157            my $rv = Net::SSLeay::set_time($ses, $t);
2158
2159       •   SESSION_set_timeout
2160
2161           Sets the timeout value for session s in seconds to $t.
2162
2163            my $rv = Net::SSLeay::SESSION_set_timeout($s, $t);
2164            # $s - value corresponding to openssl's SSL_SESSION structure
2165            # $t - timeout (in seconds)
2166            #
2167            # returns: 1 on success
2168
2169           Check openssl doc
2170           <http://www.openssl.org/docs/ssl/SSL_SESSION_get_time.html>
2171
2172       •   set_timeout
2173
2174           Technically the same functionality as "SESSION_set_timeout".
2175
2176            my $rv = Net::SSLeay::set_timeout($ses, $t);
2177
2178       Low level API: SSL_CTX_* related functions
2179
2180       NOTE: Please note that the function described in this chapter have
2181       "SSL_" part stripped from their original openssl names.
2182
2183       •   CTX_add_client_CA
2184
2185           Adds the CA name extracted from $cacert to the list of CAs sent to
2186           the client when requesting a client certificate for $ctx.
2187
2188            my $rv = Net::SSLeay::CTX_add_client_CA($ctx, $cacert);
2189            # $ctx - value corresponding to openssl's SSL_CTX structure
2190            # $cacert - value corresponding to openssl's X509 structure
2191            #
2192            # returns: 1 on success, 0 on failure
2193
2194           Check openssl doc
2195           <http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html>
2196
2197       •   CTX_add_extra_chain_cert
2198
2199           Adds the certificate $x509 to the certificate chain presented
2200           together with the certificate. Several certificates can be added
2201           one after the other.
2202
2203            my $rv = Net::SSLeay::CTX_add_extra_chain_cert($ctx, $x509);
2204            # $ctx - value corresponding to openssl's SSL_CTX structure
2205            # $x509 - value corresponding to openssl's X509 structure
2206            #
2207            # returns: 1 on success, check out the error stack to find out the reason for failure otherwise
2208
2209           Check openssl doc
2210           <http://www.openssl.org/docs/ssl/SSL_CTX_add_extra_chain_cert.html>
2211
2212       •   CTX_add_session
2213
2214           Adds the session $ses to the context $ctx.
2215
2216            my $rv = Net::SSLeay::CTX_add_session($ctx, $ses);
2217            # $ctx - value corresponding to openssl's SSL_CTX structure
2218            # $ses - value corresponding to openssl's SSL_SESSION structure
2219            #
2220            # returns: 1 on success, 0 on failure
2221
2222           Check openssl doc
2223           <http://www.openssl.org/docs/ssl/SSL_CTX_add_session.html>
2224
2225       •   CTX_callback_ctrl
2226
2227           ??? (more info needed)
2228
2229            my $rv = Net::SSLeay::CTX_callback_ctrl($ctx, $cmd, $fp);
2230            # $ctx - value corresponding to openssl's SSL_CTX structure
2231            # $cmd - (integer) command id
2232            # $fp - (function pointer) ???
2233            #
2234            # returns: ???
2235
2236           Check openssl doc
2237           <http://www.openssl.org/docs/ssl/SSL_CTX_ctrl.html>
2238
2239       •   CTX_check_private_key
2240
2241           Checks the consistency of a private key with the corresponding
2242           certificate loaded into $ctx.
2243
2244            my $rv = Net::SSLeay::CTX_check_private_key($ctx);
2245            # $ctx - value corresponding to openssl's SSL_CTX structure
2246            #
2247            # returns: 1 on success, otherwise check out the error stack to find out the reason
2248
2249           Check openssl doc
2250           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
2251
2252       •   CTX_ctrl
2253
2254           Internal handling function for SSL_CTX objects.
2255
2256           BEWARE: openssl doc says: This function should never be called
2257           directly!
2258
2259            my $rv = Net::SSLeay::CTX_ctrl($ctx, $cmd, $larg, $parg);
2260            # $ctx - value corresponding to openssl's SSL_CTX structure
2261            # $cmd - (integer) command id
2262            # $larg - (integer) long ???
2263            # $parg - (string/pointer) ???
2264            #
2265            # returns: (long) result of given command ???
2266
2267            #valid $cmd values
2268             1 - SSL_CTRL_NEED_TMP_RSA
2269             2 - SSL_CTRL_SET_TMP_RSA
2270             3 - SSL_CTRL_SET_TMP_DH
2271             4 - SSL_CTRL_SET_TMP_ECDH
2272             5 - SSL_CTRL_SET_TMP_RSA_CB
2273             6 - SSL_CTRL_SET_TMP_DH_CB
2274             7 - SSL_CTRL_SET_TMP_ECDH_CB
2275             8 - SSL_CTRL_GET_SESSION_REUSED
2276             9 - SSL_CTRL_GET_CLIENT_CERT_REQUEST
2277            10 - SSL_CTRL_GET_NUM_RENEGOTIATIONS
2278            11 - SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
2279            12 - SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
2280            13 - SSL_CTRL_GET_FLAGS
2281            14 - SSL_CTRL_EXTRA_CHAIN_CERT
2282            15 - SSL_CTRL_SET_MSG_CALLBACK
2283            16 - SSL_CTRL_SET_MSG_CALLBACK_ARG
2284            17 - SSL_CTRL_SET_MTU
2285            20 - SSL_CTRL_SESS_NUMBER
2286            21 - SSL_CTRL_SESS_CONNECT
2287            22 - SSL_CTRL_SESS_CONNECT_GOOD
2288            23 - SSL_CTRL_SESS_CONNECT_RENEGOTIATE
2289            24 - SSL_CTRL_SESS_ACCEPT
2290            25 - SSL_CTRL_SESS_ACCEPT_GOOD
2291            26 - SSL_CTRL_SESS_ACCEPT_RENEGOTIATE
2292            27 - SSL_CTRL_SESS_HIT
2293            28 - SSL_CTRL_SESS_CB_HIT
2294            29 - SSL_CTRL_SESS_MISSES
2295            30 - SSL_CTRL_SESS_TIMEOUTS
2296            31 - SSL_CTRL_SESS_CACHE_FULL
2297            32 - SSL_CTRL_OPTIONS
2298            33 - SSL_CTRL_MODE
2299            40 - SSL_CTRL_GET_READ_AHEAD
2300            41 - SSL_CTRL_SET_READ_AHEAD
2301            42 - SSL_CTRL_SET_SESS_CACHE_SIZE
2302            43 - SSL_CTRL_GET_SESS_CACHE_SIZE
2303            44 - SSL_CTRL_SET_SESS_CACHE_MODE
2304            45 - SSL_CTRL_GET_SESS_CACHE_MODE
2305            50 - SSL_CTRL_GET_MAX_CERT_LIST
2306            51 - SSL_CTRL_SET_MAX_CERT_LIST
2307            52 - SSL_CTRL_SET_MAX_SEND_FRAGMENT
2308            53 - SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
2309            54 - SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
2310            55 - SSL_CTRL_SET_TLSEXT_HOSTNAME
2311            56 - SSL_CTRL_SET_TLSEXT_DEBUG_CB
2312            57 - SSL_CTRL_SET_TLSEXT_DEBUG_ARG
2313            58 - SSL_CTRL_GET_TLSEXT_TICKET_KEYS
2314            59 - SSL_CTRL_SET_TLSEXT_TICKET_KEYS
2315            60 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT
2316            61 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB
2317            62 - SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG
2318            63 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
2319            64 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
2320            65 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
2321            66 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
2322            67 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
2323            68 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
2324            69 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
2325            70 - SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
2326            71 - SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
2327            72 - SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
2328            73 - DTLS_CTRL_GET_TIMEOUT
2329            74 - DTLS_CTRL_HANDLE_TIMEOUT
2330            75 - DTLS_CTRL_LISTEN
2331            76 - SSL_CTRL_GET_RI_SUPPORT
2332            77 - SSL_CTRL_CLEAR_OPTIONS
2333            78 - SSL_CTRL_CLEAR_MODE
2334
2335            82 - SSL_CTRL_GET_EXTRA_CHAIN_CERTS
2336            83 - SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
2337
2338            88 - SSL_CTRL_CHAIN
2339            89 - SSL_CTRL_CHAIN_CERT
2340
2341            90 - SSL_CTRL_GET_CURVES
2342            91 - SSL_CTRL_SET_CURVES
2343            92 - SSL_CTRL_SET_CURVES_LIST
2344            93 - SSL_CTRL_GET_SHARED_CURVE
2345            94 - SSL_CTRL_SET_ECDH_AUTO
2346            97 - SSL_CTRL_SET_SIGALGS
2347            98 - SSL_CTRL_SET_SIGALGS_LIST
2348            99 - SSL_CTRL_CERT_FLAGS
2349            100 - SSL_CTRL_CLEAR_CERT_FLAGS
2350            101 - SSL_CTRL_SET_CLIENT_SIGALGS
2351            102 - SSL_CTRL_SET_CLIENT_SIGALGS_LIST
2352            103 - SSL_CTRL_GET_CLIENT_CERT_TYPES
2353            104 - SSL_CTRL_SET_CLIENT_CERT_TYPES
2354            105 - SSL_CTRL_BUILD_CERT_CHAIN
2355            106 - SSL_CTRL_SET_VERIFY_CERT_STORE
2356            107 - SSL_CTRL_SET_CHAIN_CERT_STORE
2357            108 - SSL_CTRL_GET_PEER_SIGNATURE_NID
2358            109 - SSL_CTRL_GET_SERVER_TMP_KEY
2359            110 - SSL_CTRL_GET_RAW_CIPHERLIST
2360            111 - SSL_CTRL_GET_EC_POINT_FORMATS
2361            112 - SSL_CTRL_GET_TLSA_RECORD
2362            113 - SSL_CTRL_SET_TLSA_RECORD
2363            114 - SSL_CTRL_PULL_TLSA_RECORD
2364
2365           Check openssl doc
2366           <http://www.openssl.org/docs/ssl/SSL_CTX_ctrl.html>
2367
2368       •   CTX_flush_sessions
2369
2370           Causes a run through the session cache of $ctx to remove sessions
2371           expired at time $tm.
2372
2373            Net::SSLeay::CTX_flush_sessions($ctx, $tm);
2374            # $ctx - value corresponding to openssl's SSL_CTX structure
2375            # $tm - specifies the time which should be used for the expiration test (seconds since 1.1.1970)
2376            #
2377            # returns: no return value
2378
2379           Check openssl doc
2380           <http://www.openssl.org/docs/ssl/SSL_CTX_flush_sessions.html>
2381
2382       •   CTX_free
2383
2384           Free an allocated SSL_CTX object.
2385
2386            Net::SSLeay::CTX_free($ctx);
2387            # $ctx - value corresponding to openssl's SSL_CTX structure
2388            #
2389            # returns: no return value
2390
2391           Check openssl doc
2392           <http://www.openssl.org/docs/ssl/SSL_CTX_free.html>
2393
2394       •   CTX_get_app_data
2395
2396           Can be used to get application defined value/data.
2397
2398            my $rv = Net::SSLeay::CTX_get_app_data($ctx);
2399            # $ctx - value corresponding to openssl's SSL_CTX structure
2400            #
2401            # returns: string/buffer/pointer ???
2402
2403       •   CTX_set_app_data
2404
2405           Can be used to set some application defined value/data.
2406
2407            my $rv = Net::SSLeay::CTX_set_app_data($ctx, $arg);
2408            # $ctx - value corresponding to openssl's SSL_CTX structure
2409            # $arg - (string/buffer/pointer ???) data
2410            #
2411            # returns: ???
2412
2413       •   CTX_get0_param
2414
2415           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
2416           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
2417
2418           Returns the current verification parameters.
2419
2420            my $vpm = Net::SSLeay::CTX_get0_param($ctx);
2421            # $ctx - value corresponding to openssl's SSL_CTX structure
2422            #
2423            # returns: value corresponding to openssl's X509_VERIFY_PARAM structure
2424
2425           Check openssl doc
2426           <https://www.openssl.org/docs/ssl/SSL_CTX_get0_param.html>
2427
2428       •   CTX_get_cert_store
2429
2430           Returns the current certificate verification storage.
2431
2432            my $rv = Net::SSLeay::CTX_get_cert_store($ctx);
2433            # $ctx - value corresponding to openssl's SSL_CTX structure
2434            #
2435            # returns: value corresponding to openssl's X509_STORE structure (0 on failure)
2436
2437           Check openssl doc
2438           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_store.html>
2439
2440       •   CTX_get_client_CA_list
2441
2442           Returns the list of client CAs explicitly set for $ctx using
2443           "CTX_set_client_CA_list".
2444
2445            my $rv = Net::SSLeay::CTX_get_client_CA_list($ctx);
2446            # $ctx - value corresponding to openssl's SSL_CTX structure
2447            #
2448            # returns: value corresponding to openssl's X509_NAME_STACK structure (0 on failure)
2449
2450           Check openssl doc
2451           <http://www.openssl.org/docs/ssl/SSL_get_client_CA_list.html>
2452
2453       •   CTX_get_ex_data
2454
2455           Is used to retrieve the information for index $idx from $ctx.
2456
2457            my $rv = Net::SSLeay::CTX_get_ex_data($ssl, $idx);
2458            # $ssl - value corresponding to openssl's SSL_CTX structure
2459            # $idx - (integer) index for application specific data
2460            #
2461            # returns: pointer to ???
2462
2463           Check openssl doc
2464           <http://www.openssl.org/docs/ssl/SSL_CTX_get_ex_new_index.html>
2465
2466       •   CTX_get_ex_new_index
2467
2468           Is used to register a new index for application specific data.
2469
2470            my $rv = Net::SSLeay::CTX_get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func);
2471            # $argl - (long) ???
2472            # $argp - (pointer) ???
2473            # $new_func - function pointer ??? (CRYPTO_EX_new *)
2474            # $dup_func - function pointer ??? (CRYPTO_EX_dup *)
2475            # $free_func - function pointer ??? (CRYPTO_EX_free *)
2476            #
2477            # returns: (integer) ???
2478
2479           Check openssl doc
2480           <http://www.openssl.org/docs/ssl/SSL_CTX_get_ex_new_index.html>
2481
2482       •   CTX_get_mode
2483
2484           Returns the mode set for ctx.
2485
2486            my $rv = Net::SSLeay::CTX_get_mode($ctx);
2487            # $ctx - value corresponding to openssl's SSL_CTX structure
2488            #
2489            # returns: mode (bitmask)
2490
2491            #to decode the return value (bitmask) use:
2492            0x00000001 corresponds to SSL_MODE_ENABLE_PARTIAL_WRITE
2493            0x00000002 corresponds to SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
2494            0x00000004 corresponds to SSL_MODE_AUTO_RETRY
2495            0x00000008 corresponds to SSL_MODE_NO_AUTO_CHAIN
2496            0x00000010 corresponds to SSL_MODE_RELEASE_BUFFERS
2497            (note: some of the bits might not be supported by older openssl versions)
2498
2499           Check openssl doc
2500           <http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html>
2501
2502       •   CTX_set_mode
2503
2504           Adds the mode set via bitmask in $mode to $ctx. Options already set
2505           before are not cleared.
2506
2507            my $rv = Net::SSLeay::CTX_set_mode($ctx, $mode);
2508            # $ctx - value corresponding to openssl's SSL_CTX structure
2509            # $mode - mode bitmask
2510            #
2511            # returns: the new mode bitmask after adding $mode
2512
2513           For bitmask details see "CTX_get_mode" (above).
2514
2515           Check openssl doc
2516           <http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html>
2517
2518       •   CTX_get_options
2519
2520           Returns the options (bitmask) set for $ctx.
2521
2522            my $rv = Net::SSLeay::CTX_get_options($ctx);
2523            # $ctx - value corresponding to openssl's SSL_CTX structure
2524            #
2525            # returns: options (bitmask)
2526
2527           BEWARE: The available constants and their values in bitmask depend
2528           on the TLS library. For example, SSL_OP_NO_TLSv1_3 became available
2529           much later than SSL_OP_NO_COMPRESS which is already deprecated by
2530           some libraries. Also, some previously used option values have been
2531           recycled and are now used for newer options. See the list of
2532           constants in this document for options Net::SSLeay currently
2533           supports.
2534
2535           You are strongly encouraged to check your TLS library if you need
2536           to use numeric values directly. The following is a sample of
2537           historic values. It may not be correct anymore.
2538
2539            #to decode the return value (bitmask) use:
2540            0x00000004 corresponds to SSL_OP_LEGACY_SERVER_CONNECT
2541            0x00000800 corresponds to SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
2542            0x00004000 corresponds to SSL_OP_NO_TICKET
2543            0x00010000 corresponds to SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
2544            0x00400000 corresponds to SSL_OP_CIPHER_SERVER_PREFERENCE
2545            0x04000000 corresponds to SSL_OP_NO_TLSv1
2546
2547           Check openssl doc
2548           <https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html>
2549
2550       •   CTX_set_options
2551
2552           Adds the options set via bitmask in $options to ctx. Options
2553           already set before are not cleared.
2554
2555            Net::SSLeay::CTX_set_options($ctx, $options);
2556            # $ctx - value corresponding to openssl's SSL_CTX structure
2557            # $options - options bitmask
2558            #
2559            # returns: the new options bitmask after adding $options
2560
2561           For bitmask details see "CTX_get_options" (above).
2562
2563           Check openssl doc
2564           <https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html>
2565
2566       •   CTX_get_quiet_shutdown
2567
2568           Returns the 'quiet shutdown' setting of $ctx.
2569
2570            my $rv = Net::SSLeay::CTX_get_quiet_shutdown($ctx);
2571            # $ctx - value corresponding to openssl's SSL_CTX structure
2572            #
2573            # returns: (integer) the current setting
2574
2575           Check openssl doc
2576           <http://www.openssl.org/docs/ssl/SSL_CTX_set_quiet_shutdown.html>
2577
2578       •   CTX_get_read_ahead
2579
2580            my $rv = Net::SSLeay::CTX_get_read_ahead($ctx);
2581            # $ctx - value corresponding to openssl's SSL_CTX structure
2582            #
2583            # returns: (integer) read_ahead value
2584
2585       •   CTX_get_session_cache_mode
2586
2587           Returns the currently used cache mode (bitmask).
2588
2589            my $rv = Net::SSLeay::CTX_get_session_cache_mode($ctx);
2590            # $ctx - value corresponding to openssl's SSL_CTX structure
2591            #
2592            # returns: mode (bitmask)
2593
2594           BEWARE: SESS_CACHE_OFF and other constants are not available in
2595           Net-SSLeay-1.82 and before.  If the constants are not available,
2596           the following values have historically been correct. You are
2597           strongly encouraged to check your TLS library for the current
2598           values.
2599
2600            #to decode the return value (bitmask) use:
2601            0x0000 corresponds to SSL_SESS_CACHE_OFF
2602            0x0001 corresponds to SSL_SESS_CACHE_CLIENT
2603            0x0002 corresponds to SSL_SESS_CACHE_SERVER
2604            0x0080 corresponds to SSL_SESS_CACHE_NO_AUTO_CLEAR
2605            0x0100 corresponds to SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
2606            0x0200 corresponds to SSL_SESS_CACHE_NO_INTERNAL_STORE
2607            (note: some of the bits might not be supported by older openssl versions)
2608
2609           Check openssl doc
2610           <http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html>
2611
2612       •   CTX_set_session_cache_mode
2613
2614           Enables/disables session caching by setting the operational mode
2615           for $ctx to $mode.
2616
2617            my $rv = Net::SSLeay::CTX_set_session_cache_mode($ctx, $mode);
2618            # $ctx - value corresponding to openssl's SSL_CTX structure
2619            # $mode - mode (bitmask)
2620            #
2621            # returns: previously set cache mode
2622
2623           For bitmask details see "CTX_get_session_cache_mode" (above).
2624
2625           Check openssl doc
2626           <http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html>
2627
2628       •   CTX_get_timeout
2629
2630           Returns the currently set timeout value for $ctx.
2631
2632            my $rv = Net::SSLeay::CTX_get_timeout($ctx);
2633            # $ctx - value corresponding to openssl's SSL_CTX structure
2634            #
2635            # returns: timeout in seconds
2636
2637           Check openssl doc
2638           <http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html>
2639
2640       •   CTX_get_verify_depth
2641
2642           Returns the verification depth limit currently set in $ctx. If no
2643           limit has been explicitly set, -1 is returned and the default value
2644           will be used.",
2645
2646            my $rv = Net::SSLeay::CTX_get_verify_depth($ctx);
2647            # $ctx - value corresponding to openssl's SSL_CTX structure
2648            #
2649            # returns: depth limit currently set in $ctx, -1 if no limit has been explicitly set
2650
2651           Check openssl doc
2652           <http://www.openssl.org/docs/ssl/SSL_CTX_get_verify_mode.html>
2653
2654       •   CTX_get_verify_mode
2655
2656           Returns the verification mode (bitmask) currently set in $ctx.
2657
2658            my $rv = Net::SSLeay::CTX_get_verify_mode($ctx);
2659            # $ctx - value corresponding to openssl's SSL_CTX structure
2660            #
2661            # returns: mode (bitmask)
2662
2663           For bitmask details see "CTX_set_verify".
2664
2665           Check openssl doc
2666           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_verify_mode.html>
2667
2668       •   CTX_set_verify
2669
2670           Sets the verification flags for $ctx to be $mode and specifies the
2671           verify_callback function to be used.
2672
2673            Net::SSLeay::CTX_set_verify($ctx, $mode, $callback);
2674            # $ctx - value corresponding to openssl's SSL_CTX structure
2675            # $mode - mode (bitmask), see OpenSSL manual
2676            # $callback - [optional] reference to perl callback function
2677            #
2678            # returns: no return value
2679
2680           Check openssl doc
2681           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html>
2682
2683       •   CTX_set_post_handshake_auth
2684
2685           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
2686           requires at least OpenSSL 1.1.1, not in LibreSSL
2687
2688           Enable the Post-Handshake Authentication extension to be added to
2689           the ClientHello such that post-handshake authentication can be
2690           requested by the server.
2691
2692            Net::SSLeay::CTX_set_posthandshake_auth($ctx, $val);
2693            # $ctx - value corresponding to openssl's SSL_CTX structure
2694            # $val - 0 then the extension is not sent, otherwise it is
2695            #
2696            # returns: no return value
2697
2698           Check openssl doc
2699           https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth
2700           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html>
2701
2702       •   CTX_load_verify_locations
2703
2704           Specifies the locations for $ctx, at which CA certificates for
2705           verification purposes are located. The certificates available via
2706           $CAfile and $CApath are trusted.
2707
2708            my $rv = Net::SSLeay::CTX_load_verify_locations($ctx, $CAfile, $CApath);
2709            # $ctx - value corresponding to openssl's SSL_CTX structure
2710            # $CAfile - (string) file of CA certificates in PEM format, the file can contain several CA certificates (or '')
2711            # $CApath - (string) directory containing CA certificates in PEM format (or '')
2712            #
2713            # returns: 1 on success, 0 on failure (check the error stack to find out the reason)
2714
2715           Check openssl doc
2716           <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>
2717
2718       •   CTX_need_tmp_RSA
2719
2720           Return the result of
2721           "SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)"
2722
2723            my $rv = Net::SSLeay::CTX_need_tmp_RSA($ctx);
2724            # $ctx - value corresponding to openssl's SSL_CTX structure
2725            #
2726            # returns: result of SSL_CTRL_NEED_TMP_RSA command
2727
2728           Not available with OpenSSL 1.1 and later.
2729
2730       •   CTX_new
2731
2732           The same as "CTX_v23_new"
2733
2734            my $rv = Net::SSLeay::CTX_new();
2735            #
2736            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2737
2738           Check openssl doc
2739           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
2740
2741           Not available with OpenSSL 1.1 and later.
2742
2743       •   CTX_v2_new
2744
2745           Creates a new SSL_CTX object - based on SSLv2_method() - as
2746           framework to establish TLS/SSL enabled connections.
2747
2748            my $rv = Net::SSLeay::CTX_v2_new();
2749            #
2750            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2751
2752       •   CTX_v23_new
2753
2754           Creates a new SSL_CTX object - based on SSLv23_method() - as
2755           framework to establish TLS/SSL enabled connections.
2756
2757            my $rv = Net::SSLeay::CTX_v23_new();
2758            #
2759            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2760
2761       •   CTX_v3_new
2762
2763           Creates a new SSL_CTX object - based on SSLv3_method() - as
2764           framework to establish TLS/SSL enabled connections.
2765
2766            my $rv = Net::SSLeay::CTX_v3_new();
2767            #
2768            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2769
2770       •   CTX_tlsv1_new
2771
2772           Creates a new SSL_CTX object - based on TLSv1_method() - as
2773           framework to establish TLS/SSL enabled connections.
2774
2775            my $rv = Net::SSLeay::CTX_tlsv1_new();
2776            #
2777            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2778
2779       •   CTX_tlsv1_1_new
2780
2781           Creates a new SSL_CTX object - based on TLSv1_1_method() - as
2782           framework to establish TLS/SSL enabled connections. Only available
2783           where supported by the underlying openssl.
2784
2785            my $rv = Net::SSLeay::CTX_tlsv1_1_new();
2786            #
2787            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2788
2789       •   CTX_tlsv1_2_new
2790
2791           Creates a new SSL_CTX object - based on TLSv1_2_method() - as
2792           framework to establish TLS/SSL enabled connections. Only available
2793           where supported by the underlying openssl.
2794
2795            my $rv = Net::SSLeay::CTX_tlsv1_2_new();
2796            #
2797            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2798
2799       •   CTX_new_with_method
2800
2801           Creates a new SSL_CTX object based on $meth method
2802
2803            my $rv = Net::SSLeay::CTX_new_with_method($meth);
2804            # $meth - value corresponding to openssl's SSL_METHOD structure
2805            #
2806            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
2807
2808            #example
2809            my $ctx = Net::SSLeay::CTX_new_with_method(&Net::SSLeay::TLSv1_method);
2810
2811           Check openssl doc
2812           <http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
2813
2814       •   CTX_set_min_proto_version, CTX_set_max_proto_version,
2815           set_min_proto_version and set_max_proto_version,
2816
2817           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
2818           requires at least OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0
2819
2820           Set the minimum and maximum supported protocol for $ctx or $ssl.
2821
2822            my $rv = Net::SSLeay::CTX_set_min_proto_version($ctx, $version)
2823            # $ctx - value corresponding to openssl's SSL_CTX structure
2824            # $version - (integer) constat version value or 0 for automatic lowest or highest value
2825            #
2826            # returns: 1 on success, 0 on failure
2827
2828            #example: allow only TLS 1.2 for a SSL_CTX
2829            my $rv_min = Net::SSLeay::CTX_set_min_proto_version($ctx, Net::SSLeay::TLS1_2_VERSION());
2830            my $rv_max = Net::SSLeay::CTX_set_max_proto_version($ctx, Net::SSLeay::TLS1_2_VERSION());
2831
2832            #example: allow only TLS 1.1 for a SSL
2833            my $rv_min = Net::SSLeay::set_min_proto_version($ssl, Net::SSLeay::TLS1_1_VERSION());
2834            my $rv_max = Net::SSLeay::set_max_proto_version($ssl, Net::SSLeay::TLS1_1_VERSION());
2835
2836           Check openssl doc
2837           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_min_proto_version.html>
2838
2839       •   CTX_get_min_proto_version, CTX_get_max_proto_version,
2840           get_min_proto_version and get_max_proto_version,
2841
2842           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
2843           requires at least OpenSSL 1.1.0g
2844
2845           Get the minimum and maximum supported protocol for $ctx or $ssl.
2846
2847            my $version = Net::SSLeay::CTX_get_min_proto_version($ctx)
2848            # $ctx - value corresponding to openssl's SSL_CTX structure
2849            #
2850            # returns: 0 automatic lowest or highest value, configured value otherwise
2851
2852           Check openssl doc
2853           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_min_proto_version.html>
2854
2855       •   CTX_remove_session
2856
2857           Removes the session $ses from the context $ctx.
2858
2859            my $rv = Net::SSLeay::CTX_remove_session($ctx, $ses);
2860            # $ctx - value corresponding to openssl's SSL_CTX structure
2861            # $ses - value corresponding to openssl's SSL_SESSION structure
2862            #
2863            # returns: 1 on success, 0 on failure
2864
2865           Check openssl doc
2866           <http://www.openssl.org/docs/ssl/SSL_CTX_add_session.html>
2867
2868       •   CTX_sess_accept
2869
2870            my $rv = Net::SSLeay::CTX_sess_accept($ctx);
2871            # $ctx - value corresponding to openssl's SSL_CTX structure
2872            #
2873            # returns: number of started SSL/TLS handshakes in server mode
2874
2875           Check openssl doc
2876           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2877
2878       •   CTX_sess_accept_good
2879
2880            my $rv = Net::SSLeay::CTX_sess_accept_good($ctx);
2881            # $ctx - value corresponding to openssl's SSL_CTX structure
2882            #
2883            # returns: number of successfully established SSL/TLS sessions in server mode
2884
2885           Check openssl doc
2886           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2887
2888       •   CTX_sess_accept_renegotiate
2889
2890            my $rv = Net::SSLeay::CTX_sess_accept_renegotiate($ctx);
2891            # $ctx - value corresponding to openssl's SSL_CTX structure
2892            #
2893            # returns: number of start renegotiations in server mode
2894
2895           Check openssl doc
2896           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2897
2898       •   CTX_sess_cache_full
2899
2900            my $rv = Net::SSLeay::CTX_sess_cache_full($ctx);
2901            # $ctx - value corresponding to openssl's SSL_CTX structure
2902            #
2903            # returns: number of sessions that were removed because the maximum session cache size was exceeded
2904
2905           Check openssl doc
2906           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2907
2908       •   CTX_sess_cb_hits
2909
2910            my $rv = Net::SSLeay::CTX_sess_cb_hits($ctx);
2911            # $ctx - value corresponding to openssl's SSL_CTX structure
2912            #
2913            # returns: number of successfully retrieved sessions from the external session cache in server mode
2914
2915           Check openssl doc
2916           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2917
2918       •   CTX_sess_connect
2919
2920            my $rv = Net::SSLeay::CTX_sess_connect($ctx);
2921            # $ctx - value corresponding to openssl's SSL_CTX structure
2922            #
2923            # returns: number of started SSL/TLS handshakes in client mode
2924
2925           Check openssl doc
2926           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2927
2928       •   CTX_sess_connect_good
2929
2930            my $rv = Net::SSLeay::CTX_sess_connect_good($ctx);
2931            # $ctx - value corresponding to openssl's SSL_CTX structure
2932            #
2933            # returns: number of successfully established SSL/TLS sessions in client mode
2934
2935           Check openssl doc
2936           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2937
2938       •   CTX_sess_connect_renegotiate
2939
2940            my $rv = Net::SSLeay::CTX_sess_connect_renegotiate($ctx);
2941            # $ctx - value corresponding to openssl's SSL_CTX structure
2942            #
2943            # returns: number of start renegotiations in client mode
2944
2945           Check openssl doc
2946           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2947
2948       •   CTX_sess_get_cache_size
2949
2950           Returns the currently valid session cache size.
2951
2952            my $rv = Net::SSLeay::CTX_sess_get_cache_size($ctx);
2953            # $ctx - value corresponding to openssl's SSL_CTX structure
2954            #
2955            # returns: current size
2956
2957           Check openssl doc
2958           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html>
2959
2960       •   CTX_sess_hits
2961
2962            my $rv = Net::SSLeay::CTX_sess_hits($ctx);
2963            # $ctx - value corresponding to openssl's SSL_CTX structure
2964            #
2965            # returns: number of successfully reused sessions
2966
2967           Check openssl doc
2968           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2969
2970       •   CTX_sess_misses
2971
2972            my $rv = Net::SSLeay::CTX_sess_misses($ctx);
2973            # $ctx - value corresponding to openssl's SSL_CTX structure
2974            #
2975            # returns: number of sessions proposed by clients that were not found in the internal session cache in server mode
2976
2977           Check openssl doc
2978           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2979
2980       •   CTX_sess_number
2981
2982            my $rv = Net::SSLeay::CTX_sess_number($ctx);
2983            # $ctx - value corresponding to openssl's SSL_CTX structure
2984            #
2985            # returns: current number of sessions in the internal session cache
2986
2987           Check openssl doc
2988           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
2989
2990       •   CTX_sess_set_cache_size
2991
2992           Sets the size of the internal session cache of context $ctx to
2993           $size.
2994
2995            Net::SSLeay::CTX_sess_set_cache_size($ctx, $size);
2996            # $ctx - value corresponding to openssl's SSL_CTX structure
2997            # $size - cache size (0 = unlimited)
2998            #
2999            # returns: previously valid size
3000
3001           Check openssl doc
3002           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html>
3003
3004       •   CTX_sess_timeouts
3005
3006           Returns the number of sessions proposed by clients and either found
3007           in the internal or external session cache in server mode, but that
3008           were invalid due to timeout. These sessions are not included in the
3009           SSL_CTX_sess_hits count.
3010
3011            my $rv = Net::SSLeay::CTX_sess_timeouts($ctx);
3012            # $ctx - value corresponding to openssl's SSL_CTX structure
3013            #
3014            # returns: number of sessions
3015
3016           Check openssl doc
3017           <http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>
3018
3019       •   CTX_sess_set_new_cb
3020
3021           COMPATIBILITY: not available in Net-SSLeay-1.85 and before
3022
3023           Sets the callback function, which is automatically called whenever
3024           a new session was negotiated.
3025
3026            Net::SSLeay::CTX_sess_set_new_cb($ctx, $func);
3027            # $ctx - value corresponding to openssl's SSL_CTX structure
3028            # $func - perl reference to callback function
3029            #
3030            # returns: no return value
3031
3032           Check openssl doc
3033           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_set_new_cb.html>
3034
3035       •   CTX_sess_set_remove_cb
3036
3037           COMPATIBILITY: not available in Net-SSLeay-1.85 and before
3038
3039           Sets the callback function, which is automatically called whenever
3040           a session is removed by the SSL engine.
3041
3042            Net::SSLeay::CTX_sess_set_remove_cb($ctx, $func);
3043            # $ctx - value corresponding to openssl's SSL_CTX structure
3044            # $func - perl reference to callback function
3045            #
3046            # returns: no return value
3047
3048           Check openssl doc
3049           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_set_remove_cb.html>
3050
3051       •   CTX_sessions
3052
3053           Returns a pointer to the lhash databases containing the internal
3054           session cache for ctx.
3055
3056            my $rv = Net::SSLeay::CTX_sessions($ctx);
3057            # $ctx - value corresponding to openssl's SSL_CTX structure
3058            #
3059            # returns: value corresponding to openssl's LHASH structure (0 on failure)
3060
3061           Check openssl doc
3062           <http://www.openssl.org/docs/ssl/SSL_CTX_sessions.html>
3063
3064       •   CTX_set1_param
3065
3066           COMPATIBILITY: requires at least OpenSSL 1.0.0-beta3
3067
3068           Applies X509 verification parameters $vpm on $ctx
3069
3070            my $rv = Net::SSLeay::CTX_set1_param($ctx, $vpm);
3071            # $ctx - value corresponding to openssl's SSL_CTX structure
3072            # $vpm - value corresponding to openssl's X509_VERIFY_PARAM structure
3073            #
3074            # returns: 1 on success, 0 on failure
3075
3076           Check openssl doc
3077           <https://www.openssl.org/docs/ssl/SSL_CTX_get0_param.html>
3078
3079       •   CTX_set_cert_store
3080
3081           Sets/replaces the certificate verification storage of $ctx to/with
3082           $store.
3083
3084            Net::SSLeay::CTX_set_cert_store($ctx, $store);
3085            # $ctx - value corresponding to openssl's SSL_CTX structure
3086            # $store - value corresponding to openssl's X509_STORE structure
3087            #
3088            # returns: no return value
3089
3090           Check openssl doc
3091           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_store.html>
3092
3093       •   CTX_set_cert_verify_callback
3094
3095           Sets the verification callback function for $ctx. SSL objects that
3096           are created from $ctx inherit the setting valid at the time when
3097           "Net::SSLeay::new($ctx)" is called.
3098
3099            Net::SSLeay::CTX_set_cert_verify_callback($ctx, $func, $data);
3100            # $ctx - value corresponding to openssl's SSL_CTX structure
3101            # $func - perl reference to callback function
3102            # $data - [optional] data that will be passed to callback function when invoked
3103            #
3104            # returns: no return value
3105
3106           Check openssl doc
3107           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_verify_callback.html>
3108
3109       •   CTX_set_cipher_list
3110
3111           Sets the list of available ciphers for $ctx using the control
3112           string $str.  The list of ciphers is inherited by all ssl objects
3113           created from $ctx.
3114
3115            my $rv = Net::SSLeay::CTX_set_cipher_list($s, $str);
3116            # $s - value corresponding to openssl's SSL_CTX structure
3117            # $str - (string) cipher list e.g. '3DES:+RSA'
3118            #
3119            # returns: 1 if any cipher could be selected and 0 on complete failure
3120
3121           The format of $str is described in
3122           <http://www.openssl.org/docs/apps/ciphers.html>
3123
3124           Check openssl doc
3125           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html>
3126
3127       •   CTX_set_ciphersuites
3128
3129           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
3130           requires at least OpenSSL 1.1.1, not in LibreSSL
3131
3132           Configure the available TLSv1.3 ciphersuites.
3133
3134            my $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $str);
3135            # $ctx  - value corresponding to openssl's SSL_CTX structure
3136            # $str  - colon (":") separated list of TLSv1.3 ciphersuite names in order of preference
3137            #
3138            # returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise
3139
3140           Check openssl doc
3141           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html>
3142
3143       •   CTX_set_client_CA_list
3144
3145           Sets the list of CAs sent to the client when requesting a client
3146           certificate for $ctx.
3147
3148            Net::SSLeay::CTX_set_client_CA_list($ctx, $list);
3149            # $ctx - value corresponding to openssl's SSL_CTX structure
3150            # $list - value corresponding to openssl's X509_NAME_STACK structure
3151            #
3152            # returns: no return value
3153
3154           Check openssl doc
3155           <http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html>
3156
3157       •   CTX_set_default_passwd_cb
3158
3159           Sets the default password callback called when loading/storing a
3160           PEM certificate with encryption.
3161
3162            Net::SSLeay::CTX_set_default_passwd_cb($ctx, $func);
3163            # $ctx - value corresponding to openssl's SSL_CTX structure
3164            # $func - perl reference to callback function
3165            #
3166            # returns: no return value
3167
3168           Check openssl doc
3169           <http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html>
3170
3171       •   CTX_set_default_passwd_cb_userdata
3172
3173           Sets a pointer to userdata which will be provided to the password
3174           callback on invocation.
3175
3176            Net::SSLeay::CTX_set_default_passwd_cb_userdata($ctx, $userdata);
3177            # $ctx - value corresponding to openssl's SSL_CTX structure
3178            # $userdata - data that will be passed to callback function when invoked
3179            #
3180            # returns: no return value
3181
3182           Check openssl doc
3183           <http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html>
3184
3185       •   CTX_set_default_verify_paths
3186
3187           ??? (more info needed)
3188
3189            my $rv = Net::SSLeay::CTX_set_default_verify_paths($ctx);
3190            # $ctx - value corresponding to openssl's SSL_CTX structure
3191            #
3192            # returns: 1 on success, 0 on failure
3193
3194       •   CTX_set_ex_data
3195
3196           Is used to store application data at $data for $idx into the $ctx
3197           object.
3198
3199            my $rv = Net::SSLeay::CTX_set_ex_data($ssl, $idx, $data);
3200            # $ssl - value corresponding to openssl's SSL_CTX structure
3201            # $idx - (integer) ???
3202            # $data - (pointer) ???
3203            #
3204            # returns: 1 on success, 0 on failure
3205
3206           Check openssl doc
3207           <http://www.openssl.org/docs/ssl/SSL_CTX_get_ex_new_index.html>
3208
3209       •   CTX_set_purpose
3210
3211            my $rv = Net::SSLeay::CTX_set_purpose($s, $purpose);
3212            # $s - value corresponding to openssl's SSL_CTX structure
3213            # $purpose - (integer) purpose identifier
3214            #
3215            # returns: 1 on success, 0 on failure
3216
3217            #avainable purpose identifier
3218            1 - X509_PURPOSE_SSL_CLIENT
3219            2 - X509_PURPOSE_SSL_SERVER
3220            3 - X509_PURPOSE_NS_SSL_SERVER
3221            4 - X509_PURPOSE_SMIME_SIGN
3222            5 - X509_PURPOSE_SMIME_ENCRYPT
3223            6 - X509_PURPOSE_CRL_SIGN
3224            7 - X509_PURPOSE_ANY
3225            8 - X509_PURPOSE_OCSP_HELPER
3226            9 - X509_PURPOSE_TIMESTAMP_SIGN
3227
3228            #or use corresponding constants
3229            $purpose = &Net::SSLeay::X509_PURPOSE_SSL_CLIENT;
3230            ...
3231            $purpose = &Net::SSLeay::X509_PURPOSE_TIMESTAMP_SIGN;
3232
3233       •   CTX_set_quiet_shutdown
3234
3235           Sets the 'quiet shutdown' flag for $ctx to be mode. SSL objects
3236           created from $ctx inherit the mode valid at the time
3237           "Net::SSLeay::new($ctx)" is called.
3238
3239            Net::SSLeay::CTX_set_quiet_shutdown($ctx, $mode);
3240            # $ctx - value corresponding to openssl's SSL_CTX structure
3241            # $mode - 0 or 1
3242            #
3243            # returns: no return value
3244
3245           Check openssl doc
3246           <http://www.openssl.org/docs/ssl/SSL_CTX_set_quiet_shutdown.html>
3247
3248       •   CTX_set_read_ahead
3249
3250            my $rv = Net::SSLeay::CTX_set_read_ahead($ctx, $val);
3251            # $ctx - value corresponding to openssl's SSL_CTX structure
3252            # $val - read_ahead value to be set
3253            #
3254            # returns: the original read_ahead value
3255
3256       •   CTX_set_session_id_context
3257
3258           Sets the context $sid_ctx of length $sid_ctx_len within which a
3259           session can be reused for the $ctx object.
3260
3261            my $rv = Net::SSLeay::CTX_set_session_id_context($ctx, $sid_ctx, $sid_ctx_len);
3262            # $ctx - value corresponding to openssl's SSL_CTX structure
3263            # $sid_ctx - data buffer
3264            # $sid_ctx_len - length of data in $sid_ctx
3265            #
3266            # returns: 1 on success, 0 on failure (the error is logged to the error stack)
3267
3268           Check openssl doc
3269           <http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>
3270
3271       •   CTX_set_ssl_version
3272
3273           Sets a new default TLS/SSL method for SSL objects newly created
3274           from this $ctx.  SSL objects already created with
3275           "Net::SSLeay::new($ctx)" are not affected, except when
3276           "Net::SSLeay:clear($ssl)" is being called.
3277
3278            my $rv = Net::SSLeay::CTX_set_ssl_version($ctx, $meth);
3279            # $ctx - value corresponding to openssl's SSL_CTX structure
3280            # $meth - value corresponding to openssl's SSL_METHOD structure
3281            #
3282            # returns: 1 on success, 0 on failure
3283
3284           Check openssl doc
3285           <http://www.openssl.org/docs/ssl/SSL_CTX_set_ssl_version.html>
3286
3287       •   CTX_set_timeout
3288
3289           Sets the timeout for newly created sessions for $ctx to $t. The
3290           timeout value $t must be given in seconds.
3291
3292            my $rv = Net::SSLeay::CTX_set_timeout($ctx, $t);
3293            # $ctx - value corresponding to openssl's SSL_CTX structure
3294            # $t - timeout in seconds
3295            #
3296            # returns: previously set timeout value
3297
3298           Check openssl doc
3299           <http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html>
3300
3301       •   CTX_set_tmp_dh
3302
3303           Sets DH parameters to be used to be $dh. The key is inherited by
3304           all ssl objects created from $ctx.
3305
3306            my $rv = Net::SSLeay::CTX_set_tmp_dh($ctx, $dh);
3307            # $ctx - value corresponding to openssl's SSL_CTX structure
3308            # $dh - value corresponding to openssl's DH structure
3309            #
3310            # returns: 1 on success, 0 on failure
3311
3312           Check openssl doc
3313           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html>
3314
3315       •   CTX_set_tmp_dh_callback
3316
3317           Sets the callback function for $ctx to be used when a DH parameters
3318           are required to $tmp_dh_callback.
3319
3320            Net::SSLeay::CTX_set_tmp_dh_callback($ctx, $tmp_dh_callback);
3321            # $ctx - value corresponding to openssl's SSL_CTX structure
3322            # tmp_dh_callback - (function pointer) ???
3323            #
3324            # returns: no return value
3325
3326           Check openssl doc
3327           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html>
3328
3329       •   CTX_set_tmp_rsa
3330
3331           Sets the temporary/ephemeral RSA key to be used to be $rsa.
3332
3333            my $rv = Net::SSLeay::CTX_set_tmp_rsa($ctx, $rsa);
3334            # $ctx - value corresponding to openssl's SSL_CTX structure
3335            # $rsa - value corresponding to openssl's RSA structure
3336            #
3337            # returns: 1 on success, 0 on failure
3338
3339           Check openssl doc
3340           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
3341
3342           Not available with OpenSSL 1.1 and later.
3343
3344       •   CTX_set_tmp_rsa_callback
3345
3346           Sets the callback function for ctx to be used when a
3347           temporary/ephemeral RSA key is required to $tmp_rsa_callback.
3348
3349           ??? (does this function really work?)
3350
3351            Net::SSLeay::CTX_set_tmp_rsa_callback($ctx, $tmp_rsa_callback);
3352            # $ctx - value corresponding to openssl's SSL_CTX structure
3353            # $tmp_rsa_callback - (function pointer) ???
3354            #
3355            # returns: no return value
3356
3357           Check openssl doc
3358           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
3359
3360           Not available with OpenSSL 1.1 and later.
3361
3362       •   CTX_set_trust
3363
3364            my $rv = Net::SSLeay::CTX_set_trust($s, $trust);
3365            # $s - value corresponding to openssl's SSL_CTX structure
3366            # $trust - (integer) trust identifier
3367            #
3368            # returns: the original value
3369
3370            #available trust identifiers
3371            1 - X509_TRUST_COMPAT
3372            2 - X509_TRUST_SSL_CLIENT
3373            3 - X509_TRUST_SSL_SERVER
3374            4 - X509_TRUST_EMAIL
3375            5 - X509_TRUST_OBJECT_SIGN
3376            6 - X509_TRUST_OCSP_SIGN
3377            7 - X509_TRUST_OCSP_REQUEST
3378            8 - X509_TRUST_TSA
3379
3380            #or use corresponding constants
3381            $trust = &Net::SSLeay::X509_TRUST_COMPAT;
3382            ...
3383            $trust = &Net::SSLeay::X509_TRUST_TSA;
3384
3385       •   CTX_set_verify_depth
3386
3387           Sets the maximum depth for the certificate chain verification that
3388           shall be allowed for ctx.
3389
3390            Net::SSLeay::CTX_set_verify_depth($ctx, $depth);
3391            # $ctx - value corresponding to openssl's SSL_CTX structure
3392            # $depth - max. depth
3393            #
3394            # returns: no return value
3395
3396           Check openssl doc
3397           <http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html>
3398
3399       •   CTX_use_PKCS12_file
3400
3401           Adds the certificate and private key from PKCS12 file $p12filename
3402           to $ctx.
3403
3404            my $rv = Net::SSLeay::CTX_use_PKCS12_file($ctx, $p12filename, $password);
3405            # $ctx - value corresponding to openssl's SSL_CTX structure
3406            # $p12filename - (string) filename
3407            # $password - (string) password to decrypt private key
3408            #
3409            # returns: 1 on success, 0 on failure
3410
3411       •   CTX_use_PrivateKey
3412
3413           Adds the private key $pkey to $ctx.
3414
3415            my $rv = Net::SSLeay::CTX_use_PrivateKey($ctx, $pkey);
3416            # $ctx - value corresponding to openssl's SSL_CTX structure
3417            # $pkey - value corresponding to openssl's EVP_PKEY structure
3418            #
3419            # returns: 1 on success, otherwise check out the error stack to find out the reason
3420
3421           Check openssl doc
3422           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3423
3424       •   CTX_use_PrivateKey_file
3425
3426           Adds the first private key found in $file to $ctx.
3427
3428            my $rv = Net::SSLeay::CTX_use_PrivateKey_file($ctx, $file, $type);
3429            # $ctx - value corresponding to openssl's SSL_CTX structure
3430            # $file - (string) file name
3431            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
3432            #
3433            # returns: 1 on success, otherwise check out the error stack to find out the reason
3434
3435           Check openssl doc
3436           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3437
3438       •   CTX_use_RSAPrivateKey
3439
3440           Adds the RSA private key $rsa to $ctx.
3441
3442            my $rv = Net::SSLeay::CTX_use_RSAPrivateKey($ctx, $rsa);
3443            # $ctx - value corresponding to openssl's SSL_CTX structure
3444            # $rsa - value corresponding to openssl's RSA structure
3445            #
3446            # returns: 1 on success, otherwise check out the error stack to find out the reason
3447
3448           Check openssl doc
3449           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3450
3451       •   CTX_use_RSAPrivateKey_file
3452
3453           Adds the first RSA private key found in $file to $ctx.
3454
3455            my $rv = Net::SSLeay::CTX_use_RSAPrivateKey_file($ctx, $file, $type);
3456            # $ctx - value corresponding to openssl's SSL_CTX structure
3457            # $file - (string) file name
3458            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
3459            #
3460            # returns: 1 on success, otherwise check out the error stack to find out the reason
3461
3462       •   CTX_use_certificate
3463
3464           Loads the certificate $x into $ctx
3465
3466            my $rv = Net::SSLeay::CTX_use_certificate($ctx, $x);
3467            # $ctx - value corresponding to openssl's SSL_CTX structure
3468            # $x - value corresponding to openssl's X509 structure
3469            #
3470            # returns: 1 on success, otherwise check out the error stack to find out the reason
3471
3472           Check openssl doc
3473           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3474
3475       •   CTX_use_certificate_chain_file
3476
3477           Loads a certificate chain from $file into $ctx. The certificates
3478           must be in PEM format and must be sorted starting with the
3479           subject's certificate (actual client or server certificate),
3480           followed by intermediate CA certificates if applicable, and ending
3481           at the highest level (root) CA.
3482
3483            my $rv = Net::SSLeay::CTX_use_certificate_chain_file($ctx, $file);
3484            # $ctx - value corresponding to openssl's SSL_CTX structure
3485            # $file - (string) file name
3486            #
3487            # returns: 1 on success, otherwise check out the error stack to find out the reason
3488
3489           Check openssl doc
3490           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3491
3492       •   CTX_use_certificate_file
3493
3494           Loads the first certificate stored in $file into $ctx.
3495
3496            my $rv = Net::SSLeay::CTX_use_certificate_file($ctx, $file, $type);
3497            # $ctx - value corresponding to openssl's SSL_CTX structure
3498            # $file - (string) file name
3499            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
3500            #
3501            # returns: 1 on success, otherwise check out the error stack to find out the reason
3502
3503           Check openssl doc
3504           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3505
3506       •   CTX_get_security_level
3507
3508           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
3509           requires at least OpenSSL 1.1.0, not in LibreSSL
3510
3511           Returns the security level associated with $ctx.
3512
3513            my $level = Net::SSLeay::CTX_get_security_level($ctx);
3514            # $ctx   - value corresponding to openssl's SSL_CTX structure
3515            #
3516            # returns: (integer) current security level
3517
3518           Check openssl doc
3519           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_security_level.html>
3520
3521       •   CTX_set_security_level
3522
3523           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
3524           requires at least OpenSSL 1.1.0, not in LibreSSL
3525
3526           Sets the security level associated with $ctx to $level.
3527
3528            Net::SSLeay::CTX_set_security_level($ctx, $level);
3529            # $ssl   - value corresponding to openssl's SSL_CTX structure
3530            # $level - new security level
3531            #
3532            # returns: no return value
3533
3534           Check openssl doc
3535           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level.html>
3536
3537       •   CTX_set_num_tickets
3538
3539           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
3540           requires at least OpenSSL 1.1.1, not in LibreSSL
3541
3542           Set number of TLSv1.3 session tickets that will be sent to a
3543           client.
3544
3545            my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets);
3546            # $ctx  - value corresponding to openssl's SSL_CTX structure
3547            # $number_of_tickets - number of tickets to send
3548            #
3549            # returns: 1 on success, 0 on failure
3550
3551           Set to zero if you do not no want to support a session resumption.
3552
3553           Check openssl doc
3554           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_num_tickets.html>
3555
3556       •   CTX_get_num_tickets
3557
3558           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
3559           requires at least OpenSSL 1.1.1, not in LibreSSL
3560
3561           Get number of TLSv1.3 session tickets that will be sent to a
3562           client.
3563
3564            my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx);
3565            # $ctx  - value corresponding to openssl's SSL_CTX structure
3566            #
3567            # returns: (integer) number of tickets to send
3568
3569           Check openssl doc
3570           <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_num_tickets.html>
3571
3572       Low level API: SSL_* related functions
3573
3574       NOTE: Please note that the function described in this chapter have
3575       "SSL_" part stripped from their original openssl names.
3576
3577       •   new
3578
3579           Creates a new SSL structure which is needed to hold the data for a
3580           TLS/SSL connection.  The new structure inherits the settings of the
3581           underlying context $ctx: connection method (SSLv2/v3/TLSv1),
3582           options, verification settings, timeout settings.
3583
3584            my $rv = Net::SSLeay::new($ctx);
3585            # $ctx - value corresponding to openssl's SSL_CTX structure
3586            #
3587            # returns: value corresponding to openssl's SSL structure (0 on failure)
3588
3589           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_new.html>
3590
3591       •   accept
3592
3593           Waits for a TLS/SSL client to initiate the TLS/SSL handshake. The
3594           communication channel must already have been set and assigned to
3595           the ssl by setting an underlying BIO.
3596
3597            my $rv = Net::SSLeay::accept($ssl);
3598            # $ssl - value corresponding to openssl's SSL structure
3599            #
3600            # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake
3601
3602           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_accept.html>
3603
3604       •   add_client_CA
3605
3606           Adds the CA name extracted from cacert to the list of CAs sent to
3607           the client when requesting a client certificate for the chosen ssl,
3608           overriding the setting valid for ssl's SSL_CTX object.
3609
3610            my $rv = Net::SSLeay::add_client_CA($ssl, $x);
3611            # $ssl - value corresponding to openssl's SSL structure
3612            # $x - value corresponding to openssl's X509 structure
3613            #
3614            # returns: 1 on success, 0 on failure
3615
3616           Check openssl doc
3617           <http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html>
3618
3619       •   callback_ctrl
3620
3621           ??? (more info needed)
3622
3623            my $rv = Net::SSLeay::callback_ctrl($ssl, $cmd, $fp);
3624            # $ssl - value corresponding to openssl's SSL structure
3625            # $cmd - (integer) command id
3626            # $fp - (function pointer) ???
3627            #
3628            # returns: ???
3629
3630           Check openssl doc
3631           <http://www.openssl.org/docs/ssl/SSL_CTX_ctrl.html>
3632
3633       •   check_private_key
3634
3635           Checks the consistency of a private key with the corresponding
3636           certificate loaded into $ssl
3637
3638            my $rv = Net::SSLeay::check_private_key($ssl);
3639            # $ssl - value corresponding to openssl's SSL structure
3640            #
3641            # returns: 1 on success, otherwise check out the error stack to find out the reason
3642
3643           Check openssl doc
3644           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
3645
3646       •   clear
3647
3648           Reset SSL object to allow another connection.
3649
3650            Net::SSLeay::clear($ssl);
3651            # $ssl - value corresponding to openssl's SSL structure
3652            #
3653            # returns: no return value
3654
3655           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_clear.html>
3656
3657       •   connect
3658
3659           Initiate the TLS/SSL handshake with an TLS/SSL server.
3660
3661            my $rv = Net::SSLeay::connect($ssl);
3662            # $ssl - value corresponding to openssl's SSL structure
3663            #
3664            # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake
3665
3666           Check openssl doc
3667           <http://www.openssl.org/docs/ssl/SSL_connect.html>
3668
3669       •   copy_session_id
3670
3671           Copies the session structure fro $from to $to (+ also the private
3672           key and certificate associated with $from).
3673
3674            Net::SSLeay::copy_session_id($to, $from);
3675            # $to - value corresponding to openssl's SSL structure
3676            # $from - value corresponding to openssl's SSL structure
3677            #
3678            # returns: no return value
3679
3680       •   ctrl
3681
3682           Internal handling function for SSL objects.
3683
3684           BEWARE: openssl doc says: This function should never be called
3685           directly!
3686
3687            my $rv = Net::SSLeay::ctrl($ssl, $cmd, $larg, $parg);
3688            # $ssl - value corresponding to openssl's SSL structure
3689            # $cmd - (integer) command id
3690            # $larg - (integer) long ???
3691            # $parg - (string/pointer) ???
3692            #
3693            # returns: (long) result of given command ???
3694
3695           For more details about valid $cmd values check "CTX_ctrl".
3696
3697           Check openssl doc
3698           <http://www.openssl.org/docs/ssl/SSL_CTX_ctrl.html>
3699
3700       •   do_handshake
3701
3702           Will wait for a SSL/TLS handshake to take place. If the connection
3703           is in client mode, the handshake will be started. The handshake
3704           routines may have to be explicitly set in advance using either
3705           SSL_set_connect_state or SSL_set_accept_state(3).
3706
3707            my $rv = Net::SSLeay::do_handshake($ssl);
3708            # $ssl - value corresponding to openssl's SSL structure
3709            #
3710            # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake
3711
3712           Check openssl doc
3713           <http://www.openssl.org/docs/ssl/SSL_do_handshake.html>
3714
3715       •   dup
3716
3717           Returns a duplicate of $ssl.
3718
3719            my $rv = Net::SSLeay::dup($ssl);
3720            # $ssl - value corresponding to openssl's SSL structure
3721            #
3722            # returns: value corresponding to openssl's SSL structure (0 on failure)
3723
3724       •   free
3725
3726           Free an allocated SSL structure.
3727
3728            Net::SSLeay::free($ssl);
3729            # $ssl - value corresponding to openssl's SSL structure
3730            #
3731            # returns: no return value
3732
3733           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_free.html>
3734
3735       •   get0_param
3736
3737           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
3738           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
3739
3740           Returns the current verification parameters.
3741
3742            my $vpm = Net::SSLeay::get0_param($ssl);
3743            # $ssl - value corresponding to openssl's SSL structure
3744            #
3745            # returns: value corresponding to openssl's X509_VERIFY_PARAM structure
3746
3747           Check openssl doc
3748           <https://www.openssl.org/docs/ssl/SSL_CTX_get0_param.html>
3749
3750       •   get_SSL_CTX
3751
3752           Returns a pointer to the SSL_CTX object, from which $ssl was
3753           created with Net::SSLeay::new.
3754
3755            my $rv = Net::SSLeay::get_SSL_CTX($ssl);
3756            # $ssl - value corresponding to openssl's SSL structure
3757            #
3758            # returns: value corresponding to openssl's SSL_CTX structure (0 on failure)
3759
3760           Check openssl doc
3761           <http://www.openssl.org/docs/ssl/SSL_get_SSL_CTX.html>
3762
3763       •   set_SSL_CTX
3764
3765           COMPATIBILITY: requires at least OpenSSL 0.9.8f
3766
3767           Sets the SSL_CTX the corresponds to an SSL session.
3768
3769            my $the_ssl_ctx = Net::SSLeay::set_SSL_CTX($ssl, $ssl_ctx);
3770            # $ssl - value corresponding to openssl's SSL structure
3771            # $ssl_ctx - Change the ssl object to the given ssl_ctx
3772            #
3773            # returns - the ssl_ctx
3774
3775       •   get_app_data
3776
3777           Can be used to get application defined value/data.
3778
3779            my $rv = Net::SSLeay::get_app_data($ssl);
3780            # $ssl - value corresponding to openssl's SSL structure
3781            #
3782            # returns: string/buffer/pointer ???
3783
3784       •   set_app_data
3785
3786           Can be used to set some application defined value/data.
3787
3788            my $rv = Net::SSLeay::set_app_data($ssl, $arg);
3789            # $ssl - value corresponding to openssl's SSL structure
3790            # $arg - (string/buffer/pointer ???) data
3791            #
3792            # returns: ???
3793
3794       •   get_certificate
3795
3796           Gets X509 certificate from an established SSL connection.
3797
3798            my $rv = Net::SSLeay::get_certificate($ssl);
3799            # $ssl - value corresponding to openssl's SSL structure
3800            #
3801            # returns: value corresponding to openssl's X509 structure (0 on failure)
3802
3803       •   get_cipher
3804
3805           Obtains the name of the currently used cipher.
3806
3807            my $rv = Net::SSLeay::get_cipher($ssl);
3808            # $ssl - value corresponding to openssl's SSL structure
3809            #
3810            # returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA' or '', when no session has been established.
3811
3812           Check openssl doc
3813           <http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html>
3814
3815       •   get_cipher_bits
3816
3817           Obtain the number of secret/algorithm bits used.
3818
3819            my $rv = Net::SSLeay::get_cipher_bits($ssl);
3820            # $ssl - value corresponding to openssl's SSL structure
3821            #
3822            # returns: number of secret bits used by current cipher
3823
3824           Check openssl doc
3825           <http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html> and
3826           <http://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html>
3827
3828       •   get_ciphers
3829
3830           COMPATIBILITY: not available in Net-SSLeay-1.88 and before
3831
3832           Returns a list of SSL_CIPHER structures available for $ssl sorted
3833           by preference
3834
3835            my @ciphers = Net::SSLeay::get_ciphers($ssl);
3836            # $ssl - value corresponding to openssl's SSL structure
3837            #
3838            # returns: (list) SSL_CIPHER structures or nothing when $ssl is undefined or no ciphers are available
3839
3840           Example:
3841
3842            my @ciphers = Net::SSLeay::get_ciphers($ssl);
3843            foreach my $c (@ciphers) {
3844              print Net::SSLeay::CIPHER_get_name($c) . "\n";
3845            }
3846
3847           Check openssl doc
3848           <https://www.openssl.org/docs/ssl/SSL_get_ciphers.html>
3849
3850       •   get_cipher_list
3851
3852           Returns the name (string) of the SSL_CIPHER listed for $ssl with
3853           priority $n.
3854
3855            my $rv = Net::SSLeay::get_cipher_list($ssl, $n);
3856            # $ssl - value corresponding to openssl's SSL structure
3857            # $n - (integer) priority
3858            #
3859            # returns: (string) cipher name e.g. 'EDH-DSS-DES-CBC3-SHA' or undef in case of error
3860
3861           Call Net::SSLeay::get_cipher_list with priority starting from 0 to
3862           obtain the sorted list of available ciphers, until undef is
3863           returned:
3864
3865            my $priority = 0;
3866            while (my $c = Net::SSLeay::get_cipher_list($ssl, $priority)) {
3867              print "cipher[$priority] = $c\n";
3868              $priority++;
3869            }
3870
3871           Check openssl doc
3872           <https://www.openssl.org/docs/ssl/SSL_get_cipher_list.html>
3873
3874       •   get_client_CA_list
3875
3876           Returns the list of client CAs explicitly set for $ssl using
3877           "Net::SSleay::set_client_CA_list" or $ssl's SSL_CTX object with
3878           "Net::SSLeay::CTX_set_client_CA_list", when in server mode.
3879
3880           In client mode, returns the list of client CAs sent from the
3881           server, if any.
3882
3883            my $rv = Net::SSLeay::get_client_CA_list($ssl);
3884            # $ssl - value corresponding to openssl's SSL structure
3885            #
3886            # returns: value corresponding to openssl's STACK_OF(X509_NAME) structure (0 on failure)
3887
3888           Check openssl doc
3889           <http://www.openssl.org/docs/ssl/SSL_get_client_CA_list.html>
3890
3891       •   get_current_cipher
3892
3893           Returns the cipher actually used.
3894
3895            my $rv = Net::SSLeay::get_current_cipher($ssl);
3896            # $ssl - value corresponding to openssl's SSL structure
3897            #
3898            # returns: value corresponding to openssl's SSL_CIPHER structure (0 on failure)
3899
3900           Check openssl doc
3901           <http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html>
3902
3903       •   get_default_timeout
3904
3905           Returns the default timeout value assigned to SSL_SESSION objects
3906           negotiated for the protocol valid for $ssl.
3907
3908            my $rv = Net::SSLeay::get_default_timeout($ssl);
3909            # $ssl - value corresponding to openssl's SSL structure
3910            #
3911            # returns: (long) timeout in seconds
3912
3913           Check openssl doc
3914           <http://www.openssl.org/docs/ssl/SSL_get_default_timeout.html>
3915
3916       •   get_error
3917
3918           Returns a result code for a preceding call to "connect", "accept",
3919           "do_handshake", "read", "peek" or "write" on $ssl.
3920
3921            my $rv = Net::SSLeay::get_error($ssl, $ret);
3922            # $ssl - value corresponding to openssl's SSL structure
3923            # $ret - return value of preceding TLS/SSL I/O operation
3924            #
3925            # returns: result code, which is one of the following values:
3926            #  0 - SSL_ERROR_NONE
3927            #  1 - SSL_ERROR_SSL
3928            #  2 - SSL_ERROR_WANT_READ
3929            #  3 - SSL_ERROR_WANT_WRITE
3930            #  4 - SSL_ERROR_WANT_X509_LOOKUP
3931            #  5 - SSL_ERROR_SYSCALL
3932            #  6 - SSL_ERROR_ZERO_RETURN
3933            #  7 - SSL_ERROR_WANT_CONNECT
3934            #  8 - SSL_ERROR_WANT_ACCEPT
3935
3936           Check openssl doc
3937           <http://www.openssl.org/docs/ssl/SSL_get_error.html>
3938
3939       •   get_ex_data
3940
3941           Is used to retrieve the information for $idx from $ssl.
3942
3943            my $rv = Net::SSLeay::get_ex_data($ssl, $idx);
3944            # $ssl - value corresponding to openssl's SSL structure
3945            # $idx - (integer) index for application specific data
3946            #
3947            # returns: pointer to ???
3948
3949           Check openssl doc
3950           <http://www.openssl.org/docs/ssl/SSL_get_ex_new_index.html>
3951
3952       •   set_ex_data
3953
3954           Is used to store application data at $data for $idx into the $ssl
3955           object.
3956
3957            my $rv = Net::SSLeay::set_ex_data($ssl, $idx, $data);
3958            # $ssl - value corresponding to openssl's SSL structure
3959            # $idx - (integer) ???
3960            # $data - (pointer) ???
3961            #
3962            # returns: 1 on success, 0 on failure
3963
3964           Check openssl doc
3965           <http://www.openssl.org/docs/ssl/SSL_get_ex_new_index.html>
3966
3967       •   get_ex_new_index
3968
3969           Is used to register a new index for application specific data.
3970
3971            my $rv = Net::SSLeay::get_ex_new_index($argl, $argp, $new_func, $dup_func, $free_func);
3972            # $argl - (long) ???
3973            # $argp - (pointer) ???
3974            # $new_func - function pointer ??? (CRYPTO_EX_new *)
3975            # $dup_func - function pointer ??? (CRYPTO_EX_dup *)
3976            # $free_func - function pointer ??? (CRYPTO_EX_free *)
3977            #
3978            # returns: (integer) ???
3979
3980           Check openssl doc
3981           <http://www.openssl.org/docs/ssl/SSL_get_ex_new_index.html>
3982
3983       •   get_fd
3984
3985           Returns the file descriptor which is linked to $ssl.
3986
3987            my $rv = Net::SSLeay::get_fd($ssl);
3988            # $ssl - value corresponding to openssl's SSL structure
3989            #
3990            # returns: file descriptor (>=0) or -1 on failure
3991
3992           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_get_fd.html>
3993
3994       •   get_finished
3995
3996           Obtains the latest 'Finished' message sent to the peer. Return
3997           value is zero if there's been no Finished message yet. Default
3998           count is 2*EVP_MAX_MD_SIZE that is long enough for all possible
3999           Finish messages. If you supply a non-default count, the resulting
4000           return value may be longer than returned buf's length.
4001
4002            my $rv = Net::SSLeay::get_finished($ssl, $buf, $count);
4003            # $ssl - value corresponding to openssl's SSL structure
4004            # $buf - buffer where the returned data will be stored
4005            # $count - [optional] max size of return data - default is 2*EVP_MAX_MD_SIZE
4006            #
4007            # returns: length of latest Finished message
4008
4009       •   get_peer_finished
4010
4011           Obtains the latest 'Finished' message expected from the peer.
4012           Parameters and return value are similar to get_finished().
4013
4014            my $rv = Net::SSLeay::get_peer_finished($ssl, $buf, $count);
4015            # $ssl - value corresponding to openssl's SSL structure
4016            # $buf - buffer where the returned data will be stored
4017            # $count - [optional] max size of return data - default is 2*EVP_MAX_MD_SIZE
4018            #
4019            # returns: length of latest Finished message
4020
4021       •   get_keyblock_size
4022
4023           Gets the length of the TLS keyblock.
4024
4025           NOTE: Does not exactly correspond to any low level API function.
4026
4027            my $rv = Net::SSLeay::get_keyblock_size($ssl);
4028            # $ssl - value corresponding to openssl's SSL structure
4029            #
4030            # returns: keyblock size, -1 on error
4031
4032       •   get_mode
4033
4034           Returns the mode (bitmask) set for $ssl.
4035
4036            my $rv = Net::SSLeay::get_mode($ssl);
4037            # $ssl - value corresponding to openssl's SSL structure
4038            #
4039            # returns: mode (bitmask)
4040
4041           To decode the return value (bitmask) see documentation for
4042           "CTX_get_mode".
4043
4044           Check openssl doc
4045           <http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html>
4046
4047       •   set_mode
4048
4049           Adds the mode set via bitmask in $mode to $ssl. Options already set
4050           before are not cleared.
4051
4052            my $rv = Net::SSLeay::set_mode($ssl, $mode);
4053            # $ssl - value corresponding to openssl's SSL structure
4054            # $mode - mode (bitmask)
4055            #
4056            # returns: the new mode bitmask after adding $mode
4057
4058           For $mode bitmask details see "CTX_get_mode".
4059
4060           Check openssl doc
4061           <http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html>
4062
4063       •   get_options
4064
4065           Returns the options (bitmask) set for $ssl.
4066
4067            my $rv = Net::SSLeay::get_options($ssl);
4068            # $ssl - value corresponding to openssl's SSL structure
4069            #
4070            # returns: options (bitmask)
4071
4072           To decode the return value (bitmask) see documentation for
4073           "CTX_get_options".
4074
4075           Check openssl doc
4076           <http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html>
4077
4078       •   set_options
4079
4080           Adds the options set via bitmask in $options to $ssl. Options
4081           already set before are not cleared!
4082
4083            Net::SSLeay::set_options($ssl, $options);
4084            # $ssl - value corresponding to openssl's SSL structure
4085            # $options - options (bitmask)
4086            #
4087            # returns: the new options bitmask after adding $options
4088
4089           For $options bitmask details see "CTX_get_options".
4090
4091           Check openssl doc
4092           <http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html>
4093
4094       •   get_peer_certificate
4095
4096           Get the X509 certificate of the peer.
4097
4098            my $rv = Net::SSLeay::get_peer_certificate($ssl);
4099            # $ssl - value corresponding to openssl's SSL structure
4100            #
4101            # returns: value corresponding to openssl's X509 structure (0 on failure)
4102
4103           Check openssl doc
4104           <http://www.openssl.org/docs/ssl/SSL_get_peer_certificate.html>
4105
4106       •   get_peer_cert_chain
4107
4108           Get the certificate chain of the peer as an array of X509
4109           structures.
4110
4111            my @rv = Net::SSLeay::get_peer_cert_chain($ssl);
4112            # $ssl - value corresponding to openssl's SSL structure
4113            #
4114            # returns: list of X509 structures
4115
4116           Check openssl doc
4117           <http://www.openssl.org/docs/ssl/SSL_get_peer_certificate.html>
4118
4119       •   get_quiet_shutdown
4120
4121           Returns the 'quiet shutdown' setting of ssl.
4122
4123            my $rv = Net::SSLeay::get_quiet_shutdown($ssl);
4124            # $ssl - value corresponding to openssl's SSL structure
4125            #
4126            # returns: (integer) current 'quiet shutdown' value
4127
4128           Check openssl doc
4129           <http://www.openssl.org/docs/ssl/SSL_CTX_set_quiet_shutdown.html>
4130
4131       •   get_rbio
4132
4133           Get 'read' BIO linked to an SSL object $ssl.
4134
4135            my $rv = Net::SSLeay::get_rbio($ssl);
4136            # $ssl - value corresponding to openssl's SSL structure
4137            #
4138            # returns: value corresponding to openssl's BIO structure (0 on failure)
4139
4140           Check openssl doc
4141           <http://www.openssl.org/docs/ssl/SSL_get_rbio.html>
4142
4143       •   get_read_ahead
4144
4145            my $rv = Net::SSLeay::get_read_ahead($ssl);
4146            # $ssl - value corresponding to openssl's SSL structure
4147            #
4148            # returns: (integer) read_ahead value
4149
4150       •   set_read_ahead
4151
4152            Net::SSLeay::set_read_ahead($ssl, $val);
4153            # $ssl - value corresponding to openssl's SSL structure
4154            # $val - read_ahead value to be set
4155            #
4156            # returns: the original read_ahead value
4157
4158       •   get_security_level
4159
4160           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4161           requires at least OpenSSL 1.1.0, not in LibreSSL
4162
4163           Returns the security level associated with $ssl.
4164
4165            my $level = Net::SSLeay::get_security_level($ssl);
4166            # $ssl   - value corresponding to openssl's SSL structure
4167            #
4168            # returns: (integer) current security level
4169
4170           Check openssl doc
4171           <https://www.openssl.org/docs/manmaster/man3/SSL_get_security_level.html>
4172
4173       •   set_security_level
4174
4175           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4176           requires at least OpenSSL 1.1.0, not in LibreSSL
4177
4178           Sets the security level associated with $ssl to $level.
4179
4180            Net::SSLeay::set_security_level($ssl, $level);
4181            # $ssl   - value corresponding to openssl's SSL structure
4182            # $level - new security level
4183            #
4184            # returns: no return value
4185
4186           Check openssl doc
4187           <https://www.openssl.org/docs/manmaster/man3/SSL_set_security_level.html>
4188
4189       •   set_num_tickets
4190
4191           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4192           requires at least OpenSSL 1.1.1, not in LibreSSL
4193
4194           Set number of TLSv1.3 session tickets that will be sent to a
4195           client.
4196
4197            my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets);
4198            # $ssl  - value corresponding to openssl's SSL structure
4199            # $number_of_tickets - number of tickets to send
4200            #
4201            # returns: 1 on success, 0 on failure
4202
4203           Set to zero if you do not no want to support a session resumption.
4204
4205           Check openssl doc
4206           <https://www.openssl.org/docs/manmaster/man3/SSL_set_num_tickets.html>
4207
4208       •   get_num_tickets
4209
4210           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4211           requires at least OpenSSL 1.1.1, not in LibreSSL
4212
4213           Get number of TLSv1.3 session tickets that will be sent to a
4214           client.
4215
4216            my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx);
4217            # $ctx  - value corresponding to openssl's SSL structure
4218            #
4219            # returns: number of tickets to send
4220
4221           Check openssl doc
4222           <https://www.openssl.org/docs/manmaster/man3/SSL_get_num_tickets.html>
4223
4224       •   get_server_random
4225
4226           Returns internal SSLv3 server_random value.
4227
4228            Net::SSLeay::get_server_random($ssl);
4229            # $ssl - value corresponding to openssl's SSL structure
4230            #
4231            # returns: server_random value (binary data)
4232
4233       •   get_client_random
4234
4235           NOTE: Does not exactly correspond to any low level API function
4236
4237           Returns internal SSLv3 client_random value.
4238
4239            Net::SSLeay::get_client_random($ssl);
4240            # $ssl - value corresponding to openssl's SSL structure
4241            #
4242            # returns: client_random value (binary data)
4243
4244       •   export_keying_material
4245
4246           Returns keying material based on the string $label and optional
4247           $context. Note that with TLSv1.2 and lower, empty context (empty
4248           string) and undefined context (no value or 'undef') will return
4249           different values.
4250
4251             my $out = Net::SSLeay::export_keying_material($ssl, $olen, $label, $context);
4252             # $ssl - value corresponding to openssl's SSL structure
4253             # $olen - number of bytes to return
4254             # $label - application specific label
4255             # $context - [optional] context - default is undef for no context
4256             #
4257             # returns: keying material (binary data) or undef on error
4258
4259           Check openssl doc
4260           <https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material.html>
4261
4262       •   get_session
4263
4264           Retrieve TLS/SSL session data used in $ssl. The reference count of
4265           the SSL_SESSION is NOT incremented.
4266
4267            my $rv = Net::SSLeay::get_session($ssl);
4268            # $ssl - value corresponding to openssl's SSL structure
4269            #
4270            # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure)
4271
4272           Check openssl doc
4273           <http://www.openssl.org/docs/ssl/SSL_get_session.html>
4274
4275       •   SSL_get0_session
4276
4277           The alias for "get_session" (note that the name is
4278           "SSL_get0_session" NOT "get0_session").
4279
4280            my $rv = Net::SSLeay::SSL_get0_session();
4281
4282       •   get1_session
4283
4284           Returns a pointer to the SSL_SESSION actually used in $ssl. The
4285           reference count of the SSL_SESSION is incremented by 1.
4286
4287            my $rv = Net::SSLeay::get1_session($ssl);
4288            # $ssl - value corresponding to openssl's SSL structure
4289            #
4290            # returns: value corresponding to openssl's SSL_SESSION structure (0 on failure)
4291
4292           Check openssl doc
4293           <http://www.openssl.org/docs/ssl/SSL_get_session.html>
4294
4295       •   get_shared_ciphers
4296
4297           Returns string with a list (colon ':' separated) of ciphers shared
4298           between client and server within SSL session $ssl.
4299
4300            my $rv = Net::SSLeay::get_shared_ciphers()
4301            #
4302            # returns: string like 'ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:...'
4303
4304       •   get_shutdown
4305
4306           Returns the shutdown mode of $ssl.
4307
4308            my $rv = Net::SSLeay::get_shutdown($ssl);
4309            # $ssl - value corresponding to openssl's SSL structure
4310            #
4311            # returns: shutdown mode (bitmask) of ssl
4312
4313            #to decode the return value (bitmask) use:
4314            0 - No shutdown setting, yet
4315            1 - SSL_SENT_SHUTDOWN
4316            2 - SSL_RECEIVED_SHUTDOWN
4317
4318           Check openssl doc
4319           <http://www.openssl.org/docs/ssl/SSL_set_shutdown.html>
4320
4321       •   get_ssl_method
4322
4323           Returns a function pointer to the TLS/SSL method set in $ssl.
4324
4325            my $rv = Net::SSLeay::get_ssl_method($ssl);
4326            # $ssl - value corresponding to openssl's SSL structure
4327            #
4328            # returns: value corresponding to openssl's SSL_METHOD structure (0 on failure)
4329
4330           Check openssl doc
4331           <http://www.openssl.org/docs/ssl/SSL_CTX_set_ssl_version.html>
4332
4333       •   in_init, in_before, is_init_finished, in_connect_init,
4334           in_accept_init
4335
4336           COMPATIBILITY: not available in Net-SSLeay-1.85 and before.
4337
4338           Retrieve information about the handshake state machine. All
4339           functions take $ssl as the only argument and return 0 or 1. These
4340           functions are recommended over get_state() and state().
4341
4342            my $rv = Net::SSLeay::is_init_finished($ssl);
4343            # $ssl - value corresponding to openssl's SSL structure
4344            #
4345            # returns: All functions return 1 or 0
4346
4347           Check openssl doc https://www.openssl.org/docs/ssl/SSL_in_init.html
4348           <http://www.openssl.org/docs/ssl/SSL_in_init.html>
4349
4350       •   get_state
4351
4352           COMPATIBILITY: OpenSSL 1.1.0 and later use different constants
4353           which are not made available. Use is_init_finished() and related
4354           functions instead.
4355
4356           Returns the SSL connection state.
4357
4358            my $rv = Net::SSLeay::get_state($ssl);
4359            # $ssl - value corresponding to openssl's SSL structure
4360            #
4361            # returns: (integer) state value
4362            #          to decode the returned state check:
4363            #          SSL_ST_* constants in openssl/ssl.h
4364            #          SSL2_ST_* constants in openssl/ssl2.h
4365            #          SSL23_ST_* constants in openssl/ssl23.h
4366            #          SSL3_ST_* + DTLS1_ST_* constants in openssl/ssl3.h
4367
4368       •   state
4369
4370           Exactly the same as "get_state".
4371
4372            my $rv = Net::SSLeay::state($ssl);
4373
4374       •   set_state
4375
4376           Sets the SSL connection state.
4377
4378            Net::SSLeay::set_state($ssl,Net::SSLeay::SSL_ST_ACCEPT());
4379
4380           Not available with OpenSSL 1.1 and later.
4381
4382       •   get_verify_depth
4383
4384           Returns the verification depth limit currently set in $ssl.
4385
4386            my $rv = Net::SSLeay::get_verify_depth($ssl);
4387            # $ssl - value corresponding to openssl's SSL structure
4388            #
4389            # returns: current depth or -1 if no limit has been explicitly set
4390
4391           Check openssl doc
4392           <http://www.openssl.org/docs/ssl/SSL_CTX_get_verify_mode.html>
4393
4394       •   set_verify_depth
4395
4396           Sets the maximum depth for the certificate chain verification that
4397           shall be allowed for $ssl.
4398
4399            Net::SSLeay::set_verify_depth($ssl, $depth);
4400            # $ssl - value corresponding to openssl's SSL structure
4401            # $depth - (integer) depth
4402            #
4403            # returns: no return value
4404
4405           Check openssl doc
4406           <http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html>
4407
4408       •   get_verify_mode
4409
4410           Returns the verification mode (bitmask) currently set in $ssl.
4411
4412            my $rv = Net::SSLeay::get_verify_mode($ssl);
4413            # $ssl - value corresponding to openssl's SSL structure
4414            #
4415            # returns: mode (bitmask)
4416
4417           To decode the return value (bitmask) see documentation for
4418           "CTX_get_verify_mode".
4419
4420           Check openssl doc
4421           <http://www.openssl.org/docs/ssl/SSL_CTX_get_verify_mode.html>
4422
4423       •   set_verify
4424
4425           Sets the verification flags for $ssl to be $mode and specifies the
4426           $verify_callback function to be used.
4427
4428            Net::SSLeay::set_verify($ssl, $mode, $callback);
4429            # $ssl - value corresponding to openssl's SSL structure
4430            # $mode - mode (bitmask)
4431            # $callback - [optional] reference to perl callback function
4432            #
4433            # returns: no return value
4434
4435           For $mode bitmask details see "CTX_get_verify_mode".
4436
4437           Check openssl doc
4438           <http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html>
4439
4440       •   set_post_handshake_auth
4441
4442           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4443           requires at least OpenSSL 1.1.1, not in LibreSSL
4444
4445           Enable the Post-Handshake Authentication extension to be added to
4446           the ClientHello such that post-handshake authentication can be
4447           requested by the server.
4448
4449            Net::SSLeay::set_posthandshake_auth($ssl, $val);
4450            # $ssl - value corresponding to openssl's SSL structure
4451            # $val - 0 then the extension is not sent, otherwise it is
4452            #
4453            # returns: no return value
4454
4455           Check openssl doc
4456           https://www.openssl.org/docs/manmaster/man3/SSL_set_post_handshake_auth
4457           <https://www.openssl.org/docs/manmaster/man3/SSL_set_post_handshake_auth.html>
4458
4459       •   verify_client_post_handshake
4460
4461           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4462           requires at least OpenSSL 1.1.1, not in LibreSSL
4463
4464           verify_client_post_handshake causes a CertificateRequest message to
4465           be sent by a server on the given ssl connection.
4466
4467            my $rv = Net::SSLeay::verify_client_post_handshake($ssl);
4468            # $ssl - value corresponding to openssl's SSL structure
4469            #
4470            # returns: 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason.
4471
4472           Check openssl doc
4473           <https://www.openssl.org/docs/manmaster/man3/SSL_verify_client_post_handshake.html>
4474
4475       •   get_verify_result
4476
4477           Returns the result of the verification of the X509 certificate
4478           presented by the peer, if any.
4479
4480            my $rv = Net::SSLeay::get_verify_result($ssl);
4481            # $ssl - value corresponding to openssl's SSL structure
4482            #
4483            # returns: (integer)
4484            #      0 - X509_V_OK: ok
4485            #      2 - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
4486            #      3 - X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
4487            #      4 - X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
4488            #      5 - X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
4489            #      6 - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
4490            #      7 - X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
4491            #      8 - X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
4492            #      9 - X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
4493            #     10 - X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
4494            #     11 - X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
4495            #     12 - X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
4496            #     13 - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
4497            #     14 - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
4498            #     15 - X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
4499            #     16 - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
4500            #     17 - X509_V_ERR_OUT_OF_MEM: out of memory
4501            #     18 - X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
4502            #     19 - X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
4503            #     20 - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
4504            #     21 - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
4505            #     22 - X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
4506            #     23 - X509_V_ERR_CERT_REVOKED: certificate revoked
4507            #     24 - X509_V_ERR_INVALID_CA: invalid CA certificate
4508            #     25 - X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
4509            #     26 - X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
4510            #     27 - X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
4511            #     28 - X509_V_ERR_CERT_REJECTED: certificate rejected
4512            #     29 - X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
4513            #     30 - X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
4514            #     31 - X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
4515            #     32 - X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
4516            #     50 - X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
4517
4518           Check openssl doc
4519           <http://www.openssl.org/docs/ssl/SSL_get_verify_result.html>
4520
4521       •   set_verify_result
4522
4523           Override result of peer certificate verification.
4524
4525            Net::SSLeay::set_verify_result($ssl, $v);
4526            # $ssl - value corresponding to openssl's SSL structure
4527            # $v - (integer) result value
4528            #
4529            # returns: no return value
4530
4531           For more info about valid return values see "get_verify_result"
4532
4533           Check openssl doc
4534           <http://www.openssl.org/docs/ssl/SSL_set_verify_result.html>
4535
4536       •   get_wbio
4537
4538           Get 'write' BIO linked to an SSL object $ssl.
4539
4540            my $rv = Net::SSLeay::get_wbio($ssl);
4541            # $ssl - value corresponding to openssl's SSL structure
4542            #
4543            # returns: value corresponding to openssl's BIO structure (0 on failure)
4544
4545           Check openssl doc
4546           <http://www.openssl.org/docs/ssl/SSL_get_rbio.html>
4547
4548       •   load_client_CA_file
4549
4550           Load X509 certificates from file (PEM formatted).
4551
4552            my $rv = Net::SSLeay::load_client_CA_file($file);
4553            # $file - (string) file name
4554            #
4555            # returns: value corresponding to openssl's STACK_OF(X509_NAME) structure (0 on failure)
4556
4557           Check openssl doc
4558           <http://www.openssl.org/docs/ssl/SSL_load_client_CA_file.html>
4559
4560       •   clear_num_renegotiations
4561
4562           Executes SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS command on $ssl.
4563
4564            my $rv = Net::SSLeay::clear_num_renegotiations($ssl);
4565            # $ssl - value corresponding to openssl's SSL structure
4566            #
4567            # returns: command result
4568
4569       •   need_tmp_RSA
4570
4571           Executes SSL_CTRL_NEED_TMP_RSA command on $ssl.
4572
4573            my $rv = Net::SSLeay::need_tmp_RSA($ssl);
4574            # $ssl - value corresponding to openssl's SSL structure
4575            #
4576            # returns: command result
4577
4578           Not available with OpenSSL 1.1 and later.
4579
4580       •   num_renegotiations
4581
4582           Executes SSL_CTRL_GET_NUM_RENEGOTIATIONS command on $ssl.
4583
4584            my $rv = Net::SSLeay::num_renegotiations($ssl);
4585            # $ssl - value corresponding to openssl's SSL structure
4586            #
4587            # returns: command result
4588
4589       •   total_renegotiations
4590
4591           Executes SSL_CTRL_GET_TOTAL_RENEGOTIATIONS command on $ssl.
4592
4593            my $rv = Net::SSLeay::total_renegotiations($ssl);
4594            # $ssl - value corresponding to openssl's SSL structure
4595            #
4596            # returns: command result
4597
4598       •   peek
4599
4600           Copies $max bytes from the specified $ssl into the returned value.
4601           In contrast to the "Net::SSLeay::read()" function, the data in the
4602           SSL buffer is unmodified after the SSL_peek() operation.
4603
4604            Net::SSLeay::peek($ssl, $max);
4605            # $ssl - value corresponding to openssl's SSL structure
4606            # $max - [optional] max bytes to peek (integer) - default is 32768
4607            #
4608            # in scalar context: data read from the TLS/SSL connection, undef on error
4609            # in list context:   two-item array consisting of data read (undef on error),
4610            #                      and return code from SSL_peek().
4611
4612       •   peek_ex
4613
4614           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4615           requires at least OpenSSL 1.1.1, not in LibreSSL
4616
4617           Copies $max bytes from the specified $ssl into the returned value.
4618           In contrast to the "Net::SSLeay::read_ex()" function, the data in
4619           the SSL buffer is unmodified after the SSL_peek_ex() operation.
4620
4621            my($got, $rv) = Net::SSLeay::peek_ex($ssl, $max);
4622            # $ssl - value corresponding to openssl's SSL structure
4623            # $max - [optional] max bytes to peek (integer) - default is 32768
4624            #
4625            # returns a list: two-item list consisting of data read (undef on error),
4626            #                 and return code from SSL_peek_ex().
4627
4628           Check openssl doc
4629           <https://www.openssl.org/docs/manmaster/man3/SSL_peek_ex.html>
4630
4631       •   pending
4632
4633           Obtain number of readable bytes buffered in $ssl object.
4634
4635            my $rv = Net::SSLeay::pending($ssl);
4636            # $ssl - value corresponding to openssl's SSL structure
4637            #
4638            # returns: the number of bytes pending
4639
4640           Check openssl doc
4641           <http://www.openssl.org/docs/ssl/SSL_pending.html>
4642
4643       •   has_pending
4644
4645           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4646           requires at least OpenSSL 1.1.0, not in LibreSSL
4647
4648           Returns 1 if $ssl has buffered data (whether processed or
4649           unprocessed) and 0 otherwise.
4650
4651            my $rv = Net::SSLeay::has_pending($ssl);
4652            # $ssl - value corresponding to openssl's SSL structure
4653            #
4654            # returns: (integer) 1 or 0
4655
4656           Check openssl doc
4657           <https://www.openssl.org/docs/manmaster/man3/SSL_has_pending.html>
4658
4659       •   read
4660
4661           Tries to read $max bytes from the specified $ssl.
4662
4663            my $got = Net::SSLeay::read($ssl, $max);
4664            my($got, $rv) = Net::SSLeay::read($ssl, $max);
4665            # $ssl - value corresponding to openssl's SSL structure
4666            # $max - [optional] max bytes to read (integer) - default is 32768
4667            #
4668            # returns:
4669            # in scalar context: data read from the TLS/SSL connection, undef on error
4670            # in list context:   two-item array consisting of data read (undef on error),
4671            #                      and return code from SSL_read().
4672
4673           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_read.html>
4674
4675       •   read_ex
4676
4677           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4678           requires at least OpenSSL 1.1.1, not in LibreSSL
4679
4680           Tries to read $max bytes from the specified $ssl.
4681
4682            my($got, $rv) = Net::SSLeay::read_ex($ssl, $max);
4683            # $ssl - value corresponding to openssl's SSL structure
4684            # $max - [optional] max bytes to read (integer) - default is 32768
4685            #
4686            # returns a list: two-item list consisting of data read (undef on error),
4687            #                 and return code from SSL_read_ex().
4688
4689           Check openssl doc
4690           <https://www.openssl.org/docs/manmaster/man3/SSL_read_ex.html>
4691
4692       •   renegotiate
4693
4694           Turn on flags for renegotiation so that renegotiation will happen
4695
4696            my $rv = Net::SSLeay::renegotiate($ssl);
4697            # $ssl - value corresponding to openssl's SSL structure
4698            #
4699            # returns: 1 on success, 0 on failure
4700
4701       •   rstate_string
4702
4703           Returns a 2 letter string indicating the current read state of the
4704           SSL object $ssl.
4705
4706            my $rv = Net::SSLeay::rstate_string($ssl);
4707            # $ssl - value corresponding to openssl's SSL structure
4708            #
4709            # returns: 2-letter string
4710
4711           Check openssl doc
4712           <http://www.openssl.org/docs/ssl/SSL_rstate_string.html>
4713
4714       •   rstate_string_long
4715
4716           Returns a string indicating the current read state of the SSL
4717           object ssl.
4718
4719            my $rv = Net::SSLeay::rstate_string_long($ssl);
4720            # $ssl - value corresponding to openssl's SSL structure
4721            #
4722            # returns: string with current state
4723
4724           Check openssl doc
4725           <http://www.openssl.org/docs/ssl/SSL_rstate_string.html>
4726
4727       •   session_reused
4728
4729           Query whether a reused session was negotiated during handshake.
4730
4731            my $rv = Net::SSLeay::session_reused($ssl);
4732            # $ssl - value corresponding to openssl's SSL structure
4733            #
4734            # returns: 0 - new session was negotiated; 1 - session was reused.
4735
4736           Check openssl doc
4737           <http://www.openssl.org/docs/ssl/SSL_session_reused.html>
4738
4739       •   set1_param
4740
4741           COMPATIBILITY: requires at least OpenSSL 1.0.0-beta3
4742
4743           Applies X509 verification parameters $vpm on $ssl
4744
4745            my $rv = Net::SSLeay::set1_param($ssl, $vpm);
4746            # $ssl - value corresponding to openssl's SSL structure
4747            # $vpm - value corresponding to openssl's X509_VERIFY_PARAM structure
4748            #
4749            # returns: 1 on success, 0 on failure
4750
4751       •   set_accept_state
4752
4753           Sets $ssl to work in server mode.
4754
4755            Net::SSLeay::set_accept_state($ssl);
4756            # $ssl - value corresponding to openssl's SSL structure
4757            #
4758            # returns: no return value
4759
4760           Check openssl doc
4761           <http://www.openssl.org/docs/ssl/SSL_set_connect_state.html>
4762
4763       •   set_bio
4764
4765           Connects the BIOs $rbio and $wbio for the read and write operations
4766           of the TLS/SSL (encrypted) side of $ssl.
4767
4768            Net::SSLeay::set_bio($ssl, $rbio, $wbio);
4769            # $ssl - value corresponding to openssl's SSL structure
4770            # $rbio - value corresponding to openssl's BIO structure
4771            # $wbio - value corresponding to openssl's BIO structure
4772            #
4773            # returns: no return value
4774
4775           Check openssl doc
4776           <http://www.openssl.org/docs/ssl/SSL_set_bio.html>
4777
4778       •   set_cipher_list
4779
4780           Sets the list of ciphers only for ssl.
4781
4782            my $rv = Net::SSLeay::set_cipher_list($ssl, $str);
4783            # $ssl - value corresponding to openssl's SSL structure
4784            # $str - (string) cipher list e.g. '3DES:+RSA'
4785            #
4786            # returns: 1 if any cipher could be selected and 0 on complete failure
4787
4788           Check openssl doc
4789           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html>
4790
4791       •   set_ciphersuites
4792
4793           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
4794           requires at least OpenSSL 1.1.1, not in LibreSSL
4795
4796           Configure the available TLSv1.3 ciphersuites.
4797
4798            my $rv = Net::SSLeay::set_ciphersuites($ssl, $str);
4799            # $ssl  - value corresponding to openssl's SSL structure
4800            # $str  - colon (":") separated list of TLSv1.3 ciphersuite names in order of preference
4801            #
4802            # returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise
4803
4804           Check openssl doc
4805           <https://www.openssl.org/docs/manmaster/man3/SSL_set_ciphersuites.html>
4806
4807       •   set_client_CA_list
4808
4809           Sets the list of CAs sent to the client when requesting a client
4810           certificate for the chosen $ssl, overriding the setting valid for
4811           $ssl's SSL_CTX object.
4812
4813            my $rv = Net::SSLeay::set_client_CA_list($ssl, $list);
4814            # $ssl - value corresponding to openssl's SSL structure
4815            # $list - value corresponding to openssl's STACK_OF(X509_NAME) structure
4816            #
4817            # returns: no return value
4818
4819           Check openssl doc
4820           <http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html>
4821
4822       •   set_connect_state
4823
4824           Sets $ssl to work in client mode.
4825
4826            Net::SSLeay::set_connect_state($ssl);
4827            # $ssl - value corresponding to openssl's SSL structure
4828            #
4829            # returns: no return value
4830
4831           Check openssl doc
4832           <http://www.openssl.org/docs/ssl/SSL_set_connect_state.html>
4833
4834       •   set_fd
4835
4836           Sets the file descriptor $fd as the input/output facility for the
4837           TLS/SSL (encrypted) side of $ssl, $fd will typically be the socket
4838           file descriptor of a network connection.
4839
4840            my $rv = Net::SSLeay::set_fd($ssl, $fd);
4841            # $ssl - value corresponding to openssl's SSL structure
4842            # $fd - (integer) file handle (got via perl's fileno)
4843            #
4844            # returns: 1 on success, 0 on failure
4845
4846           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_set_fd.html>
4847
4848       •   set_psk_client_callback
4849
4850           Sets the psk client callback.
4851
4852            Net::SSLeay::set_psk_client_callback($ssl, sub { my $hint = shift; return ($identity, $key) } );
4853            # $ssl - value corresponding to openssl's SSL structure
4854            # $hint - PSK identity hint send by the server
4855            # $identity - PSK identity
4856            # $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'
4857            #
4858            # returns: no return value
4859
4860           Check openssl doc
4861           <http://www.openssl.org/docs/ssl/SSL_set_psk_client_callback.html>
4862
4863       •   set_rfd
4864
4865           Sets the file descriptor $fd as the input (read) facility for the
4866           TLS/SSL (encrypted) side of $ssl.
4867
4868            my $rv = Net::SSLeay::set_rfd($ssl, $fd);
4869            # $ssl - value corresponding to openssl's SSL structure
4870            # $fd - (integer) file handle (got via perl's fileno)
4871            #
4872            # returns: 1 on success, 0 on failure
4873
4874           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_set_fd.html>
4875
4876       •   set_wfd
4877
4878            my $rv = Net::SSLeay::set_wfd($ssl, $fd);
4879            # $ssl - value corresponding to openssl's SSL structure
4880            # $fd - (integer) file handle (got via perl's fileno)
4881            #
4882            # returns: 1 on success, 0 on failure
4883
4884           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_set_fd.html>
4885
4886       •   set_info_callback
4887
4888           Sets the callback function, that can be used to obtain state
4889           information for $ssl during connection setup and use.  When
4890           callback is undef, the callback setting currently valid for ctx is
4891           used.
4892
4893            Net::SSLeay::set_info_callback($ssl, $cb, [$data]);
4894            # $ssl - value corresponding to openssl's SSL structure
4895            # $cb - sub { my ($ssl,$where,$ret,$data) = @_; ... }
4896            #
4897            # returns: no return value
4898
4899           Check openssl doc
4900           <http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html>
4901
4902       •   CTX_set_info_callback
4903
4904           Sets the callback function on ctx, that can be used to obtain state
4905           information during ssl connection setup and use.  When callback is
4906           undef, an existing callback will be disabled.
4907
4908            Net::SSLeay::CTX_set_info_callback($ssl, $cb, [$data]);
4909            # $ssl - value corresponding to openssl's SSL structure
4910            # $cb - sub { my ($ssl,$where,$ret,$data) = @_; ... }
4911            #
4912            # returns: no return value
4913
4914           Check openssl doc
4915           <http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html>
4916
4917       •   set_pref_cipher
4918
4919           Sets the list of available ciphers for $ssl using the control
4920           string $str.
4921
4922            my $rv = Net::SSLeay::set_pref_cipher($ssl, $str);
4923            # $ssl - value corresponding to openssl's SSL structure
4924            # $str - (string) cipher list e.g. '3DES:+RSA'
4925            #
4926            # returns: 1 if any cipher could be selected and 0 on complete failure
4927
4928           Check openssl doc
4929           <http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html>
4930
4931       •   CTX_set_psk_client_callback
4932
4933           Sets the psk client callback.
4934
4935            Net::SSLeay::CTX_set_psk_client_callback($ssl, sub { my $hint = shift; return ($identity, $key) } );
4936            # $ssl - value corresponding to openssl's SSL structure
4937            # $hint - PSK identity hint send by the server
4938            # $identity - PSK identity
4939            # $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'
4940            #
4941            # returns: no return value
4942
4943           Check openssl doc
4944           <http://www.openssl.org/docs/ssl/SSL_CTX_set_psk_client_callback.html>
4945
4946       •   set_purpose
4947
4948            my $rv = Net::SSLeay::set_purpose($ssl, $purpose);
4949            # $ssl - value corresponding to openssl's SSL structure
4950            # $purpose - (integer) purpose identifier
4951            #
4952            # returns: 1 on success, 0 on failure
4953
4954           For more info about available $purpose identifiers see
4955           "CTX_set_purpose".
4956
4957       •   set_quiet_shutdown
4958
4959           Sets the 'quiet shutdown' flag for $ssl to be $mode.
4960
4961            Net::SSLeay::set_quiet_shutdown($ssl, $mode);
4962            # $ssl - value corresponding to openssl's SSL structure
4963            # $mode - 0 or 1
4964            #
4965            # returns: no return value
4966
4967           Check openssl doc
4968           <http://www.openssl.org/docs/ssl/SSL_CTX_set_quiet_shutdown.html>
4969
4970       •   set_session
4971
4972           Set a TLS/SSL session to be used during TLS/SSL connect.
4973
4974            my $rv = Net::SSLeay::set_session($to, $ses);
4975            # $to - value corresponding to openssl's SSL structure
4976            # $ses - value corresponding to openssl's SSL_SESSION structure
4977            #
4978            # returns: 1 on success, 0 on failure
4979
4980           Check openssl doc
4981           <http://www.openssl.org/docs/ssl/SSL_set_session.html>
4982
4983       •   set_session_id_context
4984
4985           Sets the context $sid_ctx of length $sid_ctx_len within which a
4986           session can be reused for the $ssl object.
4987
4988            my $rv = Net::SSLeay::set_session_id_context($ssl, $sid_ctx, $sid_ctx_len);
4989            # $ssl - value corresponding to openssl's SSL structure
4990            # $sid_ctx - data buffer
4991            # $sid_ctx_len - length of data in $sid_ctx
4992            #
4993            # returns: 1 on success, 0 on failure
4994
4995           Check openssl doc
4996           <http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>
4997
4998       •   set_session_secret_cb
4999
5000           Setup pre-shared secret session resumption function.
5001
5002            Net::SSLeay::set_session_secret_cb($ssl, $func, $data);
5003            # $ssl - value corresponding to openssl's SSL structure
5004            # $func - perl reference to callback function
5005            # $data - [optional] data that will be passed to callback function when invoked
5006            #
5007            # returns: no return value
5008
5009           The callback function will be called like:
5010           callback_function($secret, $ciphers, $pref_cipher, $data);
5011
5012           # $secret is the current master session key, usually all 0s at the
5013           beginning of a session # $ciphers is ref to an array of peer cipher
5014           names # $pref_cipher is a ref to an index into the list of cipher
5015           names of #  the preferred cipher. Set it if you want to specify a
5016           preferred cipher # $data is the data passed to
5017           set_session_secret_cb
5018
5019           The callback function should return 1 if it likes the suggested
5020           cipher (or has selected an alternative by setting pref_cipher),
5021           else it should return 0 (in which case OpenSSL will select its own
5022           preferred cipher).
5023
5024           With OpenSSL 1.1 and later, callback_function can change the master
5025           key for the session by altering $secret and returning 1.
5026
5027       •   CTX_set_tlsext_ticket_getkey_cb
5028
5029           Setup encryption for TLS session tickets (stateless session reuse).
5030
5031            Net::SSLeay::CTX_set_tlsext_ticket_getkey_cb($ctx, $func, $data);
5032            # $ctx  - value corresponding to openssl's SSL_CTX structure
5033            # $func - perl reference to callback function
5034            # $data - [optional] data that will be passed to callback function when invoked
5035            #
5036            # returns: no return value
5037
5038           The callback function will be called like:
5039           getkey($data,[$key_name]) -> ($key,$current_key_name)
5040
5041           # $data is the data passed to set_session_secret_cb # $key_name is
5042           the name of the key OpenSSL has extracted from the session ticket #
5043           $key is the requested key for ticket encryption + HMAC #
5044           $current_key_name is the name for the currently valid key
5045
5046           OpenSSL will call the function without a key name if it generates a
5047           new ticket.  It then needs the callback to return the
5048           encryption+HMAC key and an identifier (key name) for this key.
5049
5050           When OpenSSL gets a session ticket from the client it extracts the
5051           key name and calls the callback with this name as argument. It then
5052           expects the callback to return the encryption+HMAC key matching the
5053           requested key name and and also the key name which should be used
5054           at the moment. If the requested key name and the returned key name
5055           differ it means that this session ticket was created with an
5056           expired key and need to be renewed. In this case OpenSSL will call
5057           the callback again with no key name to create a new session ticket
5058           based on the old one.
5059
5060           The key must be at least 32 byte of random data which can be
5061           created with RAND_bytes. Internally the first 16 byte are used as
5062           key in AES-128 encryption while the next 16 byte are used for the
5063           SHA-256 HMAC.  The key name are binary data and must be exactly 16
5064           byte long.
5065
5066           Example:
5067
5068               Net::SSLeay::RAND_bytes(my $oldkey,32);
5069               Net::SSLeay::RAND_bytes(my $newkey,32);
5070               my $oldkey_name = pack("a16",'oldsecret');
5071               my $newkey_name = pack("a16",'newsecret');
5072
5073               my @keys = (
5074                   [ $newkey_name, $newkey ], # current active key
5075                   [ $oldkey_name, $oldkey ], # already expired
5076               );
5077
5078               Net::SSLeay::CTX_set_tlsext_ticket_getkey_cb($server2->_ctx, sub {
5079                   my ($mykeys,$name) = @_;
5080
5081                   # return (current_key, current_key_name) if no name given
5082                   return ($mykeys->[0][1],$mykeys->[0][0]) if ! $name;
5083
5084                   # return (matching_key, current_key_name) if we find a key matching
5085                   # the given name
5086                   for(my $i = 0; $i<@$mykeys; $i++) {
5087                       next if $name ne $mykeys->[$i][0];
5088                       return ($mykeys->[$i][1],$mykeys->[0][0]);
5089                   }
5090
5091                   # no matching key found
5092                   return;
5093               },\@keys);
5094
5095           This function is based on the OpenSSL function
5096           SSL_CTX_set_tlsext_ticket_key_cb but provides a simpler to use
5097           interface. For more information see
5098           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html>
5099
5100       •   set_session_ticket_ext_cb
5101
5102           Setup callback for TLS session tickets (stateless session reuse).
5103
5104            Net::SSLeay::set_session_ticket_ext_cb($ssl, $func, $data);
5105            # $ssl  - value corresponding to openssl's SSL structure
5106            # $func - perl reference to callback function
5107            # $data - [optional] data that will be passed to callback function when invoked
5108            #
5109            # returns: no return value
5110
5111           The callback function will be called like:
5112           getticket($ssl,$ticket,$data) -> $return_value
5113
5114           # $ssl is a value corresponding to openssl's SSL structure #
5115           $ticket is a value of received TLS session ticket (can also be
5116           empty) # $data is the data passed to set_session_ticket_ext_cb #
5117           $return_value is either 0 (failure) or 1 (success)
5118
5119           This function is based on the OpenSSL function
5120           SSL_set_session_ticket_ext_cb.
5121
5122       •   set_session_ticket_ext
5123
5124           Set TLS session ticket (stateless session reuse).
5125
5126            Net::SSLeay::set_session_ticket_ext($ssl, $ticket);
5127            # $ssl    - value corresponding to openssl's SSL structure
5128            # $ticket - is a value of TLS session ticket which client will send (can also be empty string)
5129            #
5130            # returns: no return value
5131
5132           The callback function will be called like:
5133           getticket($ssl,$ticket,$data) -> $return_value
5134
5135           # $ssl is a value corresponding to openssl's SSL structure #
5136           $ticket is a value of received TLS session ticket (can also be
5137           empty) # $data is the data passed to set_session_ticket_ext_cb #
5138           $return_value is either 0 (failure) or 1 (success)
5139
5140           This function is based on the OpenSSL function
5141           SSL_set_session_ticket_ext_cb.
5142
5143       •   set_shutdown
5144
5145           Sets the shutdown state of $ssl to $mode.
5146
5147            Net::SSLeay::set_shutdown($ssl, $mode);
5148            # $ssl - value corresponding to openssl's SSL structure
5149            # $mode - (integer) shutdown mode:
5150            #         0 - No shutdown
5151            #         1 - SSL_SENT_SHUTDOWN
5152            #         2 - SSL_RECEIVED_SHUTDOWN
5153            #         3 - SSL_RECEIVED_SHUTDOWN+SSL_SENT_SHUTDOWN
5154            #
5155            # returns: no return value
5156
5157           Check openssl doc
5158           <http://www.openssl.org/docs/ssl/SSL_set_shutdown.html>
5159
5160       •   set_ssl_method
5161
5162           Sets a new TLS/SSL method for a particular $ssl object.
5163
5164            my $rv = Net::SSLeay::set_ssl_method($ssl, $method);
5165            # $ssl - value corresponding to openssl's SSL structure
5166            # $method - value corresponding to openssl's SSL_METHOD structure
5167            #
5168            # returns: 1 on success, 0 on failure
5169
5170           Check openssl doc
5171           <http://www.openssl.org/docs/ssl/SSL_CTX_set_ssl_version.html>
5172
5173       •   set_tmp_dh
5174
5175           Sets DH parameters to be used to be $dh.
5176
5177            my $rv = Net::SSLeay::set_tmp_dh($ssl, $dh);
5178            # $ssl - value corresponding to openssl's SSL structure
5179            # $dh - value corresponding to openssl's DH structure
5180            #
5181            # returns: 1 on success, 0 on failure
5182
5183           Check openssl doc
5184           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html>
5185
5186       •   set_tmp_dh_callback
5187
5188           Sets the callback function for $ssl to be used when a DH parameters
5189           are required to $dh_cb.
5190
5191           ??? (does this function really work?)
5192
5193            Net::SSLeay::set_tmp_dh_callback($ssl, $dh);
5194            # $ssl - value corresponding to openssl's SSL structure
5195            # $dh_cb - pointer to function ???
5196            #
5197            # returns: no return value
5198
5199           Check openssl doc
5200           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html>
5201
5202       •   set_tmp_rsa
5203
5204           Sets the temporary/ephemeral RSA key to be used in $ssl to be $rsa.
5205
5206            my $rv = Net::SSLeay::set_tmp_rsa($ssl, $rsa);
5207            # $ssl - value corresponding to openssl's SSL structure
5208            # $rsa - value corresponding to openssl's RSA structure
5209            #
5210            # returns: 1 on success, 0 on failure
5211
5212           Example:
5213
5214            $rsakey = Net::SSLeay::RSA_generate_key();
5215            Net::SSLeay::set_tmp_rsa($ssl, $rsakey);
5216            Net::SSLeay::RSA_free($rsakey);
5217
5218           Check openssl doc
5219           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
5220
5221       •   set_tmp_rsa_callback
5222
5223           Sets the callback function for $ssl to be used when a
5224           temporary/ephemeral RSA key is required to $tmp_rsa_callback.
5225
5226           ??? (does this function really work?)
5227
5228            Net::SSLeay::set_tmp_rsa_callback($ssl, $tmp_rsa_callback);
5229            # $ssl - value corresponding to openssl's SSL structure
5230            # $tmp_rsa_callback - (function pointer) ???
5231            #
5232            # returns: no return value
5233
5234           Check openssl doc
5235           <http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
5236
5237       •   set_trust
5238
5239            my $rv = Net::SSLeay::set_trust($ssl, $trust);
5240            # $ssl - value corresponding to openssl's SSL structure
5241            # $trust - (integer) trust identifier
5242            #
5243            # returns: the original value
5244
5245           For more details about $trust values see "CTX_set_trust".
5246
5247       •   shutdown
5248
5249           Shuts down an active TLS/SSL connection. It sends the 'close
5250           notify' shutdown alert to the peer.
5251
5252            my $rv = Net::SSLeay::shutdown($ssl);
5253            # $ssl - value corresponding to openssl's SSL structure
5254            #
5255            # returns: 1 - shutdown was successfully completed
5256            #          0 - shutdown is not yet finished,
5257            #         -1 - shutdown was not successful
5258
5259           Check openssl doc
5260           <http://www.openssl.org/docs/ssl/SSL_shutdown.html>
5261
5262       •   state_string
5263
5264           Returns a 6 letter string indicating the current state of the SSL
5265           object $ssl.
5266
5267            my $rv = Net::SSLeay::state_string($ssl);
5268            # $ssl - value corresponding to openssl's SSL structure
5269            #
5270            # returns: 6-letter string
5271
5272           Check openssl doc
5273           <http://www.openssl.org/docs/ssl/SSL_state_string.html>
5274
5275       •   state_string_long
5276
5277           Returns a string indicating the current state of the SSL object
5278           $ssl.
5279
5280            my $rv = Net::SSLeay::state_string_long($ssl);
5281            # $ssl - value corresponding to openssl's SSL structure
5282            #
5283            # returns: state strings
5284
5285           Check openssl doc
5286           <http://www.openssl.org/docs/ssl/SSL_state_string.html>
5287
5288       •   set_default_passwd_cb
5289
5290           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
5291           requires at least OpenSSL 1.1.0f. Not needed with LibreSSL.
5292
5293           Sets the default password callback called when loading/storing a
5294           PEM certificate with encryption for $ssl.
5295
5296            Net::SSLeay::set_default_passwd_cb($ssl, $func);
5297            # $ssl - value corresponding to openssl's SSL structure
5298            # $func - perl reference to callback function
5299            #
5300            # returns: no return value
5301
5302           Check openssl doc
5303           <http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html>
5304
5305       •   set_default_passwd_cb_userdata
5306
5307           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
5308           requires at least OpenSSL 1.1.0f. Not needed with LibreSSL.
5309
5310           Sets a pointer to userdata which will be provided to the password
5311           callback of $ssl on invocation.
5312
5313            Net::SSLeay::set_default_passwd_cb_userdata($ssl, $userdata);
5314            # $ssl - value corresponding to openssl's SSL structure
5315            # $userdata - data that will be passed to callback function when invoked
5316            #
5317            # returns: no return value
5318
5319           Check openssl doc
5320           <http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html>
5321
5322       •   use_PrivateKey
5323
5324           Adds $pkey as private key to $ssl.
5325
5326            my $rv = Net::SSLeay::use_PrivateKey($ssl, $pkey);
5327            # $ssl - value corresponding to openssl's SSL structure
5328            # $pkey - value corresponding to openssl's EVP_PKEY structure
5329            #
5330            # returns: 1 on success, otherwise check out the error stack to find out the reason
5331
5332           Check openssl doc
5333           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5334
5335       •   use_PrivateKey_ASN1
5336
5337           Adds the private key of type $pk stored in $data to $ssl.
5338
5339            my $rv = Net::SSLeay::use_PrivateKey_ASN1($pk, $ssl, $d, $len);
5340            # $pk - (integer) key type, NID of corresponding algorithm
5341            # $ssl - value corresponding to openssl's SSL structure
5342            # $data - key data (binary)
5343            # $len - length of $data
5344            #
5345            # returns: 1 on success, otherwise check out the error stack to find out the reason
5346
5347           Check openssl doc
5348           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5349
5350       •   use_PrivateKey_file
5351
5352           Adds the first private key found in $file to $ssl.
5353
5354            my $rv = Net::SSLeay::use_PrivateKey_file($ssl, $file, $type);
5355            # $ssl - value corresponding to openssl's SSL structure
5356            # $file - (string) file name
5357            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
5358            #
5359            # returns: 1 on success, otherwise check out the error stack to find out the reason
5360
5361           Check openssl doc
5362           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5363
5364       •   use_RSAPrivateKey
5365
5366           Adds $rsa as RSA private key to $ssl.
5367
5368            my $rv = Net::SSLeay::use_RSAPrivateKey($ssl, $rsa);
5369            # $ssl - value corresponding to openssl's SSL structure
5370            # $rsa - value corresponding to openssl's RSA structure
5371            #
5372            # returns: 1 on success, otherwise check out the error stack to find out the reason
5373
5374           Check openssl doc
5375           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5376
5377       •   use_RSAPrivateKey_ASN1
5378
5379           Adds RSA private key stored in $data to $ssl.
5380
5381            my $rv = Net::SSLeay::use_RSAPrivateKey_ASN1($ssl, $data, $len);
5382            # $ssl - value corresponding to openssl's SSL structure
5383            # $data - key data (binary)
5384            # $len - length of $data
5385            #
5386            # returns: 1 on success, otherwise check out the error stack to find out the reason
5387
5388           Check openssl doc
5389           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5390
5391       •   use_RSAPrivateKey_file
5392
5393           Adds the first RSA private key found in $file to $ssl.
5394
5395            my $rv = Net::SSLeay::use_RSAPrivateKey_file($ssl, $file, $type);
5396            # $ssl - value corresponding to openssl's SSL structure
5397            # $file - (string) file name
5398            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
5399            #
5400            # returns: 1 on success, otherwise check out the error stack to find out the reason
5401
5402           Check openssl doc
5403           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5404
5405       •   use_certificate
5406
5407           Loads the certificate $x into $ssl.
5408
5409            my $rv = Net::SSLeay::use_certificate($ssl, $x);
5410            # $ssl - value corresponding to openssl's SSL structure
5411            # $x - value corresponding to openssl's X509 structure
5412            #
5413            # returns: 1 on success, otherwise check out the error stack to find out the reason
5414
5415           Check openssl doc
5416           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5417
5418       •   use_certificate_ASN1
5419
5420           Loads the ASN1 encoded certificate from $data to $ssl.
5421
5422            my $rv = Net::SSLeay::use_certificate_ASN1($ssl, $data, $len);
5423            # $ssl - value corresponding to openssl's SSL structure
5424            # $data - certificate data (binary)
5425            # $len - length of $data
5426            #
5427            # returns: 1 on success, otherwise check out the error stack to find out the reason
5428
5429           Check openssl doc
5430           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5431
5432       •   use_certificate_chain_file
5433
5434           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
5435           requires at least OpenSSL 1.1.0
5436
5437           Loads a certificate chain from $file into $ssl. The certificates
5438           must be in PEM format and must be sorted starting with the
5439           subject's certificate (actual client or server certificate),
5440           followed by intermediate CA certificates if applicable, and ending
5441           at the highest level (root) CA.
5442
5443            my $rv = Net::SSLeay::use_certificate_chain_file($ssl, $file);
5444            # $ssl - value corresponding to openssl's SSL structure
5445            # $file - (string) file name
5446            #
5447            # returns: 1 on success, otherwise check out the error stack to find out the reason
5448
5449           Check openssl doc
5450           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5451
5452       •   use_certificate_file
5453
5454           Loads the first certificate stored in $file into $ssl.
5455
5456            my $rv = Net::SSLeay::use_certificate_file($ssl, $file, $type);
5457            # $ssl - value corresponding to openssl's SSL structure
5458            # $file - (string) file name
5459            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
5460            #
5461            # returns: 1 on success, otherwise check out the error stack to find out the reason
5462
5463           Check openssl doc
5464           <http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html>
5465
5466       •   get_version
5467
5468           Returns SSL/TLS protocol name
5469
5470            my $rv = Net::SSLeay::get_version($ssl);
5471            # $ssl - value corresponding to openssl's SSL structure
5472            #
5473            # returns: (string) protocol name, see OpenSSL manual for the full list
5474            #          TLSv1
5475            #          TLSv1.3
5476
5477           Check openssl doc
5478           <https://www.openssl.org/docs/manmaster/man3/SSL_get_version.html>
5479
5480       •   version
5481
5482           Returns SSL/TLS protocol version
5483
5484            my $rv = Net::SSLeay::version($ssl);
5485            # $ssl - value corresponding to openssl's SSL structure
5486            #
5487            # returns: (integer) protocol version, see OpenSSL manual for the full list
5488            #          0x0301 - TLS1_VERSION  (TLSv1)
5489            #          0xFEFF - DTLS1_VERSION (DTLSv1)
5490
5491           Check openssl doc
5492           <https://www.openssl.org/docs/manmaster/man3/SSL_version.html>
5493
5494       •   client_version
5495
5496           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
5497           requires at least OpenSSL 1.1.0, not in LibreSSL
5498
5499           Returns TLS protocol version used by the client when initiating the
5500           connection
5501
5502            my $rv = Net::SSLeay::client_version($ssl);
5503            # $ssl - value corresponding to openssl's SSL structure
5504            #
5505            # returns: (integer) protocol version, see OpenSSL manual for the full list
5506            #          0x0301 - TLS1_VERSION  (TLSv1)
5507            #          0xFEFF - DTLS1_VERSION (DTLSv1)
5508
5509           Check openssl doc
5510           <https://www.openssl.org/docs/manmaster/man3/SSL_client_version.html>
5511
5512       •   is_dtls
5513
5514           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
5515           requires at least OpenSSL 1.1.0, not in LibreSSL
5516
5517            my $rv = Net::SSLeay::is_dtls($ssl);
5518            # $ssl - value corresponding to openssl's SSL structure
5519            #
5520            # returns: (integer) zero or one
5521            #          0 - connection is not using DTLS
5522            #          1 - connection is using DTLS
5523
5524           Check openssl doc
5525           <https://www.openssl.org/docs/manmaster/man3/SSL_is_dtls.html>
5526
5527       •   want
5528
5529           Returns state information for the SSL object $ssl.
5530
5531            my $rv = Net::SSLeay::want($ssl);
5532            # $ssl - value corresponding to openssl's SSL structure
5533            #
5534            # returns: state
5535            #          1 - SSL_NOTHING
5536            #          2 - SSL_WRITING
5537            #          3 - SSL_READING
5538            #          4 - SSL_X509_LOOKUP
5539
5540           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_want.html>
5541
5542       •   write
5543
5544           Writes data from the buffer $data into the specified $ssl
5545           connection.
5546
5547            my $rv = Net::SSLeay::write($ssl, $data);
5548            # $ssl - value corresponding to openssl's SSL structure
5549            # $data - data to be written
5550            #
5551            # returns: >0 - (success) number of bytes actually written to the TLS/SSL connection
5552            #           0 - write not successful, probably the underlying connection was closed
5553            #          <0 - error
5554
5555           Check openssl doc <http://www.openssl.org/docs/ssl/SSL_write.html>
5556
5557       •   write_ex
5558
5559           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
5560           requires at least OpenSSL 1.1.1, not in LibreSSL
5561
5562           Writes data from the buffer $data into the specified $ssl
5563           connection.
5564
5565            my ($len, $rv) = Net::SSLeay::write_ex($ssl, $data);
5566            # $ssl - value corresponding to openssl's SSL structure
5567            # $data - data to be written
5568            #
5569            # returns a list: two-item list consisting of number of bytes written,
5570            #                 and return code from SSL_write_ex()
5571
5572           Check openssl doc
5573           <https://www.openssl.org/docs/manmaster/man3/SSL_write_ex.html>
5574
5575       •   write_partial
5576
5577           NOTE: Does not exactly correspond to any low level API function
5578
5579           Writes a fragment of data in $data from the buffer $data into the
5580           specified $ssl connection. This is a non-blocking function like
5581           Net::SSLeay::write().
5582
5583            my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data);
5584            # $ssl - value corresponding to openssl's SSL structure
5585            # $from - (integer) offset from the beginning of $data
5586            # $count - (integer) length of data to be written
5587            # $data - data buffer
5588            #
5589            # returns: >0 - (success) number of bytes actually written to the TLS/SSL connection
5590            #           0 - write not successful, probably the underlying connection was closed
5591            #          <0 - error
5592
5593       •   set_tlsext_host_name
5594
5595           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
5596           requires at least openssl-0.9.8f
5597
5598           Sets TLS servername extension on SLL object $ssl to value $name.
5599
5600            my $rv = set_tlsext_host_name($ssl, $name);
5601            # $ssl - value corresponding to openssl's SSL structure
5602            # $name - (string) name to be set
5603            #
5604            # returns: 1 on success, 0 on failure
5605
5606       Low level API: RAND_* related functions
5607
5608       Check openssl doc related to RAND stuff
5609       <http://www.openssl.org/docs/crypto/rand.html>
5610
5611       •   RAND_add
5612
5613           Mixes the $num bytes at $buf into the PRNG state.
5614
5615            Net::SSLeay::RAND_add($buf, $num, $entropy);
5616            # $buf - buffer with data to be mixed into the PRNG state
5617            # $num - number of bytes in $buf
5618            # $entropy - estimate of how much randomness is contained in $buf (in bytes)
5619            #
5620            # returns: no return value
5621
5622           Check openssl doc
5623           <http://www.openssl.org/docs/crypto/RAND_add.html>
5624
5625       •   RAND_seed
5626
5627           Equivalent to "RAND_add" when $num == $entropy.
5628
5629            Net::SSLeay::RAND_seed($buf);   # Perlishly figures out buf size
5630            # $buf - buffer with data to be mixed into the PRNG state
5631            # $num - number of bytes in $buf
5632            #
5633            # returns: no return value
5634
5635           Check openssl doc
5636           <http://www.openssl.org/docs/crypto/RAND_add.html>
5637
5638       •   RAND_status
5639
5640           Gives PRNG status (seeded enough or not).
5641
5642            my $rv = Net::SSLeay::RAND_status();
5643            #returns: 1 if the PRNG has been seeded with enough data, 0 otherwise
5644
5645           Check openssl doc
5646           <http://www.openssl.org/docs/crypto/RAND_add.html>
5647
5648       •   RAND_bytes
5649
5650           Puts $num cryptographically strong pseudo-random bytes into $buf.
5651
5652            my $rv = Net::SSLeay::RAND_bytes($buf, $num);
5653            # $buf - buffer where the random data will be stored
5654            # $num - the size (in bytes) of requested random data
5655            #
5656            # returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure
5657
5658           Check openssl doc
5659           <http://www.openssl.org/docs/manmaster/man3/RAND_bytes.html>
5660
5661       •   RAND_priv_bytes
5662
5663           COMPATIBILITY: not available in Net-SSLeay-1.85 and before;
5664           requires at least OpenSSL 1.1.1, not in LibreSSL
5665
5666           Puts $num cryptographically strong pseudo-random bytes into $buf.
5667
5668            my $rv = Net::SSLeay::RAND_priv_bytes($buf, $num);
5669            # $buf - buffer where the random data will be stored
5670            # $num - the size (in bytes) of requested random data
5671            #
5672            # returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure
5673
5674           RAND_priv_bytes has the same semantics as RAND_bytes, but see see
5675           the documentation for more information.
5676
5677           Check openssl doc
5678           <http://www.openssl.org/docs/manmaster/man3/RAND_priv_bytes.html>
5679
5680       •   RAND_pseudo_bytes
5681
5682           Puts $num pseudo-random (not necessarily unpredictable) bytes into
5683           $buf.
5684
5685            my $rv = Net::SSLeay::RAND_pseudo_bytes($buf, $num);
5686            # $buf - buffer where the random data will be stored
5687            # $num - the size (in bytes) of requested random data
5688            #
5689            # returns: 1 if the bytes generated are cryptographically strong, 0 otherwise
5690
5691           Check openssl doc
5692           <http://www.openssl.org/docs/crypto/RAND_bytes.html>
5693
5694       •   RAND_cleanup
5695
5696           Erase the PRNG state.
5697
5698            Net::SSLeay::RAND_cleanup();
5699            # no args, no return value
5700
5701           Check openssl doc
5702           <http://www.openssl.org/docs/crypto/RAND_cleanup.html>
5703
5704       •   RAND_egd_bytes
5705
5706           Queries the entropy gathering daemon EGD on socket $path for $bytes
5707           bytes.
5708
5709            my $rv = Net::SSLeay::RAND_egd_bytes($path, $bytes);
5710            # $path - path to a socket of entropy gathering daemon EGD
5711            # $bytes - number of bytes we want from EGD
5712            #
5713            # returns: the number of bytes read from the daemon on success, and -1 on failure
5714
5715           Check openssl doc
5716           <http://www.openssl.org/docs/crypto/RAND_egd.html>
5717
5718       •   RAND_file_name
5719
5720           Generates a default path for the random seed file.
5721
5722            my $file = Net::SSLeay::RAND_file_name($num);
5723            # $num - maximum size of returned file name
5724            #
5725            # returns: string with file name on success, '' (empty string) on failure
5726
5727           Check openssl doc
5728           <http://www.openssl.org/docs/crypto/RAND_load_file.html>
5729
5730       •   RAND_load_file
5731
5732           COMPATIBILITY: Is no longer functional on LibreSSL
5733
5734           Reads $max_bytes of bytes from $file_name and adds them to the
5735           PRNG.
5736
5737            my $rv = Net::SSLeay::RAND_load_file($file_name, $max_bytes);
5738            # $file_name - the name of file
5739            # $max_bytes - bytes to read from $file_name; -1 => the complete file is read
5740            #
5741            # returns: the number of bytes read
5742
5743           Check openssl doc
5744           <http://www.openssl.org/docs/crypto/RAND_load_file.html>
5745
5746       •   RAND_write_file
5747
5748           Writes 1024 random bytes to $file_name which can be used to
5749           initialize the PRNG by calling "RAND_load_file" in a later session.
5750
5751            my $rv = Net::SSLeay::RAND_write_file($file_name);
5752            # $file_name - the name of file
5753            #
5754            # returns: the number of bytes written, and -1 if the bytes written were generated without appropriate seed
5755
5756           Check openssl doc
5757           <http://www.openssl.org/docs/crypto/RAND_load_file.html>
5758
5759       •   RAND_poll
5760
5761           Collects some entropy from operating system and adds it to the
5762           PRNG.
5763
5764            my $rv = Net::SSLeay::RAND_poll();
5765            # returns: 1 on success, 0 on failure (unable to gather reasonable entropy)
5766
5767       Low level API: OBJ_* related functions
5768
5769       •   OBJ_cmp
5770
5771           Compares ASN1_OBJECT $a to ASN1_OBJECT $b.
5772
5773            my $rv = Net::SSLeay::OBJ_cmp($a, $b);
5774            # $a - value corresponding to openssl's ASN1_OBJECT structure
5775            # $b - value corresponding to openssl's ASN1_OBJECT structure
5776            #
5777            # returns: if the two are identical 0 is returned
5778
5779           Check openssl doc
5780           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5781
5782       •   OBJ_dup
5783
5784           Returns a copy/duplicate of $o.
5785
5786            my $rv = Net::SSLeay::OBJ_dup($o);
5787            # $o - value corresponding to openssl's ASN1_OBJECT structure
5788            #
5789            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
5790
5791           Check openssl doc
5792           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5793
5794       •   OBJ_nid2ln
5795
5796           Returns long name for given NID $n.
5797
5798            my $rv = Net::SSLeay::OBJ_nid2ln($n);
5799            # $n - (integer) NID
5800            #
5801            # returns: (string) long name e.g. 'commonName'
5802
5803           Check openssl doc
5804           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5805
5806       •   OBJ_ln2nid
5807
5808           Returns NID corresponding to given long name $n.
5809
5810            my $rv = Net::SSLeay::OBJ_ln2nid($s);
5811            # $s - (string) long name e.g. 'commonName'
5812            #
5813            # returns: (integer) NID
5814
5815       •   OBJ_nid2sn
5816
5817           Returns short name for given NID $n.
5818
5819            my $rv = Net::SSLeay::OBJ_nid2sn($n);
5820            # $n - (integer) NID
5821            #
5822            # returns: (string) short name e.g. 'CN'
5823
5824           Example:
5825
5826            print Net::SSLeay::OBJ_nid2sn(&Net::SSLeay::NID_commonName);
5827
5828       •   OBJ_sn2nid
5829
5830           Returns NID corresponding to given short name $s.
5831
5832            my $rv = Net::SSLeay::OBJ_sn2nid($s);
5833            # $s - (string) short name e.g. 'CN'
5834            #
5835            # returns: (integer) NID
5836
5837           Example:
5838
5839            print "NID_commonName constant=", &Net::SSLeay::NID_commonName;
5840            print "OBJ_sn2nid('CN')=", Net::SSLeay::OBJ_sn2nid('CN');
5841
5842       •   OBJ_nid2obj
5843
5844           Returns ASN1_OBJECT for given NID $n.
5845
5846            my $rv = Net::SSLeay::OBJ_nid2obj($n);
5847            # $n - (integer) NID
5848            #
5849            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
5850
5851           Check openssl doc
5852           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5853
5854       •   OBJ_obj2nid
5855
5856           Returns NID corresponding to given ASN1_OBJECT $o.
5857
5858            my $rv = Net::SSLeay::OBJ_obj2nid($o);
5859            # $o - value corresponding to openssl's ASN1_OBJECT structure
5860            #
5861            # returns: (integer) NID
5862
5863           Check openssl doc
5864           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5865
5866       •   OBJ_txt2obj
5867
5868           Converts the text string s into an ASN1_OBJECT structure. If
5869           $no_name is 0 then long names (e.g. 'commonName') and short names
5870           (e.g. 'CN') will be interpreted as well as numerical forms (e.g.
5871           '2.5.4.3'). If $no_name is 1 only the numerical form is acceptable.
5872
5873            my $rv = Net::SSLeay::OBJ_txt2obj($s, $no_name);
5874            # $s - text string to be converted
5875            # $no_name - (integer) 0 or 1
5876            #
5877            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
5878
5879           Check openssl doc
5880           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5881
5882       •   OBJ_obj2txt
5883
5884           Converts the ASN1_OBJECT a into a textual representation.
5885
5886            Net::SSLeay::OBJ_obj2txt($a, $no_name);
5887            # $a - value corresponding to openssl's ASN1_OBJECT structure
5888            # $no_name - (integer) 0 or 1
5889            #
5890            # returns: textual representation e.g. 'commonName' ($no_name=0), '2.5.4.3' ($no_name=1)
5891
5892           Check openssl doc
5893           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5894
5895       •   OBJ_txt2nid
5896
5897           Returns NID corresponding to text string $s which can be a long
5898           name, a short name or the numerical representation of an object.
5899
5900            my $rv = Net::SSLeay::OBJ_txt2nid($s);
5901            # $s - (string) e.g. 'commonName' or 'CN' or '2.5.4.3'
5902            #
5903            # returns: (integer) NID
5904
5905           Example:
5906
5907            my $nid = Net::SSLeay::OBJ_txt2nid('2.5.4.3');
5908            Net::SSLeay::OBJ_nid2sn($n);
5909
5910           Check openssl doc
5911           <http://www.openssl.org/docs/crypto/OBJ_nid2obj.html>
5912
5913       Low level API: ASN1_INTEGER_* related functions
5914
5915       •   ASN1_INTEGER_new
5916
5917           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5918
5919           Creates a new ASN1_INTEGER structure.
5920
5921            my $rv = Net::SSLeay::ASN1_INTEGER_new();
5922            #
5923            # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure)
5924
5925       •   ASN1_INTEGER_free
5926
5927           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5928
5929           Free an allocated ASN1_INTEGER structure.
5930
5931            Net::SSLeay::ASN1_INTEGER_free($i);
5932            # $i - value corresponding to openssl's ASN1_INTEGER structure
5933            #
5934            # returns: no return value
5935
5936       •   ASN1_INTEGER_get
5937
5938           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5939
5940           Returns integer value of given ASN1_INTEGER object.
5941
5942           BEWARE: If the value stored in ASN1_INTEGER is greater than max.
5943           integer that can be stored in 'long' type (usually 32bit but may
5944           vary according to platform) then this function will return -1.  For
5945           getting large ASN1_INTEGER values consider using
5946           "P_ASN1_INTEGER_get_dec" or "P_ASN1_INTEGER_get_hex".
5947
5948            my $rv = Net::SSLeay::ASN1_INTEGER_get($a);
5949            # $a - value corresponding to openssl's ASN1_INTEGER structure
5950            #
5951            # returns: integer value of ASN1_INTEGER object in $a
5952
5953       •   ASN1_INTEGER_set
5954
5955           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5956
5957           Sets value of given ASN1_INTEGER object to value $val
5958
5959           BEWARE: $val has max. limit (= max. integer that can be stored in
5960           'long' type).  For setting large ASN1_INTEGER values consider using
5961           "P_ASN1_INTEGER_set_dec" or "P_ASN1_INTEGER_set_hex".
5962
5963            my $rv = Net::SSLeay::ASN1_INTEGER_set($i, $val);
5964            # $i - value corresponding to openssl's ASN1_INTEGER structure
5965            # $val - integer value
5966            #
5967            # returns: 1 on success, 0 on failure
5968
5969       •   P_ASN1_INTEGER_get_dec
5970
5971           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5972
5973           Returns string with decimal representation of integer value of
5974           given ASN1_INTEGER object.
5975
5976            Net::SSLeay::P_ASN1_INTEGER_get_dec($i);
5977            # $i - value corresponding to openssl's ASN1_INTEGER structure
5978            #
5979            # returns: string with decimal representation
5980
5981       •   P_ASN1_INTEGER_get_hex
5982
5983           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5984
5985           Returns string with hexadecimal representation of integer value of
5986           given ASN1_INTEGER object.
5987
5988            Net::SSLeay::P_ASN1_INTEGER_get_hex($i);
5989            # $i - value corresponding to openssl's ASN1_INTEGER structure
5990            #
5991            # returns: string with hexadecimal representation
5992
5993       •   P_ASN1_INTEGER_set_dec
5994
5995           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
5996
5997           Sets value of given ASN1_INTEGER object to value $val (decimal
5998           string, suitable for large integers)
5999
6000            Net::SSLeay::P_ASN1_INTEGER_set_dec($i, $str);
6001            # $i - value corresponding to openssl's ASN1_INTEGER structure
6002            # $str - string with decimal representation
6003            #
6004            # returns: 1 on success, 0 on failure
6005
6006       •   P_ASN1_INTEGER_set_hex
6007
6008           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6009
6010           Sets value of given ASN1_INTEGER object to value $val (hexadecimal
6011           string, suitable for large integers)
6012
6013            Net::SSLeay::P_ASN1_INTEGER_set_hex($i, $str);
6014            # $i - value corresponding to openssl's ASN1_INTEGER structure
6015            # $str - string with hexadecimal representation
6016            #
6017            # returns: 1 on success, 0 on failure
6018
6019       Low level API: ASN1_STRING_* related functions
6020
6021       •   P_ASN1_STRING_get
6022
6023           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6024
6025           Returns string value of given ASN1_STRING object.
6026
6027            Net::SSLeay::P_ASN1_STRING_get($s, $utf8_decode);
6028            # $s - value corresponding to openssl's ASN1_STRING structure
6029            # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)
6030            #
6031            # returns: string
6032
6033            $string = Net::SSLeay::P_ASN1_STRING_get($s);
6034            #is the same as:
6035            $string = Net::SSLeay::P_ASN1_STRING_get($s, 0);
6036
6037       Low level API: ASN1_TIME_* related functions
6038
6039       •   ASN1_TIME_new
6040
6041           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
6042
6043            my $time = ASN1_TIME_new();
6044            # returns: value corresponding to openssl's ASN1_TIME structure
6045
6046       •   ASN1_TIME_free
6047
6048           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
6049
6050            ASN1_TIME_free($time);
6051            # $time - value corresponding to openssl's ASN1_TIME structure
6052
6053       •   ASN1_TIME_set
6054
6055           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
6056
6057            ASN1_TIME_set($time, $t);
6058            # $time - value corresponding to openssl's ASN1_TIME structure
6059            # $t - time value in seconds since 1.1.1970
6060
6061           BEWARE: It is platform dependent how this function will handle
6062           dates after 2038.  Although perl's integer is large enough the
6063           internal implementation of this function is dependent on the size
6064           of time_t structure (32bit time_t has problem with 2038).
6065
6066           If you want to safely set date and time after 2038 use function
6067           "P_ASN1_TIME_set_isotime".
6068
6069       •   P_ASN1_TIME_get_isotime
6070
6071           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
6072           requires at least openssl-0.9.7e
6073
6074           NOTE: Does not exactly correspond to any low level API function
6075
6076           Gives ISO-8601 string representation of ASN1_TIME structure.
6077
6078            my $datetime_string = P_ASN1_TIME_get_isotime($time);
6079            # $time - value corresponding to openssl's ASN1_TIME structure
6080            #
6081            # returns: datetime string like '2033-05-16T20:39:37Z' or '' on failure
6082
6083           The output format is compatible with module
6084           DateTime::Format::RFC3339
6085
6086       •   P_ASN1_TIME_set_isotime
6087
6088           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
6089           requires at least openssl-0.9.7e
6090
6091           NOTE: Does not exactly correspond to any low level API function
6092
6093           Sets time and date value of ANS1_time structure.
6094
6095            my $rv = P_ASN1_TIME_set_isotime($time, $string);
6096            # $time - value corresponding to openssl's ASN1_TIME structure
6097            # $string - ISO-8601 timedate string like '2033-05-16T20:39:37Z'
6098            #
6099            # returns: 1 on success, 0 on failure
6100
6101           The $string parameter has to be in full form like
6102           "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or
6103           "2012-03-22T23:55:33CET". Short forms like "2012-03-22T23:55" or
6104           "2012-03-22" are not supported.
6105
6106       •   P_ASN1_TIME_put2string
6107
6108           COMPATIBILITY: not available in Net-SSLeay-1.42 and before, has
6109           bugs with openssl-0.9.8i
6110
6111           NOTE: Does not exactly correspond to any low level API function
6112
6113           Gives string representation of ASN1_TIME structure.
6114
6115            my $str = P_ASN1_TIME_put2string($time);
6116            # $time - value corresponding to openssl's ASN1_TIME structure
6117            #
6118            # returns: datetime string like 'May 16 20:39:37 2033 GMT'
6119
6120       •   P_ASN1_UTCTIME_put2string
6121
6122           NOTE: deprecated function, only for backward compatibility, just an
6123           alias for "P_ASN1_TIME_put2string"
6124
6125       Low level API: X509_* related functions
6126
6127       •   X509_new
6128
6129           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6130
6131           Allocates and initializes a X509 structure.
6132
6133            my $rv = Net::SSLeay::X509_new();
6134            #
6135            # returns: value corresponding to openssl's X509 structure (0 on failure)
6136
6137           Check openssl doc
6138           <http://www.openssl.org/docs/crypto/X509_new.html>
6139
6140       •   X509_free
6141
6142           Frees up the X509 structure.
6143
6144            Net::SSLeay::X509_free($a);
6145            # $a - value corresponding to openssl's X509 structure
6146            #
6147            # returns: no return value
6148
6149           Check openssl doc
6150           <http://www.openssl.org/docs/crypto/X509_new.html>
6151
6152       •   X509_check_host
6153
6154           COMPATIBILITY: not available in Net-SSLeay-1.68 and before;
6155           requires at least OpenSSL 1.0.2.
6156           X509_CHECK_FLAG_NEVER_CHECK_SUBJECT requires OpenSSL 1.1.0.
6157
6158           Checks if the certificate Subject Alternative Name (SAN) or Subject
6159           CommonName (CN) matches the specified host name.
6160
6161            my $rv = Net::SSLeay::X509_check_host($cert, $name, $flags, $peername);
6162            # $cert - value corresponding to openssl's X509 structure
6163            # $name - host name to check
6164            # $flags (optional, default: 0) - can be the bitwise OR of:
6165            #   &Net::SSLeay::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
6166            #   &Net::SSLeay::X509_CHECK_FLAG_NO_WILDCARDS
6167            #   &Net::SSLeay::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
6168            #   &Net::SSLeay::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
6169            #   &Net::SSLeay::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
6170            #   &Net::SSLeay::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
6171            # $peername (optional) - If not omitted and $host matches $cert,
6172            #                        a copy of the matching SAN or CN from
6173            #                        the peer certificate is stored in $peername.
6174            #
6175            # returns:
6176            #   1 for a successful match
6177            #   0 for a failed match
6178            #  -1 for an internal error
6179            #  -2 if the input is malformed
6180
6181           Check openssl doc
6182           <https://www.openssl.org/docs/crypto/X509_check_host.html>.
6183
6184       •   X509_check_email
6185
6186           COMPATIBILITY: not available in Net-SSLeay-1.68 and before;
6187           requires at least OpenSSL 1.0.2.
6188
6189           Checks if the certificate matches the specified email address.
6190
6191            my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags);
6192            # $cert - value corresponding to openssl's X509 structure
6193            # $address - email address to check
6194            # $flags (optional, default: 0) - see X509_check_host()
6195            #
6196            # returns: see X509_check_host()
6197
6198           Check openssl doc
6199           <https://www.openssl.org/docs/crypto/X509_check_email.html>.
6200
6201       •   X509_check_ip
6202
6203           COMPATIBILITY: not available in Net-SSLeay-1.68 and before;
6204           requires at least OpenSSL 1.0.2.
6205
6206           Checks if the certificate matches the specified IPv4 or IPv6
6207           address.
6208
6209            my $rv = Net::SSLeay::X509_check_ip($cert, $address, $flags);
6210            # $cert - value corresponding to openssl's X509 structure
6211            # $address - IP address to check in binary format, in network byte order
6212            # $flags (optional, default: 0) - see X509_check_host()
6213            #
6214            # returns: see X509_check_host()
6215
6216           Check openssl doc
6217           <https://www.openssl.org/docs/crypto/X509_check_ip.html>.
6218
6219       •   X509_check_ip_asc
6220
6221           COMPATIBILITY: not available in Net-SSLeay-1.68 and before;
6222           requires at least OpenSSL 1.0.2.
6223
6224           Checks if the certificate matches the specified IPv4 or IPv6
6225           address.
6226
6227            my $rv = Net::SSLeay::X509_check_ip_asc($cert, $address, $flags);
6228            # $cert - value corresponding to openssl's X509 structure
6229            # $address - IP address to check in text representation
6230            # $flags (optional, default: 0) - see X509_check_host()
6231            #
6232            # returns: see X509_check_host()
6233
6234           Check openssl doc
6235           <https://www.openssl.org/docs/crypto/X509_check_ip_asc.html>.
6236
6237       •   X509_certificate_type
6238
6239           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6240
6241           Returns bitmask with type of certificate $x.
6242
6243            my $rv = Net::SSLeay::X509_certificate_type($x);
6244            # $x - value corresponding to openssl's X509 structure
6245            #
6246            # returns: (integer) bitmask with certificate type
6247
6248            #to decode bitmask returned by this function use these constants:
6249            &Net::SSLeay::EVP_PKS_DSA
6250            &Net::SSLeay::EVP_PKS_EC
6251            &Net::SSLeay::EVP_PKS_RSA
6252            &Net::SSLeay::EVP_PKT_ENC
6253            &Net::SSLeay::EVP_PKT_EXCH
6254            &Net::SSLeay::EVP_PKT_EXP
6255            &Net::SSLeay::EVP_PKT_SIGN
6256            &Net::SSLeay::EVP_PK_DH
6257            &Net::SSLeay::EVP_PK_DSA
6258            &Net::SSLeay::EVP_PK_EC
6259            &Net::SSLeay::EVP_PK_RSA
6260
6261       •   X509_digest
6262
6263           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6264
6265           Computes digest/fingerprint of X509 $data using $type hash
6266           function.
6267
6268            my $digest_value = Net::SSLeay::X509_digest($data, $type);
6269            # $data - value corresponding to openssl's X509 structure
6270            # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname()
6271            #
6272            # returns: hash value (binary)
6273
6274            #to get printable (hex) value of digest use:
6275            print unpack('H*', $digest_value);
6276
6277       •   X509_issuer_and_serial_hash
6278
6279           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6280
6281           Sort of a checksum of issuer name and serial number of X509
6282           certificate $x.  The result is not a full hash (e.g. sha-1), it is
6283           kind-of-a-hash truncated to the size of 'unsigned long' (32 bits).
6284           The resulting value might differ across different openssl versions
6285           for the same X509 certificate.
6286
6287            my $rv = Net::SSLeay::X509_issuer_and_serial_hash($x);
6288            # $x - value corresponding to openssl's X509 structure
6289            #
6290            # returns: number representing checksum
6291
6292       •   X509_issuer_name_hash
6293
6294           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6295
6296           Sort of a checksum of issuer name of X509 certificate $x.  The
6297           result is not a full hash (e.g. sha-1), it is kind-of-a-hash
6298           truncated to the size of 'unsigned long' (32 bits).  The resulting
6299           value might differ across different openssl versions for the same
6300           X509 certificate.
6301
6302            my $rv = Net::SSLeay::X509_issuer_name_hash($x);
6303            # $x - value corresponding to openssl's X509 structure
6304            #
6305            # returns: number representing checksum
6306
6307       •   X509_subject_name_hash
6308
6309           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6310
6311           Sort of a checksum of subject name of X509 certificate $x.  The
6312           result is not a full hash (e.g. sha-1), it is kind-of-a-hash
6313           truncated to the size of 'unsigned long' (32 bits).  The resulting
6314           value might differ across different openssl versions for the same
6315           X509 certificate.
6316
6317            my $rv = Net::SSLeay::X509_subject_name_hash($x);
6318            # $x - value corresponding to openssl's X509 structure
6319            #
6320            # returns: number representing checksum
6321
6322       •   X509_pubkey_digest
6323
6324           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
6325           requires at least openssl-0.9.7
6326
6327           Computes digest/fingerprint of public key from X509 certificate
6328           $data using $type hash function.
6329
6330            my $digest_value = Net::SSLeay::X509_pubkey_digest($data, $type);
6331            # $data - value corresponding to openssl's X509 structure
6332            # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname()
6333            #
6334            # returns: hash value (binary)
6335
6336            #to get printable (hex) value of digest use:
6337            print unpack('H*', $digest_value);
6338
6339       •   X509_set_issuer_name
6340
6341           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6342
6343           Sets issuer of X509 certificate $x to $name.
6344
6345            my $rv = Net::SSLeay::X509_set_issuer_name($x, $name);
6346            # $x - value corresponding to openssl's X509 structure
6347            # $name - value corresponding to openssl's X509_NAME structure
6348            #
6349            # returns: 1 on success, 0 on failure
6350
6351       •   X509_set_pubkey
6352
6353           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6354
6355           Sets public key of X509 certificate $x to $pkey.
6356
6357            my $rv = Net::SSLeay::X509_set_pubkey($x, $pkey);
6358            # $x - value corresponding to openssl's X509 structure
6359            # $pkey - value corresponding to openssl's EVP_PKEY structure
6360            #
6361            # returns: 1 on success, 0 on failure
6362
6363       •   X509_set_serialNumber
6364
6365           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6366
6367           Sets serial number of X509 certificate $x to $serial.
6368
6369            my $rv = Net::SSLeay::X509_set_serialNumber($x, $serial);
6370            # $x - value corresponding to openssl's X509 structure
6371            # $serial - value corresponding to openssl's ASN1_INTEGER structure
6372            #
6373            # returns: 1 on success, 0 on failure
6374
6375            #to create $serial value use one of these:
6376            $serial = Net::SSLeay::P_ASN1_INTEGER_set_hex('45ad6f');
6377            $serial = Net::SSLeay::P_ASN1_INTEGER_set_dec('7896541238529631478');
6378            $serial = Net::SSLeay::ASN1_INTEGER_set(45896);
6379
6380       •   X509_set_subject_name
6381
6382           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6383
6384           Sets subject of X509 certificate $x to $name.
6385
6386            my $rv = Net::SSLeay::X509_set_subject_name($x, $name);
6387            # $x - value corresponding to openssl's X509 structure
6388            # $name - value corresponding to openssl's X509_NAME structure
6389            #
6390            # returns: 1 on success, 0 on failure
6391
6392       •   X509_set_version
6393
6394           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6395
6396           Set 'version' value for X509 certificate $ to $version.
6397
6398            my $rv = Net::SSLeay::X509_set_version($x, $version);
6399            # $x - value corresponding to openssl's X509 structure
6400            # $version - (integer) version number
6401            #
6402            # returns: 1 on success, 0 on failure
6403
6404       •   X509_sign
6405
6406           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6407
6408           Sign X509 certificate $x with private key $pkey (using digest
6409           algorithm $md).
6410
6411            my $rv = Net::SSLeay::X509_sign($x, $pkey, $md);
6412            # $x - value corresponding to openssl's X509 structure
6413            # $pkey - value corresponding to openssl's EVP_PKEY structure
6414            # $md - value corresponding to openssl's EVP_MD structure
6415            #
6416            # returns: 1 on success, 0 on failure
6417
6418       •   X509_verify
6419
6420           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6421
6422           Verifies X509 object $a using public key $r (pubkey of issuing CA).
6423
6424            my $rv = Net::SSLeay::X509_verify($x, $r);
6425            # $x - value corresponding to openssl's X509 structure
6426            # $r - value corresponding to openssl's EVP_PKEY structure
6427            #
6428            # returns: 0 - verify failure, 1 - verify OK, <0 - error
6429
6430       •   X509_get_ext_count
6431
6432           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6433
6434           Returns the total number of extensions in X509 object $x.
6435
6436            my $rv = Net::SSLeay::X509_get_ext_count($x);
6437            # $x - value corresponding to openssl's X509 structure
6438            #
6439            # returns: count of extensions
6440
6441       •   X509_get_pubkey
6442
6443           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6444
6445           Returns public key corresponding to given X509 object $x.
6446
6447            my $rv = Net::SSLeay::X509_get_pubkey($x);
6448            # $x - value corresponding to openssl's X509 structure
6449            #
6450            # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure)
6451
6452           NOTE: This method returns only the public key's key bits, without
6453           the algorithm or parameters.  Use "X509_get_X509_PUBKEY()" to
6454           return the full public key (SPKI) instead.
6455
6456       •   X509_get_X509_PUBKEY
6457
6458           COMPATIBILITY: not available in Net-SSLeay-1.72 and before
6459
6460           Returns the full public key (SPKI) of given X509 certificate $x.
6461
6462            Net::SSLeay::X509_get_X509_PUBKEY($x);
6463            # $x - value corresponding to openssl's X509 structure
6464            #
6465            # returns: public key data in DER format (binary)
6466
6467       •   X509_get_serialNumber
6468
6469           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6470
6471           Returns serial number of X509 certificate $x.
6472
6473            my $rv = Net::SSLeay::X509_get_serialNumber($x);
6474            # $x - value corresponding to openssl's X509 structure
6475            #
6476            # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure)
6477
6478           See "P_ASN1_INTEGER_get_dec", "P_ASN1_INTEGER_get_hex" or
6479           "ASN1_INTEGER_get" to decode ASN1_INTEGER object.
6480
6481       •   X509_get0_serialNumber
6482
6483           COMPATIBILITY: available in Net-SSLeay-1.86 onwards
6484
6485           X509_get0_serialNumber() is the same as X509_get_serialNumber()
6486           except it accepts a const parameter and returns a const result.
6487
6488       •   X509_get_version
6489
6490           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6491
6492           Returns 'version' value of given X509 certificate $x.
6493
6494            my $rv = Net::SSLeay::X509_get_version($x);
6495            # $x - value corresponding to openssl's X509 structure
6496            #
6497            # returns: (integer) version
6498
6499       •   X509_get_ext
6500
6501           Returns X509_EXTENSION from $x509 based on given position/index.
6502
6503            my $rv = Net::SSLeay::X509_get_ext($x509, $index);
6504            # $x509 - value corresponding to openssl's X509 structure
6505            # $index - (integer) position/index of extension within $x509
6506            #
6507            # returns: value corresponding to openssl's X509_EXTENSION structure (0 on failure)
6508
6509       •   X509_get_ext_by_NID
6510
6511           Returns X509_EXTENSION from $x509 based on given NID.
6512
6513            my $rv = Net::SSLeay::X509_get_ext_by_NID($x509, $nid, $loc);
6514            # $x509 - value corresponding to openssl's X509 structure
6515            # $nid - (integer) NID value
6516            # $loc - (integer) position to start lookup at
6517            #
6518            # returns: position/index of extension, negative value on error
6519            #          call Net::SSLeay::X509_get_ext($x509, $rv) to get the actual extension
6520
6521       •   X509_get_fingerprint
6522
6523           Returns fingerprint of certificate $cert.
6524
6525           NOTE: Does not exactly correspond to any low level API function.
6526           The implementation is basen on openssl's "X509_digest()".
6527
6528            Net::SSLeay::X509_get_fingerprint($x509, $type);
6529            # $x509 - value corresponding to openssl's X509 structure
6530            # $type - (string) digest type, currently supported values:
6531            #         "md5"
6532            #         "sha1"
6533            #         "sha256"
6534            #         "ripemd160"
6535            #
6536            # returns: certificate digest - hexadecimal string (NOT binary data!)
6537
6538       •   X509_get_issuer_name
6539
6540           Return an X509_NAME object representing the issuer of the
6541           certificate $cert.
6542
6543            my $rv = Net::SSLeay::X509_get_issuer_name($cert);
6544            # $cert - value corresponding to openssl's X509 structure
6545            #
6546            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
6547
6548       •   X509_get_notAfter
6549
6550           Return an object giving the time after which the certificate $cert
6551           is not valid.
6552
6553            my $rv = Net::SSLeay::X509_get_notAfter($cert);
6554            # $cert - value corresponding to openssl's X509 structure
6555            #
6556            # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure)
6557
6558           To get human readable/printable form the return value you can use:
6559
6560            my $time = Net::SSLeay::X509_get_notAfter($cert);
6561            print "notAfter=", Net::SSLeay::P_ASN1_TIME_get_isotime($time), "\n";
6562
6563       •   X509_get_notBefore
6564
6565           Return an object giving the time before which the certificate $cert
6566           is not valid
6567
6568            my $rv = Net::SSLeay::X509_get_notBefore($cert);
6569            # $cert - value corresponding to openssl's X509 structure
6570            #
6571            # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure)
6572
6573           To get human readable/printable form the return value you can use:
6574
6575            my $time = Net::SSLeay::X509_get_notBefore($cert);
6576            print "notBefore=", Net::SSLeay::P_ASN1_TIME_get_isotime($time), "\n";
6577
6578       •   X509_get_subjectAltNames
6579
6580           NOTE: Does not exactly correspond to any low level API function.
6581
6582           Returns the list of alternative subject names from X509 certificate
6583           $cert.
6584
6585            my @rv = Net::SSLeay::X509_get_subjectAltNames($cert);
6586            # $cert - value corresponding to openssl's X509 structure
6587            #
6588            # returns: list containing pairs - name_type (integer), name_value (string)
6589            #          where name_type can be:
6590            #          0 - GEN_OTHERNAME
6591            #          1 - GEN_EMAIL
6592            #          2 - GEN_DNS
6593            #          3 - GEN_X400
6594            #          4 - GEN_DIRNAME
6595            #          5 - GEN_EDIPARTY
6596            #          6 - GEN_URI
6597            #          7 - GEN_IPADD
6598            #          8 - GEN_RID
6599
6600           Note: type 7 - GEN_IPADD contains the IP address as a packed binary
6601           address. GEN_RID is available in Net-SSLeay-1.90 and later. Maximum
6602           length for returned RID string is currently 2500. Invalid and
6603           overly long RID values are skipped and not returned. GEN_X400 and
6604           GEN_EDIPARTY are not supported and will not be returned even when
6605           present in the certificate.
6606
6607       •   X509_get_subject_name
6608
6609           Returns the subject of the certificate $cert.
6610
6611            my $rv = Net::SSLeay::X509_get_subject_name($cert);
6612            # $cert - value corresponding to openssl's X509 structure
6613            #
6614            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
6615
6616       •   X509_gmtime_adj
6617
6618           Adjust th ASN1_TIME object to the timestamp (in GMT).
6619
6620            my $rv = Net::SSLeay::X509_gmtime_adj($s, $adj);
6621            # $s - value corresponding to openssl's ASN1_TIME structure
6622            # $adj - timestamp (seconds since 1.1.1970)
6623            #
6624            # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure)
6625
6626           BEWARE: this function may fail for dates after 2038 as it is
6627           dependent on time_t size on your system (32bit time_t does not work
6628           after 2038). Consider using "P_ASN1_TIME_set_isotime" instead).
6629
6630       •   X509_load_cert_crl_file
6631
6632           Takes PEM file and loads all X509 certificates and X509 CRLs from
6633           that file into X509_LOOKUP structure.
6634
6635            my $rv = Net::SSLeay::X509_load_cert_crl_file($ctx, $file, $type);
6636            # $ctx - value corresponding to openssl's X509_LOOKUP structure
6637            # $file - (string) file name
6638            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
6639            #                          if not FILETYPE_PEM then behaves as Net::SSLeay::X509_load_cert_file()
6640            #
6641            # returns: 1 on success, 0 on failure
6642
6643       •   X509_load_cert_file
6644
6645           Loads/adds X509 certificate from $file to X509_LOOKUP structure
6646
6647            my $rv = Net::SSLeay::X509_load_cert_file($ctx, $file, $type);
6648            # $ctx - value corresponding to openssl's X509_LOOKUP structure
6649            # $file - (string) file name
6650            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
6651            #
6652            # returns: 1 on success, 0 on failure
6653
6654       •   X509_load_crl_file
6655
6656           Loads/adds X509 CRL from $file to X509_LOOKUP structure
6657
6658            my $rv = Net::SSLeay::X509_load_crl_file($ctx, $file, $type);
6659            # $ctx - value corresponding to openssl's X509_LOOKUP structure
6660            # $file - (string) file name
6661            # $type - (integer) type - use constants &Net::SSLeay::FILETYPE_PEM or &Net::SSLeay::FILETYPE_ASN1
6662            #
6663            # returns: 1 on success, 0 on failure
6664
6665       •   X509_policy_level_get0_node
6666
6667           ??? (more info needed)
6668
6669            my $rv = Net::SSLeay::X509_policy_level_get0_node($level, $i);
6670            # $level - value corresponding to openssl's X509_POLICY_LEVEL structure
6671            # $i - (integer) index/position
6672            #
6673            # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure)
6674
6675       •   X509_policy_level_node_count
6676
6677           ??? (more info needed)
6678
6679            my $rv = Net::SSLeay::X509_policy_level_node_count($level);
6680            # $level - value corresponding to openssl's X509_POLICY_LEVEL structure
6681            #
6682            # returns: (integer) node count
6683
6684       •   X509_policy_node_get0_parent
6685
6686           ??? (more info needed)
6687
6688            my $rv = Net::SSLeay::X509_policy_node_get0_parent($node);
6689            # $node - value corresponding to openssl's X509_POLICY_NODE structure
6690            #
6691            # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure)
6692
6693       •   X509_policy_node_get0_policy
6694
6695           ??? (more info needed)
6696
6697            my $rv = Net::SSLeay::X509_policy_node_get0_policy($node);
6698            # $node - value corresponding to openssl's X509_POLICY_NODE structure
6699            #
6700            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
6701
6702       •   X509_policy_node_get0_qualifiers
6703
6704           ??? (more info needed)
6705
6706            my $rv = Net::SSLeay::X509_policy_node_get0_qualifiers($node);
6707            # $node - value corresponding to openssl's X509_POLICY_NODE structure
6708            #
6709            # returns: value corresponding to openssl's STACK_OF(POLICYQUALINFO) structure (0 on failure)
6710
6711       •   X509_policy_tree_free
6712
6713           ??? (more info needed)
6714
6715            Net::SSLeay::X509_policy_tree_free($tree);
6716            # $tree - value corresponding to openssl's X509_POLICY_TREE structure
6717            #
6718            # returns: no return value
6719
6720       •   X509_policy_tree_get0_level
6721
6722           ??? (more info needed)
6723
6724            my $rv = Net::SSLeay::X509_policy_tree_get0_level($tree, $i);
6725            # $tree - value corresponding to openssl's X509_POLICY_TREE structure
6726            # $i - (integer) level index
6727            #
6728            # returns: value corresponding to openssl's X509_POLICY_LEVEL structure (0 on failure)
6729
6730       •   X509_policy_tree_get0_policies
6731
6732           ??? (more info needed)
6733
6734            my $rv = Net::SSLeay::X509_policy_tree_get0_policies($tree);
6735            # $tree - value corresponding to openssl's X509_POLICY_TREE structure
6736            #
6737            # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure)
6738
6739       •   X509_policy_tree_get0_user_policies
6740
6741           ??? (more info needed)
6742
6743            my $rv = Net::SSLeay::X509_policy_tree_get0_user_policies($tree);
6744            # $tree - value corresponding to openssl's X509_POLICY_TREE structure
6745            #
6746            # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure)
6747
6748       •   X509_policy_tree_level_count
6749
6750           ??? (more info needed)
6751
6752            my $rv = Net::SSLeay::X509_policy_tree_level_count($tree);
6753            # $tree - value corresponding to openssl's X509_POLICY_TREE structure
6754            #
6755            # returns: (integer) count
6756
6757       •   X509_verify_cert_error_string
6758
6759           Returns a human readable error string for verification error $n.
6760
6761            my $rv = Net::SSLeay::X509_verify_cert_error_string($n);
6762            # $n - (long) numeric error code
6763            #
6764            # returns: error string
6765
6766           Check openssl doc
6767           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_get_error.html>
6768
6769       •   P_X509_add_extensions
6770
6771           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6772
6773           Adds one or more X509 extensions to X509 object $x.
6774
6775            my $rv = Net::SSLeay::P_X509_add_extensions($x, $ca_cert, $nid, $value);
6776            # $x - value corresponding to openssl's X509 structure
6777            # $ca_cert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NID_authority_key_identifier)
6778            # $nid - NID identifying extension to be set
6779            # $value - extension value
6780            #
6781            # returns: 1 on success, 0 on failure
6782
6783           You can set more extensions at once:
6784
6785            my $rv = Net::SSLeay::P_X509_add_extensions($x509, $ca_cert,
6786                           &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment',
6787                           &Net::SSLeay::NID_subject_key_identifier => 'hash',
6788                           &Net::SSLeay::NID_authority_key_identifier => 'keyid',
6789                           &Net::SSLeay::NID_authority_key_identifier => 'issuer',
6790                           &Net::SSLeay::NID_basic_constraints => 'CA:FALSE',
6791                           &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth',
6792                           &Net::SSLeay::NID_netscape_cert_type => 'server',
6793                           &Net::SSLeay::NID_subject_alt_name => 'DNS:s1.dom.com,DNS:s2.dom.com,DNS:s3.dom.com',
6794                     );
6795
6796       •   P_X509_copy_extensions
6797
6798           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6799
6800           Copies X509 extensions from X509_REQ object to X509 object - handy
6801           when you need to turn X509_REQ into X509 certificate.
6802
6803            Net::SSLeay::P_X509_copy_extensions($x509_req, $x509, $override);
6804            # $x509_req - value corresponding to openssl's X509_REQ structure
6805            # $x509 - value corresponding to openssl's X509 structure
6806            # $override - (integer) flag indication whether to override already existing items in $x509 (default 1)
6807            #
6808            # returns: 1 on success, 0 on failure
6809
6810       •   P_X509_get_crl_distribution_points
6811
6812           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
6813           requires at least openssl-0.9.7
6814
6815           Get the list of CRL distribution points from X509 certificate.
6816
6817            my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509);
6818            # $x509 - value corresponding to openssl's X509 structure
6819            #
6820            # returns: list of distribution points (usually URLs)
6821
6822       •   P_X509_get_ext_key_usage
6823
6824           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
6825           requires at least openssl-0.9.7
6826
6827           Gets the list of extended key usage of given X509 certificate
6828           $cert.
6829
6830            my @ext_usage = Net::SSLeay::P_X509_get_ext_key_usage($cert, $format);
6831            # $cert - value corresponding to openssl's X509 structure
6832            # $format - choose type of return values: 0=OIDs, 1=NIDs, 2=shortnames, 3=longnames
6833            #
6834            # returns: list of values
6835
6836           Examples:
6837
6838            my @extkeyusage_oid = Net::SSLeay::P_X509_get_ext_key_usage($x509,0);
6839            # returns for example: ("1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2")
6840
6841            my @extkeyusage_nid = Net::SSLeay::P_X509_get_ext_key_usage($x509,1);
6842            # returns for example: (129, 130)
6843
6844            my @extkeyusage_sn  = Net::SSLeay::P_X509_get_ext_key_usage($x509,2);
6845            # returns for example: ("serverAuth", "clientAuth")
6846
6847            my @extkeyusage_ln  = Net::SSLeay::P_X509_get_ext_key_usage($x509,3);
6848            # returns for example: ("TLS Web Server Authentication",  "TLS Web Client Authentication")
6849
6850       •   P_X509_get_key_usage
6851
6852           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6853
6854           Gets the list of key usage of given X509 certificate $cert.
6855
6856            my @keyusage = Net::SSLeay::P_X509_get_key_usage($cert);
6857            # $cert - value corresponding to openssl's X509 structure
6858            #
6859            # returns: list of key usage values which can be none, one or more from the following list:
6860            #          "digitalSignature"
6861            #          "nonRepudiation"
6862            #          "keyEncipherment"
6863            #          "dataEncipherment"
6864            #          "keyAgreement"
6865            #          "keyCertSign"
6866            #          "cRLSign"
6867            #          "encipherOnly"
6868            #          "decipherOnly"
6869
6870       •   P_X509_get_netscape_cert_type
6871
6872           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6873
6874           Gets the list of Netscape cert types of given X509 certificate
6875           $cert.
6876
6877            Net::SSLeay::P_X509_get_netscape_cert_type($cert);
6878            # $cert - value corresponding to openssl's X509 structure
6879            #
6880            # returns: list of Netscape type values which can be none, one or more from the following list:
6881            #          "client"
6882            #          "server"
6883            #          "email"
6884            #          "objsign"
6885            #          "reserved"
6886            #          "sslCA"
6887            #          "emailCA"
6888            #          "objCA"
6889
6890       •   P_X509_get_pubkey_alg
6891
6892           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6893
6894           Returns ASN1_OBJECT corresponding to X509 certificate public key
6895           algorithm.
6896
6897            my $rv = Net::SSLeay::P_X509_get_pubkey_alg($x);
6898            # $x - value corresponding to openssl's X509 structure
6899            #
6900            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
6901
6902           To get textual representation use:
6903
6904            my $alg = Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_pubkey_alg($x509));
6905            # returns for example: "rsaEncryption"
6906
6907       •   P_X509_get_signature_alg
6908
6909           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
6910
6911           Returns ASN1_OBJECT corresponding to X509 signarite key algorithm.
6912
6913            my $rv = Net::SSLeay::P_X509_get_signature_alg($x);
6914            # $x - value corresponding to openssl's X509 structure
6915            #
6916            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
6917
6918           To get textual representation use:
6919
6920            my $alg = Net::SSLeay::OBJ_obj2txt(Net::SSLeay::P_X509_get_signature_alg($x509))
6921            # returns for example: "sha1WithRSAEncryption"
6922
6923       •   sk_X509_new_null
6924
6925           Returns a new, empty, STACK_OF(X509) structure.
6926
6927            my $rv = Net::SSLeay::sk_X509_new_null();
6928            #
6929            # returns: value corresponding to openssl's STACK_OF(X509) structure
6930
6931       •   sk_X509_push
6932
6933           Pushes an X509 structure onto a STACK_OF(X509) structure.
6934
6935            my $rv = Net::SSLeay::sk_X509_push($sk_x509, $x509);
6936            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
6937            # $x509 - value corresponding to openssl's X509 structure
6938            #
6939            # returns: total number of elements after the operation, 0 on failure
6940
6941       •   sk_X509_pop
6942
6943           Pops an single X509 structure from a STACK_OF(X509) structure.
6944
6945            my $x509 = NetSSLeay::sk_X509_pop($sk_x509)
6946            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
6947            #
6948            # returns: a pointer to an X509 structure, undef on failure
6949
6950           Check openssl doc
6951           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_pop.html>
6952
6953       •   sk_X509_shift
6954
6955           Shifts an single X509 structure onto a STACK_OF(X509) structure.
6956
6957            my $x509 = NetSSLeay::sk_X509_shift($sk_x509, $x509)
6958            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
6959            # $x509 - value corresponding to openssl's X509 structure
6960            #
6961            # returns: a pointer to an X509 structure, undef on failure
6962
6963           Check openssl doc
6964           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_shift.html>
6965
6966       •   sk_X509_unshift
6967
6968           Unshifts an single X509 structure from a STACK_OF(X509) structure.
6969
6970            my $rv = NetSSLeay::sk_X509_unshift($sk_x509)
6971            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
6972            #
6973            # returns: total number of elements after the operation, 0 on failure
6974
6975           Check openssl doc
6976           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_unshift.html>
6977
6978       •   sk_X509_insert
6979
6980           Inserts a single X509 structure into a STACK_OF(X509) at the
6981           specified index.
6982
6983            my $rv = Net::SSLeay::sk_X509_insert($sk_x509, $x509, index);
6984            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
6985            # $x509 - value corresponding to openssl's X509 structure
6986            # index - integer - 0 based index
6987            #
6988            # returns: total number of elements after the operation, 0 on failure
6989
6990           Check openssl doc
6991           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_insert.html>
6992
6993       •   sk_X509_delete
6994
6995           Delete a single X509 structure from a STACK_OF(X509) at the
6996           specified index.
6997
6998            my $x509 = Net::SSLeay::sk_X509_delete($sk_x509, index);
6999            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
7000            # index - integer - 0 based index
7001            #
7002            # returns: a pointer to an X509 structure, undef on failure
7003
7004           Check openssl doc
7005           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_delete.html>
7006
7007       •   sk_X509_value
7008
7009           Return a single X509 structure from a STACK_OF(X509) at the
7010           specified index.
7011
7012            my $x509 = Net::SSLeay::sk_X509_value($sk_x509, index)
7013            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
7014            # index - integer - 0 based index
7015            #
7016            # returns: a pointer to an X509 structure, undef on failure
7017
7018           Check openssl doc
7019           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_value.html>
7020
7021       •   sk_X509_num
7022
7023           Return the number of X509 elements in a STACK_OF(X509).
7024
7025            my $num = Net::SSLeay::sk_X509_num($sk_x509);
7026            # $sk_x509 - value corresponding to openssl's STACK_OF(X509) structure
7027            #
7028            # returns: the number of elements in the stack, -1 if the passed stack is NULL
7029
7030           Check openssl doc
7031           <https://www.openssl.org/docs/manmaster/man3/sk_TYPE_num.html>
7032
7033       Low level API: X509_REQ_* related functions
7034
7035       •   X509_REQ_new
7036
7037           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7038
7039           Creates a new X509_REQ structure.
7040
7041            my $rv = Net::SSLeay::X509_REQ_new();
7042            #
7043            # returns: value corresponding to openssl's X509_REQ structure (0 on failure)
7044
7045       •   X509_REQ_free
7046
7047           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7048
7049           Free an allocated X509_REQ structure.
7050
7051            Net::SSLeay::X509_REQ_free($x);
7052            # $x - value corresponding to openssl's X509_REQ structure
7053            #
7054            # returns: no return value
7055
7056       •   X509_REQ_add1_attr_by_NID
7057
7058           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7059
7060           Adds an attribute whose name is defined by a NID $nid. The field
7061           value to be added is in $bytes.
7062
7063            my $rv = Net::SSLeay::X509_REQ_add1_attr_by_NID($req, $nid, $type, $bytes);
7064            # $req - value corresponding to openssl's X509_REQ structure
7065            # $nid - (integer) NID value
7066            # $type - (integer) type of data in $bytes (see below)
7067            # $bytes - data to be set
7068            #
7069            # returns: 1 on success, 0 on failure
7070
7071            # values for $type - use constants:
7072            &Net::SSLeay::MBSTRING_UTF8     - $bytes contains utf8 encoded data
7073            &Net::SSLeay::MBSTRING_ASC      - $bytes contains ASCII data
7074
7075       •   X509_REQ_digest
7076
7077           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7078
7079           Computes digest/fingerprint of X509_REQ $data using $type hash
7080           function.
7081
7082            my $digest_value = Net::SSLeay::X509_REQ_digest($data, $type);
7083            # $data - value corresponding to openssl's X509_REQ structure
7084            # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname()
7085            #
7086            # returns: hash value (binary)
7087
7088            #to get printable (hex) value of digest use:
7089            print unpack('H*', $digest_value);
7090
7091       •   X509_REQ_get_attr_by_NID
7092
7093           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7094
7095           Retrieve the next index matching $nid after $lastpos ($lastpos
7096           should initially be set to -1).
7097
7098            my $rv = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid, $lastpos=-1);
7099            # $req - value corresponding to openssl's X509_REQ structure
7100            # $nid - (integer) NID value
7101            # $lastpos - [optional] (integer) index where to start search (default -1)
7102            #
7103            # returns: index (-1 if there are no more entries)
7104
7105           Note: use "P_X509_REQ_get_attr" to get the actual attribute value -
7106           e.g.
7107
7108            my $index = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid);
7109            my @attr_values = Net::SSLeay::P_X509_REQ_get_attr($req, $index);
7110
7111       •   X509_REQ_get_attr_by_OBJ
7112
7113           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7114
7115           Retrieve the next index matching $obj after $lastpos ($lastpos
7116           should initially be set to -1).
7117
7118            my $rv = Net::SSLeay::X509_REQ_get_attr_by_OBJ($req, $obj, $lastpos=-1);
7119            # $req - value corresponding to openssl's X509_REQ structure
7120            # $obj - value corresponding to openssl's ASN1_OBJECT structure
7121            # $lastpos - [optional] (integer) index where to start search (default -1)
7122            #
7123            # returns: index (-1 if there are no more entries)
7124
7125           Note: use "P_X509_REQ_get_attr" to get the actual attribute value -
7126           e.g.
7127
7128            my $index = Net::SSLeay::X509_REQ_get_attr_by_NID($req, $nid);
7129            my @attr_values = Net::SSLeay::P_X509_REQ_get_attr($req, $index);
7130
7131       •   X509_REQ_get_attr_count
7132
7133           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7134
7135           Returns the total number of attributes in $req.
7136
7137            my $rv = Net::SSLeay::X509_REQ_get_attr_count($req);
7138            # $req - value corresponding to openssl's X509_REQ structure
7139            #
7140            # returns: (integer) items count
7141
7142       •   X509_REQ_get_pubkey
7143
7144           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7145
7146           Returns public key corresponding to given X509_REQ object $x.
7147
7148            my $rv = Net::SSLeay::X509_REQ_get_pubkey($x);
7149            # $x - value corresponding to openssl's X509_REQ structure
7150            #
7151            # returns: value corresponding to openssl's EVP_PKEY structure (0 on failure)
7152
7153       •   X509_REQ_get_subject_name
7154
7155           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7156
7157           Returns X509_NAME object corresponding to subject name of given
7158           X509_REQ object $x.
7159
7160            my $rv = Net::SSLeay::X509_REQ_get_subject_name($x);
7161            # $x - value corresponding to openssl's X509_REQ structure
7162            #
7163            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
7164
7165       •   X509_REQ_get_version
7166
7167           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7168
7169           Returns 'version' value for given X509_REQ object $x.
7170
7171            my $rv = Net::SSLeay::X509_REQ_get_version($x);
7172            # $x - value corresponding to openssl's X509_REQ structure
7173            #
7174            # returns: (integer) version e.g. 0 = "version 1"
7175
7176       •   X509_REQ_set_pubkey
7177
7178           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7179
7180           Sets public key of given X509_REQ object $x to $pkey.
7181
7182            my $rv = Net::SSLeay::X509_REQ_set_pubkey($x, $pkey);
7183            # $x - value corresponding to openssl's X509_REQ structure
7184            # $pkey - value corresponding to openssl's EVP_PKEY structure
7185            #
7186            # returns: 1 on success, 0 on failure
7187
7188       •   X509_REQ_set_subject_name
7189
7190           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7191
7192           Sets subject name of given X509_REQ object $x to X509_NAME object
7193           $name.
7194
7195            my $rv = Net::SSLeay::X509_REQ_set_subject_name($x, $name);
7196            # $x - value corresponding to openssl's X509_REQ structure
7197            # $name - value corresponding to openssl's X509_NAME structure
7198            #
7199            # returns: 1 on success, 0 on failure
7200
7201       •   X509_REQ_set_version
7202
7203           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7204
7205           Sets 'version' of given X509_REQ object $x to $version.
7206
7207            my $rv = Net::SSLeay::X509_REQ_set_version($x, $version);
7208            # $x - value corresponding to openssl's X509_REQ structure
7209            # $version - (integer) e.g. 0 = "version 1"
7210            #
7211            # returns: 1 on success, 0 on failure
7212
7213       •   X509_REQ_sign
7214
7215           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7216
7217           Sign X509_REQ object $x with private key $pk (using digest
7218           algorithm $md).
7219
7220            my $rv = Net::SSLeay::X509_REQ_sign($x, $pk, $md);
7221            # $x - value corresponding to openssl's X509_REQ structure
7222            # $pk - value corresponding to openssl's EVP_PKEY structure (requestor's private key)
7223            # $md - value corresponding to openssl's EVP_MD structure
7224            #
7225            # returns: 1 on success, 0 on failure
7226
7227       •   X509_REQ_verify
7228
7229           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7230
7231           Verifies X509_REQ object $x using public key $r (pubkey of
7232           requesting party).
7233
7234            my $rv = Net::SSLeay::X509_REQ_verify($x, $r);
7235            # $x - value corresponding to openssl's X509_REQ structure
7236            # $r - value corresponding to openssl's EVP_PKEY structure
7237            #
7238            # returns: 0 - verify failure, 1 - verify OK, <0 - error
7239
7240       •   P_X509_REQ_add_extensions
7241
7242           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7243
7244           Adds one or more X509 extensions to X509_REQ object $x.
7245
7246            my $rv = Net::SSLeay::P_X509_REQ_add_extensions($x, $nid, $value);
7247            # $x - value corresponding to openssl's X509_REQ structure
7248            # $nid - NID identifying extension to be set
7249            # $value - extension value
7250            #
7251            # returns: 1 on success, 0 on failure
7252
7253           You can set more extensions at once:
7254
7255            my $rv = Net::SSLeay::P_X509_REQ_add_extensions($x509_req,
7256                       &Net::SSLeay::NID_key_usage => 'digitalSignature,keyEncipherment',
7257                       &Net::SSLeay::NID_basic_constraints => 'CA:FALSE',
7258                       &Net::SSLeay::NID_ext_key_usage => 'serverAuth,clientAuth',
7259                       &Net::SSLeay::NID_netscape_cert_type => 'server',
7260                       &Net::SSLeay::NID_subject_alt_name => 'DNS:s1.com,DNS:s2.com',
7261                       &Net::SSLeay::NID_crl_distribution_points => 'URI:http://pki.com/crl1,URI:http://pki.com/crl2',
7262                     );
7263
7264       •   P_X509_REQ_get_attr
7265
7266           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7267           requires at least openssl-0.9.7
7268
7269           Returns attribute value for X509_REQ's attribute at index $n.
7270
7271            Net::SSLeay::P_X509_REQ_get_attr($req, $n);
7272            # $req - value corresponding to openssl's X509_REQ structure
7273            # $n - (integer) attribute index
7274            #
7275            # returns: value corresponding to openssl's ASN1_STRING structure
7276
7277       Low level API: X509_CRL_* related functions
7278
7279       •   X509_CRL_new
7280
7281           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7282
7283           Creates a new X509_CRL structure.
7284
7285            my $rv = Net::SSLeay::X509_CRL_new();
7286            #
7287            # returns: value corresponding to openssl's X509_CRL structure (0 on failure)
7288
7289       •   X509_CRL_free
7290
7291           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7292
7293           Free an allocated X509_CRL structure.
7294
7295            Net::SSLeay::X509_CRL_free($x);
7296            # $x - value corresponding to openssl's X509_CRL structure
7297            #
7298            # returns: no return value
7299
7300       •   X509_CRL_digest
7301
7302           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7303
7304           Computes digest/fingerprint of X509_CRL $data using $type hash
7305           function.
7306
7307            my $digest_value = Net::SSLeay::X509_CRL_digest($data, $type);
7308            # $data - value corresponding to openssl's X509_CRL structure
7309            # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname()
7310            #
7311            # returns: hash value (binary)
7312
7313           Example:
7314
7315            my $x509_crl
7316            my $md = Net::SSLeay::EVP_get_digestbyname("sha1");
7317            my $digest_value = Net::SSLeay::X509_CRL_digest($x509_crl, $md);
7318            #to get printable (hex) value of digest use:
7319            print "digest=", unpack('H*', $digest_value), "\n";
7320
7321       •   X509_CRL_get_ext
7322
7323           COMPATIBILITY: not available in Net-SSLeay-1.54 and before
7324
7325           Returns X509_EXTENSION from $x509 based on given position/index.
7326
7327            my $rv = Net::SSLeay::X509_CRL_get_ext($x509, $index);
7328            # $x509 - value corresponding to openssl's X509_CRL structure
7329            # $index - (integer) position/index of extension within $x509
7330            #
7331            # returns: value corresponding to openssl's X509_EXTENSION structure (0 on failure)
7332
7333       •   X509_CRL_get_ext_by_NID
7334
7335           COMPATIBILITY: not available in Net-SSLeay-1.54 and before
7336
7337           Returns X509_EXTENSION from $x509 based on given NID.
7338
7339            my $rv = Net::SSLeay::X509_CRL_get_ext_by_NID($x509, $nid, $loc);
7340            # $x509 - value corresponding to openssl's X509_CRL structure
7341            # $nid - (integer) NID value
7342            # $loc - (integer) position to start lookup at
7343            #
7344            # returns: position/index of extension, negative value on error
7345            #          call Net::SSLeay::X509_CRL_get_ext($x509, $rv) to get the actual extension
7346
7347       •   X509_CRL_get_ext_count
7348
7349           COMPATIBILITY: not available in Net-SSLeay-1.54 and before
7350
7351           Returns the total number of extensions in X509_CRL object $x.
7352
7353            my $rv = Net::SSLeay::X509_CRL_get_ext_count($x);
7354            # $x - value corresponding to openssl's X509_CRL structure
7355            #
7356            # returns: count of extensions
7357
7358       •   X509_CRL_get_issuer
7359
7360           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7361
7362           Returns X509_NAME object corresponding to the issuer of X509_CRL
7363           $x.
7364
7365            my $rv = Net::SSLeay::X509_CRL_get_issuer($x);
7366            # $x - value corresponding to openssl's X509_CRL structure
7367            #
7368            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
7369
7370           See other "X509_NAME_*" functions to get more info from X509_NAME
7371           structure.
7372
7373       •   X509_CRL_get_lastUpdate
7374
7375           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7376
7377           Returns 'lastUpdate' date-time value of X509_CRL object $x.
7378
7379            my $rv = Net::SSLeay::X509_CRL_get_lastUpdate($x);
7380            # $x - value corresponding to openssl's X509_CRL structure
7381            #
7382            # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure)
7383
7384       •   X509_CRL_get_nextUpdate
7385
7386           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7387
7388           Returns 'nextUpdate' date-time value of X509_CRL object $x.
7389
7390            my $rv = Net::SSLeay::X509_CRL_get_nextUpdate($x);
7391            # $x - value corresponding to openssl's X509_CRL structure
7392            #
7393            # returns: value corresponding to openssl's ASN1_TIME structure (0 on failure)
7394
7395       •   X509_CRL_get_version
7396
7397           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7398
7399           Returns 'version' value of given X509_CRL structure $x.
7400
7401            my $rv = Net::SSLeay::X509_CRL_get_version($x);
7402            # $x - value corresponding to openssl's X509_CRL structure
7403            #
7404            # returns: (integer) version
7405
7406       •   X509_CRL_set_issuer_name
7407
7408           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7409           requires at least openssl-0.9.7
7410
7411           Sets the issuer of X509_CRL object $x to X509_NAME object $name.
7412
7413            my $rv = Net::SSLeay::X509_CRL_set_issuer_name($x, $name);
7414            # $x - value corresponding to openssl's X509_CRL structure
7415            # $name - value corresponding to openssl's X509_NAME structure
7416            #
7417            # returns: 1 on success, 0 on failure
7418
7419       •   X509_CRL_set_lastUpdate
7420
7421           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7422           requires at least openssl-0.9.7
7423
7424           Sets 'lastUpdate' value of X509_CRL object $x to $tm.
7425
7426            my $rv = Net::SSLeay::X509_CRL_set_lastUpdate($x, $tm);
7427            # $x - value corresponding to openssl's X509_CRL structure
7428            # $tm - value corresponding to openssl's ASN1_TIME structure
7429            #
7430            # returns: 1 on success, 0 on failure
7431
7432       •   X509_CRL_set_nextUpdate
7433
7434           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7435           requires at least openssl-0.9.7
7436
7437           Sets 'nextUpdate' value of X509_CRL object $x to $tm.
7438
7439            my $rv = Net::SSLeay::X509_CRL_set_nextUpdate($x, $tm);
7440            # $x - value corresponding to openssl's X509_CRL structure
7441            # $tm - value corresponding to openssl's ASN1_TIME structure
7442            #
7443            # returns: 1 on success, 0 on failure
7444
7445       •   X509_CRL_set_version
7446
7447           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7448           requires at least openssl-0.9.7
7449
7450           Sets 'version' value of given X509_CRL structure $x to $version.
7451
7452            my $rv = Net::SSLeay::X509_CRL_set_version($x, $version);
7453            # $x - value corresponding to openssl's X509_CRL structure
7454            # $version - (integer) version number (1 = version 2 CRL)
7455            #
7456            # returns: 1 on success, 0 on failure
7457
7458           Note that if you want to use any X509_CRL extension you need to set
7459           "version 2 CRL" - "Net::SSLeay::X509_CRL_set_version($x, 1)".
7460
7461       •   X509_CRL_sign
7462
7463           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7464
7465           Sign X509_CRL object $x with private key $pkey (using digest
7466           algorithm $md).
7467
7468            my $rv = Net::SSLeay::X509_CRL_sign($x, $pkey, $md);
7469            # $x - value corresponding to openssl's X509_CRL structure
7470            # $pkey - value corresponding to openssl's EVP_PKEY structure
7471            # $md - value corresponding to openssl's EVP_MD structure
7472            #
7473            # returns: 1 on success, 0 on failure
7474
7475       •   X509_CRL_sort
7476
7477           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7478           requires at least openssl-0.9.7
7479
7480           Sorts the data of X509_CRL object so it will be written in serial
7481           number order.
7482
7483            my $rv = Net::SSLeay::X509_CRL_sort($x);
7484            # $x - value corresponding to openssl's X509_CRL structure
7485            #
7486            # returns: 1 on success, 0 on failure
7487
7488       •   X509_CRL_verify
7489
7490           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7491
7492           Verifies X509_CRL object $a using public key $r (pubkey of issuing
7493           CA).
7494
7495            my $rv = Net::SSLeay::X509_CRL_verify($a, $r);
7496            # $a - value corresponding to openssl's X509_CRL structure
7497            # $r - value corresponding to openssl's EVP_PKEY structure
7498            #
7499            # returns: 0 - verify failure, 1 - verify OK, <0 - error
7500
7501       •   P_X509_CRL_add_revoked_serial_hex
7502
7503           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7504           requires at least openssl-0.9.7
7505
7506           Adds given serial number $serial_hex to X509_CRL object $crl.
7507
7508            Net::SSLeay::P_X509_CRL_add_revoked_serial_hex($crl, $serial_hex, $rev_time, $reason_code, $comp_time);
7509            # $crl - value corresponding to openssl's X509_CRL structure
7510            # $serial_hex - string (hexadecimal) representation of serial number
7511            # $rev_time - (revocation time) value corresponding to openssl's ASN1_TIME structure
7512            # $reason_code - [optional] (integer) reason code (see below) - default 0
7513            # $comp_time - [optional] (compromise time) value corresponding to openssl's ASN1_TIME structure
7514            #
7515            # returns: no return value
7516
7517            reason codes:
7518            0 - unspecified
7519            1 - keyCompromise
7520            2 - CACompromise
7521            3 - affiliationChanged
7522            4 - superseded
7523            5 - cessationOfOperation
7524            6 - certificateHold
7525            7 - removeFromCRL
7526
7527       •   P_X509_CRL_get_serial
7528
7529           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7530           requires at least openssl-0.9.7
7531
7532           Returns serial number of X509_CRL object.
7533
7534            my $rv = Net::SSLeay::P_X509_CRL_get_serial($crl);
7535            # $crl - value corresponding to openssl's X509_CRL structure
7536            #
7537            # returns: value corresponding to openssl's ASN1_INTEGER structure (0 on failure)
7538
7539       •   P_X509_CRL_set_serial
7540
7541           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7542           requires at least openssl-0.9.7
7543
7544           Sets serial number of X509_CRL object to $crl_number.
7545
7546            my $rv = Net::SSLeay::P_X509_CRL_set_serial($crl, $crl_number);
7547            # $crl - value corresponding to openssl's X509_CRL structure
7548            # $crl_number - value corresponding to openssl's ASN1_INTEGER structure
7549            #
7550            # returns: 1 on success, 0 on failure
7551
7552       •   P_X509_CRL_add_extensions
7553
7554           COMPATIBILITY: not available in Net-SSLeay-1.88 and before
7555
7556           Adds one or more X509 extensions to X509 CRL object $x.
7557
7558            my $rv = Net::SSLeay::P_X509_CRL_add_extensions($x, $ca_cert, $nid, $value);
7559            # $x - value corresponding to openssl's X509 CRL structure
7560            # $ca_cert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NID_authority_key_identifier)
7561            # $nid - NID identifying extension to be set
7562            # $value - extension value
7563            #
7564            # returns: 1 on success, 0 on failure
7565
7566           For more details see "P_X509_add_extensions".
7567
7568       Low level API: X509_EXTENSION_* related functions
7569
7570       •   X509_EXTENSION_get_critical
7571
7572           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7573
7574           Returns 'critical' flag of given X509_EXTENSION object $ex.
7575
7576            my $rv = Net::SSLeay::X509_EXTENSION_get_critical($ex);
7577            # $ex - value corresponding to openssl's X509_EXTENSION structure
7578            #
7579            # returns: (integer) 1 - critical, 0 - noncritical
7580
7581       •   X509_EXTENSION_get_data
7582
7583           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7584
7585           Returns value (raw data) of X509_EXTENSION object $ne.
7586
7587            my $rv = Net::SSLeay::X509_EXTENSION_get_data($ne);
7588            # $ne - value corresponding to openssl's X509_EXTENSION structure
7589            #
7590            # returns: value corresponding to openssl's ASN1_OCTET_STRING structure (0 on failure)
7591
7592           Note: you can use "P_ASN1_STRING_get" to convert ASN1_OCTET_STRING
7593           into perl scalar variable.
7594
7595       •   X509_EXTENSION_get_object
7596
7597           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7598
7599           Returns OID (ASN1_OBJECT) of X509_EXTENSION object $ne.
7600
7601            my $rv = Net::SSLeay::X509_EXTENSION_get_object($ex);
7602            # $ex - value corresponding to openssl's X509_EXTENSION structure
7603            #
7604            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
7605
7606       •   X509V3_EXT_print
7607
7608           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7609
7610           Returns string representation of given X509_EXTENSION object $ext.
7611
7612            Net::SSLeay::X509V3_EXT_print($ext, $flags, $utf8_decode);
7613            # $ext - value corresponding to openssl's X509_EXTENSION structure
7614            # $flags - [optional] (integer) Currently the flag argument is unused and should be set to 0
7615            # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)
7616            #
7617            # returns: no return value
7618
7619       •   X509V3_EXT_d2i
7620
7621           Parses an extension and returns its internal structure.
7622
7623            my $rv = Net::SSLeay::X509V3_EXT_d2i($ext);
7624            # $ext - value corresponding to openssl's X509_EXTENSION structure
7625            #
7626            # returns: pointer ???
7627
7628       Low level API: X509_NAME_* related functions
7629
7630       •   X509_NAME_ENTRY_get_data
7631
7632           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7633
7634           Retrieves the field value of $ne in and ASN1_STRING structure.
7635
7636            my $rv = Net::SSLeay::X509_NAME_ENTRY_get_data($ne);
7637            # $ne - value corresponding to openssl's X509_NAME_ENTRY structure
7638            #
7639            # returns: value corresponding to openssl's ASN1_STRING structure (0 on failure)
7640
7641           Check openssl doc
7642           <http://www.openssl.org/docs/crypto/X509_NAME_ENTRY_get_object.html>
7643
7644       •   X509_NAME_ENTRY_get_object
7645
7646           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7647
7648           Retrieves the field name of $ne in and ASN1_OBJECT structure.
7649
7650            my $rv = Net::SSLeay::X509_NAME_ENTRY_get_object($ne);
7651            # $ne - value corresponding to openssl's X509_NAME_ENTRY structure
7652            #
7653            # returns: value corresponding to openssl's ASN1_OBJECT structure (0 on failure)
7654
7655           Check openssl doc
7656           <http://www.openssl.org/docs/crypto/X509_NAME_ENTRY_get_object.html>
7657
7658       •   X509_NAME_new
7659
7660           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
7661           requires at least openssl-0.9.5
7662
7663           Creates a new X509_NAME structure.  Adds a field whose name is
7664           defined by a string $field. The field value to be added is in
7665           $bytes.
7666
7667            my $rv = Net::SSLeay::X509_NAME_new();
7668            #
7669            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
7670
7671       •   X509_NAME_hash
7672
7673           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
7674           requires at least openssl-0.9.5
7675
7676           Sort of a checksum of issuer name $name.  The result is not a full
7677           hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of
7678           'unsigned long' (32 bits).  The resulting value might differ across
7679           different openssl versions for the same X509 certificate.
7680
7681            my $rv = Net::SSLeay::X509_NAME_hash($name);
7682            # $name - value corresponding to openssl's X509_NAME structure
7683            #
7684            # returns: number representing checksum
7685
7686       •   X509_NAME_add_entry_by_txt
7687
7688           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7689           requires at least openssl-0.9.5
7690
7691           Adds a field whose name is defined by a string $field. The field
7692           value to be added is in $bytes.
7693
7694            my $rv = Net::SSLeay::X509_NAME_add_entry_by_txt($name, $field, $type, $bytes, $len, $loc, $set);
7695            # $name - value corresponding to openssl's X509_NAME structure
7696            # $field - (string) field definition (name) - e.g. "organizationName"
7697            # $type - (integer) type of data in $bytes (see below)
7698            # $bytes - data to be set
7699            # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended
7700            # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created
7701            #
7702            # returns: 1 on success, 0 on failure
7703
7704            # values for $type - use constants:
7705            &Net::SSLeay::MBSTRING_UTF8     - $bytes contains utf8 encoded data
7706            &Net::SSLeay::MBSTRING_ASC      - $bytes contains ASCII data
7707
7708           Unicode note: when passing non-ascii (unicode) string in $bytes do
7709           not forget to set "$flags = &Net::SSLeay::MBSTRING_UTF8" and encode
7710           the perl $string via "$bytes = encode('utf-8', $string)".
7711
7712           Check openssl doc
7713           <http://www.openssl.org/docs/crypto/X509_NAME_add_entry_by_txt.html>
7714
7715       •   X509_NAME_add_entry_by_NID
7716
7717           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7718           requires at least openssl-0.9.5
7719
7720           Adds a field whose name is defined by a NID $nid. The field value
7721           to be added is in $bytes.
7722
7723            my $rv = Net::SSLeay::X509_NAME_add_entry_by_NID($name, $nid, $type, $bytes, $len, $loc, $set);
7724            # $name - value corresponding to openssl's X509_NAME structure
7725            # $nid - (integer) field definition - NID value
7726            # $type - (integer) type of data in $bytes (see below)
7727            # $bytes - data to be set
7728            # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended
7729            # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created
7730            #
7731            # returns: 1 on success, 0 on failure
7732
7733           Check openssl doc
7734           <http://www.openssl.org/docs/crypto/X509_NAME_add_entry_by_txt.html>
7735
7736       •   X509_NAME_add_entry_by_OBJ
7737
7738           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
7739           requires at least openssl-0.9.5
7740
7741           Adds a field whose name is defined by a object (OID) $obj . The
7742           field value to be added is in $bytes.
7743
7744            my $rv = Net::SSLeay::X509_NAME_add_entry_by_OBJ($name, $obj, $type, $bytes, $len, $loc, $set);
7745            # $name - value corresponding to openssl's X509_NAME structure
7746            # $obj - field definition - value corresponding to openssl's ASN1_OBJECT structure
7747            # $type - (integer) type of data in $bytes (see below)
7748            # $bytes - data to be set
7749            # $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended
7750            # $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created
7751            #
7752            # returns: 1 on success, 0 on failure
7753
7754           Check openssl doc
7755           <http://www.openssl.org/docs/crypto/X509_NAME_add_entry_by_txt.html>
7756
7757       •   X509_NAME_cmp
7758
7759           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7760
7761           Compares two X509_NAME obejcts.
7762
7763            my $rv = Net::SSLeay::X509_NAME_cmp($a, $b);
7764            # $a - value corresponding to openssl's X509_NAME structure
7765            # $b - value corresponding to openssl's X509_NAME structure
7766            #
7767            # returns: 0 if $a matches $b; non zero otherwise
7768
7769       •   X509_NAME_digest
7770
7771           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7772
7773           Computes digest/fingerprint of X509_NAME $data using $type hash
7774           function.
7775
7776            my $digest_value = Net::SSLeay::X509_NAME_digest($data, $type);
7777            # $data - value corresponding to openssl's X509_NAME structure
7778            # $type - value corresponding to openssl's EVP_MD structure - e.g. got via EVP_get_digestbyname()
7779            #
7780            # returns: hash value (binary)
7781
7782            #to get printable (hex) value of digest use:
7783            print unpack('H*', $digest_value);
7784
7785       •   X509_NAME_entry_count
7786
7787           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7788
7789           Returns the total number of entries in $name.
7790
7791            my $rv = Net::SSLeay::X509_NAME_entry_count($name);
7792            # $name - value corresponding to openssl's X509_NAME structure
7793            #
7794            # returns: (integer) entries count
7795
7796           Check openssl doc
7797           <http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html>
7798
7799       •   X509_NAME_get_entry
7800
7801           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7802
7803           Retrieves the X509_NAME_ENTRY from $name corresponding to index
7804           $loc. Acceptable values for $loc run from 0 to
7805           "Net::SSLeay::X509_NAME_entry_count($name)- 1". The value returned
7806           is an internal pointer which must not be freed.
7807
7808            my $rv = Net::SSLeay::X509_NAME_get_entry($name, $loc);
7809            # $name - value corresponding to openssl's X509_NAME structure
7810            # $loc - (integer) index of wanted entry
7811            #
7812            # returns: value corresponding to openssl's X509_NAME_ENTRY structure (0 on failure)
7813
7814           Check openssl doc
7815           <http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html>
7816
7817       •   X509_NAME_print_ex
7818
7819           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
7820
7821           Returns a string with human readable version of $name.
7822
7823            Net::SSLeay::X509_NAME_print_ex($name, $flags, $utf8_decode);
7824            # $name - value corresponding to openssl's X509_NAME structure
7825            # $flags - [optional] conversion flags (default XN_FLAG_RFC2253) - see below
7826            # $utf8_decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)
7827            #
7828            # returns: string representation of $name
7829
7830            #available conversion flags - use constants:
7831            &Net::SSLeay::XN_FLAG_COMPAT
7832            &Net::SSLeay::XN_FLAG_DN_REV
7833            &Net::SSLeay::XN_FLAG_DUMP_UNKNOWN_FIELDS
7834            &Net::SSLeay::XN_FLAG_FN_ALIGN
7835            &Net::SSLeay::XN_FLAG_FN_LN
7836            &Net::SSLeay::XN_FLAG_FN_MASK
7837            &Net::SSLeay::XN_FLAG_FN_NONE
7838            &Net::SSLeay::XN_FLAG_FN_OID
7839            &Net::SSLeay::XN_FLAG_FN_SN
7840            &Net::SSLeay::XN_FLAG_MULTILINE
7841            &Net::SSLeay::XN_FLAG_ONELINE
7842            &Net::SSLeay::XN_FLAG_RFC2253
7843            &Net::SSLeay::XN_FLAG_SEP_COMMA_PLUS
7844            &Net::SSLeay::XN_FLAG_SEP_CPLUS_SPC
7845            &Net::SSLeay::XN_FLAG_SEP_MASK
7846            &Net::SSLeay::XN_FLAG_SEP_MULTILINE
7847            &Net::SSLeay::XN_FLAG_SEP_SPLUS_SPC
7848            &Net::SSLeay::XN_FLAG_SPC_EQ
7849
7850           Most likely you will be fine with default:
7851
7852            Net::SSLeay::X509_NAME_print_ex($name, &Net::SSLeay::XN_FLAG_RFC2253);
7853
7854           Or you might want RFC2253-like output without utf8 chars escaping:
7855
7856            use Net::SSLeay qw/XN_FLAG_RFC2253 ASN1_STRFLGS_ESC_MSB/;
7857            my $flag_rfc22536_utf8 = (XN_FLAG_RFC2253) & (~ ASN1_STRFLGS_ESC_MSB);
7858            my $result = Net::SSLeay::X509_NAME_print_ex($name, $flag_rfc22536_utf8, 1);
7859
7860           Check openssl doc
7861           <http://www.openssl.org/docs/crypto/X509_NAME_print_ex.html>
7862
7863       •   X509_NAME_get_text_by_NID
7864
7865           Retrieves the text from the first entry in name which matches $nid,
7866           if no such entry exists -1 is returned.
7867
7868           openssl note: this is a legacy function which has various
7869           limitations which makes it of minimal use in practice. It can only
7870           find the first matching entry and will copy the contents of the
7871           field verbatim: this can be highly confusing if the target is a
7872           multicharacter string type like a BMPString or a UTF8String.
7873
7874            Net::SSLeay::X509_NAME_get_text_by_NID($name, $nid);
7875            # $name - value corresponding to openssl's X509_NAME structure
7876            # $nid - NID value (integer)
7877            #
7878            # returns: text value
7879
7880           Check openssl doc
7881           <http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html>
7882
7883       •   X509_NAME_oneline
7884
7885           Return an ASCII version of $name.
7886
7887            Net::SSLeay::X509_NAME_oneline($name);
7888            # $name - value corresponding to openssl's X509_NAME structure
7889            #
7890            # returns: (string) ASCII version of $name
7891
7892           Check openssl doc
7893           <http://www.openssl.org/docs/crypto/X509_NAME_print_ex.html>
7894
7895       •   sk_X509_NAME_free
7896
7897           Free an allocated STACK_OF(X509_NAME) structure.
7898
7899            Net::SSLeay::sk_X509_NAME_free($sk);
7900            # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure
7901            #
7902            # returns: no return value
7903
7904       •   sk_X509_NAME_num
7905
7906           Return number of items in STACK_OF(X509_NAME)
7907
7908            my $rv = Net::SSLeay::sk_X509_NAME_num($sk);
7909            # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure
7910            #
7911            # returns: number of items
7912
7913       •   sk_X509_NAME_value
7914
7915           Returns X509_NAME from position $index in STACK_OF(X509_NAME)
7916
7917            my $rv = Net::SSLeay::sk_X509_NAME_value($sk, $i);
7918            # $sk - value corresponding to openssl's STACK_OF(X509_NAME) structure
7919            # $i - (integer) index/position
7920            #
7921            # returns: value corresponding to openssl's X509_NAME structure (0 on failure)
7922
7923       •   add_file_cert_subjects_to_stack
7924
7925           Add a file of certs to a stack. All certs in $file that are not
7926           already in the $stackCAs will be added.
7927
7928            my $rv = Net::SSLeay::add_file_cert_subjects_to_stack($stackCAs, $file);
7929            # $stackCAs - value corresponding to openssl's STACK_OF(X509_NAME) structure
7930            # $file - (string) filename
7931            #
7932            # returns: 1 on success, 0 on failure
7933
7934       •   add_dir_cert_subjects_to_stack
7935
7936           Add a directory of certs to a stack. All certs in $dir that are not
7937           already in the $stackCAs will be added.
7938
7939            my $rv = Net::SSLeay::add_dir_cert_subjects_to_stack($stackCAs, $dir);
7940            # $stackCAs - value corresponding to openssl's STACK_OF(X509_NAME) structure
7941            # $dir - (string) the directory to append from. All files in this directory will be examined as potential certs. Any that are acceptable to SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be included.
7942            #
7943            # returns: 1 on success, 0 on failure
7944
7945       Low level API: X509_STORE_* related functions
7946
7947       •   X509_STORE_CTX_new
7948
7949           returns a newly initialised X509_STORE_CTX structure.
7950
7951       •   X509_STORE_CTX_init
7952
7953           X509_STORE_CTX_init() sets up an X509_STORE_CTX for a subsequent
7954           verification operation.  It must be called before each call to
7955           X509_verify_cert().
7956
7957           Net::SSLeay::X509_STORE_CTX_init($x509_store_ctx, $x509_store,
7958           $x509, $chain);
7959
7960           # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX
7961           structure (required) # $x509_store - value corresponding to
7962           openssl's X509_STORE structure (optional) # $x509 - value
7963           corresponding to openssl's X509 structure (optional) # $chain -
7964           value corresponding to openssl's STACK_OF(X509) structure
7965           (optional)
7966
7967           Check openssl doc
7968           <https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html>
7969
7970       •   X509_STORE_CTX_free
7971
7972           Frees an X509_STORE_CTX structure.
7973
7974           Net::SSLeay::X509_STORE_CTX_free($x509_store_ctx);
7975
7976           # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX
7977           structure
7978
7979       •   X509_verify_cert
7980
7981           The X509_verify_cert() function attempts to discover and validate a
7982           certificate chain based on parameters in ctx. A complete
7983           description of the process is contained in the verify(1) manual
7984           page.
7985
7986           If this function returns 0, use X509_STORE_CTX_get_error to get
7987           additional error information.
7988
7989           my $rv = Net::SSLeay::X509_verify_cert($x509_store_ctx); #
7990           $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX
7991           structure # # returns: 1 if a complete chain can be built and
7992           validated, otherwise 0
7993
7994           Check openssl doc
7995           <https://www.openssl.org/docs/manmaster/man3/X509_verify_cert.html>
7996
7997       •   X509_STORE_CTX_get_current_cert
7998
7999           Returns the certificate in ctx which caused the error or 0 if no
8000           certificate is relevant.
8001
8002            my $rv = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
8003            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8004            #
8005            # returns: value corresponding to openssl's X509 structure (0 on failure)
8006
8007           Check openssl doc
8008           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_get_error.html>
8009
8010       •   X509_STORE_CTX_get0_cert
8011
8012           COMPATIBILITY: not available in Net-SSLeay-1.88 and before;
8013           requires at least OpenSSL 1.1.0pre6 or LibreSSL 2.7.0
8014
8015           Returns an internal pointer to the certificate being verified by
8016           the ctx.
8017
8018            my $x509 = Net::SSLeay::X509_STORE_CTX_get0_cert($x509_store_ctx);
8019            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8020            #
8021            # returns: value corresponding to openssl's X509 structure
8022
8023           Check openssl doc
8024           <https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get0_cert.html>
8025
8026       •   X509_STORE_CTX_get1_chain
8027
8028           Returns a returns a complete validate chain if a previous call to
8029           X509_verify_cert() is successful.
8030
8031            my $rv = Net::SSLeay::X509_STORE_CTX_get1_chain($x509_store_ctx);
8032            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8033            #
8034            # returns: value corresponding to openssl's STACK_OF(X509) structure
8035
8036           Check openssl doc
8037           <https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get1_chain.html>
8038
8039       •   X509_STORE_CTX_get_error
8040
8041           Returns the error code of $ctx.
8042
8043            my $rv = Net::SSLeay::X509_STORE_CTX_get_error($x509_store_ctx);
8044            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8045            #
8046            # returns: (integer) error code
8047
8048           For more info about erro code values check function
8049           "get_verify_result".
8050
8051           Check openssl doc
8052           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_get_error.html>
8053
8054       •   X509_STORE_CTX_get_error_depth
8055
8056           Returns the depth of the error. This is a non-negative integer
8057           representing where in the certificate chain the error occurred. If
8058           it is zero it occurred in the end entity certificate, one if it is
8059           the certificate which signed the end entity certificate and so on.
8060
8061            my $rv = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx);
8062            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8063            #
8064            # returns: (integer) depth
8065
8066           Check openssl doc
8067           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_get_error.html>
8068
8069       •   X509_STORE_CTX_get_ex_data
8070
8071           Is used to retrieve the information for $idx from $x509_store_ctx.
8072
8073            my $rv = Net::SSLeay::X509_STORE_CTX_get_ex_data($x509_store_ctx, $idx);
8074            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8075            # $idx - (integer) index for application specific data
8076            #
8077            # returns: pointer to ???
8078
8079       •   X509_STORE_CTX_set_ex_data
8080
8081           Is used to store application data at arg for idx into
8082           $x509_store_ctx.
8083
8084            my $rv = Net::SSLeay::X509_STORE_CTX_set_ex_data($x509_store_ctx, $idx, $data);
8085            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8086            # $idx - (integer) ???
8087            # $data - (pointer) ???
8088            #
8089            # returns: 1 on success, 0 on failure
8090
8091       •   X509_STORE_CTX_set_cert
8092
8093           Sets the certificate to be verified in $x509_store_ctx to $x.
8094
8095            Net::SSLeay::X509_STORE_CTX_set_cert($x509_store_ctx, $x);
8096            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8097            # $x - value corresponding to openssl's X509 structure
8098            #
8099            # returns: no return value
8100
8101           Check openssl doc
8102           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_new.html>
8103
8104       •   X509_STORE_new
8105
8106           Returns a newly initialized X509_STORE structure.
8107
8108           my $rv = Net::SSLeay::X509_STORE_new(); # # returns: value
8109           corresponding to openssl's X509_STORE structure (0 on failure)
8110
8111       •   X509_STORE_free
8112
8113           Frees an X509_STORE structure
8114
8115           Net::SSLeay::X509_STORE_free($x509_store); # $x509_store - value
8116           corresponding to openssl's X509_STORE structure
8117
8118       •   X509_STORE_add_lookup
8119
8120           Adds a lookup to an X509_STORE for a given lookup method.
8121
8122           my $method = &Net::SSLeay::X509_LOOKUP_hash_dir; my $rv =
8123           Net::SSLeay::X509_STORE_add_lookup($x509_store, $method); # $method
8124           - value corresponding to openssl's X509_LOOKUP_METHOD structure #
8125           $x509_store - value corresponding to openssl's X509_STORE structure
8126           # # returns: value corresponding to openssl's X509_LOOKUP structure
8127
8128           Check openssl doc
8129           <https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html>
8130
8131       •   X509_STORE_CTX_set_error
8132
8133           Sets the error code of $ctx to $s. For example it might be used in
8134           a verification callback to set an error based on additional checks.
8135
8136            Net::SSLeay::X509_STORE_CTX_set_error($x509_store_ctx, $s);
8137            # $x509_store_ctx - value corresponding to openssl's X509_STORE_CTX structure
8138            # $s - (integer) error id
8139            #
8140            # returns: no return value
8141
8142           Check openssl doc
8143           <http://www.openssl.org/docs/crypto/X509_STORE_CTX_get_error.html>
8144
8145       •   X509_STORE_add_cert
8146
8147           Adds X509 certificate $x into the X509_STORE $store.
8148
8149            my $rv = Net::SSLeay::X509_STORE_add_cert($store, $x);
8150            # $store - value corresponding to openssl's X509_STORE structure
8151            # $x - value corresponding to openssl's X509 structure
8152            #
8153            # returns: 1 on success, 0 on failure
8154
8155       •   X509_STORE_add_crl
8156
8157           Adds X509 CRL $x into the X509_STORE $store.
8158
8159            my $rv = Net::SSLeay::X509_STORE_add_crl($store, $x);
8160            # $store - value corresponding to openssl's X509_STORE structure
8161            # $x - value corresponding to openssl's X509_CRL structure
8162            #
8163            # returns: 1 on success, 0 on failure
8164
8165       •   X509_STORE_set1_param
8166
8167           ??? (more info needed)
8168
8169            my $rv = Net::SSLeay::X509_STORE_set1_param($store, $pm);
8170            # $store - value corresponding to openssl's X509_STORE structure
8171            # $pm - value corresponding to openssl's X509_VERIFY_PARAM structure
8172            #
8173            # returns: 1 on success, 0 on failure
8174
8175       •   X509_LOOKUP_hash_dir
8176
8177           Returns an X509_LOOKUP structure that instructs an X509_STORE to
8178           load files from a directory containing certificates with filenames
8179           in the format hash.N or crls with filenames in the format hash.rN
8180
8181           my $rv = Net::SSLeay::X509_LOOKUP_hash_dir(); # # returns: value
8182           corresponding to openssl's X509_LOOKUP_METHOD structure, with the
8183           hashed directory method
8184
8185           Check openssl doc
8186           <https://www.openssl.org/docs/man1.1.1/man3/X509_load_crl_file.html>
8187
8188       •   X509_LOOKUP_add_dir
8189
8190           Add a directory to an X509_LOOKUP structure, usually obtained from
8191           X509_STORE_add_lookup.
8192
8193           my $method = &Net::SSLeay::X509_LOOKUP_hash_dir; my $lookup =
8194           Net::SSLeay::X509_STORE_add_lookup($x509_store, $method); my $type
8195           = &Net::SSLeay::X509_FILETYPE_PEM;
8196           Net::SSLeay::X509_LOOKUP_add_dir($lookup, $dir, $type); # $lookup -
8197           value corresponding to openssl's X509_LOOKUP structure # $dir -
8198           string path to a directory s# $type - constant corresponding to the
8199           type of file in the directory - can be X509_FILETYPE_PEM,
8200           X509_FILETYPE_DEFAULT, or X509_FILETYPE_ASN1
8201
8202       •   X509_STORE_set_flags
8203
8204            Net::SSLeay::X509_STORE_set_flags($ctx, $flags);
8205            # $ctx - value corresponding to openssl's X509_STORE structure
8206            # $flags - (unsigned long) flags to be set (bitmask)
8207            #
8208            # returns: no return value
8209
8210            #to create $flags value use corresponding constants like
8211            $flags = Net::SSLeay::X509_V_FLAG_CRL_CHECK();
8212
8213           For more details about $flags bitmask see
8214           "X509_VERIFY_PARAM_set_flags".
8215
8216       •   X509_STORE_set_purpose
8217
8218            Net::SSLeay::X509_STORE_set_purpose($ctx, $purpose);
8219            # $ctx - value corresponding to openssl's X509_STORE structure
8220            # $purpose - (integer) purpose identifier
8221            #
8222            # returns: no return value
8223
8224           For more details about $purpose identifier check "CTX_set_purpose".
8225
8226       •   X509_STORE_set_trust
8227
8228            Net::SSLeay::X509_STORE_set_trust($ctx, $trust);
8229            # $ctx - value corresponding to openssl's X509_STORE structure
8230            # $trust - (integer) trust identifier
8231            #
8232            # returns: no return value
8233
8234           For more details about $trust identifier check "CTX_set_trust".
8235
8236       Low Level API: X509_INFO related functions
8237
8238       •   sk_X509_INFO_num
8239
8240           Returns the number of values in a STACK_OF(X509_INFO) structure.
8241
8242            my $rv = Net::SSLeay::sk_X509_INFO_num($sk_x509_info);
8243            # $sk_x509_info - value corresponding to openssl's STACK_OF(X509_INFO) structure
8244            #
8245            # returns: number of values in $sk_X509_info
8246
8247       •   sk_X509_INFO_value
8248
8249           Returns the value of a STACK_OF(X509_INFO) structure at a given
8250           index.
8251
8252            my $rv = Net::SSLeay::sk_X509_INFO_value($sk_x509_info, $index);
8253            # $sk_x509_info - value corresponding to openssl's STACK_OF(X509_INFO) structure
8254            # $index - index into the stack
8255            #
8256            # returns: value corresponding to openssl's X509_INFO structure at the given index
8257
8258       •   P_X509_INFO_get_x509
8259
8260           Returns the X509 structure stored in an X509_INFO structure.
8261
8262            my $rv = Net::SSLeay::P_X509_INFO_get_x509($x509_info);
8263            # $x509_info - value corresponding to openssl's X509_INFO structure
8264            #
8265            # returns: value corresponding to openssl's X509 structure
8266
8267       Low level API: X509_VERIFY_PARAM_* related functions
8268
8269       •   X509_VERIFY_PARAM_add0_policy
8270
8271           Enables policy checking (it is disabled by default) and adds
8272           $policy to the acceptable policy set.
8273
8274            my $rv = Net::SSLeay::X509_VERIFY_PARAM_add0_policy($param, $policy);
8275            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8276            # $policy - value corresponding to openssl's ASN1_OBJECT structure
8277            #
8278            # returns: 1 on success, 0 on failure
8279
8280           Check openssl doc
8281           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8282
8283       •   X509_VERIFY_PARAM_add0_table
8284
8285           ??? (more info needed)
8286
8287            my $rv = Net::SSLeay::X509_VERIFY_PARAM_add0_table($param);
8288            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8289            #
8290            # returns: 1 on success, 0 on failure
8291
8292       •   X509_VERIFY_PARAM_add1_host
8293
8294           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8295           requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0
8296
8297           Adds an additional reference identifier that can match the peer's
8298           certificate.
8299
8300            my $rv = Net::SSLeay::X509_VERIFY_PARAM_add1_host($param, $name);
8301            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8302            # $name - (string) name to be set
8303            #
8304            # returns: 1 on success, 0 on failure
8305
8306           See also OpenSSL docs, "X509_VERIFY_PARAM_set1_host" and
8307           "X509_VERIFY_PARAM_set_hostflags" for more information, including
8308           wildcard matching.
8309
8310           Check openssl doc
8311           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8312
8313       •   X509_VERIFY_PARAM_clear_flags
8314
8315           Clears the flags $flags in param.
8316
8317            my $rv = Net::SSLeay::X509_VERIFY_PARAM_clear_flags($param, $flags);
8318            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8319            # $flags - (unsigned long) flags to be set (bitmask)
8320            #
8321            # returns: 1 on success, 0 on failure
8322
8323           For more details about $flags bitmask see
8324           "X509_VERIFY_PARAM_set_flags".
8325
8326           Check openssl doc
8327           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8328
8329       •   X509_VERIFY_PARAM_free
8330
8331           Frees up the X509_VERIFY_PARAM structure.
8332
8333            Net::SSLeay::X509_VERIFY_PARAM_free($param);
8334            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8335            #
8336            # returns: no return value
8337
8338       •   X509_VERIFY_PARAM_get0_peername
8339
8340           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8341           requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0
8342
8343           Returns the DNS hostname or subject CommonName from the peer
8344           certificate that matched one of the reference identifiers.
8345
8346            my $rv = Net::SSLeay::X509_VERIFY_PARAM_get0_peername($param);
8347            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8348            #
8349            # returns: (string) name e.g. '*.example.com' or undef
8350
8351           Check openssl doc
8352           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8353
8354       •   X509_VERIFY_PARAM_get_depth
8355
8356           Returns the current verification depth.
8357
8358            my $rv = Net::SSLeay::X509_VERIFY_PARAM_get_depth($param);
8359            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8360            #
8361            # returns: (ineger) depth
8362
8363           Check openssl doc
8364           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8365
8366       •   X509_VERIFY_PARAM_get_flags
8367
8368           Returns the current verification flags.
8369
8370            my $rv = Net::SSLeay::X509_VERIFY_PARAM_get_flags($param);
8371            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8372            #
8373            # returns: (unsigned long) flags to be set (bitmask)
8374
8375           For more details about returned flags bitmask see
8376           "X509_VERIFY_PARAM_set_flags".
8377
8378           Check openssl doc
8379           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8380
8381       •   X509_VERIFY_PARAM_set_flags
8382
8383            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_flags($param, $flags);
8384            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8385            # $flags - (unsigned long) flags to be set (bitmask)
8386            #
8387            # returns: 1 on success, 0 on failure
8388
8389            #to create $flags value use corresponding constants like
8390            $flags = Net::SSLeay::X509_V_FLAG_CRL_CHECK();
8391
8392           For more details about $flags bitmask, see the OpenSSL docs below.
8393
8394           Check openssl doc
8395           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8396
8397       •   X509_VERIFY_PARAM_inherit
8398
8399           ??? (more info needed)
8400
8401            my $rv = Net::SSLeay::X509_VERIFY_PARAM_inherit($to, $from);
8402            # $to - value corresponding to openssl's X509_VERIFY_PARAM structure
8403            # $from - value corresponding to openssl's X509_VERIFY_PARAM structure
8404            #
8405            # returns: 1 on success, 0 on failure
8406
8407       •   X509_VERIFY_PARAM_lookup
8408
8409           Finds X509_VERIFY_PARAM by name.
8410
8411            my $rv = Net::SSLeay::X509_VERIFY_PARAM_lookup($name);
8412            # $name - (string) name we want to find
8413            #
8414            # returns: value corresponding to openssl's X509_VERIFY_PARAM structure (0 on failure)
8415
8416       •   X509_VERIFY_PARAM_new
8417
8418           Creates a new X509_VERIFY_PARAM structure.
8419
8420            my $rv = Net::SSLeay::X509_VERIFY_PARAM_new();
8421            #
8422            # returns: value corresponding to openssl's X509_VERIFY_PARAM structure (0 on failure)
8423
8424       •   X509_VERIFY_PARAM_set1
8425
8426           Sets the name of X509_VERIFY_PARAM structure $to to the same value
8427           as the name of X509_VERIFY_PARAM structure $from.
8428
8429            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1($to, $from);
8430            # $to - value corresponding to openssl's X509_VERIFY_PARAM structure
8431            # $from - value corresponding to openssl's X509_VERIFY_PARAM structure
8432            #
8433            # returns: 1 on success, 0 on failure
8434
8435       •   X509_VERIFY_PARAM_set1_email
8436
8437           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8438           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
8439
8440           Sets the expected RFC822 email address to email.
8441
8442            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_email($param, $email);
8443            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8444            # $email - (string) email to be set
8445            #
8446            # returns: 1 on success, 0 on failure
8447
8448           Check openssl doc
8449           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8450
8451       •   X509_VERIFY_PARAM_set1_host
8452
8453           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8454           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
8455
8456           Sets the expected DNS hostname to name clearing any previously
8457           specified host name or names.
8458
8459            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_host($param, $name);
8460            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8461            # $name - (string) name to be set
8462            #
8463            # returns: 1 on success, 0 on failure
8464
8465           See also OpenSSL docs, "X509_VERIFY_PARAM_add1_host" and
8466           "X509_VERIFY_PARAM_set_hostflags" for more information, including
8467           wildcard matching.
8468
8469           Check openssl doc
8470           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8471
8472       •   X509_VERIFY_PARAM_set1_ip
8473
8474           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8475           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
8476
8477           Sets the expected IP address to ip.
8478
8479            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_ip($param, $ip);
8480            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8481            # $ip - (binary) 4 octet IPv4 or 16 octet IPv6 address
8482            #
8483            # returns: 1 on success, 0 on failure
8484
8485           Check openssl doc
8486           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8487
8488       •   X509_VERIFY_PARAM_set1_ip_asc
8489
8490           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8491           requires at least OpenSSL 1.0.2-beta1 or LibreSSL 2.7.0
8492
8493           Sets the expected IP address to ipasc.
8494
8495            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_asc($param, $ipasc);
8496            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8497            # $ip - (string) IPv4 or IPv6 address
8498            #
8499            # returns: 1 on success, 0 on failure
8500
8501           Check openssl doc
8502           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8503
8504       •   X509_VERIFY_PARAM_set1_name
8505
8506           Sets the name of X509_VERIFY_PARAM structure $param to $name.
8507
8508            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_name($param, $name);
8509            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8510            # $name - (string) name to be set
8511            #
8512            # returns: 1 on success, 0 on failure
8513
8514       •   X509_VERIFY_PARAM_set1_policies
8515
8516           Enables policy checking (it is disabled by default) and sets the
8517           acceptable policy set to policies.  Any existing policy set is
8518           cleared. The policies parameter can be 0 to clear an existing
8519           policy set.
8520
8521            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set1_policies($param, $policies);
8522            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8523            # $policies - value corresponding to openssl's STACK_OF(ASN1_OBJECT) structure
8524            #
8525            # returns: 1 on success, 0 on failure
8526
8527           Check openssl doc
8528           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8529
8530       •   X509_VERIFY_PARAM_set_depth
8531
8532           Sets the maximum verification depth to depth. That is the maximum
8533           number of untrusted CA certificates that can appear in a chain.
8534
8535            Net::SSLeay::X509_VERIFY_PARAM_set_depth($param, $depth);
8536            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8537            # $depth - (integer) depth to be set
8538            #
8539            # returns: no return value
8540
8541           Check openssl doc
8542           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8543
8544       •   X509_VERIFY_PARAM_set_hostflags
8545
8546           COMPATIBILITY: not available in Net-SSLeay-1.82 and before;
8547           requires at least OpenSSL 1.0.2-beta2 or LibreSSL 2.7.0
8548
8549            Net::SSLeay::X509_VERIFY_PARAM_set_hostflags($param, $flags);
8550            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8551            # $flags - (unsigned int) flags to be set (bitmask)
8552            #
8553            # returns: no return value
8554
8555           See also OpenSSL docs,  "X509_VERIFY_PARAM_add1_host" and
8556           "X509_VERIFY_PARAM_set1_host" for more information.  The flags for
8557           controlling wildcard checks and other features are defined in
8558           OpenSSL docs.
8559
8560           Check openssl doc
8561           <https://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8562
8563       •   X509_VERIFY_PARAM_set_purpose
8564
8565           Sets the verification purpose in $param to $purpose. This
8566           determines the acceptable purpose of the certificate chain, for
8567           example SSL client or SSL server.
8568
8569            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_purpose($param, $purpose);
8570            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8571            # $purpose - (integer) purpose identifier
8572            #
8573            # returns: 1 on success, 0 on failure
8574
8575           For more details about $purpose identifier check "CTX_set_purpose".
8576
8577           Check openssl doc
8578           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8579
8580       •   X509_VERIFY_PARAM_set_time
8581
8582           Sets the verification time in $param to $t. Normally the current
8583           time is used.
8584
8585            Net::SSLeay::X509_VERIFY_PARAM_set_time($param, $t);
8586            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8587            # $t - (time_t) time in seconds since 1.1.1970
8588            #
8589            # returns: no return value
8590
8591           Check openssl doc
8592           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8593
8594       •   X509_VERIFY_PARAM_set_trust
8595
8596           Sets the trust setting in $param to $trust.
8597
8598            my $rv = Net::SSLeay::X509_VERIFY_PARAM_set_trust($param, $trust);
8599            # $param - value corresponding to openssl's X509_VERIFY_PARAM structure
8600            # $trust - (integer) trust identifier
8601            #
8602            # returns: 1 on success, 0 on failure
8603
8604           For more details about $trust identifier check "CTX_set_trust".
8605
8606           Check openssl doc
8607           <http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html>
8608
8609       •   X509_VERIFY_PARAM_table_cleanup
8610
8611           ??? (more info needed)
8612
8613            Net::SSLeay::X509_VERIFY_PARAM_table_cleanup();
8614            #
8615            # returns: no return value
8616
8617       Low level API: Cipher (EVP_CIPHER_*) related functions
8618
8619       •   EVP_get_cipherbyname
8620
8621           COMPATIBILITY: not available in Net-SSLeay-1.45 and before
8622
8623           Returns an EVP_CIPHER structure when passed a cipher name.
8624
8625            my $rv = Net::SSLeay::EVP_get_cipherbyname($name);
8626            # $name - (string) cipher name e.g. 'aes-128-cbc', 'camellia-256-ecb', 'des-ede', ...
8627            #
8628            # returns: value corresponding to openssl's EVP_CIPHER structure
8629
8630           Check openssl doc
8631           <http://www.openssl.org/docs/crypto/EVP_EncryptInit.html>
8632
8633       Low level API: Digest (EVP_MD_*) related functions
8634
8635       •   OpenSSL_add_all_digests
8636
8637           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8638
8639            Net::SSLeay::OpenSSL_add_all_digests();
8640            # no args, no return value
8641
8642           http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html
8643
8644       •   P_EVP_MD_list_all
8645
8646           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8647           requires at least openssl-1.0.0
8648
8649           NOTE: Does not exactly correspond to any low level API function
8650
8651            my $rv = Net::SSLeay::P_EVP_MD_list_all();
8652            #
8653            # returns: arrayref - list of available digest names
8654
8655           The returned digest names correspond to values expected by
8656           "EVP_get_digestbyname".
8657
8658           Note that some of the digests are available by default and some
8659           only after calling "OpenSSL_add_all_digests".
8660
8661       •   EVP_get_digestbyname
8662
8663           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8664
8665            my $rv = Net::SSLeay::EVP_get_digestbyname($name);
8666            # $name - string with digest name
8667            #
8668            # returns: value corresponding to openssl's EVP_MD structure
8669
8670           The $name param can be:
8671
8672            md2
8673            md4
8674            md5
8675            mdc2
8676            ripemd160
8677            sha
8678            sha1
8679            sha224
8680            sha256
8681            sha512
8682            whirlpool
8683
8684           Or better check the supported digests by calling
8685           "P_EVP_MD_list_all".
8686
8687       •   EVP_MD_type
8688
8689           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8690
8691            my $rv = Net::SSLeay::EVP_MD_type($md);
8692            # $md - value corresponding to openssl's EVP_MD structure
8693            #
8694            # returns: the NID (integer) of the OBJECT IDENTIFIER representing the given message digest
8695
8696       •   EVP_MD_size
8697
8698           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8699
8700            my $rv = Net::SSLeay::EVP_MD_size($md);
8701            # $md - value corresponding to openssl's EVP_MD structure
8702            #
8703            # returns: the size of the message digest in bytes (e.g. 20 for SHA1)
8704
8705       •   EVP_MD_CTX_md
8706
8707           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8708           requires at least openssl-0.9.7
8709
8710            Net::SSLeay::EVP_MD_CTX_md($ctx);
8711            # $ctx - value corresponding to openssl's EVP_MD_CTX structure
8712            #
8713            # returns: value corresponding to openssl's EVP_MD structure
8714
8715       •   EVP_MD_CTX_create
8716
8717           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8718           requires at least openssl-0.9.7
8719
8720           Allocates, initializes and returns a digest context.
8721
8722            my $rv = Net::SSLeay::EVP_MD_CTX_create();
8723            #
8724            # returns: value corresponding to openssl's EVP_MD_CTX structure
8725
8726           The complete idea behind EVP_MD_CTX looks like this example:
8727
8728             Net::SSLeay::OpenSSL_add_all_digests();
8729
8730             my $md = Net::SSLeay::EVP_get_digestbyname("sha1");
8731             my $ctx = Net::SSLeay::EVP_MD_CTX_create();
8732             Net::SSLeay::EVP_DigestInit($ctx, $md);
8733
8734             while(my $chunk = get_piece_of_data()) {
8735               Net::SSLeay::EVP_DigestUpdate($ctx,$chunk);
8736             }
8737
8738             my $result = Net::SSLeay::EVP_DigestFinal($ctx);
8739             Net::SSLeay::EVP_MD_CTX_destroy($ctx);
8740
8741             print "digest=", unpack('H*', $result), "\n"; #print hex value
8742
8743       •   EVP_DigestInit_ex
8744
8745           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8746           requires at least openssl-0.9.7
8747
8748           Sets up digest context $ctx to use a digest $type from ENGINE
8749           $impl, $ctx must be initialized before calling this function, type
8750           will typically be supplied by a function such as
8751           "EVP_get_digestbyname". If $impl is 0 then the default
8752           implementation of digest $type is used.
8753
8754            my $rv = Net::SSLeay::EVP_DigestInit_ex($ctx, $type, $impl);
8755            # $ctx  - value corresponding to openssl's EVP_MD_CTX structure
8756            # $type - value corresponding to openssl's EVP_MD structure
8757            # $impl - value corresponding to openssl's ENGINE structure
8758            #
8759            # returns: 1 for success and 0 for failure
8760
8761       •   EVP_DigestInit
8762
8763           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8764           requires at least openssl-0.9.7
8765
8766           Behaves in the same way as "EVP_DigestInit_ex" except the passed
8767           context $ctx does not have to be initialized, and it always uses
8768           the default digest implementation.
8769
8770            my $rv = Net::SSLeay::EVP_DigestInit($ctx, $type);
8771            # $ctx - value corresponding to openssl's EVP_MD_CTX structure
8772            # $type - value corresponding to openssl's EVP_MD structure
8773            #
8774            # returns: 1 for success and 0 for failure
8775
8776       •   EVP_MD_CTX_destroy
8777
8778           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8779           requires at least openssl-0.9.7
8780
8781           Cleans up digest context $ctx and frees up the space allocated to
8782           it, it should be called only on a context created using
8783           "EVP_MD_CTX_create".
8784
8785            Net::SSLeay::EVP_MD_CTX_destroy($ctx);
8786            # $ctx - value corresponding to openssl's EVP_MD_CTX structure
8787            #
8788            # returns: no return value
8789
8790       •   EVP_DigestUpdate
8791
8792           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8793           requires at least openssl-0.9.7
8794
8795            my $rv = Net::SSLeay::EVP_DigestUpdate($ctx, $data);
8796            # $ctx  - value corresponding to openssl's EVP_MD_CTX structure
8797            # $data - data to be hashed
8798            #
8799            # returns: 1 for success and 0 for failure
8800
8801       •   EVP_DigestFinal_ex
8802
8803           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8804           requires at least openssl-0.9.7
8805
8806           Retrieves the digest value from $ctx. After calling
8807           "EVP_DigestFinal_ex" no additional calls to "EVP_DigestUpdate" can
8808           be made, but "EVP_DigestInit_ex" can be called to initialize a new
8809           digest operation.
8810
8811            my $digest_value = Net::SSLeay::EVP_DigestFinal_ex($ctx);
8812            # $ctx - value corresponding to openssl's EVP_MD_CTX structure
8813            #
8814            # returns: hash value (binary)
8815
8816            #to get printable (hex) value of digest use:
8817            print unpack('H*', $digest_value);
8818
8819       •   EVP_DigestFinal
8820
8821           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8822           requires at least openssl-0.9.7
8823
8824           Similar to "EVP_DigestFinal_ex" except the digest context ctx is
8825           automatically cleaned up.
8826
8827            my $rv = Net::SSLeay::EVP_DigestFinal($ctx);
8828            # $ctx - value corresponding to openssl's EVP_MD_CTX structure
8829            #
8830            # returns: hash value (binary)
8831
8832            #to get printable (hex) value of digest use:
8833            print unpack('H*', $digest_value);
8834
8835       •   MD2
8836
8837           COMPATIBILITY: no supported by default in openssl-1.0.0
8838
8839           Computes MD2 from given $data (all data needs to be loaded into
8840           memory)
8841
8842            my $digest = Net::SSLeay::MD2($data);
8843            print "digest(hexadecimal)=", unpack('H*', $digest);
8844
8845       •   MD4
8846
8847           Computes MD4 from given $data (all data needs to be loaded into
8848           memory)
8849
8850            my $digest = Net::SSLeay::MD4($data);
8851            print "digest(hexadecimal)=", unpack('H*', $digest);
8852
8853       •   MD5
8854
8855           Computes MD5 from given $data (all data needs to be loaded into
8856           memory)
8857
8858            my $digest = Net::SSLeay::MD5($data);
8859            print "digest(hexadecimal)=", unpack('H*', $digest);
8860
8861       •   RIPEMD160
8862
8863           Computes RIPEMD160 from given $data (all data needs to be loaded
8864           into memory)
8865
8866            my $digest = Net::SSLeay::RIPEMD160($data);
8867            print "digest(hexadecimal)=", unpack('H*', $digest);
8868
8869       •   SHA1
8870
8871           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8872
8873           Computes SHA1 from given $data (all data needs to be loaded into
8874           memory)
8875
8876            my $digest = Net::SSLeay::SHA1($data);
8877            print "digest(hexadecimal)=", unpack('H*', $digest);
8878
8879       •   SHA256
8880
8881           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8882           requires at least openssl-0.9.8
8883
8884           Computes SHA256 from given $data (all data needs to be loaded into
8885           memory)
8886
8887            my $digest = Net::SSLeay::SHA256($data);
8888            print "digest(hexadecimal)=", unpack('H*', $digest);
8889
8890       •   SHA512
8891
8892           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8893           requires at least openssl-0.9.8
8894
8895           Computes SHA512 from given $data (all data needs to be loaded into
8896           memory)
8897
8898            my $digest = Net::SSLeay::SHA512($data);
8899            print "digest(hexadecimal)=", unpack('H*', $digest);
8900
8901       •   EVP_Digest
8902
8903           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8904           requires at least openssl-0.9.7
8905
8906           Computes "any" digest from given $data (all data needs to be loaded
8907           into memory)
8908
8909            my $md = Net::SSLeay::EVP_get_digestbyname("sha1"); #or any other algorithm
8910            my $digest = Net::SSLeay::EVP_Digest($data, $md);
8911            print "digest(hexadecimal)=", unpack('H*', $digest);
8912
8913       •   EVP_sha1
8914
8915           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8916
8917            my $md = Net::SSLeay::EVP_sha1();
8918            #
8919            # returns: value corresponding to openssl's EVP_MD structure
8920
8921       •   EVP_sha256
8922
8923           COMPATIBILITY: requires at least openssl-0.9.8
8924
8925            my $md = Net::SSLeay::EVP_sha256();
8926            #
8927            # returns: value corresponding to openssl's EVP_MD structure
8928
8929       •   EVP_sha512
8930
8931           COMPATIBILITY: not available in Net-SSLeay-1.42 and before;
8932           requires at least openssl-0.9.8
8933
8934            my $md = Net::SSLeay::EVP_sha512();
8935            #
8936            # returns: value corresponding to openssl's EVP_MD structure
8937
8938       •   EVP_add_digest
8939
8940            my $rv = Net::SSLeay::EVP_add_digest($digest);
8941            # $digest - value corresponding to openssl's EVP_MD structure
8942            #
8943            # returns: 1 on success, 0 otherwise
8944
8945       Low level API: CIPHER_* related functions
8946
8947       •   CIPHER_get_name
8948
8949           COMPATIBILITY: not available in Net-SSLeay-1.42 and before
8950
8951           Returns name of the cipher used.
8952
8953            my $rv = Net::SSLeay::CIPHER_get_name($cipher);
8954            # $cipher - value corresponding to openssl's SSL_CIPHER structure
8955            #
8956            # returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA', '(NONE)' if $cipher is undefined.
8957
8958           Check openssl doc
8959           <https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html>
8960
8961           Example:
8962
8963            my $ssl_cipher = Net::SSLeay::get_current_cipher($ssl);
8964            my $cipher_name = Net::SSLeay::CIPHER_get_name($ssl_cipher);
8965
8966       •   CIPHER_description
8967
8968           COMPATIBILITY: doesn't work correctly in Net-SSLeay-1.88 and before
8969
8970           Returns a textual description of the cipher used.
8971
8972            my $rv = Net::SSLeay::CIPHER_description($cipher);
8973            # $cipher - value corresponding to openssl's SSL_CIPHER structure
8974            #
8975            # returns: (string) cipher description e.g. 'DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1'
8976
8977           Check openssl doc
8978           <https://www.openssl.org/docs/ssl/SSL_CIPHER_description.html>
8979
8980       •   CIPHER_get_bits
8981
8982           COMPATIBILITY: $alg_bits doesn't work correctly in Net-SSLeay-1.88
8983           and before
8984
8985           Returns the number of secret bits used for cipher.
8986
8987            my $rv = Net::SSLeay::CIPHER_get_bits($cipher, $alg_bits);
8988            # $cipher - value corresponding to openssl's SSL_CIPHER structure
8989            # $alg_bits - [optional] empty scalar for storing additional return value
8990            #
8991            # returns: (integer) number of secret bits, 0 on error
8992            #          (integer) in $alg_bits for bits processed by the chosen algorithm
8993
8994           Check openssl doc
8995           <https://www.openssl.org/docs/ssl/SSL_CIPHER_get_bits.html>
8996
8997           Example:
8998
8999            # bits and alg_bits are not equal for e.g., TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
9000            # RFC 8422 name TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
9001            my $alg_bits;
9002            my $bits = Net::SSLeay::CIPHER_get_bits($cipher, $alg_bits);
9003            #my $bits = Net::SSLeay::CIPHER_get_bits($cipher);
9004            print "bits: $bits, alg_bits: $alg_bits\n";
9005
9006       •   CIPHER_get_version
9007
9008           COMPATIBILITY: not available in Net-SSLeay-1.88 and before
9009
9010           Returns version of SSL/TLS protocol that first defined the cipher
9011
9012            my $rv = Net::SSLeay::CIPHER_get_version($cipher);
9013            # $cipher - value corresponding to openssl's SSL_CIPHER structure
9014            #
9015            # returns: (string) cipher name e.g. 'TLSv1/SSLv3' with some libraries, 'TLSv1.0' or 'TLSv1.3', '(NONE)' if $cipher is undefined.
9016
9017           Check openssl doc
9018           <https://www.openssl.org/docs/ssl/SSL_CIPHER_get_version.html>
9019
9020       Low level API: RSA_* related functions
9021
9022       •   RSA_generate_key
9023
9024           Generates a key pair and returns it in a newly allocated RSA
9025           structure.  The pseudo-random number generator must be seeded prior
9026           to calling RSA_generate_key.
9027
9028            my $rv = Net::SSLeay::RSA_generate_key($bits, $e, $perl_cb, $perl_cb_arg);
9029            # $bits - (integer) modulus size in bits e.g. 512, 1024, 2048
9030            # $e - (integer) public exponent, an odd number, typically 3, 17 or 65537
9031            # $perl_cb - [optional] reference to perl callback function
9032            # $perl_cb_arg - [optional] data that will be passed to callback function when invoked
9033            #
9034            # returns: value corresponding to openssl's RSA structure (0 on failure)
9035
9036           Check openssl doc
9037           <http://www.openssl.org/docs/crypto/RSA_generate_key.html>
9038
9039       •   RSA_free
9040
9041           Frees the RSA structure and its components. The key is erased
9042           before the memory is returned to the system.
9043
9044            Net::SSLeay::RSA_free($r);
9045            # $r - value corresponding to openssl's RSA structure
9046            #
9047            # returns: no return value
9048
9049           Check openssl doc <http://www.openssl.org/docs/crypto/RSA_new.html>
9050
9051       •   RSA_get_key_parameters
9052
9053           Returns a list of pointers to BIGNUMs representing the parameters
9054           of the key in this order: (n, e, d, p, q, dmp1, dmq1, iqmp)
9055           Caution: returned list consists of SV pointers to BIGNUMs, which
9056           would need to be blessed as Crypt::OpenSSL::Bignum for further use
9057
9058           my (@params) = RSA_get_key_parameters($r);
9059
9060       Low level API: BIO_* related functions
9061
9062       •   BIO_eof
9063
9064           Returns 1 if the BIO has read EOF, the precise meaning of 'EOF'
9065           varies according to the BIO type.
9066
9067            my $rv = Net::SSLeay::BIO_eof($s);
9068            # $s - value corresponding to openssl's BIO structure
9069            #
9070            # returns: 1 if EOF has been reached 0 otherwise
9071
9072           Check openssl doc
9073           <http://www.openssl.org/docs/crypto/BIO_ctrl.html>
9074
9075       •   BIO_f_ssl
9076
9077           Returns the SSL BIO method. This is a filter BIO which is a wrapper
9078           round the OpenSSL SSL routines adding a BIO 'flavour' to SSL I/O.
9079
9080            my $rv = Net::SSLeay::BIO_f_ssl();
9081            #
9082            # returns: value corresponding to openssl's BIO_METHOD structure (0 on failure)
9083
9084           Check openssl doc
9085           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9086
9087       •   BIO_free
9088
9089           Frees up a single BIO.
9090
9091            my $rv = Net::SSLeay::BIO_free($bio;);
9092            # $bio; - value corresponding to openssl's BIO structure
9093            #
9094            # returns: 1 on success, 0 on failure
9095
9096           Check openssl doc <http://www.openssl.org/docs/crypto/BIO_new.html>
9097
9098       •   BIO_new
9099
9100           Returns a new BIO using method $type
9101
9102            my $rv = Net::SSLeay::BIO_new($type);
9103            # $type - value corresponding to openssl's BIO_METHOD structure
9104            #
9105            # returns: value corresponding to openssl's BIO structure (0 on failure)
9106
9107           Check openssl doc <http://www.openssl.org/docs/crypto/BIO_new.html>
9108
9109       •   BIO_new_buffer_ssl_connect
9110
9111           Creates a new BIO chain consisting of a buffering BIO, an SSL BIO
9112           (using ctx) and a connect BIO.
9113
9114            my $rv = Net::SSLeay::BIO_new_buffer_ssl_connect($ctx);
9115            # $ctx - value corresponding to openssl's SSL_CTX structure
9116            #
9117            # returns: value corresponding to openssl's BIO structure (0 on failure)
9118
9119           Check openssl doc
9120           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9121
9122       •   BIO_new_file
9123
9124           Creates a new file BIO with mode $mode the meaning of mode is the
9125           same as the stdio function fopen(). The BIO_CLOSE flag is set on
9126           the returned BIO.
9127
9128            my $rv = Net::SSLeay::BIO_new_file($filename, $mode);
9129            # $filename - (string) filename
9130            # $mode - (string) opening mode (as mode by stdio function fopen)
9131            #
9132            # returns: value corresponding to openssl's BIO structure (0 on failure)
9133
9134           Check openssl doc
9135           <http://www.openssl.org/docs/crypto/BIO_s_file.html>
9136
9137       •   BIO_new_ssl
9138
9139           Allocates an SSL BIO using SSL_CTX ctx and using client mode if
9140           client is non zero.
9141
9142            my $rv = Net::SSLeay::BIO_new_ssl($ctx, $client);
9143            # $ctx - value corresponding to openssl's SSL_CTX structure
9144            # $client - (integer) 0 or 1 - indicates ssl client mode
9145            #
9146            # returns: value corresponding to openssl's BIO structure (0 on failure)
9147
9148           Check openssl doc
9149           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9150
9151       •   BIO_new_ssl_connect
9152
9153           Creates a new BIO chain consisting of an SSL BIO (using ctx)
9154           followed by a connect BIO.
9155
9156            my $rv = Net::SSLeay::BIO_new_ssl_connect($ctx);
9157            # $ctx - value corresponding to openssl's SSL_CTX structure
9158            #
9159            # returns: value corresponding to openssl's BIO structure (0 on failure)
9160
9161           Check openssl doc
9162           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9163
9164       •   BIO_pending
9165
9166           Return the number of pending characters in the BIOs read buffers.
9167
9168            my $rv = Net::SSLeay::BIO_pending($s);
9169            # $s - value corresponding to openssl's BIO structure
9170            #
9171            # returns: the amount of pending data
9172
9173           Check openssl doc
9174           <http://www.openssl.org/docs/crypto/BIO_ctrl.html>
9175
9176       •   BIO_wpending
9177
9178           Return the number of pending characters in the BIOs write buffers.
9179
9180            my $rv = Net::SSLeay::BIO_wpending($s);
9181            # $s - value corresponding to openssl's BIO structure
9182            #
9183            # returns: the amount of pending data
9184
9185           Check openssl doc
9186           <http://www.openssl.org/docs/crypto/BIO_ctrl.html>
9187
9188       •   BIO_read
9189
9190           Read the underlying descriptor.
9191
9192            Net::SSLeay::BIO_read($s, $max);
9193            # $s - value corresponding to openssl's BIO structure
9194            # $max - [optional] max. bytes to read (if not specified, the value 32768 is used)
9195            #
9196            # returns: data
9197
9198           Check openssl doc
9199           <http://www.openssl.org/docs/crypto/BIO_read.html>
9200
9201       •   BIO_write
9202
9203           Attempts to write data from $buffer to BIO $b.
9204
9205            my $rv = Net::SSLeay::BIO_write($b, $buffer);
9206            # $b - value corresponding to openssl's BIO structure
9207            # $buffer - data
9208            #
9209            # returns: amount of data successfully written
9210            #          or that no data was successfully read or written if the result is 0 or -1
9211            #          or -2 when the operation is not implemented in the specific BIO type
9212
9213           Check openssl doc
9214           <http://www.openssl.org/docs/crypto/BIO_read.html>
9215
9216       •   BIO_s_mem
9217
9218           Return the memory BIO method function.
9219
9220            my $rv = Net::SSLeay::BIO_s_mem();
9221            #
9222            # returns: value corresponding to openssl's BIO_METHOD structure (0 on failure)
9223
9224           Check openssl doc
9225           <http://www.openssl.org/docs/crypto/BIO_s_mem.html>
9226
9227       •   BIO_ssl_copy_session_id
9228
9229           Copies an SSL session id between BIO chains from and to. It does
9230           this by locating the SSL BIOs in each chain and calling
9231           SSL_copy_session_id() on the internal SSL pointer.
9232
9233            my $rv = Net::SSLeay::BIO_ssl_copy_session_id($to, $from);
9234            # $to - value corresponding to openssl's BIO structure
9235            # $from - value corresponding to openssl's BIO structure
9236            #
9237            # returns: 1 on success, 0 on failure
9238
9239           Check openssl doc
9240           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9241
9242       •   BIO_ssl_shutdown
9243
9244           Closes down an SSL connection on BIO chain bio. It does this by
9245           locating the SSL BIO in the chain and calling SSL_shutdown() on its
9246           internal SSL pointer.
9247
9248            Net::SSLeay::BIO_ssl_shutdown($ssl_bio);
9249            # $ssl_bio - value corresponding to openssl's BIO structure
9250            #
9251            # returns: no return value
9252
9253           Check openssl doc
9254           <http://www.openssl.org/docs/crypto/BIO_f_ssl.html>
9255
9256       Low level API: Server side Server Name Indication (SNI) support
9257
9258       •   set_tlsext_host_name
9259
9260           TBA
9261
9262       •   get_servername
9263
9264           TBA
9265
9266       •   get_servername_type
9267
9268           TBA
9269
9270       •   CTX_set_tlsext_servername_callback
9271
9272           COMPATIBILITY: requires at least OpenSSL 0.9.8f
9273
9274           This function is used in a server to support Server side Server
9275           Name Indication (SNI).
9276
9277            Net::SSLeay::CTX_set_tlsext_servername_callback($ctx, $code)
9278            # $ctx - SSL context
9279            # $code - reference to a subroutine that will be called when a new connection is being initiated
9280            #
9281            # returns: no return value
9282
9283           On the client side: use set_tlsext_host_name($ssl, $servername)
9284           before initiating the SSL connection.
9285
9286           On the server side: Set up an additional SSL_CTX() for each
9287           different certificate;
9288
9289           Add a servername callback to each SSL_CTX() using
9290           CTX_set_tlsext_servername_callback();
9291
9292           The callback function is required to retrieve the client-supplied
9293           servername with get_servername(ssl). Figure out the right SSL_CTX
9294           to go with that host name, then switch the SSL object to that
9295           SSL_CTX with set_SSL_CTX().
9296
9297           Example:
9298
9299            # set callback
9300            Net::SSLeay::CTX_set_tlsext_servername_callback($ctx,
9301               sub {
9302                 my $ssl = shift;
9303                 my $h = Net::SSLeay::get_servername($ssl);
9304                 Net::SSLeay::set_SSL_CTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};
9305               } );
9306
9307           More complete example:
9308
9309            # ... initialize Net::SSLeay
9310
9311            my %hostnames = (
9312              'sni1' => { cert=>'sni1.pem', key=>'sni1.key' },
9313              'sni2' => { cert=>'sni2.pem', key=>'sni2.key' },
9314            );
9315
9316            # create a new context for each certificate/key pair
9317            for my $name (keys %hostnames) {
9318              $hostnames{$name}->{ctx} = Net::SSLeay::CTX_new or die;
9319              Net::SSLeay::CTX_set_cipher_list($hostnames{$name}->{ctx}, 'ALL');
9320              Net::SSLeay::set_cert_and_key($hostnames{$name}->{ctx},
9321              $hostnames{$name}->{cert}, $hostnames{$name}->{key}) or die;
9322            }
9323
9324            # create default context
9325            my $ctx = Net::SSLeay::CTX_new or die;
9326            Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL');
9327            Net::SSLeay::set_cert_and_key($ctx, 'cert.pem','key.pem') or die;
9328
9329            # set callback
9330            Net::SSLeay::CTX_set_tlsext_servername_callback($ctx, sub {
9331              my $ssl = shift;
9332              my $h = Net::SSLeay::get_servername($ssl);
9333              Net::SSLeay::set_SSL_CTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};
9334              } );
9335
9336            # ... later
9337
9338            $s = Net::SSLeay::new($ctx);
9339            Net::SSLeay::set_fd($s, fileno($accepted_socket));
9340            Net::SSLeay::accept($s);
9341
9342       Low level API: NPN (next protocol negotiation) related functions
9343
9344       NPN is being replaced with ALPN, a more recent TLS extension for
9345       application protocol negotiation that's in process of being adopted by
9346       IETF. Please look below for APLN API description.
9347
9348       Simple approach for using NPN support looks like this:
9349
9350        ### client side
9351        use Net::SSLeay;
9352        use IO::Socket::INET;
9353
9354        Net::SSLeay::initialize();
9355        my $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;
9356        my $ctx = Net::SSLeay::CTX_tlsv1_new() or die;
9357        Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
9358        Net::SSLeay::CTX_set_next_proto_select_cb($ctx, ['http1.1','spdy/2']);
9359        my $ssl = Net::SSLeay::new($ctx) or die;
9360        Net::SSLeay::set_fd($ssl, fileno($sock)) or die;
9361        Net::SSLeay::connect($ssl);
9362
9363        warn "client:negotiated=",Net::SSLeay::P_next_proto_negotiated($ssl), "\n";
9364        warn "client:last_status=", Net::SSLeay::P_next_proto_last_status($ssl), "\n";
9365
9366        ### server side
9367        use Net::SSLeay;
9368        use IO::Socket::INET;
9369
9370        Net::SSLeay::initialize();
9371        my $ctx = Net::SSLeay::CTX_tlsv1_new() or die;
9372        Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
9373        Net::SSLeay::set_cert_and_key($ctx, "cert.pem", "key.pem");
9374        Net::SSLeay::CTX_set_next_protos_advertised_cb($ctx, ['spdy/2','http1.1']);
9375        my $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;
9376
9377        while (1) {
9378          my $ssl = Net::SSLeay::new($ctx);
9379          warn("server:waiting for incoming connection...\n");
9380          my $fd = $sock->accept();
9381          Net::SSLeay::set_fd($ssl, $fd->fileno);
9382          Net::SSLeay::accept($ssl);
9383          warn "server:negotiated=",Net::SSLeay::P_next_proto_negotiated($ssl),"\n";
9384          my $got = Net::SSLeay::read($ssl);
9385          Net::SSLeay::ssl_write_all($ssl, "length=".length($got));
9386          Net::SSLeay::free($ssl);
9387          $fd->close();
9388        }
9389        # check with: openssl s_client -connect localhost:5443 -nextprotoneg http/1.1,spdy/2
9390
9391       Please note that the selection (negotiation) is performed by client
9392       side, the server side simply advertise the list of supported protocols.
9393
9394       Advanced approach allows you to implement your own negotiation
9395       algorithm.
9396
9397        #see below documentation for:
9398        Net::SSleay::CTX_set_next_proto_select_cb($ctx, $perl_callback_function, $callback_data);
9399        Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $perl_callback_function, $callback_data);
9400
9401       Detection of NPN support (works even in older Net::SSLeay versions):
9402
9403        use Net::SSLeay;
9404
9405        if (exists &Net::SSLeay::P_next_proto_negotiated) {
9406          # do NPN stuff
9407        }
9408
9409       •   CTX_set_next_proto_select_cb
9410
9411           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
9412           requires at least openssl-1.0.1
9413
9414           NOTE: You need CTX_set_next_proto_select_cb on client side of SSL
9415           connection.
9416
9417           Simple usage - in this case a "common" negotiation algorithm (as
9418           implemented by openssl's function SSL_select_next_proto) is used.
9419
9420            $rv = Net::SSleay::CTX_set_next_proto_select_cb($ctx, $arrayref);
9421            # $ctx - value corresponding to openssl's SSL_CTX structure
9422            # $arrayref - list of accepted protocols - e.g. ['http1.0', 'http1.1']
9423            #
9424            # returns: 0 on success, 1 on failure
9425
9426           Advanced usage (you probably do not need this):
9427
9428            $rv = Net::SSleay::CTX_set_next_proto_select_cb($ctx, $perl_callback_function, $callback_data);
9429            # $ctx - value corresponding to openssl's SSL_CTX structure
9430            # $perl_callback_function - reference to perl function
9431            # $callback_data - [optional] data to passed to callback function when invoked
9432            #
9433            # returns: 0 on success, 1 on failure
9434
9435            # where callback function looks like
9436            sub npn_advertised_cb_invoke {
9437              my ($ssl, $arrayref_proto_list_advertised_by_server, $callback_data) = @_;
9438              my $status;
9439              # ...
9440              $status = 1;   #status can be:
9441                             # 0 - OPENSSL_NPN_UNSUPPORTED
9442                             # 1 - OPENSSL_NPN_NEGOTIATED
9443                             # 2 - OPENSSL_NPN_NO_OVERLAP
9444              return $status, ['http1.1','spdy/2']; # the callback has to return 2 values
9445            }
9446
9447           To undefine/clear this callback use:
9448
9449            Net::SSleay::CTX_set_next_proto_select_cb($ctx, undef);
9450
9451       •   CTX_set_next_protos_advertised_cb
9452
9453           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
9454           requires at least openssl-1.0.1
9455
9456           NOTE: You need CTX_set_next_proto_select_cb on server side of SSL
9457           connection.
9458
9459           Simple usage:
9460
9461            $rv = Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $arrayref);
9462            # $ctx - value corresponding to openssl's SSL_CTX structure
9463            # $arrayref - list of advertised protocols - e.g. ['http1.0', 'http1.1']
9464            #
9465            # returns: 0 on success, 1 on failure
9466
9467           Advanced usage (you probably do not need this):
9468
9469            $rv = Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, $perl_callback_function, $callback_data);
9470            # $ctx - value corresponding to openssl's SSL_CTX structure
9471            # $perl_callback_function - reference to perl function
9472            # $callback_data - [optional] data to passed to callback function when invoked
9473            #
9474            # returns: 0 on success, 1 on failure
9475
9476            # where callback function looks like
9477            sub npn_advertised_cb_invoke {
9478              my ($ssl, $callback_data) = @_;
9479              # ...
9480              return ['http1.1','spdy/2']; # the callback has to return arrayref
9481            }
9482
9483           To undefine/clear this callback use:
9484
9485            Net::SSleay::CTX_set_next_protos_advertised_cb($ctx, undef);
9486
9487       •   P_next_proto_negotiated
9488
9489           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
9490           requires at least openssl-1.0.1
9491
9492           Returns the name of negotiated protocol for given SSL connection
9493           $ssl.
9494
9495            $rv = Net::SSLeay::P_next_proto_negotiated($ssl)
9496            # $ssl - value corresponding to openssl's SSL structure
9497            #
9498            # returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)
9499
9500       •   P_next_proto_last_status
9501
9502           COMPATIBILITY: not available in Net-SSLeay-1.45 and before;
9503           requires at least openssl-1.0.1
9504
9505           Returns the result of the last negotiation for given SSL connection
9506           $ssl.
9507
9508            $rv = Net::SSLeay::P_next_proto_last_status($ssl)
9509            # $ssl - value corresponding to openssl's SSL structure
9510            #
9511            # returns: (integer) negotiation status
9512            #          0 - OPENSSL_NPN_UNSUPPORTED
9513            #          1 - OPENSSL_NPN_NEGOTIATED
9514            #          2 - OPENSSL_NPN_NO_OVERLAP
9515
9516       Low level API: ALPN (application layer protocol negotiation) related
9517       functions
9518
9519       Application protocol can be negotiated via two different mechanisms
9520       employing two different TLS extensions: NPN (obsolete) and ALPN
9521       (recommended).
9522
9523       The API is rather similar, with slight differences reflecting protocol
9524       specifics. In particular, with ALPN the protocol negotiation takes
9525       place on server, while with NPN the client implements the protocol
9526       negotiation logic.
9527
9528       With ALPN, the most basic implementation looks like this:
9529
9530        ### client side
9531        use Net::SSLeay;
9532        use IO::Socket::INET;
9533
9534        Net::SSLeay::initialize();
9535        my $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;
9536        my $ctx = Net::SSLeay::CTX_tlsv1_new() or die;
9537        Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
9538        Net::SSLeay::CTX_set_alpn_protos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);
9539        my $ssl = Net::SSLeay::new($ctx) or die;
9540        Net::SSLeay::set_fd($ssl, fileno($sock)) or die;
9541        Net::SSLeay::connect($ssl);
9542
9543        warn "client:selected=",Net::SSLeay::P_alpn_selected($ssl), "\n";
9544
9545        ### server side
9546        use Net::SSLeay;
9547        use IO::Socket::INET;
9548
9549        Net::SSLeay::initialize();
9550        my $ctx = Net::SSLeay::CTX_tlsv1_new() or die;
9551        Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
9552        Net::SSLeay::set_cert_and_key($ctx, "cert.pem", "key.pem");
9553        Net::SSLeay::CTX_set_alpn_select_cb($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);
9554        my $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;
9555
9556        while (1) {
9557          my $ssl = Net::SSLeay::new($ctx);
9558          warn("server:waiting for incoming connection...\n");
9559          my $fd = $sock->accept();
9560          Net::SSLeay::set_fd($ssl, $fd->fileno);
9561          Net::SSLeay::accept($ssl);
9562          warn "server:selected=",Net::SSLeay::P_alpn_selected($ssl),"\n";
9563          my $got = Net::SSLeay::read($ssl);
9564          Net::SSLeay::ssl_write_all($ssl, "length=".length($got));
9565          Net::SSLeay::free($ssl);
9566          $fd->close();
9567        }
9568        # check with: openssl s_client -connect localhost:5443 -alpn spdy/3,http/1.1
9569
9570       Advanced approach allows you to implement your own negotiation
9571       algorithm.
9572
9573        #see below documentation for:
9574        Net::SSleay::CTX_set_alpn_select_cb($ctx, $perl_callback_function, $callback_data);
9575
9576       Detection of ALPN support (works even in older Net::SSLeay versions):
9577
9578        use Net::SSLeay;
9579
9580        if (exists &Net::SSLeay::P_alpn_selected) {
9581          # do ALPN stuff
9582        }
9583
9584       •   CTX_set_alpn_select_cb
9585
9586           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
9587           requires at least openssl-1.0.2
9588
9589           NOTE: You need CTX_set_alpn_select_cb on server side of TLS
9590           connection.
9591
9592           Simple usage - in this case a "common" negotiation algorithm (as
9593           implemented by openssl's function SSL_select_next_proto) is used.
9594
9595            $rv = Net::SSleay::CTX_set_alpn_select_cb($ctx, $arrayref);
9596            # $ctx - value corresponding to openssl's SSL_CTX structure
9597            # $arrayref - list of accepted protocols - e.g. ['http/2.0', 'http/1.1', 'spdy/3']
9598            #
9599            # returns: 0 on success, 1 on failure
9600
9601           Advanced usage (you probably do not need this):
9602
9603            $rv = Net::SSleay::CTX_set_alpn_select_cb($ctx, $perl_callback_function, $callback_data);
9604            # $ctx - value corresponding to openssl's SSL_CTX structure
9605            # $perl_callback_function - reference to perl function
9606            # $callback_data - [optional] data to passed to callback function when invoked
9607            #
9608            # returns: 0 on success, 1 on failure
9609
9610            # where callback function looks like
9611            sub alpn_select_cb_invoke {
9612              my ($ssl, $arrayref_proto_list_advertised_by_client, $callback_data) = @_;
9613              # ...
9614              if ($negotiated) {
9615                return 'http/2.0';
9616              } else {
9617                return undef;
9618              }
9619            }
9620
9621           To undefine/clear this callback use:
9622
9623            Net::SSleay::CTX_set_alpn_select_cb($ctx, undef);
9624
9625       •   set_alpn_protos
9626
9627           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
9628           requires at least openssl-1.0.2
9629
9630           NOTE: You need set_alpn_protos on client side of TLS connection.
9631
9632           This adds list of supported application layer protocols to
9633           ClientHello message sent by a client.  It advertises the
9634           enumeration of supported protocols:
9635
9636            Net::SSLeay::set_alpn_protos($ssl, ['http/1.1', 'http/2.0', 'spdy/3]);
9637            # returns 0 on success
9638
9639       •   CTX_set_alpn_protos
9640
9641           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
9642           requires at least openssl-1.0.2
9643
9644           NOTE: You need CTX_set_alpn_protos on client side of TLS
9645           connection.
9646
9647           This adds list of supported application layer protocols to
9648           ClientHello message sent by a client.  It advertises the
9649           enumeration of supported protocols:
9650
9651            Net::SSLeay::CTX_set_alpn_protos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);
9652            # returns 0 on success
9653
9654       •   P_alpn_selected
9655
9656           COMPATIBILITY: not available in Net-SSLeay-1.55 and before;
9657           requires at least openssl-1.0.2
9658
9659           Returns the name of negotiated protocol for given TLS connection
9660           $ssl.
9661
9662            $rv = Net::SSLeay::P_alpn_selected($ssl)
9663            # $ssl - value corresponding to openssl's SSL structure
9664            #
9665            # returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)
9666
9667       Low level API: DANE Support
9668
9669       OpenSSL version 1.0.2 adds preliminary support RFC6698 Domain
9670       Authentication of Named Entities (DANE) Transport Layer Association
9671       within OpenSSL
9672
9673       •   SSL_get_tlsa_record_byname
9674
9675           COMPATIBILITY: DELETED from net-ssleay, since it is not supported
9676           by OpenSSL
9677
9678           In order to facilitate DANE there is additional interface,
9679           SSL_get_tlsa_record_byname, accepting hostname, port and socket
9680           type that returns packed TLSA record. In order to make it even
9681           easier there is additional SSL_ctrl function that calls
9682           SSL_get_tlsa_record_byname for you. Latter is recommended for
9683           programmers that wish to maintain broader binary compatibility,
9684           e.g. make application work with both 1.0.2 and prior version (in
9685           which case call to SSL_ctrl with new code returning error would
9686           have to be ignored when running with prior version).
9687
9688           Net::SSLeay::get_tlsa_record_byname($name, $port, $type);
9689
9690       Low level API: Other functions
9691
9692       •   COMP_add_compression_method
9693
9694           Adds the compression method cm with the identifier id to the list
9695           of available compression methods.  This list is globally maintained
9696           for all SSL operations within this application.  It cannot be set
9697           for specific SSL_CTX or SSL objects.
9698
9699            my $rv = Net::SSLeay::COMP_add_compression_method($id, $cm);
9700            # $id - (integer) compression method id
9701            #       0 to 63:    methods defined by the IETF
9702            #       64 to 192:  external party methods assigned by IANA
9703            #       193 to 255: reserved for private use
9704            #
9705            # $cm - value corresponding to openssl's COMP_METHOD structure
9706            #
9707            # returns: 0 on success, 1 on failure (check the error queue to find out the reason)
9708
9709           Check openssl doc
9710           <http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html>
9711
9712       •   DH_free
9713
9714           Frees the DH structure and its components. The values are erased
9715           before the memory is returned to the system.
9716
9717            Net::SSLeay::DH_free($dh);
9718            # $dh - value corresponding to openssl's DH structure
9719            #
9720            # returns: no return value
9721
9722           Check openssl doc <http://www.openssl.org/docs/crypto/DH_new.html>
9723
9724       •   FIPS_mode_set
9725
9726           Enable or disable FIPS mode in a FIPS capable OpenSSL.
9727
9728            Net::SSLeay:: FIPS_mode_set($enable);
9729            # $enable - (integer) 1 to enable, 0 to disable
9730
9731       Low level API: EC related functions
9732
9733       •   CTX_set_tmp_ecdh
9734
9735           TBA
9736
9737       •   EC_KEY_free
9738
9739           TBA
9740
9741       •   EC_KEY_new_by_curve_name
9742
9743           TBA
9744
9745       •   EC_KEY_generate_key
9746
9747           Generates a EC key and returns it in a newly allocated EC_KEY
9748           structure.  The EC key then can be used to create a PKEY which can
9749           be used in calls like X509_set_pubkey.
9750
9751            my $key = Net::SSLeay::EVP_PKEY_new();
9752            my $ec  = Net::SSLeay::EC_KEY_generate_key($curve);
9753            Net::SSLeay::EVP_PKEY_assign_EC_KEY($key,$ec);
9754
9755            # $curve - curve name like 'secp521r1' or the matching Id (integer) of the curve
9756            #
9757            # returns: value corresponding to openssl's EC_KEY structure (0 on failure)
9758
9759           This function has no equivalent in OpenSSL but combines multiple
9760           OpenSSL functions for an easier interface.
9761
9762       •   CTX_set_ecdh_auto, set_ecdh_auto
9763
9764           These functions enable or disable the automatic curve selection on
9765           the server side by calling SSL_CTX_set_ecdh_auto or
9766           SSL_set_ecdh_auto respectively.  If enabled the highest preference
9767           curve is automatically used for ECDH temporary keys used during key
9768           exchange.  This function is no longer available for OpenSSL 1.1.0
9769           or higher.
9770
9771             Net::SSLeay::CTX_set_ecdh_auto($ctx,1);
9772             Net::SSLeay::set_ecdh_auto($ssl,1);
9773
9774       •   CTX_set1_curves_list, set1_curves_list
9775
9776           These functions set the supported curves (in order of preference)
9777           by calling SSL_CTX_set1_curves_list or SSL_set1_curves_list
9778           respectively.  For a TLS client these curves are offered to the
9779           server in the supported curves extension while on the server side
9780           these are used to determine the shared curve.  These functions are
9781           only available since OpenSSL 1.1.0.
9782
9783             Net::SSLeay::CTX_set1_curves_list($ctx,"P-521:P-384:P-256");
9784             Net::SSLeay::set1_curves_list($ssl,"P-521:P-384:P-256");
9785
9786       •   CTX_set1_groups_list, set1_groups_list
9787
9788           These functions set the supported groups (in order of preference)
9789           by calling SSL_CTX_set1_groups_list or SSL_set1_groups_list
9790           respectively.  This is practically the same as CTX_set1_curves_list
9791           and set1_curves_list except that all DH groups can be given as
9792           supported by TLS 1.3.  These functions are only available since
9793           OpenSSL 1.1.1.
9794
9795             Net::SSLeay::CTX_set1_groups_list($ctx,"P-521:P-384:P-256");
9796             Net::SSLeay::set1_groups_list($ssl,"P-521:P-384:P-256");
9797
9798   Constants
9799       There are many openssl constants available in Net::SSLeay. You can use
9800       them like this:
9801
9802        use Net::SSLeay;
9803        print &Net::SSLeay::NID_commonName;
9804        #or
9805        print Net::SSLeay::NID_commonName();
9806
9807       Or you can import them and use:
9808
9809        use Net::SSLeay qw/NID_commonName/;
9810        print &NID_commonName;
9811        #or
9812        print NID_commonName();
9813        #or
9814        print NID_commonName;
9815
9816       The constants names are derived from openssl constants, however
9817       constants starting with "SSL_" prefix have name with "SSL_" part
9818       stripped - e.g. openssl's constant "SSL_OP_ALL" is available as
9819       "Net::SSleay::OP_ALL"
9820
9821       The list of all available constant names:
9822
9823        ASN1_STRFLGS_ESC_CTRL           NID_netscape                              R_UNKNOWN_REMOTE_ERROR_TYPE
9824        ASN1_STRFLGS_ESC_MSB            NID_netscape_base_url                     R_UNKNOWN_STATE
9825        ASN1_STRFLGS_ESC_QUOTE          NID_netscape_ca_policy_url                R_X509_LIB
9826        ASN1_STRFLGS_RFC2253            NID_netscape_ca_revocation_url            SENT_SHUTDOWN
9827        CB_ACCEPT_EXIT                  NID_netscape_cert_extension               SESSION_ASN1_VERSION
9828        CB_ACCEPT_LOOP                  NID_netscape_cert_sequence                SESS_CACHE_BOTH
9829        CB_ALERT                        NID_netscape_cert_type                    SESS_CACHE_CLIENT
9830        CB_CONNECT_EXIT                 NID_netscape_comment                      SESS_CACHE_NO_AUTO_CLEAR
9831        CB_CONNECT_LOOP                 NID_netscape_data_type                    SESS_CACHE_NO_INTERNAL
9832        CB_EXIT                         NID_netscape_renewal_url                  SESS_CACHE_NO_INTERNAL_LOOKUP
9833        CB_HANDSHAKE_DONE               NID_netscape_revocation_url               SESS_CACHE_NO_INTERNAL_STORE
9834        CB_HANDSHAKE_START              NID_netscape_ssl_server_name              SESS_CACHE_OFF
9835        CB_LOOP                         NID_ns_sgc                                SESS_CACHE_SERVER
9836        CB_READ                         NID_organizationName                      SSL3_VERSION
9837        CB_READ_ALERT                   NID_organizationalUnitName                SSLEAY_BUILT_ON
9838        CB_WRITE                        NID_pbeWithMD2AndDES_CBC                  SSLEAY_CFLAGS
9839        CB_WRITE_ALERT                  NID_pbeWithMD2AndRC2_CBC                  SSLEAY_DIR
9840        ERROR_NONE                      NID_pbeWithMD5AndCast5_CBC                SSLEAY_PLATFORM
9841        ERROR_SSL                       NID_pbeWithMD5AndDES_CBC                  SSLEAY_VERSION
9842        ERROR_SYSCALL                   NID_pbeWithMD5AndRC2_CBC                  ST_ACCEPT
9843        ERROR_WANT_ACCEPT               NID_pbeWithSHA1AndDES_CBC                 ST_BEFORE
9844        ERROR_WANT_CONNECT              NID_pbeWithSHA1AndRC2_CBC                 ST_CONNECT
9845        ERROR_WANT_READ                 NID_pbe_WithSHA1And128BitRC2_CBC          ST_INIT
9846        ERROR_WANT_WRITE                NID_pbe_WithSHA1And128BitRC4              ST_OK
9847        ERROR_WANT_X509_LOOKUP          NID_pbe_WithSHA1And2_Key_TripleDES_CBC    ST_READ_BODY
9848        ERROR_ZERO_RETURN               NID_pbe_WithSHA1And3_Key_TripleDES_CBC    ST_READ_HEADER
9849        EVP_PKS_DSA                     NID_pbe_WithSHA1And40BitRC2_CBC           TLS1_1_VERSION
9850        EVP_PKS_EC                      NID_pbe_WithSHA1And40BitRC4               TLS1_2_VERSION
9851        EVP_PKS_RSA                     NID_pbes2                                 TLS1_3_VERSION
9852        EVP_PKT_ENC                     NID_pbmac1                                TLS1_VERSION
9853        EVP_PKT_EXCH                    NID_pkcs                                  TLSEXT_STATUSTYPE_ocsp
9854        EVP_PKT_EXP                     NID_pkcs3                                 VERIFY_CLIENT_ONCE
9855        EVP_PKT_SIGN                    NID_pkcs7                                 VERIFY_FAIL_IF_NO_PEER_CERT
9856        EVP_PK_DH                       NID_pkcs7_data                            VERIFY_NONE
9857        EVP_PK_DSA                      NID_pkcs7_digest                          VERIFY_PEER
9858        EVP_PK_EC                       NID_pkcs7_encrypted                       VERIFY_POST_HANDSHAKE
9859        EVP_PK_RSA                      NID_pkcs7_enveloped                       V_OCSP_CERTSTATUS_GOOD
9860        FILETYPE_ASN1                   NID_pkcs7_signed                          V_OCSP_CERTSTATUS_REVOKED
9861        FILETYPE_PEM                    NID_pkcs7_signedAndEnveloped              V_OCSP_CERTSTATUS_UNKNOWN
9862        F_CLIENT_CERTIFICATE            NID_pkcs8ShroudedKeyBag                   WRITING
9863        F_CLIENT_HELLO                  NID_pkcs9                                 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
9864        F_CLIENT_MASTER_KEY             NID_pkcs9_challengePassword               X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
9865        F_D2I_SSL_SESSION               NID_pkcs9_contentType                     X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
9866        F_GET_CLIENT_FINISHED           NID_pkcs9_countersignature                X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
9867        F_GET_CLIENT_HELLO              NID_pkcs9_emailAddress                    X509_CHECK_FLAG_NO_WILDCARDS
9868        F_GET_CLIENT_MASTER_KEY         NID_pkcs9_extCertAttributes               X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
9869        F_GET_SERVER_FINISHED           NID_pkcs9_messageDigest                   X509_FILETYPE_ASN1
9870        F_GET_SERVER_HELLO              NID_pkcs9_signingTime                     X509_FILETYPE_DEFAULT
9871        F_GET_SERVER_VERIFY             NID_pkcs9_unstructuredAddress             X509_FILETYPE_PEM
9872        F_I2D_SSL_SESSION               NID_pkcs9_unstructuredName                X509_LOOKUP
9873        F_READ_N                        NID_private_key_usage_period              X509_PURPOSE_ANY
9874        F_REQUEST_CERTIFICATE           NID_rc2_40_cbc                            X509_PURPOSE_CRL_SIGN
9875        F_SERVER_HELLO                  NID_rc2_64_cbc                            X509_PURPOSE_NS_SSL_SERVER
9876        F_SSL_CERT_NEW                  NID_rc2_cbc                               X509_PURPOSE_OCSP_HELPER
9877        F_SSL_GET_NEW_SESSION           NID_rc2_cfb64                             X509_PURPOSE_SMIME_ENCRYPT
9878        F_SSL_NEW                       NID_rc2_ecb                               X509_PURPOSE_SMIME_SIGN
9879        F_SSL_READ                      NID_rc2_ofb64                             X509_PURPOSE_SSL_CLIENT
9880        F_SSL_RSA_PRIVATE_DECRYPT       NID_rc4                                   X509_PURPOSE_SSL_SERVER
9881        F_SSL_RSA_PUBLIC_ENCRYPT        NID_rc4_40                                X509_PURPOSE_TIMESTAMP_SIGN
9882        F_SSL_SESSION_NEW               NID_rc5_cbc                               X509_TRUST_COMPAT
9883        F_SSL_SESSION_PRINT_FP          NID_rc5_cfb64                             X509_TRUST_EMAIL
9884        F_SSL_SET_FD                    NID_rc5_ecb                               X509_TRUST_OBJECT_SIGN
9885        F_SSL_SET_RFD                   NID_rc5_ofb64                             X509_TRUST_OCSP_REQUEST
9886        F_SSL_SET_WFD                   NID_ripemd160                             X509_TRUST_OCSP_SIGN
9887        F_SSL_USE_CERTIFICATE           NID_ripemd160WithRSA                      X509_TRUST_SSL_CLIENT
9888        F_SSL_USE_CERTIFICATE_ASN1      NID_rle_compression                       X509_TRUST_SSL_SERVER
9889        F_SSL_USE_CERTIFICATE_FILE      NID_rsa                                   X509_TRUST_TSA
9890        F_SSL_USE_PRIVATEKEY            NID_rsaEncryption                         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
9891        F_SSL_USE_PRIVATEKEY_ASN1       NID_rsadsi                                X509_V_ERR_AKID_SKID_MISMATCH
9892        F_SSL_USE_PRIVATEKEY_FILE       NID_safeContentsBag                       X509_V_ERR_APPLICATION_VERIFICATION
9893        F_SSL_USE_RSAPRIVATEKEY         NID_sdsiCertificate                       X509_V_ERR_CA_KEY_TOO_SMALL
9894        F_SSL_USE_RSAPRIVATEKEY_ASN1    NID_secretBag                             X509_V_ERR_CA_MD_TOO_WEAK
9895        F_SSL_USE_RSAPRIVATEKEY_FILE    NID_serialNumber                          X509_V_ERR_CERT_CHAIN_TOO_LONG
9896        F_WRITE_PENDING                 NID_server_auth                           X509_V_ERR_CERT_HAS_EXPIRED
9897        GEN_DIRNAME                     NID_sha                                   X509_V_ERR_CERT_NOT_YET_VALID
9898        GEN_DNS                         NID_sha1                                  X509_V_ERR_CERT_REJECTED
9899        GEN_EDIPARTY                    NID_sha1WithRSA                           X509_V_ERR_CERT_REVOKED
9900        GEN_EMAIL                       NID_sha1WithRSAEncryption                 X509_V_ERR_CERT_SIGNATURE_FAILURE
9901        GEN_IPADD                       NID_shaWithRSAEncryption                  X509_V_ERR_CERT_UNTRUSTED
9902        GEN_OTHERNAME                   NID_stateOrProvinceName                   X509_V_ERR_CRL_HAS_EXPIRED
9903        GEN_RID                         NID_subject_alt_name                      X509_V_ERR_CRL_NOT_YET_VALID
9904        GEN_URI                         NID_subject_key_identifier                X509_V_ERR_CRL_PATH_VALIDATION_ERROR
9905        GEN_X400                        NID_surname                               X509_V_ERR_CRL_SIGNATURE_FAILURE
9906        LIBRESSL_VERSION_NUMBER         NID_sxnet                                 X509_V_ERR_DANE_NO_MATCH
9907        MBSTRING_ASC                    NID_time_stamp                            X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
9908        MBSTRING_BMP                    NID_title                                 X509_V_ERR_DIFFERENT_CRL_SCOPE
9909        MBSTRING_FLAG                   NID_undef                                 X509_V_ERR_EE_KEY_TOO_SMALL
9910        MBSTRING_UNIV                   NID_uniqueIdentifier                      X509_V_ERR_EMAIL_MISMATCH
9911        MBSTRING_UTF8                   NID_x509Certificate                       X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
9912        MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_x509Crl                               X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
9913        MODE_ACCEPT_MOVING_WRITE_BUFFER NID_zlib_compression                      X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
9914        MODE_AUTO_RETRY                 NOTHING                                   X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
9915        MODE_ENABLE_PARTIAL_WRITE       OCSP_RESPONSE_STATUS_INTERNALERROR        X509_V_ERR_EXCLUDED_VIOLATION
9916        MODE_RELEASE_BUFFERS            OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     X509_V_ERR_HOSTNAME_MISMATCH
9917        NID_OCSP_sign                   OCSP_RESPONSE_STATUS_SIGREQUIRED          X509_V_ERR_INVALID_CA
9918        NID_SMIMECapabilities           OCSP_RESPONSE_STATUS_SUCCESSFUL           X509_V_ERR_INVALID_CALL
9919        NID_X500                        OCSP_RESPONSE_STATUS_TRYLATER             X509_V_ERR_INVALID_EXTENSION
9920        NID_X509                        OCSP_RESPONSE_STATUS_UNAUTHORIZED         X509_V_ERR_INVALID_NON_CA
9921        NID_ad_OCSP                     OPENSSL_BUILT_ON                          X509_V_ERR_INVALID_POLICY_EXTENSION
9922        NID_ad_ca_issuers               OPENSSL_CFLAGS                            X509_V_ERR_INVALID_PURPOSE
9923        NID_algorithm                   OPENSSL_DIR                               X509_V_ERR_IP_ADDRESS_MISMATCH
9924        NID_authority_key_identifier    OPENSSL_ENGINES_DIR                       X509_V_ERR_KEYUSAGE_NO_CERTSIGN
9925        NID_basic_constraints           OPENSSL_PLATFORM                          X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
9926        NID_bf_cbc                      OPENSSL_VERSION                           X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
9927        NID_bf_cfb64                    OPENSSL_VERSION_NUMBER                    X509_V_ERR_NO_EXPLICIT_POLICY
9928        NID_bf_ecb                      OP_ALL                                    X509_V_ERR_NO_VALID_SCTS
9929        NID_bf_ofb64                    OP_ALLOW_NO_DHE_KEX                       X509_V_ERR_OCSP_CERT_UNKNOWN
9930        NID_cast5_cbc                   OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION      X509_V_ERR_OCSP_VERIFY_FAILED
9931        NID_cast5_cfb64                 OP_CIPHER_SERVER_PREFERENCE               X509_V_ERR_OCSP_VERIFY_NEEDED
9932        NID_cast5_ecb                   OP_CISCO_ANYCONNECT                       X509_V_ERR_OUT_OF_MEM
9933        NID_cast5_ofb64                 OP_COOKIE_EXCHANGE                        X509_V_ERR_PATH_LENGTH_EXCEEDED
9934        NID_certBag                     OP_CRYPTOPRO_TLSEXT_BUG                   X509_V_ERR_PATH_LOOP
9935        NID_certificate_policies        OP_DONT_INSERT_EMPTY_FRAGMENTS            X509_V_ERR_PERMITTED_VIOLATION
9936        NID_client_auth                 OP_ENABLE_MIDDLEBOX_COMPAT                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
9937        NID_code_sign                   OP_EPHEMERAL_RSA                          X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
9938        NID_commonName                  OP_LEGACY_SERVER_CONNECT                  X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
9939        NID_countryName                 OP_MICROSOFT_BIG_SSLV3_BUFFER             X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
9940        NID_crlBag                      OP_MICROSOFT_SESS_ID_BUG                  X509_V_ERR_STORE_LOOKUP
9941        NID_crl_distribution_points     OP_MSIE_SSLV2_RSA_PADDING                 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
9942        NID_crl_number                  OP_NETSCAPE_CA_DN_BUG                     X509_V_ERR_SUBTREE_MINMAX
9943        NID_crl_reason                  OP_NETSCAPE_CHALLENGE_BUG                 X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
9944        NID_delta_crl                   OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG        X509_V_ERR_SUITE_B_INVALID_ALGORITHM
9945        NID_des_cbc                     OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG       X509_V_ERR_SUITE_B_INVALID_CURVE
9946        NID_des_cfb64                   OP_NON_EXPORT_FIRST                       X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
9947        NID_des_ecb                     OP_NO_ANTI_REPLAY                         X509_V_ERR_SUITE_B_INVALID_VERSION
9948        NID_des_ede                     OP_NO_CLIENT_RENEGOTIATION                X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
9949        NID_des_ede3                    OP_NO_COMPRESSION                         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
9950        NID_des_ede3_cbc                OP_NO_ENCRYPT_THEN_MAC                    X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
9951        NID_des_ede3_cfb64              OP_NO_QUERY_MTU                           X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
9952        NID_des_ede3_ofb64              OP_NO_RENEGOTIATION                       X509_V_ERR_UNABLE_TO_GET_CRL
9953        NID_des_ede_cbc                 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
9954        NID_des_ede_cfb64               OP_NO_SSL_MASK                            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
9955        NID_des_ede_ofb64               OP_NO_SSLv2                               X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
9956        NID_des_ofb64                   OP_NO_SSLv3                               X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
9957        NID_description                 OP_NO_TICKET                              X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
9958        NID_desx_cbc                    OP_NO_TLSv1                               X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
9959        NID_dhKeyAgreement              OP_NO_TLSv1_1                             X509_V_ERR_UNNESTED_RESOURCE
9960        NID_dnQualifier                 OP_NO_TLSv1_2                             X509_V_ERR_UNSPECIFIED
9961        NID_dsa                         OP_NO_TLSv1_3                             X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
9962        NID_dsaWithSHA                  OP_PKCS1_CHECK_1                          X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
9963        NID_dsaWithSHA1                 OP_PKCS1_CHECK_2                          X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
9964        NID_dsaWithSHA1_2               OP_PRIORITIZE_CHACHA                      X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
9965        NID_dsa_2                       OP_SAFARI_ECDHE_ECDSA_BUG                 X509_V_FLAG_ALLOW_PROXY_CERTS
9966        NID_email_protect               OP_SINGLE_DH_USE                          X509_V_FLAG_CB_ISSUER_CHECK
9967        NID_ext_key_usage               OP_SINGLE_ECDH_USE                        X509_V_FLAG_CHECK_SS_SIGNATURE
9968        NID_ext_req                     OP_SSLEAY_080_CLIENT_DH_BUG               X509_V_FLAG_CRL_CHECK
9969        NID_friendlyName                OP_SSLREF2_REUSE_CERT_TYPE_BUG            X509_V_FLAG_CRL_CHECK_ALL
9970        NID_givenName                   OP_TLSEXT_PADDING                         X509_V_FLAG_EXPLICIT_POLICY
9971        NID_hmacWithSHA1                OP_TLS_BLOCK_PADDING_BUG                  X509_V_FLAG_EXTENDED_CRL_SUPPORT
9972        NID_id_ad                       OP_TLS_D5_BUG                             X509_V_FLAG_IGNORE_CRITICAL
9973        NID_id_ce                       OP_TLS_ROLLBACK_BUG                       X509_V_FLAG_INHIBIT_ANY
9974        NID_id_kp                       READING                                   X509_V_FLAG_INHIBIT_MAP
9975        NID_id_pbkdf2                   RECEIVED_SHUTDOWN                         X509_V_FLAG_NOTIFY_POLICY
9976        NID_id_pe                       RSA_3                                     X509_V_FLAG_NO_ALT_CHAINS
9977        NID_id_pkix                     RSA_F4                                    X509_V_FLAG_NO_CHECK_TIME
9978        NID_id_qt_cps                   R_BAD_AUTHENTICATION_TYPE                 X509_V_FLAG_PARTIAL_CHAIN
9979        NID_id_qt_unotice               R_BAD_CHECKSUM                            X509_V_FLAG_POLICY_CHECK
9980        NID_idea_cbc                    R_BAD_MAC_DECODE                          X509_V_FLAG_POLICY_MASK
9981        NID_idea_cfb64                  R_BAD_RESPONSE_ARGUMENT                   X509_V_FLAG_SUITEB_128_LOS
9982        NID_idea_ecb                    R_BAD_SSL_FILETYPE                        X509_V_FLAG_SUITEB_128_LOS_ONLY
9983        NID_idea_ofb64                  R_BAD_SSL_SESSION_ID_LENGTH               X509_V_FLAG_SUITEB_192_LOS
9984        NID_info_access                 R_BAD_STATE                               X509_V_FLAG_TRUSTED_FIRST
9985        NID_initials                    R_BAD_WRITE_RETRY                         X509_V_FLAG_USE_CHECK_TIME
9986        NID_invalidity_date             R_CHALLENGE_IS_DIFFERENT                  X509_V_FLAG_USE_DELTAS
9987        NID_issuer_alt_name             R_CIPHER_TABLE_SRC_ERROR                  X509_V_FLAG_X509_STRICT
9988        NID_keyBag                      R_INVALID_CHALLENGE_LENGTH                X509_V_OK
9989        NID_key_usage                   R_NO_CERTIFICATE_SET                      XN_FLAG_COMPAT
9990        NID_localKeyID                  R_NO_CERTIFICATE_SPECIFIED                XN_FLAG_DN_REV
9991        NID_localityName                R_NO_CIPHER_LIST                          XN_FLAG_DUMP_UNKNOWN_FIELDS
9992        NID_md2                         R_NO_CIPHER_MATCH                         XN_FLAG_FN_ALIGN
9993        NID_md2WithRSAEncryption        R_NO_PRIVATEKEY                           XN_FLAG_FN_LN
9994        NID_md5                         R_NO_PUBLICKEY                            XN_FLAG_FN_MASK
9995        NID_md5WithRSA                  R_NULL_SSL_CTX                            XN_FLAG_FN_NONE
9996        NID_md5WithRSAEncryption        R_PEER_DID_NOT_RETURN_A_CERTIFICATE       XN_FLAG_FN_OID
9997        NID_md5_sha1                    R_PEER_ERROR                              XN_FLAG_FN_SN
9998        NID_mdc2                        R_PEER_ERROR_CERTIFICATE                  XN_FLAG_MULTILINE
9999        NID_mdc2WithRSA                 R_PEER_ERROR_NO_CIPHER                    XN_FLAG_ONELINE
10000        NID_ms_code_com                 R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE XN_FLAG_RFC2253
10001        NID_ms_code_ind                 R_PUBLIC_KEY_ENCRYPT_ERROR                XN_FLAG_SEP_COMMA_PLUS
10002        NID_ms_ctl_sign                 R_PUBLIC_KEY_IS_NOT_RSA                   XN_FLAG_SEP_CPLUS_SPC
10003        NID_ms_efs                      R_READ_WRONG_PACKET_TYPE                  XN_FLAG_SEP_MASK
10004        NID_ms_ext_req                  R_SHORT_READ                              XN_FLAG_SEP_MULTILINE
10005        NID_ms_sgc                      R_SSL_SESSION_ID_IS_DIFFERENT             XN_FLAG_SEP_SPLUS_SPC
10006        NID_name                        R_UNABLE_TO_EXTRACT_PUBLIC_KEY            XN_FLAG_SPC_EQ
10007
10008   INTERNAL ONLY functions (do not use these)
10009       The following functions are not intended for use from outside of
10010       Net::SSLeay module.  They might be removed, renamed or changed without
10011       prior notice in future version.
10012
10013       Simply DO NOT USE THEM!
10014
10015       •   hello
10016
10017       •   blength
10018
10019       •   constant
10020

EXAMPLES

10022       One very good example to look at is the implementation of "sslcat()" in
10023       the "SSLeay.pm" file.
10024
10025       The following is a simple SSLeay client (with too little error checking
10026       :-(
10027
10028           #!/usr/bin/perl
10029           use Socket;
10030           use Net::SSLeay qw(die_now die_if_ssl_error) ;
10031           Net::SSLeay::load_error_strings();
10032           Net::SSLeay::SSLeay_add_ssl_algorithms();
10033           Net::SSLeay::randomize();
10034
10035           ($dest_serv, $port, $msg) = @ARGV;      # Read command line
10036           $port = getservbyname ($port, 'tcp') unless $port =~ /^\d+$/;
10037           $dest_ip = gethostbyname ($dest_serv);
10038           $dest_serv_params  = sockaddr_in($port, $dest_ip);
10039
10040           socket  (S, &AF_INET, &SOCK_STREAM, 0)  or die "socket: $!";
10041           connect (S, $dest_serv_params)          or die "connect: $!";
10042           select  (S); $| = 1; select (STDOUT);   # Eliminate STDIO buffering
10043
10044           # The network connection is now open, lets fire up SSL
10045
10046           $ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
10047           Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
10048                or die_if_ssl_error("ssl ctx set options");
10049           $ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
10050           Net::SSLeay::set_fd($ssl, fileno(S));   # Must use fileno
10051           $res = Net::SSLeay::connect($ssl) and die_if_ssl_error("ssl connect");
10052           print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
10053
10054           # Exchange data
10055
10056           $res = Net::SSLeay::write($ssl, $msg);  # Perl knows how long $msg is
10057           die_if_ssl_error("ssl write");
10058           CORE::shutdown S, 1;  # Half close --> No more output, sends EOF to server
10059           $got = Net::SSLeay::read($ssl);         # Perl returns undef on failure
10060           die_if_ssl_error("ssl read");
10061           print $got;
10062
10063           Net::SSLeay::free ($ssl);               # Tear down connection
10064           Net::SSLeay::CTX_free ($ctx);
10065           close S;
10066
10067       The following is a simple SSLeay echo server (non forking):
10068
10069           #!/usr/bin/perl -w
10070           use Socket;
10071           use Net::SSLeay qw(die_now die_if_ssl_error);
10072           Net::SSLeay::load_error_strings();
10073           Net::SSLeay::SSLeay_add_ssl_algorithms();
10074           Net::SSLeay::randomize();
10075
10076           $our_ip = "\0\0\0\0"; # Bind to all interfaces
10077           $port = 1235;
10078           $sockaddr_template = 'S n a4 x8';
10079           $our_serv_params = pack ($sockaddr_template, &AF_INET, $port, $our_ip);
10080
10081           socket (S, &AF_INET, &SOCK_STREAM, 0)  or die "socket: $!";
10082           bind (S, $our_serv_params)             or die "bind:   $!";
10083           listen (S, 5)                          or die "listen: $!";
10084           $ctx = Net::SSLeay::CTX_new ()         or die_now("CTX_new ($ctx): $!");
10085           Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
10086                or die_if_ssl_error("ssl ctx set options");
10087
10088           # Following will ask password unless private key is not encrypted
10089           Net::SSLeay::CTX_use_RSAPrivateKey_file ($ctx, 'plain-rsa.pem',
10090                                                    &Net::SSLeay::FILETYPE_PEM);
10091           die_if_ssl_error("private key");
10092           Net::SSLeay::CTX_use_certificate_file ($ctx, 'plain-cert.pem',
10093                                                  &Net::SSLeay::FILETYPE_PEM);
10094           die_if_ssl_error("certificate");
10095
10096           while (1) {
10097               print "Accepting connections...\n";
10098               ($addr = accept (NS, S))           or die "accept: $!";
10099               select (NS); $| = 1; select (STDOUT);  # Piping hot!
10100
10101               ($af,$client_port,$client_ip) = unpack($sockaddr_template,$addr);
10102               @inetaddr = unpack('C4',$client_ip);
10103               print "$af connection from " .
10104               join ('.', @inetaddr) . ":$client_port\n";
10105
10106               # We now have a network connection, lets fire up SSLeay...
10107
10108               $ssl = Net::SSLeay::new($ctx)      or die_now("SSL_new ($ssl): $!");
10109               Net::SSLeay::set_fd($ssl, fileno(NS));
10110
10111               $err = Net::SSLeay::accept($ssl) and die_if_ssl_error('ssl accept');
10112               print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
10113
10114               # Connected. Exchange some data.
10115
10116               $got = Net::SSLeay::read($ssl);     # Returns undef on fail
10117               die_if_ssl_error("ssl read");
10118               print "Got `$got' (" . length ($got) . " chars)\n";
10119
10120               Net::SSLeay::write ($ssl, uc ($got)) or die "write: $!";
10121               die_if_ssl_error("ssl write");
10122
10123               Net::SSLeay::free ($ssl);           # Tear down connection
10124               close NS;
10125           }
10126
10127       Yet another echo server. This one runs from "/etc/inetd.conf" so it
10128       avoids all the socket code overhead. Only caveat is opening an rsa key
10129       file - it had better be without any encryption or else it will not know
10130       where to ask for the password. Note how "STDIN" and "STDOUT" are wired
10131       to SSL.
10132
10133           #!/usr/bin/perl
10134           # /etc/inetd.conf
10135           #    ssltst stream tcp nowait root /path/to/server.pl server.pl
10136           # /etc/services
10137           #    ssltst         1234/tcp
10138
10139           use Net::SSLeay qw(die_now die_if_ssl_error);
10140           Net::SSLeay::load_error_strings();
10141           Net::SSLeay::SSLeay_add_ssl_algorithms();
10142           Net::SSLeay::randomize();
10143
10144           chdir '/key/dir' or die "chdir: $!";
10145           $| = 1;  # Piping hot!
10146           open LOG, ">>/dev/console" or die "Can't open log file $!";
10147           select LOG; print "server.pl started\n";
10148
10149           $ctx = Net::SSLeay::CTX_new()     or die_now "CTX_new ($ctx) ($!)";
10150           $ssl = Net::SSLeay::new($ctx)     or die_now "new ($ssl) ($!)";
10151           Net::SSLeay::set_options($ssl, &Net::SSLeay::OP_ALL)
10152                and die_if_ssl_error("ssl set options");
10153
10154           # We get already open network connection from inetd, now we just
10155           # need to attach SSLeay to STDIN and STDOUT
10156           Net::SSLeay::set_rfd($ssl, fileno(STDIN));
10157           Net::SSLeay::set_wfd($ssl, fileno(STDOUT));
10158
10159           Net::SSLeay::use_RSAPrivateKey_file ($ssl, 'plain-rsa.pem',
10160                                                Net::SSLeay::FILETYPE_PEM);
10161           die_if_ssl_error("private key");
10162           Net::SSLeay::use_certificate_file ($ssl, 'plain-cert.pem',
10163                                              Net::SSLeay::FILETYPE_PEM);
10164           die_if_ssl_error("certificate");
10165
10166           Net::SSLeay::accept($ssl) and die_if_ssl_err("ssl accept: $!");
10167           print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
10168
10169           $got = Net::SSLeay::read($ssl);
10170           die_if_ssl_error("ssl read");
10171           print "Got `$got' (" . length ($got) . " chars)\n";
10172
10173           Net::SSLeay::write ($ssl, uc($got)) or die "write: $!";
10174           die_if_ssl_error("ssl write");
10175
10176           Net::SSLeay::free ($ssl);         # Tear down the connection
10177           Net::SSLeay::CTX_free ($ctx);
10178           close LOG;
10179
10180       There are also a number of example/test programs in the examples
10181       directory:
10182
10183           sslecho.pl   -  A simple server, not unlike the one above
10184           minicli.pl   -  Implements a client using low level SSLeay routines
10185           sslcat.pl    -  Demonstrates using high level sslcat utility function
10186           get_page.pl  -  Is a utility for getting html pages from secure servers
10187           callback.pl  -  Demonstrates certificate verification and callback usage
10188           stdio_bulk.pl       - Does SSL over Unix pipes
10189           ssl-inetd-serv.pl   - SSL server that can be invoked from inetd.conf
10190           httpd-proxy-snif.pl - Utility that allows you to see how a browser
10191                                 sends https request to given server and what reply
10192                                 it gets back (very educative :-)
10193           makecert.pl  -  Creates a self signed cert (does not use this module)
10194

INSTALLATION

10196       See README and README.* in the distribution directory for installation
10197       guidance on a variety of platforms.
10198

LIMITATIONS

10200       "Net::SSLeay::read()" uses an internal buffer of 32KB, thus no single
10201       read will return more. In practice one read returns much less, usually
10202       as much as fits in one network packet. To work around this, you should
10203       use a loop like this:
10204
10205           $reply = '';
10206           while ($got = Net::SSLeay::read($ssl)) {
10207               last if print_errs('SSL_read');
10208               $reply .= $got;
10209           }
10210
10211       Although there is no built-in limit in "Net::SSLeay::write()", the
10212       network packet size limitation applies here as well, thus use:
10213
10214           $written = 0;
10215
10216           while ($written < length($message)) {
10217               $written += Net::SSLeay::write($ssl, substr($message, $written));
10218               last if print_errs('SSL_write');
10219           }
10220
10221       Or alternatively you can just use the following convenience functions:
10222
10223           Net::SSLeay::ssl_write_all($ssl, $message) or die "ssl write failure";
10224           $got = Net::SSLeay::ssl_read_all($ssl) or die "ssl read failure";
10225

KNOWN BUGS AND CAVEATS

10227       An OpenSSL bug CVE-2015-0290 "OpenSSL Multiblock Corrupted Pointer
10228       Issue" can cause POST requests of over 90kB to fail or crash. This bug
10229       is reported to be fixed in OpenSSL 1.0.2a.
10230
10231       Autoloader emits a
10232
10233           Argument "xxx" isn't numeric in entersub at blib/lib/Net/SSLeay.pm'
10234
10235       warning if die_if_ssl_error is made autoloadable. If you figure out
10236       why, drop me a line.
10237
10238       Callback set using "SSL_set_verify()" does not appear to work. This may
10239       well be an openssl problem (e.g. see "ssl/ssl_lib.c" line 1029). Try
10240       using "SSL_CTX_set_verify()" instead and do not be surprised if even
10241       this stops working in future versions.
10242
10243       Callback and certificate verification stuff is generally too little
10244       tested.
10245
10246       Random numbers are not initialized randomly enough, especially if you
10247       do not have "/dev/random" and/or "/dev/urandom" (such as in Solaris
10248       platforms - but it's been suggested that cryptorand daemon from the
10249       SUNski package solves this). In this case you should investigate third
10250       party software that can emulate these devices, e.g. by way of a named
10251       pipe to some program.
10252
10253       Another gotcha with random number initialization is randomness
10254       depletion. This phenomenon, which has been extensively discussed in
10255       OpenSSL, Apache-SSL, and Apache-mod_ssl forums, can cause your script
10256       to block if you use "/dev/random" or to operate insecurely if you use
10257       "/dev/urandom". What happens is that when too much randomness is drawn
10258       from the operating system's randomness pool then randomness can
10259       temporarily be unavailable. "/dev/random" solves this problem by
10260       waiting until enough randomness can be gathered - and this can take a
10261       long time since blocking reduces activity in the machine and less
10262       activity provides less random events: a vicious circle.  "/dev/urandom"
10263       solves this dilemma more pragmatically by simply returning predictable
10264       "random" numbers. Some" /dev/urandom" emulation software however
10265       actually seems to implement "/dev/random" semantics. Caveat emptor.
10266
10267       I've been pointed to two such daemons by Mik Firestone
10268       <mik@@speed.stdio._com> who has used them on Solaris 8:
10269
10270       1.  Entropy Gathering Daemon (EGD) at
10271           <http://www.lothar.com/tech/crypto/>
10272
10273       2.  Pseudo-random number generating daemon (PRNGD) at
10274           <http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html>
10275
10276       If you are using the low level API functions to communicate with other
10277       SSL implementations, you would do well to call
10278
10279           Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
10280                or die_if_ssl_error("ssl ctx set options");
10281
10282       to cope with some well know bugs in some other SSL implementations. The
10283       high level API functions always set all known compatibility options.
10284
10285       Sometimes "sslcat()" (and the high level HTTPS functions that build on
10286       it) is too fast in signaling the EOF to legacy HTTPS servers. This
10287       causes the server to return empty page. To work around this problem you
10288       can set the global variable
10289
10290           $Net::SSLeay::slowly = 1;   # Add sleep so broken servers can keep up
10291
10292       HTTP/1.1 is not supported. Specifically this module does not know to
10293       issue or serve multiple http requests per connection. This is a serious
10294       shortcoming, but using the SSL session cache on your server helps to
10295       alleviate the CPU load somewhat.
10296
10297       As of version 1.09 many newer OpenSSL auxiliary functions were added
10298       (from "REM_AUTOMATICALLY_GENERATED_1_09" onwards in "SSLeay.xs").
10299       Unfortunately I have not had any opportunity to test these. Some of
10300       them are trivial enough that I believe they "just work", but others
10301       have rather complex interfaces with function pointers and all. In these
10302       cases you should proceed wit great caution.
10303
10304       This module defaults to using OpenSSL automatic protocol negotiation
10305       code for automatically detecting the version of the SSL/TLS protocol
10306       that the other end talks. With most web servers this works just fine,
10307       but once in a while I get complaints from people that the module does
10308       not work with some web servers. Usually this can be solved by
10309       explicitly setting the protocol version, e.g.
10310
10311          $Net::SSLeay::ssl_version = 2;  # Insist on SSLv2
10312          $Net::SSLeay::ssl_version = 3;  # Insist on SSLv3
10313          $Net::SSLeay::ssl_version = 10; # Insist on TLSv1
10314          $Net::SSLeay::ssl_version = 11; # Insist on TLSv1.1
10315          $Net::SSLeay::ssl_version = 12; # Insist on TLSv1.2
10316          $Net::SSLeay::ssl_version = 13; # Insist on TLSv1.3
10317
10318       Although the autonegotiation is nice to have, the SSL standards do not
10319       formally specify any such mechanism. Most of the world has accepted the
10320       SSLeay/OpenSSL way of doing it as the de facto standard. But for the
10321       few that think differently, you have to explicitly speak the correct
10322       version. This is not really a bug, but rather a deficiency in the
10323       standards. If a site refuses to respond or sends back some nonsensical
10324       error codes (at the SSL handshake level), try this option before
10325       mailing me.
10326
10327       On some systems, OpenSSL may be compiled without support for SSLv2.  If
10328       this is the case, Net::SSLeay will warn if ssl_version has been set to
10329       2.
10330
10331       The high level API returns the certificate of the peer, thus allowing
10332       one to check what certificate was supplied. However, you will only be
10333       able to check the certificate after the fact, i.e. you already sent
10334       your form data by the time you find out that you did not trust them,
10335       oops.
10336
10337       So, while being able to know the certificate after the fact is surely
10338       useful, the security minded would still choose to do the connection and
10339       certificate verification first and only then exchange data with the
10340       site. Currently none of the high level API functions do this, thus you
10341       would have to program it using the low level API. A good place to start
10342       is to see how the "Net::SSLeay::http_cat()" function is implemented.
10343
10344       The high level API functions use a global file handle "SSLCAT_S"
10345       internally. This really should not be a problem because there is no way
10346       to interleave the high level API functions, unless you use threads (but
10347       threads are not very well supported in perl anyway). However, you may
10348       run into problems if you call undocumented internal functions in an
10349       interleaved fashion. The best solution is to "require Net::SSLeay" in
10350       one thread after all the threads have been created.
10351

DIAGNOSTICS

10353       Random number generator not seeded!!!
10354           (W) This warning indicates that "randomize()" was not able to read
10355           "/dev/random" or "/dev/urandom", possibly because your system does
10356           not have them or they are differently named. You can still use SSL,
10357           but the encryption will not be as strong.
10358
10359       open_tcp_connection: destination host not found:`server' (port 123)
10360       ($!)
10361           Name lookup for host named "server" failed.
10362
10363       open_tcp_connection: failed `server', 123 ($!)
10364           The name was resolved, but establishing the TCP connection failed.
10365
10366       msg 123: 1 - error:140770F8:SSL routines:SSL23_GET_SERVER_HELLO:unknown
10367       proto
10368           SSLeay error string. The first number (123) is the PID, the second
10369           number (1) indicates the position of the error message in SSLeay
10370           error stack.  You often see a pile of these messages as errors
10371           cascade.
10372
10373       msg 123: 1 - error:02001002::lib(2) :func(1) :reason(2)
10374           The same as above, but you didn't call load_error_strings() so
10375           SSLeay couldn't verbosely explain the error. You can still find out
10376           what it means with this command:
10377
10378               /usr/local/ssl/bin/ssleay errstr 02001002
10379
10380       Password is being asked for private key
10381           This is normal behaviour if your private key is encrypted. Either
10382           you have to supply the password or you have to use an unencrypted
10383           private key. Scan OpenSSL.org for the FAQ that explains how to do
10384           this (or just study examples/makecert.pl which is used during "make
10385           test" to do just that).
10386

SECURITY

10388       You can mitigate some of the security vulnerabilities that might be
10389       present in your SSL/TLS application:
10390
10391   BEAST Attack
10392       http://blogs.cisco.com/security/beat-the-beast-with-tls/
10393       https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
10394       http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html
10395
10396       The BEAST attack relies on a weakness in the way CBC mode is used in
10397       SSL/TLS.  In OpenSSL versions 0.9.6d and later, the protocol-level
10398       mitigation is enabled by default, thus making it not vulnerable to the
10399       BEAST attack.
10400
10401       Solutions:
10402
10403       •   Compile with OpenSSL versions 0.9.6d or later, which enables
10404           SSL_OP_ALL by default
10405
10406       •   Ensure SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not enabled (its not
10407           enabled by default)
10408
10409       •   Don't support SSLv2, SSLv3
10410
10411       •   Actively control the ciphers your server supports with
10412           set_cipher_list:
10413
10414       Net::SSLeay::set_cipher_list($ssl, 'RC4-SHA:HIGH:!ADH');
10415
10416   Session Resumption
10417       http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
10418
10419       The SSL Labs vulnerability test on your SSL server might report in red:
10420
10421       Session resumption      No (IDs assigned but not accepted)
10422
10423       This report is not really bug or a vulnerability, since the server will
10424       not accept session resumption requests.  However, you can prevent this
10425       noise in the report by disabling the session cache altogether:
10426       Net::SSLeay::CTX_set_session_cache_mode($ssl_ctx,
10427       Net::SSLeay::SESS_CACHE_OFF()); Use 0 if you don't have SESS_CACHE_OFF
10428       constant.
10429
10430   Secure Renegotiation and DoS Attack
10431       https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
10432
10433       This is not a "security flaw," it is more of a DoS vulnerability.
10434
10435       Solutions:
10436
10437       •   Do not support SSLv2
10438
10439       •   Do not set the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION option
10440
10441       •   Compile with OpenSSL 0.9.8m or later
10442

BUGS

10444       If you encounter a problem with this module that you believe is a bug,
10445       please create a new issue <https://github.com/radiator-software/p5-net-
10446       ssleay/issues/new> in the Net-SSLeay GitHub repository. Please make
10447       sure your bug report includes the following information:
10448
10449       •   the code you are trying to run;
10450
10451       •   your operating system name and version;
10452
10453       •   the output of "perl -V";
10454
10455       •   the version of OpenSSL or LibreSSL you are using.
10456

AUTHOR

10458       Originally written by Sampo Kellomäki.
10459
10460       Maintained by Florian Ragwitz between November 2005 and January 2010.
10461
10462       Maintained by Mike McCauley between November 2005 and June 2018.
10463
10464       Maintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen
10465       since June 2018.
10466
10468       Copyright (c) 1996-2003 Sampo Kellomäki <sampo@iki.fi>
10469
10470       Copyright (c) 2005-2010 Florian Ragwitz <rafl@debian.org>
10471
10472       Copyright (c) 2005-2018 Mike McCauley <mikem@airspayce.com>
10473
10474       Copyright (c) 2018- Chris Novakovic <chris@chrisn.me.uk>
10475
10476       Copyright (c) 2018- Tuure Vartiainen <vartiait@radiatorsoftware.com>
10477
10478       Copyright (c) 2018- Heikki Vatiainen <hvn@radiatorsoftware.com>
10479
10480       All rights reserved.
10481

LICENSE

10483       This module is released under the terms of the Artistic License 2.0.
10484       For details, see the "LICENSE" file distributed with Net-SSLeay's
10485       source code.
10486

SEE ALSO

10488         Net::SSLeay::Handle                      - File handle interface
10489         ./examples                               - Example servers and a clients
10490         <http://www.openssl.org/>                - OpenSSL source, documentation, etc
10491         openssl-users-request@openssl.org        - General OpenSSL mailing list
10492         <http://www.ietf.org/rfc/rfc2246.txt>    - TLS 1.0 specification
10493         <http://www.w3c.org>                     - HTTP specifications
10494         <http://www.ietf.org/rfc/rfc2617.txt>    - How to send password
10495         <http://www.lothar.com/tech/crypto/>     - Entropy Gathering Daemon (EGD)
10496         <http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html>
10497                                  - pseudo-random number generating daemon (PRNGD)
10498         perl(1)
10499         perlref(1)
10500         perllol(1)
10501         perldoc ~openssl/doc/ssl/SSL_CTX_set_verify.pod
10502
10503
10504
10505perl v5.32.1                      2021-01-27                    Net::SSLeay(3)
Impressum