[−][src]Module mesalink::libssl::ssl

Implementations of OpenSSL SSL APIs. Please also refer to the header file at mesalink/openssl/ssl.h

Synopsis

This sub-module implements the necessary APIs to establish a TLS session. All the APIs are compatible to their OpenSSL counterparts.

Usage

The first step is to create a SSL_CTX object with SSL_CTX_new.

Then SSL_CTX_use_certificate_chain_file and SSL_CTX_use_PrivateKey_file must be called to set up the certificate and private key if the context is to be used in a TLS server.

When a TCP socket has been created, an SSL object can be created with SSL_new. Afterwards, the socket can be assigned to the SSL object with SSL_set_fd.

Then the TLS handshake is performed using SSL_connect or SSL_accept for a client or a server respectively. SSL_read and SSL_write are used to read and write data on the TLS connection. Finally, SSL_shutdown can be used to shut down the connection.

Structs

MESALINK_CIPHER	An OpenSSL Cipher object
MESALINK_CTX	A global context structure which is created by a server or a client once per program. It holds default values for `SSL` objects which are later created for individual connections.
MESALINK_METHOD	A dispatch structure describing the internal ssl library methods/functions which implement the various protocol versions such as TLS v1.2.
MESALINK_SSL	The main TLS structure which is created by a server or client per established connection.

Functions

mesalink_SSL_CIPHER_get_bits	`SSL_CIPHER_get_bits` - return the number of secret bits used for cipher. If alg_bits is not NULL, it contains the number of bits processed by the chosen algorithm. If cipher is NULL, 0 is returned.
mesalink_SSL_CIPHER_get_name	`SSL_CIPHER_get_name` - return a pointer to the name of cipher. If the argument is the NULL pointer, a pointer to the constant value "NONE" is returned.
mesalink_SSL_CIPHER_get_version	`SSL_CIPHER_get_version` - returns string which indicates the SSL/TLS protocol version that first defined the cipher. This is currently SSLv2 or TLSv1/SSLv3. In some cases it should possibly return "TLSv1.2" but does not; use SSL_CIPHER_description() instead. If cipher is NULL, "(NONE)" is returned.
mesalink_SSL_CTX_add_extra_chain_cert
mesalink_SSL_CTX_check_private_key	`SSL_CTX_check_private_key` - check the consistency of a private key with the corresponding certificate loaded into ctx
mesalink_SSL_CTX_free	`SSL_CTX_free` - free an allocated SSL_CTX object
mesalink_SSL_CTX_get_session_cache_mode	`SSL_CTX_get_session_cache_mode` - return the currently used cache mode
mesalink_SSL_CTX_load_verify_locations	`SSL_CTX_load_verify_locations` - specifies the locations for ctx, at which CA certificates for verification purposes are located. The certificates available via CAfile and CApath are trusted.
mesalink_SSL_CTX_new	`SSL_CTX_new` - create a new SSL_CTX object as framework to establish TLS/SSL enabled connections.
mesalink_SSL_CTX_sess_get_cache_size	`SSL_CTX_sess_get_cache_size` - return the currently session cache size
mesalink_SSL_CTX_sess_set_cache_size	`SSL_CTX_sess_set_cache_size` - return the currently session cache size
mesalink_SSL_CTX_set_session_cache_mode	`SSL_CTX_set_session_cache_mode` - enable/disable session caching by setting the operational mode for ctx to
mesalink_SSL_CTX_use_PrivateKey	`SSL_CTX_use_PrivateKey` adds pkey as private key to ctx
mesalink_SSL_CTX_use_PrivateKey_ASN1	`SSL_CTX_use_PrivateKey_ASN1` - load the ASN1 encoded certificate into ssl_ctx.
mesalink_SSL_CTX_use_PrivateKey_file	`SSL_CTX_use_PrivateKey_file` - add the first private key found in file to ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
mesalink_SSL_CTX_use_certificate	`SSL_CTX_use_certificate` loads the certificate x into ctx. The rest of the certificates needed to form the complete certificate chain can be specified using the `SSL_CTX_add_extra_chain_cert` function.
mesalink_SSL_CTX_use_certificate_ASN1	`SSL_CTX_use_certificate_ASN1` - load the ASN1 encoded certificate into ssl_ctx.
mesalink_SSL_CTX_use_certificate_chain_file	`SSL_CTX_use_certificate_chain_file` - load a certificate chain from file into ctx. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.
mesalink_SSL_accept	`SSL_accept` - wait for a TLS client to initiate the TLS handshake. The communication channel must already have been set and assigned to the ssl by setting SSL_set_fd.
mesalink_SSL_check_private_key	`SSL_check_private_key` - check the consistency of a private key with the corresponding certificate loaded into ssl
mesalink_SSL_connect	`SSL_connect` - initiate the TLS handshake with a server. The communication channel must already have been set and assigned to the ssl with SSL_set_fd.
mesalink_SSL_connect0	`SSL_connect0` - initiate the TLS handshake lazily with a server. The communication channel must already have been set and assigned to the ssl with SSL_set_fd. You must call `SSL_do_handshake()` to explictly start the handshake.
mesalink_SSL_do_handshake	`SSL_do_handshake` - perform a TLS/SSL handshake
mesalink_SSL_flush	`SSL_write` - write `num` bytes from the buffer `buf` into the specified `ssl` connection.
mesalink_SSL_free	`SSL_free` - free an allocated SSL object
mesalink_SSL_get_SSL_CTX	`SSL_get_SSL_CTX` - return a pointer to the SSL_CTX object, from which ssl was created with SSL_new.
mesalink_SSL_get_cipher	`SSL_get_cipher` - obtain the name of the currently used cipher.
mesalink_SSL_get_cipher_bits	`SSL_get_cipher_bits` - obtain the number of secret/algorithm bits used.
mesalink_SSL_get_cipher_name	`SSL_get_cipher_name` - obtain the name of the currently used cipher.
mesalink_SSL_get_cipher_version	`SSL_get_cipher_version` - returns the protocol name.
mesalink_SSL_get_current_cipher	`SSL_get_current_cipher` - returns a pointer to an SSL_CIPHER object containing the description of the actually used cipher of a connection established with the ssl object. See SSL_CIPHER_get_name for more details. Note that this API allocates memory and needs to be properly freed. freed.
mesalink_SSL_get_early_data_status	`SSL_get_early_data_status` - returns SSL_EARLY_DATA_ACCEPTED if early data was accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by the server.
mesalink_SSL_get_error	`SSL_get_error` - obtain result code for TLS/SSL I/O operation
mesalink_SSL_get_fd	`SSL_get_fd` - return the file descriptor which is linked to ssl.
mesalink_SSL_get_peer_certificate	`SSL_get_peer_certificate` - get the X509 certificate of the peer
mesalink_SSL_get_peer_certificates	`SSL_get_peer_certificates` - get the X509 certificate chain of the peer
mesalink_SSL_get_version	`SSL_get_version` - get the protocol information of a connection
mesalink_SSL_init_logger	`SSL_init_logger` turns on debugging output
mesalink_SSL_is_server	`SSL_is_server` checks if ssl is working in server mode.
mesalink_SSL_load_error_strings	For OpenSSL compatibility only.
mesalink_SSL_new	`SSL_new` - create a new SSL structure which is needed to hold the data for a TLS/SSL connection
mesalink_SSL_read	`SSL_read` - read `num` bytes from the specified `ssl` into the buffer `buf`.
mesalink_SSL_set_SSL_CTX	`SSL_set_SSL_CTX` - set the SSL_CTX object of an SSL object.
mesalink_SSL_set_accept_state	`SSL_set_accept_state` sets ssl to work in server mode.
mesalink_SSL_set_connect_state	`SSL_set_connect_state` sets ssl to work in client mode.
mesalink_SSL_set_fd	`SSL_set_fd` - set the file descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl. fd will typically be the socket file descriptor of a network connection.
mesalink_SSL_set_tlsext_host_name	`SSL_set_tlsext_host_name` - set the server name indication ClientHello extension to contain the value name.
mesalink_SSL_shutdown	`SSL_shutdown` - shut down a TLS connection
mesalink_SSL_use_PrivateKey_ASN1	`SSL_use_PrivateKey_ASN1` - load the ASN1 encoded certificate into ssl.
mesalink_SSL_use_certificate_ASN1	`SSL_use_certificate_ASN1` - load the ASN1 encoded certificate into ssl.
mesalink_SSL_write	`SSL_write` - write `num` bytes from the buffer `buf` into the specified `ssl` connection.
mesalink_SSL_write_early_data	`SSL_write_early_data` - write `num` bytes of TLS 1.3 early data from the buffer `buf` into the specified `ssl` connection.
mesalink_SSLv3_client_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_SSLv3_server_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_SSLv23_client_method	A general-purpose version-flexible SSL/TLS method. The supported protocols are TLSv1.2 and TLSv1.3.
mesalink_SSLv23_server_method	A general-purpose version-flexible SSL/TLS method. The supported protocols are TLSv1.2 and TLSv1.3.
mesalink_TLS_client_method	A general-purpose version-flexible SSL/TLS method. The supported protocols are TLSv1.2 and TLSv1.3.
mesalink_TLS_method	A general-purpose version-flexible SSL/TLS method. The supported protocols are TLSv1.2 and TLSv1.3.
mesalink_TLS_server_method	A general-purpose version-flexible SSL/TLS method. The supported protocol is TLSv1.2.
mesalink_TLSv1_client_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_TLSv1_server_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_TLSv1_1_client_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_TLSv1_1_server_method	This SSL/TLS version is not supported. Always return NULL.
mesalink_TLSv1_2_client_method	Version-specific method APIs. A TLS/SSL connection established with these methods will only understand the TLSv1.2 protocol.
mesalink_TLSv1_2_server_method	Version-specific method APIs. A TLS/SSL connection established with these methods will only understand the TLSv1.2 protocol.
mesalink_add_ssl_algorithms	For OpenSSL compatibility only. Always returns 1.
mesalink_library_init	For OpenSSL compatibility only. Always returns 1.