Implementations of OpenSSL SSL APIs.
Please also refer to the header file at tabbyssl/openssl/ssl.h
This sub-module implements the necessary APIs to establish a TLS session.
All the APIs are compatible to their OpenSSL counterparts.
The first step is to create a SSL_CTX
object with SSL_CTX_new
.
Then SSL_CTX_use_certificate_chain_file
and SSL_CTX_use_PrivateKey_file
must be called to set up the certificate and private key if the context is
to be used in a TLS server.
When a TCP socket has been created, an SSL
object can be created with
SSL_new
. Afterwards, the socket can be assigned to the SSL
object with
SSL_set_fd
.
Then the TLS handshake is performed using SSL_connect
or SSL_accept
for
a client or a server respectively. SSL_read
and SSL_write
are used to
read and write data on the TLS connection. Finally, SSL_shutdown
can be
used to shut down the connection.
tabby_SSL_CIPHER_get_bits | SSL_CIPHER_get_bits - return the number of secret bits used for cipher. If
alg_bits is not NULL, it contains the number of bits processed by the chosen
algorithm. If cipher is NULL, 0 is returned.
|
tabby_SSL_CIPHER_get_name | SSL_CIPHER_get_name - return a pointer to the name of cipher. If the
argument is the NULL pointer, a pointer to the constant value "NONE" is
returned.
|
tabby_SSL_CIPHER_get_version | SSL_CIPHER_get_version - returns string which indicates the SSL/TLS protocol
version that first defined the cipher. This is currently SSLv2 or
TLSv1/SSLv3. In some cases it should possibly return "TLSv1.2" but does not;
use SSL_CIPHER_description() instead. If cipher is NULL, "(NONE)" is
returned.
|
tabby_SSL_CTX_add_extra_chain_cert | |
tabby_SSL_CTX_check_private_key | SSL_CTX_check_private_key - check the consistency of a private key with the
corresponding certificate loaded into ctx
|
tabby_SSL_CTX_free | SSL_CTX_free - free an allocated SSL_CTX object
|
tabby_SSL_CTX_get_session_cache_mode | SSL_CTX_get_session_cache_mode - return the currently used cache mode
|
tabby_SSL_CTX_load_verify_locations | SSL_CTX_load_verify_locations - specifies the locations for ctx, at which
CA certificates for verification purposes are located. The certificates
available via CAfile and CApath are trusted.
|
tabby_SSL_CTX_new | SSL_CTX_new - create a new SSL_CTX object as framework to establish TLS/SSL
enabled connections.
|
tabby_SSL_CTX_sess_get_cache_size | SSL_CTX_sess_get_cache_size - return the currently session cache size
|
tabby_SSL_CTX_sess_set_cache_size | SSL_CTX_sess_set_cache_size - return the currently session cache size
|
tabby_SSL_CTX_set_session_cache_mode | SSL_CTX_set_session_cache_mode - enable/disable session caching by setting
the operational mode for ctx to
|
tabby_SSL_CTX_set_verify | SSL_CTX_set_verify sets the verification flags for ctx to be mode and
The verify_callback function is ignored for now.
|
tabby_SSL_CTX_use_PrivateKey | SSL_CTX_use_PrivateKey adds pkey as private key to ctx
|
tabby_SSL_CTX_use_PrivateKey_ASN1 | SSL_CTX_use_PrivateKey_ASN1 - load the ASN1 encoded certificate into
ssl_ctx.
|
tabby_SSL_CTX_use_PrivateKey_file | SSL_CTX_use_PrivateKey_file - add the first private key found in file to
ctx. The formatting type of the certificate must be specified from the known
types SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
|
tabby_SSL_CTX_use_certificate | SSL_CTX_use_certificate loads the certificate x into ctx. The rest of the
certificates needed to form the complete certificate chain can be specified
using the SSL_CTX_add_extra_chain_cert function.
|
tabby_SSL_CTX_use_certificate_ASN1 | SSL_CTX_use_certificate_ASN1 - load the ASN1 encoded certificate
into ssl_ctx.
|
tabby_SSL_CTX_use_certificate_chain_file | SSL_CTX_use_certificate_chain_file - load a certificate chain from file
into ctx. The certificates must be in PEM format and must be sorted starting
with the subject's certificate (actual client or server certificate),
followed by intermediate CA certificates if applicable, and ending at the
highest level (root) CA.
|
tabby_SSL_accept | SSL_accept - wait for a TLS client to initiate the TLS handshake. The
communication channel must already have been set and assigned to the ssl by
setting SSL_set_fd.
|
tabby_SSL_check_private_key | SSL_check_private_key - check the consistency of a private key with the
corresponding certificate loaded into ssl
|
tabby_SSL_connect | SSL_connect - initiate the TLS handshake with a server. The communication
channel must already have been set and assigned to the ssl with SSL_set_fd.
|
tabby_SSL_connect0 | SSL_connect0 - initiate the TLS handshake lazily with a server. The
communication channel must already have been set and assigned to the ssl
with SSL_set_fd. You must call SSL_do_handshake() to explictly start the
handshake.
|
tabby_SSL_do_handshake | SSL_do_handshake - perform a TLS/SSL handshake
|
tabby_SSL_flush | SSL_write - write num bytes from the buffer buf into the
specified ssl connection.
|
tabby_SSL_free | SSL_free - free an allocated SSL object
|
tabby_SSL_get_SSL_CTX | SSL_get_SSL_CTX - return a pointer to the SSL_CTX object, from which ssl was
created with SSL_new.
|
tabby_SSL_get_cipher | SSL_get_cipher - obtain the name of the currently used cipher.
|
tabby_SSL_get_cipher_bits | SSL_get_cipher_bits - obtain the number of secret/algorithm bits used.
|
tabby_SSL_get_cipher_name | SSL_get_cipher_name - obtain the name of the currently used cipher.
|
tabby_SSL_get_cipher_version | SSL_get_cipher_version - returns the protocol name.
|
tabby_SSL_get_current_cipher | SSL_get_current_cipher - returns a pointer to an SSL_CIPHER object
containing the description of the actually used cipher of a connection
established with the ssl object. See SSL_CIPHER_get_name for more details.
Note that this API allocates memory and needs to be properly freed. freed.
|
tabby_SSL_get_early_data_status | SSL_get_early_data_status - returns SSL_EARLY_DATA_ACCEPTED if early data
was accepted by the server, SSL_EARLY_DATA_REJECTED if early data was
rejected by the server.
|
tabby_SSL_get_error | SSL_get_error - obtain result code for TLS/SSL I/O operation
|
tabby_SSL_get_fd | SSL_get_fd - return the file descriptor which is linked to ssl.
|
tabby_SSL_get_peer_certificate | SSL_get_peer_certificate - get the X509 certificate of the peer
|
tabby_SSL_get_peer_certificates | SSL_get_peer_certificates - get the X509 certificate chain of the peer
|
tabby_SSL_get_version | SSL_get_version - get the protocol information of a connection
|
tabby_SSL_init_logger | SSL_init_logger turns on debugging output
|
tabby_SSL_is_server | SSL_is_server checks if ssl is working in server mode.
|
tabby_SSL_load_error_strings | For OpenSSL compatibility only.
|
tabby_SSL_new | SSL_new - create a new SSL structure which is needed to hold the data for a
TLS/SSL connection
|
tabby_SSL_read | SSL_read - read num bytes from the specified ssl into the
buffer buf .
|
tabby_SSL_set_SSL_CTX | SSL_set_SSL_CTX - set the SSL_CTX object of an SSL object.
|
tabby_SSL_set_accept_state | SSL_set_accept_state sets ssl to work in server mode.
|
tabby_SSL_set_connect_state | SSL_set_connect_state sets ssl to work in client mode.
|
tabby_SSL_set_fd | SSL_set_fd - set the file descriptor fd as the input/output facility for the
TLS/SSL (encrypted) side of ssl. fd will typically be the socket file
descriptor of a network connection.
|
tabby_SSL_set_tlsext_host_name | SSL_set_tlsext_host_name - set the server name indication ClientHello
extension to contain the value name.
|
tabby_SSL_shutdown | SSL_shutdown - shut down a TLS connection
|
tabby_SSL_use_PrivateKey_ASN1 | SSL_use_PrivateKey_ASN1 - load the ASN1 encoded certificate into
ssl.
|
tabby_SSL_use_certificate_ASN1 | SSL_use_certificate_ASN1 - load the ASN1 encoded certificate
into ssl.
|
tabby_SSL_write | SSL_write - write num bytes from the buffer buf into the
specified ssl connection.
|
tabby_SSL_write_early_data | SSL_write_early_data - write num bytes of TLS 1.3 early data from the
buffer buf into the specified ssl connection.
|
tabby_SSLv3_client_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_SSLv3_server_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_SSLv23_client_method | A general-purpose version-flexible SSL/TLS method. The supported protocols
are TLSv1.2 and TLSv1.3.
|
tabby_SSLv23_server_method | A general-purpose version-flexible SSL/TLS method. The supported protocols
are TLSv1.2 and TLSv1.3.
|
tabby_TLS_client_method | A general-purpose version-flexible SSL/TLS method. The supported protocols
are TLSv1.2 and TLSv1.3.
|
tabby_TLS_method | A general-purpose version-flexible SSL/TLS method. The supported protocols
are TLSv1.2 and TLSv1.3.
|
tabby_TLS_server_method | A general-purpose version-flexible SSL/TLS method. The supported protocols
are TLSv1.2 and TLSv1.3.
|
tabby_TLSv1_1_client_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_TLSv1_1_server_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_TLSv1_2_client_method | Version-specific method APIs. A TLS/SSL connection established with these
methods will only understand the TLSv1.2 protocol.
|
tabby_TLSv1_2_server_method | Version-specific method APIs. A TLS/SSL connection established with these
methods will only understand the TLSv1.2 protocol.
|
tabby_TLSv1_3_client_method | Version-specific method APIs. A TLS/SSL connection established with these
methods will only understand the TLSv1.3 protocol.
|
tabby_TLSv1_3_server_method | Version-specific method APIs. A TLS/SSL connection established with these
methods will only understand the TLSv1.3 protocol.
|
tabby_TLSv1_client_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_TLSv1_server_method | This SSL/TLS version is not supported. Always return NULL.
|
tabby_add_ssl_algorithms | For OpenSSL compatibility only. Always returns 1.
|
tabby_library_init | For OpenSSL compatibility only. Always returns 1.
|