xref: /freebsd/crypto/openssl/doc/man7/ssl.pod (revision d34048812292b714a0bf99967270d18fe3097c62)
1=pod
2
3=head1 NAME
4
5ssl - OpenSSL SSL/TLS library
6
7=head1 SYNOPSIS
8
9See the individual manual pages for details.
10
11=head1 DESCRIPTION
12
13The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
14Transport Layer Security (TLS v1) protocols. It provides a rich API which is
15documented here.
16
17An B<SSL_CTX> object is created as a framework to establish
18TLS/SSL enabled connections (see L<SSL_CTX_new(3)>).
19Various options regarding certificates, algorithms etc. can be set
20in this object.
21
22When a network connection has been created, it can be assigned to an
23B<SSL> object. After the B<SSL> object has been created using
24L<SSL_new(3)>, L<SSL_set_fd(3)> or
25L<SSL_set_bio(3)> can be used to associate the network
26connection with the object.
27
28When the TLS/SSL handshake is performed using
29L<SSL_accept(3)> or L<SSL_connect(3)>
30respectively.
31L<SSL_read_ex(3)>, L<SSL_read(3)>, L<SSL_write_ex(3)> and L<SSL_write(3)> are
32used to read and write data on the TLS/SSL connection.
33L<SSL_shutdown(3)> can be used to shut down the
34TLS/SSL connection.
35
36=head1 DATA STRUCTURES
37
38Currently the OpenSSL B<ssl> library functions deals with the following data
39structures:
40
41=over 4
42
43=item B<SSL_METHOD> (SSL Method)
44
45This is a dispatch structure describing the internal B<ssl> library
46methods/functions which implement the various protocol versions (SSLv3
47TLSv1, ...). It's needed to create an B<SSL_CTX>.
48
49=item B<SSL_CIPHER> (SSL Cipher)
50
51This structure holds the algorithm information for a particular cipher which
52are a core part of the SSL/TLS protocol. The available ciphers are configured
53on a B<SSL_CTX> basis and the actual ones used are then part of the
54B<SSL_SESSION>.
55
56=item B<SSL_CTX> (SSL Context)
57
58This is the global context structure which is created by a server or client
59once per program life-time and which holds mainly default values for the
60B<SSL> structures which are later created for the connections.
61
62=item B<SSL_SESSION> (SSL Session)
63
64This is a structure containing the current TLS/SSL session details for a
65connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
66
67=item B<SSL> (SSL Connection)
68
69This is the main SSL/TLS structure which is created by a server or client per
70established connection. This actually is the core structure in the SSL API.
71At run-time the application usually deals with this structure which has
72links to mostly all other structures.
73
74=back
75
76
77=head1 HEADER FILES
78
79Currently the OpenSSL B<ssl> library provides the following C header files
80containing the prototypes for the data structures and functions:
81
82=over 4
83
84=item B<ssl.h>
85
86This is the common header file for the SSL/TLS API.  Include it into your
87program to make the API of the B<ssl> library available. It internally
88includes both more private SSL headers and headers from the B<crypto> library.
89Whenever you need hard-core details on the internals of the SSL API, look
90inside this header file.
91
92=item B<ssl2.h>
93
94Unused. Present for backwards compatibility only.
95
96=item B<ssl3.h>
97
98This is the sub header file dealing with the SSLv3 protocol only.
99I<Usually you don't have to include it explicitly because
100it's already included by ssl.h>.
101
102=item B<tls1.h>
103
104This is the sub header file dealing with the TLSv1 protocol only.
105I<Usually you don't have to include it explicitly because
106it's already included by ssl.h>.
107
108=back
109
110=head1 API FUNCTIONS
111
112Currently the OpenSSL B<ssl> library exports 214 API functions.
113They are documented in the following:
114
115=head2 Dealing with Protocol Methods
116
117Here we document the various API functions which deal with the SSL/TLS
118protocol methods defined in B<SSL_METHOD> structures.
119
120=over 4
121
122=item const SSL_METHOD *B<TLS_method>(void);
123
124Constructor for the I<version-flexible> SSL_METHOD structure for clients,
125servers or both.
126See L<SSL_CTX_new(3)> for details.
127
128=item const SSL_METHOD *B<TLS_client_method>(void);
129
130Constructor for the I<version-flexible> SSL_METHOD structure for clients.
131Must be used to support the TLSv1.3 protocol.
132
133=item const SSL_METHOD *B<TLS_server_method>(void);
134
135Constructor for the I<version-flexible> SSL_METHOD structure for servers.
136Must be used to support the TLSv1.3 protocol.
137
138=item const SSL_METHOD *B<TLSv1_2_method>(void);
139
140Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers or both.
141
142=item const SSL_METHOD *B<TLSv1_2_client_method>(void);
143
144Constructor for the TLSv1.2 SSL_METHOD structure for clients.
145
146=item const SSL_METHOD *B<TLSv1_2_server_method>(void);
147
148Constructor for the TLSv1.2 SSL_METHOD structure for servers.
149
150=item const SSL_METHOD *B<TLSv1_1_method>(void);
151
152Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers or both.
153
154=item const SSL_METHOD *B<TLSv1_1_client_method>(void);
155
156Constructor for the TLSv1.1 SSL_METHOD structure for clients.
157
158=item const SSL_METHOD *B<TLSv1_1_server_method>(void);
159
160Constructor for the TLSv1.1 SSL_METHOD structure for servers.
161
162=item const SSL_METHOD *B<TLSv1_method>(void);
163
164Constructor for the TLSv1 SSL_METHOD structure for clients, servers or both.
165
166=item const SSL_METHOD *B<TLSv1_client_method>(void);
167
168Constructor for the TLSv1 SSL_METHOD structure for clients.
169
170=item const SSL_METHOD *B<TLSv1_server_method>(void);
171
172Constructor for the TLSv1 SSL_METHOD structure for servers.
173
174=item const SSL_METHOD *B<SSLv3_method>(void);
175
176Constructor for the SSLv3 SSL_METHOD structure for clients, servers or both.
177
178=item const SSL_METHOD *B<SSLv3_client_method>(void);
179
180Constructor for the SSLv3 SSL_METHOD structure for clients.
181
182=item const SSL_METHOD *B<SSLv3_server_method>(void);
183
184Constructor for the SSLv3 SSL_METHOD structure for servers.
185
186=back
187
188=head2 Dealing with Ciphers
189
190Here we document the various API functions which deal with the SSL/TLS
191ciphers defined in B<SSL_CIPHER> structures.
192
193=over 4
194
195=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
196
197Write a string to I<buf> (with a maximum size of I<len>) containing a human
198readable description of I<cipher>. Returns I<buf>.
199
200=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
201
202Determine the number of bits in I<cipher>. Because of export crippled ciphers
203there are two bits: The bits the algorithm supports in general (stored to
204I<alg_bits>) and the bits which are actually used (the return value).
205
206=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
207
208Return the internal name of I<cipher> as a string. These are the various
209strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
210definitions in the header files.
211
212=item const char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
213
214Returns a string like "C<SSLv3>" or "C<TLSv1.2>" which indicates the
215SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
216in the specification the first time).
217
218=back
219
220=head2 Dealing with Protocol Contexts
221
222Here we document the various API functions which deal with the SSL/TLS
223protocol context defined in the B<SSL_CTX> structure.
224
225=over 4
226
227=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
228
229=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
230
231=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
232
233=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
234
235=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
236
237=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
238
239=item void B<SSL_CTX_free>(SSL_CTX *a);
240
241=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
242
243=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
244
245=item STACK *B<SSL_CTX_get_ciphers>(const SSL_CTX *ctx);
246
247=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
248
249=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
250
251=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
252
253=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
254
255=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
256
257=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
258
259=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
260
261=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
262
263=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
264
265=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
266
267=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
268
269=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
270
271=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, const char *CAfile, const char *CApath);
272
273=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
274
275=item int SSL_CTX_up_ref(SSL_CTX *ctx);
276
277=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
278
279=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
280
281=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
282
283=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
284
285=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
286
287=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
288
289=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
290
291=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
292
293=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
294
295=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
296
297=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
298
299=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
300
301=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
302
303=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
304
305=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
306
307=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
308
309=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx, t);
310
311=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
312
313=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
314
315=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
316
317=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
318
319=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
320
321=item int B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
322
323=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
324
325=item void B<SSL_CTX_set1_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
326
327=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
328
329=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
330
331=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
332
333=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
334
335=item int B<SSL_CTX_set_ct_validation_callback>(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);
336
337=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
338
339=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
340
341=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
342
343Use the default paths to locate trusted CA certificates. There is one default
344directory path and one default file path. Both are set via this call.
345
346=item int B<SSL_CTX_set_default_verify_dir>(SSL_CTX *ctx)
347
348Use the default directory path to locate trusted CA certificates.
349
350=item int B<SSL_CTX_set_default_verify_file>(SSL_CTX *ctx)
351
352Use the file path to locate trusted CA certificates.
353
354=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
355
356=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
357
358=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
359
360=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
361
362=item unsigned long B<SSL_CTX_clear_options>(SSL_CTX *ctx, unsigned long op);
363
364=item unsigned long B<SSL_CTX_get_options>(SSL_CTX *ctx);
365
366=item unsigned long B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
367
368=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
369
370=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
371
372=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
373
374=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
375
376=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
377
378=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
379
380=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
381
382=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
383
384=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
385
386=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
387
388=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
389
390=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
391
392=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
393
394=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
395
396=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
397
398=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
399
400=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, const char *file, int type);
401
402=item int B<SSL_CTX_use_cert_and_key>(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
403
404=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
405
406=item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx);
407
408=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
409
410=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
411
412=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
413
414
415=back
416
417=head2 Dealing with Sessions
418
419Here we document the various API functions which deal with the SSL/TLS
420sessions defined in the B<SSL_SESSION> structures.
421
422=over 4
423
424=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
425
426=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
427
428=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
429
430=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
431
432=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
433
434=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
435
436=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
437
438=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
439
440=item SSL_SESSION *B<SSL_SESSION_new>(void);
441
442=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
443
444=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
445
446=item int B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
447
448=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
449
450=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
451
452=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
453
454=back
455
456=head2 Dealing with Connections
457
458Here we document the various API functions which deal with the SSL/TLS
459connection defined in the B<SSL> structure.
460
461=over 4
462
463=item int B<SSL_accept>(SSL *ssl);
464
465=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
466
467=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
468
469=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
470
471=item char *B<SSL_alert_desc_string>(int value);
472
473=item char *B<SSL_alert_desc_string_long>(int value);
474
475=item char *B<SSL_alert_type_string>(int value);
476
477=item char *B<SSL_alert_type_string_long>(int value);
478
479=item int B<SSL_check_private_key>(const SSL *ssl);
480
481=item void B<SSL_clear>(SSL *ssl);
482
483=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
484
485=item int B<SSL_connect>(SSL *ssl);
486
487=item int B<SSL_copy_session_id>(SSL *t, const SSL *f);
488
489Sets the session details for B<t> to be the same as in B<f>. Returns 1 on
490success or 0 on failure.
491
492=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
493
494=item int B<SSL_do_handshake>(SSL *ssl);
495
496=item SSL *B<SSL_dup>(SSL *ssl);
497
498SSL_dup() allows applications to configure an SSL handle for use
499in multiple SSL connections, and then duplicate it prior to initiating
500each connection with the duplicated handle.
501Use of SSL_dup() avoids the need to repeat the configuration of the
502handles for each connection.
503
504For SSL_dup() to work, the connection MUST be in its initial state
505and MUST NOT have not yet have started the SSL handshake.
506For connections that are not in their initial state SSL_dup() just
507increments an internal reference count and returns the I<same>
508handle.
509It may be possible to use L<SSL_clear(3)> to recycle an SSL handle
510that is not in its initial state for re-use, but this is best
511avoided.
512Instead, save and restore the session, if desired, and construct a
513fresh handle for each connection.
514
515=item STACK *B<SSL_dup_CA_list>(STACK *sk);
516
517=item void B<SSL_free>(SSL *ssl);
518
519=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
520
521=item char *B<SSL_get_app_data>(SSL *ssl);
522
523=item X509 *B<SSL_get_certificate>(const SSL *ssl);
524
525=item const char *B<SSL_get_cipher>(const SSL *ssl);
526
527=item int B<SSL_is_dtls>(const SSL *ssl);
528
529=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
530
531=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
532
533=item char *B<SSL_get_cipher_name>(const SSL *ssl);
534
535=item char *B<SSL_get_cipher_version>(const SSL *ssl);
536
537=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
538
539=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
540
541=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
542
543=item long B<SSL_get_default_timeout>(const SSL *ssl);
544
545=item int B<SSL_get_error>(const SSL *ssl, int i);
546
547=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
548
549=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
550
551=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
552
553=item int B<SSL_get_fd>(const SSL *ssl);
554
555=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
556
557=item int B<SSL_get_key_update_type>(SSL *s);
558
559=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
560
561=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
562
563=item const STACK_OF(SCT) *B<SSL_get0_peer_scts>(SSL *s);
564
565=item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl);
566
567=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
568
569=item BIO *B<SSL_get_rbio>(const SSL *ssl);
570
571=item int B<SSL_get_read_ahead>(const SSL *ssl);
572
573=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
574
575=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int size);
576
577=item int B<SSL_get_shutdown>(const SSL *ssl);
578
579=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
580
581=item int B<SSL_get_state>(const SSL *ssl);
582
583=item long B<SSL_get_time>(const SSL *ssl);
584
585=item long B<SSL_get_timeout>(const SSL *ssl);
586
587=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int, X509_STORE_CTX *)
588
589=item int B<SSL_get_verify_mode>(const SSL *ssl);
590
591=item long B<SSL_get_verify_result>(const SSL *ssl);
592
593=item char *B<SSL_get_version>(const SSL *ssl);
594
595=item BIO *B<SSL_get_wbio>(const SSL *ssl);
596
597=item int B<SSL_in_accept_init>(SSL *ssl);
598
599=item int B<SSL_in_before>(SSL *ssl);
600
601=item int B<SSL_in_connect_init>(SSL *ssl);
602
603=item int B<SSL_in_init>(SSL *ssl);
604
605=item int B<SSL_is_init_finished>(SSL *ssl);
606
607=item int B<SSL_key_update>(SSL *s, int updatetype);
608
609=item STACK *B<SSL_load_client_CA_file>(const char *file);
610
611=item SSL *B<SSL_new>(SSL_CTX *ctx);
612
613=item int SSL_up_ref(SSL *s);
614
615=item long B<SSL_num_renegotiations>(SSL *ssl);
616
617=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
618
619=item int B<SSL_pending>(const SSL *ssl);
620
621=item int B<SSL_read>(SSL *ssl, void *buf, int num);
622
623=item int B<SSL_renegotiate>(SSL *ssl);
624
625=item char *B<SSL_rstate_string>(SSL *ssl);
626
627=item char *B<SSL_rstate_string_long>(SSL *ssl);
628
629=item long B<SSL_session_reused>(SSL *ssl);
630
631=item void B<SSL_set_accept_state>(SSL *ssl);
632
633=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
634
635=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
636
637=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
638
639=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
640
641=item void B<SSL_set_connect_state>(SSL *ssl);
642
643=item int B<SSL_set_ct_validation_callback>(SSL *ssl, ssl_ct_validation_cb callback, void *arg);
644
645=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
646
647=item int B<SSL_set_fd>(SSL *ssl, int fd);
648
649=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
650
651=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
652
653=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
654
655=item unsigned long B<SSL_clear_options>(SSL *ssl, unsigned long op);
656
657=item unsigned long B<SSL_get_options>(SSL *ssl);
658
659=item unsigned long B<SSL_set_options>(SSL *ssl, unsigned long op);
660
661=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
662
663=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
664
665=item int B<SSL_set_rfd>(SSL *ssl, int fd);
666
667=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
668
669=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
670
671=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth);
672
673=item void B<SSL_set_time>(SSL *ssl, long t);
674
675=item void B<SSL_set_timeout>(SSL *ssl, long t);
676
677=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
678
679=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
680
681=item int B<SSL_set_wfd>(SSL *ssl, int fd);
682
683=item int B<SSL_shutdown>(SSL *ssl);
684
685=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl);
686
687Returns the current handshake state.
688
689=item char *B<SSL_state_string>(const SSL *ssl);
690
691=item char *B<SSL_state_string_long>(const SSL *ssl);
692
693=item long B<SSL_total_renegotiations>(SSL *ssl);
694
695=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
696
697=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
698
699=item int B<SSL_use_PrivateKey_file>(SSL *ssl, const char *file, int type);
700
701=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
702
703=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
704
705=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, const char *file, int type);
706
707=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
708
709=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
710
711=item int B<SSL_use_certificate_file>(SSL *ssl, const char *file, int type);
712
713=item int B<SSL_use_cert_and_key>(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
714
715=item int B<SSL_version>(const SSL *ssl);
716
717=item int B<SSL_want>(const SSL *ssl);
718
719=item int B<SSL_want_nothing>(const SSL *ssl);
720
721=item int B<SSL_want_read>(const SSL *ssl);
722
723=item int B<SSL_want_write>(const SSL *ssl);
724
725=item int B<SSL_want_x509_lookup>(const SSL *ssl);
726
727=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
728
729=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
730
731=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint);
732
733=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
734
735=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl);
736
737=item const char *B<SSL_get_psk_identity>(SSL *ssl);
738
739=back
740
741=head1 RETURN VALUES
742
743See the individual manual pages for details.
744
745=head1 SEE ALSO
746
747L<openssl(1)>, L<crypto(7)>,
748L<CRYPTO_get_ex_new_index(3)>,
749L<SSL_accept(3)>, L<SSL_clear(3)>,
750L<SSL_connect(3)>,
751L<SSL_CIPHER_get_name(3)>,
752L<SSL_COMP_add_compression_method(3)>,
753L<SSL_CTX_add_extra_chain_cert(3)>,
754L<SSL_CTX_add_session(3)>,
755L<SSL_CTX_ctrl(3)>,
756L<SSL_CTX_flush_sessions(3)>,
757L<SSL_CTX_get_verify_mode(3)>,
758L<SSL_CTX_load_verify_locations(3)>
759L<SSL_CTX_new(3)>,
760L<SSL_CTX_sess_number(3)>,
761L<SSL_CTX_sess_set_cache_size(3)>,
762L<SSL_CTX_sess_set_get_cb(3)>,
763L<SSL_CTX_sessions(3)>,
764L<SSL_CTX_set_cert_store(3)>,
765L<SSL_CTX_set_cert_verify_callback(3)>,
766L<SSL_CTX_set_cipher_list(3)>,
767L<SSL_CTX_set_client_CA_list(3)>,
768L<SSL_CTX_set_client_cert_cb(3)>,
769L<SSL_CTX_set_default_passwd_cb(3)>,
770L<SSL_CTX_set_generate_session_id(3)>,
771L<SSL_CTX_set_info_callback(3)>,
772L<SSL_CTX_set_max_cert_list(3)>,
773L<SSL_CTX_set_mode(3)>,
774L<SSL_CTX_set_msg_callback(3)>,
775L<SSL_CTX_set_options(3)>,
776L<SSL_CTX_set_quiet_shutdown(3)>,
777L<SSL_CTX_set_read_ahead(3)>,
778L<SSL_CTX_set_security_level(3)>,
779L<SSL_CTX_set_session_cache_mode(3)>,
780L<SSL_CTX_set_session_id_context(3)>,
781L<SSL_CTX_set_ssl_version(3)>,
782L<SSL_CTX_set_timeout(3)>,
783L<SSL_CTX_set_tmp_dh_callback(3)>,
784L<SSL_CTX_set_verify(3)>,
785L<SSL_CTX_use_certificate(3)>,
786L<SSL_alert_type_string(3)>,
787L<SSL_do_handshake(3)>,
788L<SSL_enable_ct(3)>,
789L<SSL_get_SSL_CTX(3)>,
790L<SSL_get_ciphers(3)>,
791L<SSL_get_client_CA_list(3)>,
792L<SSL_get_default_timeout(3)>,
793L<SSL_get_error(3)>,
794L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
795L<SSL_get_fd(3)>,
796L<SSL_get_peer_cert_chain(3)>,
797L<SSL_get_rbio(3)>,
798L<SSL_get_session(3)>,
799L<SSL_get_verify_result(3)>,
800L<SSL_get_version(3)>,
801L<SSL_load_client_CA_file(3)>,
802L<SSL_new(3)>,
803L<SSL_pending(3)>,
804L<SSL_read_ex(3)>,
805L<SSL_read(3)>,
806L<SSL_rstate_string(3)>,
807L<SSL_session_reused(3)>,
808L<SSL_set_bio(3)>,
809L<SSL_set_connect_state(3)>,
810L<SSL_set_fd(3)>,
811L<SSL_set_session(3)>,
812L<SSL_set_shutdown(3)>,
813L<SSL_shutdown(3)>,
814L<SSL_state_string(3)>,
815L<SSL_want(3)>,
816L<SSL_write_ex(3)>,
817L<SSL_write(3)>,
818L<SSL_SESSION_free(3)>,
819L<SSL_SESSION_get_time(3)>,
820L<d2i_SSL_SESSION(3)>,
821L<SSL_CTX_set_psk_client_callback(3)>,
822L<SSL_CTX_use_psk_identity_hint(3)>,
823L<SSL_get_psk_identity(3)>,
824L<DTLSv1_listen(3)>
825
826=head1 HISTORY
827
828B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> were removed
829in OpenSSL 1.1.0.
830
831The return type of B<SSL_copy_session_id> was changed from void to int in
832OpenSSL 1.1.0.
833
834=head1 COPYRIGHT
835
836Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
837
838Licensed under the OpenSSL license (the "License").  You may not use
839this file except in compliance with the License.  You can obtain a copy
840in the file LICENSE in the source distribution or at
841L<https://www.openssl.org/source/license.html>.
842
843=cut
844