summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/man/ssl.31196
1 files changed, 149 insertions, 1047 deletions
diff --git a/lib/libssl/man/ssl.3 b/lib/libssl/man/ssl.3
index 283340e228c..563e2bce13e 100644
--- a/lib/libssl/man/ssl.3
+++ b/lib/libssl/man/ssl.3
@@ -1,7 +1,56 @@
+.\" $OpenBSD: ssl.3,v 1.4 2016/12/10 18:11:51 schwarze Exp $
+.\" OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
.\"
-.\" $OpenBSD: ssl.3,v 1.3 2016/12/01 16:02:14 schwarze Exp $
+.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
+.\" Ben Laurie <ben@openssl.org>, and Ulf Moeller <ulf@openssl.org>.
+.\" Copyright (c) 1998-2002, 2005, 2013, 2015 The OpenSSL Project.
+.\" All rights reserved.
.\"
-.Dd $Mdocdate: December 1 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in
+.\" the documentation and/or other materials provided with the
+.\" distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\" software must display the following acknowledgment:
+.\" "This product includes software developed by the OpenSSL Project
+.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\" endorse or promote products derived from this software without
+.\" prior written permission. For written permission, please contact
+.\" openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\" nor may "OpenSSL" appear in their names without prior written
+.\" permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\" acknowledgment:
+.\" "This product includes software developed by the OpenSSL Project
+.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
.Dt SSL 3
.Os
.Sh NAME
@@ -11,7 +60,6 @@
The OpenSSL
.Nm ssl
library implements the Transport Layer Security (TLS v1) protocols.
-It provides a rich API which is documented here.
.Pp
At first the library must be initialized; see
.Xr SSL_library_init 3 .
@@ -49,7 +97,7 @@ can be used to shut down the TLS/SSL connection.
.Sh DATA STRUCTURES
Currently the OpenSSL
.Nm ssl
-library functions deals with the following data structures:
+library functions deal with the following data structures:
.Bl -tag -width Ds
.It Vt SSL_METHOD No (SSL Method)
That's a dispatch structure describing the internal
@@ -57,6 +105,9 @@ That's a dispatch structure describing the internal
library methods/functions which implement the various protocol versions.
It's needed to create an
.Vt SSL_CTX .
+See
+.Xr TLS_method 3
+for constructors.
.It Vt SSL_CIPHER No (SSL Cipher)
This structure holds the algorithm information for a particular cipher which
is a core part of the SSL/TLS protocol.
@@ -127,1041 +178,34 @@ by
.Ef
.El
.Sh API FUNCTIONS
-The functions that the OpenSSL
-.Nm ssl
-library exports are documented below:
-.Ss DEALING WITH PROTOCOL METHODS
-Here we document the various API functions which deal with the SSL/TLS protocol
-methods defined in
-.Vt SSL_METHOD
-structures.
-.Bl -tag -width Ds
-.It Xo
-.Ft const SSL_METHOD *
-.Fn TLS_client_method void
-.Xc
-Constructor for the
-.Vt SSL_METHOD
-structure for a dedicated client.
-.It Xo
-.Ft const SSL_METHOD *
-.Fn TLS_server_method void
-.Xc
-Constructor for the
-.Vt SSL_METHOD
-structure for a dedicated server.
-.It Xo
-.Ft const SSL_METHOD *
-.Fn TLS_method void
-.Xc
-Constructor for the
-.Vt SSL_METHOD
-structure for combined client and server.
-.El
-.Ss DEALING WITH CIPHERS
-Here we document the various API functions which deal with the SSL/TLS ciphers
-defined in
+.Ss Ciphers
+The following pages describe functions acting on
.Vt SSL_CIPHER
-structures.
-.Bl -tag -width Ds
-.It Xo
-.Ft char *
-.Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len"
-.Xc
-Write a string to
-.Fa buf
-(with a maximum size of
-.Fa len )
-containing a human readable description of
-.Fa cipher .
-Returns
-.Fa buf .
-.It Xo
-.Ft int
-.Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits"
-.Xc
-Determine the number of bits in
-.Fa cipher .
-Because of export crippled ciphers there are two bits:
-the bits the algorithm supports in general (stored to
-.Fa alg_bits )
-and the bits which are actually used (the return value).
-.It Xo
-.Ft const char *
-.Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher"
-.Xc
-Return the internal name of
-.Fa cipher
-as a string.
-These are the various strings defined by the
-.Dv SSL2_TXT_xxx ,
-.Dv SSL3_TXT_xxx
-and
-.Dv TLS1_TXT_xxx
-definitions in the header files.
-.It Xo
-.Ft char *
-.Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher"
-.Xc
-Returns a string like
-Qq TLSv1
-which indicates the SSL/TLS protocol version to which
-.Fa cipher
-belongs (i.e., where it was defined in the specification the first time).
-.El
-.Ss DEALING WITH PROTOCOL CONTEXTS
-Here we document the various API functions which deal with the SSL/TLS
-protocol context defined in the
+objects:
+.Xr SSL_get_ciphers 3 ,
+.Xr SSL_get_current_cipher 3 ,
+.Xr SSL_CIPHER_get_name 3
+.Ss Protocol contexts
+The following pages describe functions acting on
.Vt SSL_CTX
-structure.
-.Bl -tag -width Ds
-.It Xo
-.Ft int
-.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_free "SSL_CTX *a"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_CTX_get_app_data "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft X509_STORE *
-.Fn SSL_CTX_get_cert_store "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
-.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx"
-.Xc
-.It Xo
-.Ft int
-.Fo SSL_CTX_get_ex_new_index
-.Fa "long argl"
-.Fa "void *argp"
-.Fa "CRYPTO_EX_new *new_func"
-.Fa "CRYPTO_EX_dup *dup_func"
-.Fa "CRYPTO_EX_free *free_func"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
-.Fa "SSL *ssl"
-.Fa "int cb"
-.Fa "int ret"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_get_timeout "const SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
-.Fa "int ok"
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft SSL_CTX *
-.Fn SSL_CTX_new "const SSL_METHOD *meth"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft SSL_SESSION *
-.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
-.Fa "SSL *ssl"
-.Fa "unsigned char *data"
-.Fa "int len"
-.Fa "int *copy"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess"
-.Xc
-.It Xo
-.Ft void
-.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
-.Fa "SSL_CTX *ctx"
-.Fa "SSL_SESSION *sess"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_sess_set_get_cb
-.Fa "SSL_CTX *ctx"
-.Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_sess_set_new_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_sess_set_remove_cb
-.Fa "SSL_CTX *ctx"
-.Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft LHASH *
-.Fn SSL_CTX_sessions "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_set_client_cert_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_set_info_callback
-.Fa "SSL_CTX *ctx"
-.Fa "void (*cb)(SSL *ssl, int cb, int ret)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_set_msg_callback
-.Fa "SSL_CTX *ctx"
-.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
-size_t len, SSL *ssl, void *arg)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
-.Xc
-.It Xo
-.Fn SSL_CTX_set_tmp_rsa_callback
-.Xc
-.Ft long
-.Fo SSL_CTX_set_tmp_rsa_callback
-.Fa "SSL_CTX *ctx"
-.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
-.Fc
+objects.
+Many of these pages also document variants providing similar
+functionality for individual connection objects.
.Pp
-Sets the callback which will be called when a temporary private key is
-required.
-The
-.Fa export
-flag will be set if the reason for needing a temp key is that an export
-ciphersuite is in use, in which case,
-.Fa keylength
-will contain the required keylength in bits.
-.\" XXX using what?
-Generate a key of appropriate size (using ???) and return it.
-.It Xo
-.Fn SSL_set_tmp_rsa_callback
-.Xc
-.Ft long
-.Fo SSL_set_tmp_rsa_callback
-.Fa "SSL *ssl"
-.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
-.Fc
+Constructors and destructors:
+.Xr SSL_CTX_new 3 ,
+.Xr SSL_CTX_set_ssl_version 3 ,
+.Xr SSL_CTX_free 3
.Pp
-The same as
-.Fn SSL_CTX_set_tmp_rsa_callback ,
-except it operates on an
-.Vt SSL
-session instead of a context.
-.It Xo
-.Ft void
-.Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
-.Xc
-.It Xo
-.Ft int
-.Fo SSL_CTX_use_PrivateKey_ASN1
-.Fa "int type"
-.Fa "SSL_CTX *ctx"
-.Fa "unsigned char *d"
-.Fa "long len"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
-.Xc
-.El
-.Ss DEALING WITH SESSIONS
-Here we document the various API functions which deal with the SSL/TLS sessions
-defined in the
-.Vt SSL_SESSION
-structures.
-.Bl -tag -width Ds
-.It Xo
-.Ft int
-.Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_SESSION_free "SSL_SESSION *ss"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_SESSION_get_app_data "SSL_SESSION *s"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx"
-.Xc
-.It Xo
-.Ft int
-.Fo SSL_SESSION_get_ex_new_index
-.Fa "long argl"
-.Fa "char *argp"
-.Fa "int (*new_func)(void)"
-.Fa "int (*dup_func)(void), void (*free_func)(void)"
-.Fc
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
-.Xc
-.It Xo
-.Ft unsigned long
-.Fn SSL_SESSION_hash "const SSL_SESSION *a"
-.Xc
-.It Xo
-.Ft SSL_SESSION *
-.Fn SSL_SESSION_new void
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t"
-.Xc
-.El
-.Ss DEALING WITH CONNECTIONS
-Here we document the various API functions which deal with the SSL/TLS
-connection defined in the
-.Vt SSL
-structure.
-.Bl -tag -width Ds
-.It Xo
-.Ft int
-.Fn SSL_accept "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_add_client_CA "SSL *ssl" "X509 *x"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_alert_desc_string "int value"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_alert_desc_string_long "int value"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_alert_type_string "int value"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_alert_type_string_long "int value"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_check_private_key "const SSL *ssl"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_clear "SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_clear_num_renegotiations "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_connect "SSL *ssl"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_copy_session_id "SSL *t" "const SSL *f"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_do_handshake "SSL *ssl"
-.Xc
-.It Xo
-.Ft SSL *
-.Fn SSL_dup "SSL *ssl"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_dup_CA_list "STACK *sk"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_free "SSL *ssl"
-.Xc
-.It Xo
-.Ft SSL_CTX *
-.Fn SSL_get_SSL_CTX "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_app_data "SSL *ssl"
-.Xc
-.It Xo
-.Ft X509 *
-.Fn SSL_get_certificate "const SSL *ssl"
-.Xc
-.It Xo
-.Ft const char *
-.Fn SSL_get_cipher "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_cipher_list "const SSL *ssl" "int n"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_cipher_name "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_cipher_version "const SSL *ssl"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_get_ciphers "const SSL *ssl"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_get_client_CA_list "const SSL *ssl"
-.Xc
-.It Xo
-.Ft SSL_CIPHER *
-.Fn SSL_get_current_cipher "SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_get_default_timeout "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_error "const SSL *ssl" "int i"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
-.Xc
-.It Xo
-.Ft int
-.Fo SSL_get_ex_new_index
-.Fa "long argl"
-.Fa "char *argp"
-.Fa "int (*new_func)(void)"
-.Fa "int (*dup_func)(void)"
-.Fa "void (*free_func)(void)"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_fd "const SSL *ssl"
-.Xc
-.It Xo
-.Ft void
-.Fn "(*SSL_get_info_callback(const SSL *ssl))"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_get_peer_cert_chain "const SSL *ssl"
-.Xc
-.It Xo
-.Ft X509 *
-.Fn SSL_get_peer_certificate "const SSL *ssl"
-.Xc
-.It Xo
-.Ft EVP_PKEY *
-.Fn SSL_get_privatekey "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_quiet_shutdown "const SSL *ssl"
-.Xc
-.It Xo
-.Ft BIO *
-.Fn SSL_get_rbio "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_read_ahead "const SSL *ssl"
-.Xc
-.It Xo
-.Ft SSL_SESSION *
-.Fn SSL_get_session "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_shutdown "const SSL *ssl"
-.Xc
-.It Xo
-.Ft const SSL_METHOD *
-.Fn SSL_get_ssl_method "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_state "const SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_get_time "const SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_get_timeout "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_get_verify_mode "const SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_get_verify_result "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_get_version "const SSL *ssl"
-.Xc
-.It Xo
-.Ft BIO *
-.Fn SSL_get_wbio "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_in_accept_init "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_in_before "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_in_connect_init "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_in_init "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_is_init_finished "SSL *ssl"
-.Xc
-.It Xo
-.Ft STACK *
-.Fn SSL_load_client_CA_file "char *file"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_load_error_strings "void"
-.Xc
-.It Xo
-.Ft SSL *
-.Fn SSL_new "SSL_CTX *ctx"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_num_renegotiations "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_pending "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_read "SSL *ssl" "void *buf" "int num"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_renegotiate "SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_rstate_string "SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_rstate_string_long "SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_session_reused "SSL *ssl"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_accept_state "SSL *ssl"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_app_data "SSL *ssl" "char *arg"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_cipher_list "SSL *ssl" "char *str"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_connect_state "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_fd "SSL *ssl" "int fd"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_set_msg_callback
-.Fa "SSL *ctx"
-.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
-size_t len, SSL *ssl, void *arg)"
-.Fc
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_options "SSL *ssl" "unsigned long op"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_read_ahead "SSL *ssl" "int yes"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_rfd "SSL *ssl" "int fd"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_shutdown "SSL *ssl" "int mode"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_time "SSL *ssl" "long t"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_timeout "SSL *ssl" "long t"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)"
-.Xc
-.It Xo
-.Ft void
-.Fn SSL_set_verify_result "SSL *ssl" "long arg"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_set_wfd "SSL *ssl" "int fd"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_shutdown "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_state "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_state_string "const SSL *ssl"
-.Xc
-.It Xo
-.Ft char *
-.Fn SSL_state_string_long "const SSL *ssl"
-.Xc
-.It Xo
-.Ft long
-.Fn SSL_total_renegotiations "SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_version "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_want "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_want_nothing "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_want_read "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_want_write "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_want_x509_lookup "const SSL *ssl"
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
-.Xc
-.El
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr crypto 3 ,
-.Xr d2i_SSL_SESSION 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_alert_type_string 3 ,
-.Xr SSL_CIPHER_get_name 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_COMP_add_compression_method 3 ,
-.Xr SSL_connect 3 ,
+Configuration functions:
.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_add_session 3 ,
.Xr SSL_CTX_ctrl 3 ,
.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_get_ex_new_index 3 ,
.Xr SSL_CTX_get_verify_mode 3 ,
.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_sess_number 3 ,
.Xr SSL_CTX_sess_set_cache_size 3 ,
.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_sessions 3 ,
+.Xr SSL_CTX_set_alpn_select_cb 3 ,
.Xr SSL_CTX_set_cert_store 3 ,
.Xr SSL_CTX_set_cert_verify_callback 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
@@ -1175,47 +219,105 @@ size_t len, SSL *ssl, void *arg)"
.Xr SSL_CTX_set_msg_callback 3 ,
.Xr SSL_CTX_set_options 3 ,
.Xr SSL_CTX_set_quiet_shutdown 3 ,
+.Xr SSL_CTX_set_read_ahead 3 ,
.Xr SSL_CTX_set_session_cache_mode 3 ,
.Xr SSL_CTX_set_session_id_context 3 ,
-.Xr SSL_CTX_set_ssl_version 3 ,
.Xr SSL_CTX_set_timeout 3 ,
+.Xr SSL_CTX_set_tlsext_status_cb 3 ,
+.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
.Xr SSL_CTX_set_tmp_dh_callback 3 ,
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_CTX_use_certificate 3 ,
+.Xr SSL_set1_param 3 ,
+.Xr SSL_set_max_send_fragment 3
+.Pp
+Accessors:
+.Xr SSL_CTX_get_ex_new_index 3 ,
+.Xr SSL_CTX_sess_number 3 ,
+.Xr SSL_CTX_sessions 3 ,
+.Xr SSL_get_client_CA_list 3
+.Ss Sessions
+The following pages describe functions acting on
+.Vt SSL_SESSION
+objects.
+.Pp
+Constructors and destructors:
+.Xr SSL_SESSION_new 3 ,
+.Xr SSL_SESSION_free 3
+.Pp
+Accessors:
+.Xr SSL_SESSION_get_ex_new_index 3 ,
+.Xr SSL_SESSION_get_time 3
+.Pp
+Encoding and decoding:
+.Xr d2i_SSL_SESSION 3 ,
+.Xr PEM_read_SSL_SESSION 3 ,
+.Xr SSL_SESSION_print 3
+.Pp
+Use by other objects:
+.Xr SSL_CTX_add_session 3 ,
+.Xr SSL_set_session 3 ,
+.Xr SSL_get_session 3
+.El
+.Ss Connections
+The following pages describe functions acting on
+.Vt SSL
+connection objects:
+.Pp
+Constructors and destructors:
+.Xr SSL_new 3 ,
+.Xr SSL_set_connect_state 3 ,
+.Xr SSL_dup 3 ,
+.Xr SSL_set_bio 3 ,
+.Xr SSL_set_fd 3 ,
+.Xr BIO_f_ssl 3 ,
+.Xr SSL_clear 3 ,
+.Xr SSL_free 3
+.Pp
+I/O:
+.Xr DTLSv1_listen 3 ,
+.Xr SSL_accept 3 ,
+.Xr SSL_connect 3 ,
.Xr SSL_do_handshake 3 ,
-.Xr SSL_get_ciphers 3 ,
-.Xr SSL_get_client_CA_list 3 ,
+.Xr SSL_read 3 ,
+.Xr SSL_renegotiate 3 ,
+.Xr SSL_shutdown 3 ,
+.Xr SSL_write 3
+.Pp
+Accessors:
+.Xr SSL_copy_session_id 3 ,
+.Xr SSL_get_SSL_CTX 3 ,
+.Xr SSL_get_certificate 3 ,
.Xr SSL_get_default_timeout 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
.Xr SSL_get_ex_new_index 3 ,
.Xr SSL_get_fd 3 ,
.Xr SSL_get_peer_cert_chain 3 ,
+.Xr SSL_get_peer_certificate 3 ,
.Xr SSL_get_rbio 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_get_SSL_CTX 3 ,
+.Xr SSL_get_shared_ciphers 3 ,
+.Xr SSL_get_state 3 ,
.Xr SSL_get_verify_result 3 ,
.Xr SSL_get_version 3 ,
-.Xr SSL_library_init 3 ,
-.Xr SSL_load_client_CA_file 3 ,
-.Xr SSL_new 3 ,
+.Xr SSL_num_renegotiations 3 ,
.Xr SSL_pending 3 ,
-.Xr SSL_read 3 ,
.Xr SSL_rstate_string 3 ,
-.Xr SSL_SESSION_free 3 ,
-.Xr SSL_SESSION_get_ex_new_index 3 ,
-.Xr SSL_SESSION_get_time 3 ,
.Xr SSL_session_reused 3 ,
-.Xr SSL_set_bio 3 ,
-.Xr SSL_set_connect_state 3 ,
-.Xr SSL_set_fd 3 ,
-.Xr SSL_set_session 3 ,
.Xr SSL_set_shutdown 3 ,
-.Xr SSL_shutdown 3 ,
+.Xr SSL_set_verify_result 3 ,
.Xr SSL_state_string 3 ,
-.Xr SSL_want 3 ,
-.Xr SSL_write 3
+.Xr SSL_want 3
+.Pp
+Utility functions:
+.Xr SSL_alert_type_string 3 ,
+.Xr SSL_dup_CA_list 3 ,
+.Xr SSL_load_client_CA_file 3
+.Sh SEE ALSO
+.Xr openssl 1 ,
+.Xr crypto 3 ,
+.Xr SSL_load_error_strings 3
.Sh HISTORY
The
.Nm