|
My Project
|
|
My Project
|
Functions | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_method (void) |
| This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not determined which side yet (server/client). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_server_method (void) |
| The wolfSSLv3_server_method() function is used to indicate that the application is a server and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_client_method (void) |
| The wolfSSLv3_client_method() function is used to indicate that the application is a client and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_server_method (void) |
| The wolfTLSv1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_client_method (void) |
| The wolfTLSv1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_server_method (void) |
| The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.1 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_client_method (void) |
| The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_server_method (void) |
| The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_client_method (void) |
| The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_client_method (void) |
| The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_server_method (void) |
| The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). | |
| WOLFSSL_API int | wolfSSL_use_old_poly (WOLFSSL *, int) |
| Since there is some differences between the first release and newer versions of chacha-poly AEAD construction we have added an option to communicate with servers/clients using the older version. By default wolfSSL uses the new version. | |
| WOLFSSL_API int | wolfSSL_CTX_trust_peer_cert (WOLFSSL_CTX *, const char *, int) |
| This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the examples for proper usage. | |
| WOLFSSL_API long | wolfSSL_CTX_get_verify_depth (WOLFSSL_CTX *ctx) |
| This function gets the certificate chaining depth using the CTX structure. | |
| WOLFSSL_API WOLFSSL_CTX * | wolfSSL_CTX_new (WOLFSSL_METHOD *) |
| This function creates a new SSL context, taking a desired SSL/TLS protocol method for input. | |
| WOLFSSL_API WOLFSSL * | wolfSSL_new (WOLFSSL_CTX *) |
| This function creates a new SSL session, taking an already created SSL context as input. | |
| WOLFSSL_API int | wolfSSL_set_fd (WOLFSSL *, int) |
| This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. | |
| WOLFSSL_API void | wolfSSL_set_using_nonblock (WOLFSSL *, int) |
| This function informs the WOLFSSL object that the underlying I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking socket, call wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out. | |
| WOLFSSL_API void | wolfSSL_CTX_free (WOLFSSL_CTX *) |
| This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count and only frees the context when the reference count has reached 0. | |
| WOLFSSL_API void | wolfSSL_free (WOLFSSL *) |
| This function frees an allocated wolfSSL object. | |
| WOLFSSL_API int | wolfSSL_set_session (WOLFSSL *, WOLFSSL_SESSION *) |
| This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS connection. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. | |
| WOLFSSL_API void | wolfSSL_CTX_set_verify (WOLFSSL_CTX *, int, VerifyCallback verify_callback) |
| This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL context. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. | |
| WOLFSSL_API void | wolfSSL_set_verify (WOLFSSL *, int, VerifyCallback verify_callback) |
| This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. | |
| WOLFSSL_API long | wolfSSL_CTX_set_session_cache_mode (WOLFSSL_CTX *, long) |
| This function enables or disables SSL session caching. Behavior depends on the value used for mode. The following values for mode are available: SSL_SESS_CACHE_OFF- disable session caching. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR - Disable auto-flushing of the session cache. Auto-flushing is turned on by default. | |
| WOLFSSL_API int | wolfSSL_CTX_memrestore_cert_cache (WOLFSSL_CTX *, const void *, int) |
| This function restores the certificate cache from memory. | |
| WOLFSSL_API int | wolfSSL_CTX_set_cipher_list (WOLFSSL_CTX *, const char *) |
| This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the default list for any new SSL sessions (WOLFSSL) created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the specific SSL context to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) | |
| WOLFSSL_API int | wolfSSL_set_cipher_list (WOLFSSL *, const char *) |
| This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_set_cipher_list() resets the cipher suite list for the specific SSL session to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256". Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) | |
| WOLFSSL_API int | wolfSSL_dtls_set_timeout_init (WOLFSSL *ssl, int) |
| This function sets the dtls timeout. | |
| WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_get1_session (WOLFSSL *ssl) |
| This function returns the WOLFSSL_SESSION from the WOLFSSL structure. | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_client_method (void) |
| The wolfSSLv23_client_method() function is used to indicate that the application is a client and will support the highest protocol version supported by the server between SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). Both wolfSSL clients and servers have robust version downgrade capability. If a specific protocol version method is used on either side, then only that version will be negotiated or an error will be returned. For example, a client that uses TLSv1 and tries to connect to a SSLv3 only server will fail, likewise connecting to a TLSv1.1 will fail as well. To resolve this issue, a client that uses the wolfSSLv23_client_method() function will use the highest protocol version supported by the server and downgrade to SSLv3 if needed. In this case, the client will be able to connect to a server running SSLv3 - TLSv1.2. | |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_ASN1_INTEGER_to_BN (const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) |
| This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure. | |
| WOLFSSL_API long | wolfSSL_CTX_add_extra_chain_cert (WOLFSSL_CTX *, WOLFSSL_X509 *) |
| This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_CTX_get_read_ahead (WOLFSSL_CTX *) |
| This function returns the get read ahead flag from a WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_CTX_set_read_ahead (WOLFSSL_CTX *, int v) |
| This function sets the read ahead flag in the WOLFSSL_CTX structure. | |
| WOLFSSL_API long | wolfSSL_CTX_set_tlsext_status_arg (WOLFSSL_CTX *, void *arg) |
| This function sets the options argument to use with OCSP. | |
| WOLFSSL_API long | wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg (WOLFSSL_CTX *, void *arg) |
| This function sets the optional argument to be passed to the PRF callback. | |
| WOLFSSL_API long | wolfSSL_set_options (WOLFSSL *s, long op) |
| This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION. | |
| WOLFSSL_API long | wolfSSL_get_options (const WOLFSSL *s) |
| This function returns the current options mask. | |
| WOLFSSL_API long | wolfSSL_set_tlsext_debug_arg (WOLFSSL *s, void *arg) |
| This is used to set the debug argument passed around. | |
| WOLFSSL_API long | wolfSSL_get_verify_result (const WOLFSSL *ssl) |
| This is used to get the results after trying to verify the peer's certificate. | |
| WOLFSSL_API int | wolfSSL_CTX_allow_anon_cipher (WOLFSSL_CTX *) |
| This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilation. | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_server_method (void) |
| The wolfSSLv23_server_method() function is used to indicate that the application is a server and will support clients connecting with protocol version from SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API int | wolfSSL_state (WOLFSSL *ssl) |
| This is used to get the internal error state of the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_check_domain_name (WOLFSSL *ssl, const char *dn) |
| wolfSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before wolfSSL_connect() or wolfSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received. | |
| WOLFSSL_API int | wolfSSL_set_compression (WOLFSSL *ssl) |
| Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use –with-libz for the configure system and define HAVE_LIBZ otherwise. Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks. | |
| WOLFSSL_API int | wolfSSL_set_timeout (WOLFSSL *, unsigned int) |
| This function sets the SSL session timeout value in seconds. | |
| WOLFSSL_API int | wolfSSL_CTX_set_timeout (WOLFSSL_CTX *, unsigned int) |
| This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context. | |
| WOLFSSL_API int | wolfSSL_CTX_UnloadCAs (WOLFSSL_CTX *) |
| This function unloads the CA signer list and frees the whole signer table. | |
| WOLFSSL_API int | wolfSSL_CTX_Unload_trust_peers (WOLFSSL_CTX *) |
| This function is used to unload all previously loaded trusted peer certificates. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. | |
| WOLFSSL_API int | wolfSSL_CTX_trust_peer_buffer (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from a buffer instead of a file. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_set_group_messages (WOLFSSL_CTX *) |
| This function turns on grouping of handshake messages where possible. | |
| WOLFSSL_API int | wolfSSL_set_group_messages (WOLFSSL *) |
| This function turns on grouping of handshake messages where possible. | |
| WOLFSSL_API int | wolfSSL_CTX_SetMinVersion (WOLFSSL_CTX *ctx, int version) |
| This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method). | |
| WOLFSSL_API int | wolfSSL_SetVersion (WOLFSSL *ssl, int version) |
| This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using the version as specified by version. This will override the protocol setting for the SSL session (ssl) - originally defined and set by the SSL context (wolfSSL_CTX_new()) method type. | |
| WOLFSSL_API int | wolfSSL_UseALPN (WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options) |
| Setup ALPN use for a wolfSSL session. | |
| WOLFSSL_API int | wolfSSL_CTX_UseSessionTicket (WOLFSSL_CTX *ctx) |
| This function sets wolfSSL context to use a session ticket. | |
| WOLFSSL_API int | wolfSSL_UseSupportedQSH (WOLFSSL *ssl, unsigned short name) |
| This function sets the ssl session to use supported QSH provided by name. | |
| WOLFSSL_API int | wolfSSL_check_private_key (const WOLFSSL *ssl) |
| This function checks that the private key is a match with the certificate being used. | |
| WOLFSSL_API int | wolfSSL_use_certificate (WOLFSSL *ssl, WOLFSSL_X509 *x509) |
| his is used to set the certificate for WOLFSSL structure to use during a handshake. | |
| WOLFSSL_API int | wolfSSL_use_certificate_ASN1 (WOLFSSL *ssl, unsigned char *der, int derSz) |
| This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected. | |
| WOLFSSL_API int | wolfSSL_SESSION_get_master_key (const WOLFSSL_SESSION *ses, unsigned char *out, int outSz) |
| This is used to get the master key after completing a handshake. | |
| WOLFSSL_API int | wolfSSL_SESSION_get_master_key_length (const WOLFSSL_SESSION *ses) |
| This is used to get the master secret key length. | |
| WOLFSSL_API void | wolfSSL_CTX_set_cert_store (WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str) |
| This is a setter function for the WOLFSSL_X509_STORE structure in ctx. | |
| WOLFSSL_API WOLFSSL_X509_STORE * | wolfSSL_CTX_get_cert_store (WOLFSSL_CTX *ctx) |
| This is a getter function for the WOLFSSL_X509_STORE structure in ctx. | |
| WOLFSSL_API size_t | wolfSSL_get_server_random (const WOLFSSL *ssl, unsigned char *out, size_t outlen) |
| This is used to get the random data sent by the server during the handshake. | |
| WOLFSSL_API size_t | wolfSSL_get_client_random (const WOLFSSL *ssl, unsigned char *out, size_t outSz) |
| This is used to get the random data sent by the client during the handshake. | |
| WOLFSSL_API pem_password_cb * | wolfSSL_CTX_get_default_passwd_cb (WOLFSSL_CTX *ctx) |
| This is a getter function for the password callback set in ctx. | |
| WOLFSSL_API void * | wolfSSL_CTX_get_default_passwd_cb_userdata (WOLFSSL_CTX *ctx) |
| This is a getter function for the password callback user data set in ctx. | |
| WOLFSSL_API long | wolfSSL_CTX_clear_options (WOLFSSL_CTX *, long) |
| This function resets option bits of WOLFSSL_CTX object. | |
| WOLFSSL_API int | wolfSSL_set_msg_callback (WOLFSSL *ssl, SSL_Msg_Cb cb) |
| This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback. | |
| WOLFSSL_API int | wolfSSL_set_msg_callback_arg (WOLFSSL *ssl, void *arg) |
| This function sets associated callback context value in the ssl. The value is handed over to the callback argument. | |
| WOLFSSL_API void * | wolfSSL_GetCookieCtx (WOLFSSL *ssl) |
| This function returns the IOCB_CookieCtx member of the WOLFSSL structure. | |
| WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_client_method | ( | void | ) |
The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_server_method | ( | void | ) |
The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN | ( | const WOLFSSL_ASN1_INTEGER * | ai, |
| WOLFSSL_BIGNUM * | bn ) |
This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.
| ai | WOLFSSL_ASN1_INTEGER structure to copy from. |
| bn | if wanting to copy into an already existing WOLFSSL_BIGNUM struct then pass in a pointer to it. Optionally this can be NULL and a new WOLFSSL_BIGNUM structure will be created. |
Example
| WOLFSSL_API int wolfSSL_check_domain_name | ( | WOLFSSL * | ssl, |
| const char * | dn ) |
wolfSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before wolfSSL_connect() or wolfSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| dn | domain name to check against the peer certificate when received. |
Example
| WOLFSSL_API int wolfSSL_check_private_key | ( | const WOLFSSL * | ssl | ) |
This function checks that the private key is a match with the certificate being used.
| ssl | WOLFSSL structure to check. |
Example
| WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert | ( | WOLFSSL_CTX * | ctx, |
| WOLFSSL_X509 * | x509 ) |
This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure.
| ctx | WOLFSSL_CTX structure to add certificate to. |
| x509 | certificate to add to the chain. |
Example
| WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher | ( | WOLFSSL_CTX * | ctx | ) |
This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilation.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API long wolfSSL_CTX_clear_options | ( | WOLFSSL_CTX * | ctx, |
| long | opt ) |
This function resets option bits of WOLFSSL_CTX object.
| ctx | pointer to the SSL context. |
Example
| WOLFSSL_API void wolfSSL_CTX_free | ( | WOLFSSL_CTX * | ctx | ) |
This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count and only frees the context when the reference count has reached 0.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
Example
| WOLFSSL_API WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store | ( | WOLFSSL_CTX * | ctx | ) |
This is a getter function for the WOLFSSL_X509_STORE structure in ctx.
| ctx | pointer to the WOLFSSL_CTX structure for getting cert store pointer. |
Example
| WOLFSSL_API pem_password_cb * wolfSSL_CTX_get_default_passwd_cb | ( | WOLFSSL_CTX * | ctx | ) |
This is a getter function for the password callback set in ctx.
| ctx | WOLFSSL_CTX structure to get call back from. |
Example
| WOLFSSL_API void * wolfSSL_CTX_get_default_passwd_cb_userdata | ( | WOLFSSL_CTX * | ctx | ) |
This is a getter function for the password callback user data set in ctx.
| ctx | WOLFSSL_CTX structure to get user data from. |
Example
| WOLFSSL_API int wolfSSL_CTX_get_read_ahead | ( | WOLFSSL_CTX * | ctx | ) |
This function returns the get read ahead flag from a WOLFSSL_CTX structure.
| ctx | WOLFSSL_CTX structure to get read ahead flag from. |
Example
| WOLFSSL_API long wolfSSL_CTX_get_verify_depth | ( | WOLFSSL_CTX * | ctx | ) |
This function gets the certificate chaining depth using the CTX structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache | ( | WOLFSSL_CTX * | ctx, |
| const void * | mem, | ||
| int | sz ) |
This function restores the certificate cache from memory.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| mem | a void pointer with a value that will be restored to the certificate cache. |
| sz | an int type that represents the size of the mem parameter. |
Example
| WOLFSSL_API WOLFSSL_CTX * wolfSSL_CTX_new | ( | WOLFSSL_METHOD * | method | ) |
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input.
| method | pointer to the desired WOLFSSL_METHOD to use for the SSL context. This is created using one of the wolfSSLvXX_XXXX_method() functions to specify SSL/TLS/DTLS protocol level. |
Example
| WOLFSSL_API void wolfSSL_CTX_set_cert_store | ( | WOLFSSL_CTX * | ctx, |
| WOLFSSL_X509_STORE * | str ) |
This is a setter function for the WOLFSSL_X509_STORE structure in ctx.
| ctx | pointer to the WOLFSSL_CTX structure for setting cert store pointer. |
| str | pointer to the WOLFSSL_X509_STORE to set in ctx. |
Example
| WOLFSSL_API int wolfSSL_CTX_set_cipher_list | ( | WOLFSSL_CTX * | ctx, |
| const char * | list ) |
This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the default list for any new SSL sessions (WOLFSSL) created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the specific SSL context to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c)
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| list | null-terminated text string and a colon-delimited list of cipher suites to use with the specified SSL context. |
Example
| WOLFSSL_API int wolfSSL_CTX_set_group_messages | ( | WOLFSSL_CTX * | ctx | ) |
This function turns on grouping of handshake messages where possible.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_set_read_ahead | ( | WOLFSSL_CTX * | ctx, |
| int | v ) |
This function sets the read ahead flag in the WOLFSSL_CTX structure.
| ctx | WOLFSSL_CTX structure to set read ahead flag. |
Example
| WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode | ( | WOLFSSL_CTX * | ctx, |
| long | mode ) |
This function enables or disables SSL session caching. Behavior depends on the value used for mode. The following values for mode are available: SSL_SESS_CACHE_OFF- disable session caching. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR - Disable auto-flushing of the session cache. Auto-flushing is turned on by default.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| mode | modifier used to change behavior of the session cache. |
Example
| WOLFSSL_API int wolfSSL_CTX_set_timeout | ( | WOLFSSL_CTX * | ctx, |
| unsigned int | to ) |
This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| to | session timeout value in seconds. |
Example
| WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg | ( | WOLFSSL_CTX * | ctx, |
| void * | arg ) |
This function sets the optional argument to be passed to the PRF callback.
| ctx | WOLFSSL_CTX structure to set user argument. |
| arg | user argument. |
Example
| WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg | ( | WOLFSSL_CTX * | ctx, |
| void * | arg ) |
This function sets the options argument to use with OCSP.
| ctx | WOLFSSL_CTX structure to set user argument. |
| arg | user argument. |
Example
| WOLFSSL_API void wolfSSL_CTX_set_verify | ( | WOLFSSL_CTX * | ctx, |
| int | mode, | ||
| VerifyCallback | verify_callback ) |
This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL context. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| mode | session timeout value in seconds |
| verify_callback | callback to be called when verification fails. If no callback is desired, the NULL pointer can be used for verify_callback. |
Example
| WOLFSSL_API int wolfSSL_CTX_SetMinVersion | ( | WOLFSSL_CTX * | ctx, |
| int | version ) |
This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method).
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| version | an integer representation of the version to be set as the minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or WOLFSSL_TLSV1_2 = 3. |
Example
| WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer | ( | WOLFSSL_CTX * | ctx, |
| const unsigned char * | in, | ||
| long | sz, | ||
| int | format ) |
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from a buffer instead of a file. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| buffer | pointer to the buffer containing certificates. |
| sz | length of the buffer input. |
| type | type of certificate being loaded i.e. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| WOLFSSL_API int wolfSSL_CTX_trust_peer_cert | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| int | type ) |
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the examples for proper usage.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| file | pointer to name of the file containing certificates |
| type | type of certificate being loaded ie SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
| WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers | ( | WOLFSSL_CTX * | ctx | ) |
This function is used to unload all previously loaded trusted peer certificates. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_UnloadCAs | ( | WOLFSSL_CTX * | ctx | ) |
This function unloads the CA signer list and frees the whole signer table.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_UseSessionTicket | ( | WOLFSSL_CTX * | ctx | ) |
This function sets wolfSSL context to use a session ticket.
| ctx | The WOLFSSL_CTX structure to use. |
Example
| WOLFSSL_API int wolfSSL_dtls_set_timeout_init | ( | WOLFSSL * | ssl, |
| int | timeout ) |
This function sets the dtls timeout.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| timeout | an int type that will be set to the dtls_timeout_init member of the WOLFSSL structure. |
Example
| WOLFSSL_API void wolfSSL_free | ( | WOLFSSL * | ssl | ) |
This function frees an allocated wolfSSL object.
| ssl | pointer to the SSL object, created with wolfSSL_new(). |
Example
| WOLFSSL_API WOLFSSL_SESSION * wolfSSL_get1_session | ( | WOLFSSL * | ssl | ) |
This function returns the WOLFSSL_SESSION from the WOLFSSL structure.
| ssl | WOLFSSL structure to get session from. |
Example
| WOLFSSL_API size_t wolfSSL_get_client_random | ( | const WOLFSSL * | ssl, |
| unsigned char * | out, | ||
| size_t | outSz ) |
This is used to get the random data sent by the client during the handshake.
| ssl | WOLFSSL structure to get clients random data buffer from. |
| out | buffer to hold random data. |
| outSz | size of out buffer passed in. (if 0 function will return max buffer size needed) |
Example
| WOLFSSL_API long wolfSSL_get_options | ( | const WOLFSSL * | s | ) |
This function returns the current options mask.
| ssl | WOLFSSL structure to get options mask from. |
Example
| WOLFSSL_API size_t wolfSSL_get_server_random | ( | const WOLFSSL * | ssl, |
| unsigned char * | out, | ||
| size_t | outlen ) |
This is used to get the random data sent by the server during the handshake.
| ssl | WOLFSSL structure to get clients random data buffer from. |
| out | buffer to hold random data. |
| outSz | size of out buffer passed in. (if 0 function will return max buffer size needed) |
Example
| WOLFSSL_API long wolfSSL_get_verify_result | ( | const WOLFSSL * | ssl | ) |
This is used to get the results after trying to verify the peer's certificate.
| ssl | WOLFSSL structure to get verification results from. |
Example
| WOLFSSL_API void * wolfSSL_GetCookieCtx | ( | WOLFSSL * | ssl | ) |
This function returns the IOCB_CookieCtx member of the WOLFSSL structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API WOLFSSL * wolfSSL_new | ( | WOLFSSL_CTX * | ctx | ) |
This function creates a new SSL session, taking an already created SSL context as input.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_SESSION_get_master_key | ( | const WOLFSSL_SESSION * | ses, |
| unsigned char * | out, | ||
| int | outSz ) |
This is used to get the master key after completing a handshake.
| ses | WOLFSSL_SESSION structure to get master secret buffer from. |
| out | buffer to hold data. |
| outSz | size of out buffer passed in. (if 0 function will return max buffer size needed) |
Example
| WOLFSSL_API int wolfSSL_SESSION_get_master_key_length | ( | const WOLFSSL_SESSION * | ses | ) |
This is used to get the master secret key length.
| ses | WOLFSSL_SESSION structure to get master secret buffer from. |
Example
| WOLFSSL_API int wolfSSL_set_cipher_list | ( | WOLFSSL * | ssl, |
| const char * | list ) |
This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_set_cipher_list() resets the cipher suite list for the specific SSL session to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256". Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c)
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| list | null-terminated text string and a colon-delimited list of cipher suites to use with the specified SSL session. |
Example
| WOLFSSL_API int wolfSSL_set_compression | ( | WOLFSSL * | ssl | ) |
Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use –with-libz for the configure system and define HAVE_LIBZ otherwise. Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_set_fd | ( | WOLFSSL * | ssl, |
| int | fd ) |
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| fd | file descriptor to use with SSL/TLS connection. |
Example
| WOLFSSL_API int wolfSSL_set_group_messages | ( | WOLFSSL * | ssl | ) |
This function turns on grouping of handshake messages where possible.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_set_msg_callback | ( | WOLFSSL * | ssl, |
| SSL_Msg_Cb | cb ) |
This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback.
| ssl | WOLFSSL structure to set callback argument. |
Example
| WOLFSSL_API int wolfSSL_set_msg_callback_arg | ( | WOLFSSL * | ssl, |
| void * | arg ) |
This function sets associated callback context value in the ssl. The value is handed over to the callback argument.
| ssl | WOLFSSL structure to set callback argument. |
Example
| WOLFSSL_API long wolfSSL_set_options | ( | WOLFSSL * | s, |
| long | op ) |
This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
| s | WOLFSSL structure to set options mask. |
| op | This function sets the options mask in the ssl. Some valid options are: SSL_OP_ALL SSL_OP_COOKIE_EXCHANGE SSL_OP_NO_SSLv2 SSL_OP_NO_SSLv3 SSL_OP_NO_TLSv1 SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_COMPRESSION |
Example
| WOLFSSL_API int wolfSSL_set_session | ( | WOLFSSL * | ssl, |
| WOLFSSL_SESSION * | session ) |
This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS connection. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default.
| ssl | pointer to the SSL object, created with wolfSSL_new(). |
| session | pointer to the WOLFSSL_SESSION used to set the session for ssl. |
Example
| WOLFSSL_API int wolfSSL_set_timeout | ( | WOLFSSL * | ssl, |
| unsigned int | to ) |
This function sets the SSL session timeout value in seconds.
| ssl | pointer to the SSL object, created with wolfSSL_new(). |
| to | value, in seconds, used to set the SSL session timeout. |
Example
| WOLFSSL_API long wolfSSL_set_tlsext_debug_arg | ( | WOLFSSL * | s, |
| void * | arg ) |
This is used to set the debug argument passed around.
| ssl | WOLFSSL structure to set argument in. |
| arg | argument to use. |
Example
| WOLFSSL_API void wolfSSL_set_using_nonblock | ( | WOLFSSL * | , |
| int | ) |
This function informs the WOLFSSL object that the underlying I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking socket, call wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| nonblock | value used to set non-blocking flag on WOLFSSL object. Use 1 to specify non-blocking, otherwise 0. |
Example
| WOLFSSL_API void wolfSSL_set_verify | ( | WOLFSSL * | ssl, |
| int | mode, | ||
| VerifyCallback | verify_callback ) |
This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert.
| ssl | pointer to the SSL session, created with wolfSSL_new(). |
| mode | session timeout value in seconds. |
| verify_callback | callback to be called when verification fails. If no callback is desired, the NULL pointer can be used for verify_callback. |
Example
| WOLFSSL_API int wolfSSL_SetVersion | ( | WOLFSSL * | ssl, |
| int | version ) |
This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using the version as specified by version. This will override the protocol setting for the SSL session (ssl) - originally defined and set by the SSL context (wolfSSL_CTX_new()) method type.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| version | SSL/TLS protocol version. Possible values include WOLFSSL_SSLV3, WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2. |
Example
| WOLFSSL_API int wolfSSL_state | ( | WOLFSSL * | ssl | ) |
This is used to get the internal error state of the WOLFSSL structure.
Example
| WOLFSSL_API int wolfSSL_use_certificate | ( | WOLFSSL * | ssl, |
| WOLFSSL_X509 * | x509 ) |
his is used to set the certificate for WOLFSSL structure to use during a handshake.
| ssl | WOLFSSL structure to set certificate in. |
| x509 | certificate to use. |
Example
| WOLFSSL_API int wolfSSL_use_certificate_ASN1 | ( | WOLFSSL * | ssl, |
| unsigned char * | der, | ||
| int | derSz ) |
This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected.
| ssl | WOLFSSL structure to set certificate in. |
| der | DER certificate to use. |
| derSz | size of the DER buffer passed in. |
Example
| WOLFSSL_API int wolfSSL_use_old_poly | ( | WOLFSSL * | ssl, |
| int | value ) |
Since there is some differences between the first release and newer versions of chacha-poly AEAD construction we have added an option to communicate with servers/clients using the older version. By default wolfSSL uses the new version.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| value | whether or not to use the older version of setting up the information for poly1305. Passing a flag value of 1 indicates yes use the old poly AEAD, to switch back to using the new version pass a flag value of 0. |
Example
| WOLFSSL_API int wolfSSL_UseALPN | ( | WOLFSSL * | ssl, |
| char * | protocol_name_list, | ||
| unsigned int | protocol_name_listSz, | ||
| unsigned char | options ) |
Setup ALPN use for a wolfSSL session.
| ssl | The wolfSSL session to use. |
| protocol_name_list | List of protocol names to use. Comma delimited string is required. |
| protocol_name_listSz | Size of the list of protocol names. |
| options | WOLFSSL_ALPN_CONTINUE_ON_MISMATCH or WOLFSSL_ALPN_FAILED_ON_MISMATCH. |
Example
| WOLFSSL_API int wolfSSL_UseSupportedQSH | ( | WOLFSSL * | ssl, |
| unsigned short | name ) |
This function sets the ssl session to use supported QSH provided by name.
| ssl | Pointer to ssl session to use. |
| name | Name of a supported QSH. Valid names are WOLFSSL_NTRU_EESS439, WOLFSSL_NTRU_EESS593, or WOLFSSL_NTRU_EESS743. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_client_method | ( | void | ) |
The wolfSSLv23_client_method() function is used to indicate that the application is a client and will support the highest protocol version supported by the server between SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). Both wolfSSL clients and servers have robust version downgrade capability. If a specific protocol version method is used on either side, then only that version will be negotiated or an error will be returned. For example, a client that uses TLSv1 and tries to connect to a SSLv3 only server will fail, likewise connecting to a TLSv1.1 will fail as well. To resolve this issue, a client that uses the wolfSSLv23_client_method() function will use the highest protocol version supported by the server and downgrade to SSLv3 if needed. In this case, the client will be able to connect to a server running SSLv3 - TLSv1.2.
| none | No parameters |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_method | ( | void | ) |
This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not determined which side yet (server/client).
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_server_method | ( | void | ) |
The wolfSSLv23_server_method() function is used to indicate that the application is a server and will support clients connecting with protocol version from SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_client_method | ( | void | ) |
The wolfSSLv3_client_method() function is used to indicate that the application is a client and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_server_method | ( | void | ) |
The wolfSSLv3_server_method() function is used to indicate that the application is a server and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_client_method | ( | void | ) |
The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_server_method | ( | void | ) |
The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.1 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_client_method | ( | void | ) |
The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_server_method | ( | void | ) |
The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_client_method | ( | void | ) |
The wolfTLSv1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_server_method | ( | void | ) |
The wolfTLSv1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
| none | No parameters. |
Example