|
My Project
|
Loading...
Searching...
No Matches
|
My Project
|
Header file containing key wolfSSL API. More...
Go to the source code of this file.
Data Structures | |
| struct | WOLFSSL_AUTHORITY_KEYID |
| struct | WOLFSSL_BASIC_CONSTRAINTS |
| struct | WOLFSSL_ASN1_STRING |
| struct | WOLFSSL_ASN1_OTHERNAME |
| struct | WOLFSSL_GENERAL_NAME |
| struct | WOLFSSL_ACCESS_DESCRIPTION |
| struct | WOLFSSL_X509V3_CTX |
| struct | WOLFSSL_ASN1_OBJECT |
| struct | WOLFSSL_ASN1_OBJECT::d |
| struct | WOLFSSL_ASN1_TYPE |
| struct | WOLFSSL_EVP_PKEY |
| struct | WOLFSSL_X509_PKEY |
| struct | WOLFSSL_X509_INFO |
| struct | WOLFSSL_X509_ALGOR |
| struct | WOLFSSL_X509_PUBKEY |
| struct | WOLFSSL_BUF_MEM |
| struct | WOLFSSL_BIO_METHOD |
| struct | WOLFSSL_BIO |
| struct | WOLFSSL_COMP_METHOD |
| struct | WOLFSSL_COMP |
| struct | WOLFSSL_X509_LOOKUP_METHOD |
| struct | WOLFSSL_X509_LOOKUP |
| struct | WOLFSSL_X509_STORE |
| struct | WOLFSSL_X509_VERIFY_PARAM |
| struct | WOLFSSL_ALERT |
| struct | WOLFSSL_ALERT_HISTORY |
| struct | WOLFSSL_X509_REVOKED |
| struct | WOLFSSL_X509_OBJECT |
| struct | WOLFSSL_BUFFER_INFO |
| struct | WOLFSSL_X509_STORE_CTX |
| struct | WOLFSSL_X509_NAME_ENTRY |
| struct | WOLFSSL_ASN1_BIT_STRING |
Typedefs | |
| typedef struct WOLFSSL_SESSION | WOLFSSL_SESSION |
| typedef struct WOLFSSL_METHOD | WOLFSSL_METHOD |
| typedef struct WOLFSSL_CTX | WOLFSSL_CTX |
| typedef struct WOLFSSL_STACK | WOLFSSL_STACK |
| typedef struct WOLFSSL_X509 | WOLFSSL_X509 |
| typedef struct WOLFSSL_X509_NAME | WOLFSSL_X509_NAME |
| typedef struct WOLFSSL_X509_NAME_ENTRY | WOLFSSL_X509_NAME_ENTRY |
| typedef struct WOLFSSL_X509_PUBKEY | WOLFSSL_X509_PUBKEY |
| typedef struct WOLFSSL_X509_ALGOR | WOLFSSL_X509_ALGOR |
| typedef struct WOLFSSL_X509_CHAIN | WOLFSSL_X509_CHAIN |
| typedef struct WC_PKCS12 | WOLFSSL_X509_PKCS12 |
| typedef struct WOLFSSL_X509_INFO | WOLFSSL_X509_INFO |
| typedef struct WOLFSSL_CERT_MANAGER | WOLFSSL_CERT_MANAGER |
| typedef struct WOLFSSL_SOCKADDR | WOLFSSL_SOCKADDR |
| typedef struct WOLFSSL_CRL | WOLFSSL_CRL |
| typedef struct WOLFSSL_X509_STORE_CTX | WOLFSSL_X509_STORE_CTX |
| typedef int(* | WOLFSSL_X509_STORE_CTX_verify_cb) (int, WOLFSSL_X509_STORE_CTX *) |
| typedef struct WC_RNG | WC_RNG |
| typedef struct WOLFSSL_CIPHER | WOLFSSL_CIPHER |
| typedef struct WOLFSSL_X509_LOOKUP | WOLFSSL_X509_LOOKUP |
| typedef struct WOLFSSL_X509_LOOKUP_METHOD | WOLFSSL_X509_LOOKUP_METHOD |
| typedef struct WOLFSSL_CRL | WOLFSSL_X509_CRL |
| typedef struct WOLFSSL_X509_STORE | WOLFSSL_X509_STORE |
| typedef struct WOLFSSL_X509_VERIFY_PARAM | WOLFSSL_X509_VERIFY_PARAM |
| typedef struct WOLFSSL_BIO | WOLFSSL_BIO |
| typedef struct WOLFSSL_BIO_METHOD | WOLFSSL_BIO_METHOD |
| typedef struct WOLFSSL_X509_EXTENSION | WOLFSSL_X509_EXTENSION |
| typedef struct WOLFSSL_CONF_VALUE | WOLFSSL_CONF_VALUE |
| typedef struct WOLFSSL_ASN1_OBJECT | WOLFSSL_ASN1_OBJECT |
| typedef struct WOLFSSL_ASN1_OTHERNAME | WOLFSSL_ASN1_OTHERNAME |
| typedef struct WOLFSSL_X509V3_CTX | WOLFSSL_X509V3_CTX |
| typedef struct WOLFSSL_v3_ext_method | WOLFSSL_v3_ext_method |
| typedef struct WOLFSSL_ASN1_STRING | WOLFSSL_ASN1_STRING |
| typedef struct WOLFSSL_dynlock_value | WOLFSSL_dynlock_value |
| typedef struct WOLFSSL_DH | WOLFSSL_DH |
| typedef struct WOLFSSL_ASN1_BIT_STRING | WOLFSSL_ASN1_BIT_STRING |
| typedef struct WOLFSSL_ASN1_TYPE | WOLFSSL_ASN1_TYPE |
| typedef struct WOLFSSL_GENERAL_NAME | WOLFSSL_GENERAL_NAME |
| typedef struct WOLFSSL_AUTHORITY_KEYID | WOLFSSL_AUTHORITY_KEYID |
| typedef struct WOLFSSL_BASIC_CONSTRAINTS | WOLFSSL_BASIC_CONSTRAINTS |
| typedef struct WOLFSSL_ACCESS_DESCRIPTION | WOLFSSL_ACCESS_DESCRIPTION |
| typedef struct WOLFSSL_EVP_PKEY | WOLFSSL_PKCS8_PRIV_KEY_INFO |
| typedef struct WOLFSSL_X509_PKEY | WOLFSSL_X509_PKEY |
| typedef struct WOLFSSL_BUF_MEM | WOLFSSL_BUF_MEM |
| typedef int(* | wolfSSL_BIO_meth_write_cb) (WOLFSSL_BIO *, const char *, int) |
| typedef int(* | wolfSSL_BIO_meth_read_cb) (WOLFSSL_BIO *, char *, int) |
| typedef int(* | wolfSSL_BIO_meth_puts_cb) (WOLFSSL_BIO *, const char *) |
| typedef int(* | wolfSSL_BIO_meth_gets_cb) (WOLFSSL_BIO *, char *, int) |
| typedef long(* | wolfSSL_BIO_meth_ctrl_get_cb) (WOLFSSL_BIO *, int, long, void *) |
| typedef int(* | wolfSSL_BIO_meth_create_cb) (WOLFSSL_BIO *) |
| typedef int(* | wolfSSL_BIO_meth_destroy_cb) (WOLFSSL_BIO *) |
| typedef int | wolfSSL_BIO_info_cb(WOLFSSL_BIO *, int, int) |
| typedef long(* | wolfssl_BIO_meth_ctrl_info_cb) (WOLFSSL_BIO *, int, wolfSSL_BIO_info_cb *) |
| typedef long(* | wolf_bio_info_cb) (WOLFSSL_BIO *bio, int event, const char *parg, int iarg, long larg, long return_value) |
| typedef struct WOLFSSL_COMP_METHOD | WOLFSSL_COMP_METHOD |
| typedef struct WOLFSSL_COMP | WOLFSSL_COMP |
| typedef struct WOLFSSL_ALERT | WOLFSSL_ALERT |
| typedef struct WOLFSSL_ALERT_HISTORY | WOLFSSL_ALERT_HISTORY |
| typedef struct WOLFSSL_X509_REVOKED | WOLFSSL_X509_REVOKED |
| typedef struct WOLFSSL_X509_OBJECT | WOLFSSL_X509_OBJECT |
| typedef struct WOLFSSL_BUFFER_INFO | WOLFSSL_BUFFER_INFO |
| typedef char * | WOLFSSL_STRING |
| typedef WOLFSSL_METHOD *(* | wolfSSL_method_func) (void *heap) |
| typedef int(* | wc_dtls_export) (WOLFSSL *ssl, unsigned char *exportBuffer, unsigned int sz, void *userCtx) |
| typedef struct WOLFSSL_MEM_STATS | WOLFSSL_MEM_STATS |
| typedef struct WOLFSSL_MEM_CONN_STATS | WOLFSSL_MEM_CONN_STATS |
| typedef int(* | VerifyCallback) (int, WOLFSSL_X509_STORE_CTX *) |
| typedef void | CallbackInfoState(const WOLFSSL *, int, int) |
| typedef int | WOLFSSL_CRYPTO_EX_new(void *p, void *ptr, WOLFSSL_CRYPTO_EX_DATA *a, int idx, long argValue, void *arg) |
| typedef int | WOLFSSL_CRYPTO_EX_dup(WOLFSSL_CRYPTO_EX_DATA *out, WOLFSSL_CRYPTO_EX_DATA *in, void *inPtr, int idx, long argV, void *arg) |
| typedef void | WOLFSSL_CRYPTO_EX_free(void *p, void *ptr, WOLFSSL_CRYPTO_EX_DATA *a, int idx, long argValue, void *arg) |
| typedef int(* | CertVerifyCallback) (WOLFSSL_X509_STORE_CTX *store, void *arg) |
| typedef int(* | SessionSecretCb) (WOLFSSL *ssl, void *secret, int *secretSz, void *ctx) |
| typedef int(* | Tls13SecretCb) (WOLFSSL *ssl, int id, const unsigned char *secret, int secretSz, void *ctx) |
| typedef int(* | CallbackMcastHighwater) (unsigned short peerId, unsigned int maxSeq, unsigned int curSeq, void *ctx) |
| typedef int | WOLFSSL_LHASH |
| typedef int(* | client_cert_cb) (WOLFSSL *ssl, WOLFSSL_X509 **x509, WOLFSSL_EVP_PKEY **pkey) |
| typedef unsigned int(* | wc_psk_client_callback) (WOLFSSL *, const char *, char *, unsigned int, unsigned char *, unsigned int) |
| typedef unsigned int(* | wc_psk_client_tls13_callback) (WOLFSSL *, const char *, char *, unsigned int, unsigned char *, unsigned int, const char **) |
| typedef unsigned int(* | wc_psk_server_callback) (WOLFSSL *, const char *, unsigned char *, unsigned int) |
| typedef unsigned int(* | wc_psk_server_tls13_callback) (WOLFSSL *, const char *, unsigned char *, unsigned int, const char **) |
| typedef struct WC_PKCS12 | WC_PKCS12 |
| typedef int(* | CallbackFuzzer) (WOLFSSL *ssl, const unsigned char *buf, int sz, int type, void *fuzzCtx) |
| typedef void(* | CallbackCACache) (unsigned char *der, int sz, int type) |
| typedef void(* | CbMissingCRL) (const char *url) |
| typedef int(* | CbOCSPIO) (void *, const char *, int, unsigned char *, int, unsigned char **) |
| typedef void(* | CbOCSPRespFree) (void *, unsigned char *) |
| typedef int(* | CbCrlIO) (WOLFSSL_CRL *crl, const char *url, int urlSz) |
| typedef int(* | CallbackMacEncrypt) (WOLFSSL *ssl, unsigned char *macOut, const unsigned char *macIn, unsigned int macInSz, int macContent, int macVerify, unsigned char *encOut, const unsigned char *encIn, unsigned int encSz, void *ctx) |
| typedef int(* | CallbackDecryptVerify) (WOLFSSL *ssl, unsigned char *decOut, const unsigned char *decIn, unsigned int decSz, int content, int verify, unsigned int *padSz, void *ctx) |
| typedef int(* | CallbackEncryptMac) (WOLFSSL *ssl, unsigned char *macOut, int content, int macVerify, unsigned char *encOut, const unsigned char *encIn, unsigned int encSz, void *ctx) |
| typedef int(* | CallbackVerifyDecrypt) (WOLFSSL *ssl, unsigned char *decOut, const unsigned char *decIn, unsigned int decSz, int content, int verify, unsigned int *padSz, void *ctx) |
| typedef int(* | CallbackEccKeyGen) (WOLFSSL *ssl, struct ecc_key *key, unsigned int keySz, int ecc_curve, void *ctx) |
| typedef int(* | CallbackEccSign) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, word32 *outSz, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackEccVerify) (WOLFSSL *ssl, const unsigned char *sig, unsigned int sigSz, const unsigned char *hash, unsigned int hashSz, const unsigned char *keyDer, unsigned int keySz, int *result, void *ctx) |
| typedef int(* | CallbackEccSharedSecret) (WOLFSSL *ssl, struct ecc_key *otherKey, unsigned char *pubKeyDer, word32 *pubKeySz, unsigned char *out, word32 *outlen, int side, void *ctx) |
| typedef int(* | CallbackDhAgree) (WOLFSSL *ssl, struct DhKey *key, const unsigned char *priv, unsigned int privSz, const unsigned char *otherPubKeyDer, unsigned int otherPubKeySz, unsigned char *out, unsigned int *outlen, void *ctx) |
| typedef int(* | CallbackEd25519Sign) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, unsigned int *outSz, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackEd25519Verify) (WOLFSSL *ssl, const unsigned char *sig, unsigned int sigSz, const unsigned char *msg, unsigned int msgSz, const unsigned char *keyDer, unsigned int keySz, int *result, void *ctx) |
| typedef int(* | CallbackX25519KeyGen) (WOLFSSL *ssl, struct curve25519_key *key, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackX25519SharedSecret) (WOLFSSL *ssl, struct curve25519_key *otherKey, unsigned char *pubKeyDer, unsigned int *pubKeySz, unsigned char *out, unsigned int *outlen, int side, void *ctx) |
| typedef int(* | CallbackEd448Sign) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, unsigned int *outSz, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackEd448Verify) (WOLFSSL *ssl, const unsigned char *sig, unsigned int sigSz, const unsigned char *msg, unsigned int msgSz, const unsigned char *keyDer, unsigned int keySz, int *result, void *ctx) |
| typedef int(* | CallbackX448KeyGen) (WOLFSSL *ssl, struct curve448_key *key, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackX448SharedSecret) (WOLFSSL *ssl, struct curve448_key *otherKey, unsigned char *pubKeyDer, unsigned int *pubKeySz, unsigned char *out, unsigned int *outlen, int side, void *ctx) |
| typedef int(* | CallbackRsaSign) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, unsigned int *outSz, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackRsaVerify) (WOLFSSL *ssl, unsigned char *sig, unsigned int sigSz, unsigned char **out, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackRsaPssSign) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, unsigned int *outSz, int hash, int mgf, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackRsaPssVerify) (WOLFSSL *ssl, unsigned char *sig, unsigned int sigSz, unsigned char **out, int hash, int mgf, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackRsaEnc) (WOLFSSL *ssl, const unsigned char *in, unsigned int inSz, unsigned char *out, unsigned int *outSz, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackRsaDec) (WOLFSSL *ssl, unsigned char *in, unsigned int inSz, unsigned char **out, const unsigned char *keyDer, unsigned int keySz, void *ctx) |
| typedef int(* | CallbackALPNSelect) (WOLFSSL *ssl, const unsigned char **out, unsigned char *outLen, const unsigned char *in, unsigned int inLen, void *arg) |
| typedef int(* | CallbackSessionTicket) (WOLFSSL *, const unsigned char *, int, void *) |
| typedef int(* | SessionTicketEncCb) (WOLFSSL *, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], unsigned char mac[WOLFSSL_TICKET_MAC_SZ], int enc, unsigned char *, int, int *, void *) |
| typedef int(* | HandShakeDoneCb) (WOLFSSL *, void *) |
| typedef int(* | HandShakeCallBack) (HandShakeInfo *) |
| typedef int(* | TimeoutCallBack) (TimeoutInfo *) |
| typedef int(* | CallbackSniRecv) (WOLFSSL *ssl, int *ret, void *exArg) |
| typedef int(* | wolf_sk_compare_cb) (const void *const *a, const void *const *b) |
| typedef void(* | SSL_Msg_Cb) (int write_p, int version, int content_type, const void *buf, size_t len, WOLFSSL *ssl, void *arg) |
Enumerations | |
| enum | BIO_TYPE { WOLFSSL_BIO_BUFFER = 1 , WOLFSSL_BIO_SOCKET = 2 , WOLFSSL_BIO_SSL = 3 , WOLFSSL_BIO_MEMORY = 4 , WOLFSSL_BIO_BIO = 5 , WOLFSSL_BIO_FILE = 6 , WOLFSSL_BIO_BASE64 = 7 , WOLFSSL_BIO_MD = 8 } |
| enum | BIO_FLAGS { WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01 , WOLFSSL_BIO_FLAG_READ = 0x02 , WOLFSSL_BIO_FLAG_WRITE = 0x04 , WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08 , WOLFSSL_BIO_FLAG_RETRY = 0x10 } |
| enum | BIO_CB_OPS { WOLFSSL_BIO_CB_FREE = 0x01 , WOLFSSL_BIO_CB_READ = 0x02 , WOLFSSL_BIO_CB_WRITE = 0x03 , WOLFSSL_BIO_CB_PUTS = 0x04 , WOLFSSL_BIO_CB_GETS = 0x05 , WOLFSSL_BIO_CB_CTRL = 0x06 , WOLFSSL_BIO_CB_RETURN = 0x80 } |
| enum | AlertDescription { close_notify = 0 , unexpected_message = 10 , bad_record_mac = 20 , record_overflow = 22 , decompression_failure = 30 , handshake_failure = 40 , no_certificate = 41 , bad_certificate = 42 , unsupported_certificate = 43 , certificate_revoked = 44 , certificate_expired = 45 , certificate_unknown = 46 , illegal_parameter = 47 , unknown_ca = 48 , decode_error = 50 , decrypt_error = 51 , wc_protocol_version = 70 , protocol_version = 70 , inappropriate_fallback = 86 , no_renegotiation = 100 , missing_extension = 109 , unsupported_extension = 110 , unrecognized_name = 112 , bad_certificate_status_response = 113 , unknown_psk_identity = 115 , certificate_required = 116 , no_application_protocol = 120 } |
| enum | AlertLevel { alert_warning = 1 , alert_fatal = 2 } |
| enum | Tls13Secret { CLIENT_EARLY_TRAFFIC_SECRET , CLIENT_HANDSHAKE_TRAFFIC_SECRET , SERVER_HANDSHAKE_TRAFFIC_SECRET , CLIENT_TRAFFIC_SECRET , SERVER_TRAFFIC_SECRET , EARLY_EXPORTER_SECRET , EXPORTER_SECRET } |
| enum | { WOLFSSL_OCSP_URL_OVERRIDE = 1 , WOLFSSL_OCSP_NO_NONCE = 2 , WOLFSSL_OCSP_CHECKALL = 4 , WOLFSSL_CRL_CHECKALL = 1 , WOLFSSL_CRL_CHECK = 2 } |
| enum | { SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001 , SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002 , SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004 , SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008 , SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010 , SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020 , SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040 , SSL_OP_TLS_D5_BUG = 0x00000080 , SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100 , SSL_OP_TLS_ROLLBACK_BUG = 0x00000200 , SSL_OP_EPHEMERAL_RSA = 0x00000800 , WOLFSSL_OP_NO_SSLv3 = 0x00001000 , WOLFSSL_OP_NO_TLSv1 = 0x00002000 , SSL_OP_PKCS1_CHECK_1 = 0x00004000 , SSL_OP_PKCS1_CHECK_2 = 0x00008000 , SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000 , SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000 , SSL_OP_SINGLE_DH_USE = 0x00040000 , SSL_OP_NO_TICKET = 0x00080000 , SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000 , SSL_OP_NO_QUERY_MTU = 0x00200000 , SSL_OP_COOKIE_EXCHANGE = 0x00400000 , SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000 , SSL_OP_SINGLE_ECDH_USE = 0x01000000 , SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000 , WOLFSSL_OP_NO_TLSv1_1 = 0x04000000 , WOLFSSL_OP_NO_TLSv1_2 = 0x08000000 , SSL_OP_NO_COMPRESSION = 0x10000000 , WOLFSSL_OP_NO_TLSv1_3 = 0x20000000 , WOLFSSL_OP_NO_SSLv2 = 0x40000000 , SSL_OP_ALL } |
| enum | { OCSP_NOCERTS = 1 , OCSP_NOINTERN = 2 , OCSP_NOSIGS = 4 , OCSP_NOCHAIN = 8 , OCSP_NOVERIFY = 16 , OCSP_NOEXPLICIT = 32 , OCSP_NOCASIGN = 64 , OCSP_NODELEGATED = 128 , OCSP_NOCHECKS = 256 , OCSP_TRUSTOTHER = 512 , OCSP_RESPID_KEY = 1024 , OCSP_NOTIME = 2048 , OCSP_CERTID = 2 , OCSP_REQUEST = 4 , OCSP_RESPONSE = 8 , OCSP_BASICRESP = 16 , ASN1_GENERALIZEDTIME = 4 , SSL_MAX_SSL_SESSION_ID_LENGTH = 32 , SSL_ST_CONNECT = 0x1000 , SSL_ST_ACCEPT = 0x2000 , SSL_ST_MASK = 0x0FFF , SSL_CB_LOOP = 0x01 , SSL_CB_EXIT = 0x02 , SSL_CB_READ = 0x04 , SSL_CB_WRITE = 0x08 , SSL_CB_HANDSHAKE_START = 0x10 , SSL_CB_HANDSHAKE_DONE = 0x20 , SSL_CB_ALERT = 0x4000 , SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ) , SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE) , SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP) , SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT) , SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP) , SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT) , SSL_CB_MODE_READ = 1 , SSL_CB_MODE_WRITE = 2 , SSL_MODE_ENABLE_PARTIAL_WRITE = 2 , SSL_MODE_AUTO_RETRY = 3 , SSL_MODE_RELEASE_BUFFERS = -1 , BIO_FLAGS_BASE64_NO_NL = 1 , BIO_CLOSE = 1 , BIO_NOCLOSE = 0 , X509_FILETYPE_PEM = 8 , X509_LU_X509 = 9 , X509_LU_CRL = 12 , X509_V_OK = 0 , X509_V_ERR_CRL_SIGNATURE_FAILURE = 13 , X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14 , X509_V_ERR_CRL_HAS_EXPIRED = 15 , X509_V_ERR_CERT_REVOKED = 16 , X509_V_ERR_CERT_CHAIN_TOO_LONG = 17 , X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18 , X509_V_ERR_CERT_NOT_YET_VALID = 19 , X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20 , X509_V_ERR_CERT_HAS_EXPIRED = 21 , X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22 , X509_V_ERR_CERT_REJECTED = 23 , X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24 , X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25 , X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26 , X509_V_ERR_CERT_UNTRUSTED = 27 , X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28 , X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29 , X509_V_ERR_UNABLE_TO_GET_CRL , X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE , X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE , X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY , X509_V_ERR_CERT_SIGNATURE_FAILURE , X509_V_ERR_CRL_NOT_YET_VALID , X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD , X509_V_ERR_OUT_OF_MEM , X509_V_ERR_INVALID_CA , X509_V_ERR_PATH_LENGTH_EXCEEDED , X509_V_ERR_INVALID_PURPOSE , X509_V_ERR_AKID_SKID_MISMATCH , X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH , X509_V_ERR_KEYUSAGE_NO_CERTSIGN , X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER , X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION , X509_V_ERR_KEYUSAGE_NO_CRL_SIGN , X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION , X509_V_ERR_INVALID_NON_CA , X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED , X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE , X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED , X509_V_ERR_INVALID_EXTENSION , X509_V_ERR_INVALID_POLICY_EXTENSION , X509_V_ERR_NO_EXPLICIT_POLICY , X509_V_ERR_UNNESTED_RESOURCE , X509_V_ERR_APPLICATION_VERIFICATION , X509_R_CERT_ALREADY_IN_HASH_TABLE , XN_FLAG_SPC_EQ = (1 << 23) , XN_FLAG_SEP_CPLUS_SPC = (2 << 16) , XN_FLAG_ONELINE = 0 , XN_FLAG_RFC2253 = 1 , XN_FLAG_DN_REV = (1 << 20) , CRYPTO_LOCK = 1 , CRYPTO_NUM_LOCKS = 10 , ASN1_STRFLGS_ESC_MSB = 4 } |
| enum | { WOLFSSL_ERROR_NONE = 0 , WOLFSSL_FAILURE = 0 , WOLFSSL_SUCCESS = 1 , WOLFSSL_SHUTDOWN_NOT_DONE = 2 , WOLFSSL_ALPN_NOT_FOUND = -9 , WOLFSSL_BAD_CERTTYPE = -8 , WOLFSSL_BAD_STAT = -7 , WOLFSSL_BAD_PATH = -6 , WOLFSSL_BAD_FILETYPE = -5 , WOLFSSL_BAD_FILE = -4 , WOLFSSL_NOT_IMPLEMENTED = -3 , WOLFSSL_UNKNOWN = -2 , WOLFSSL_FATAL_ERROR = -1 , WOLFSSL_FILETYPE_ASN1 = 2 , WOLFSSL_FILETYPE_PEM = 1 , WOLFSSL_FILETYPE_DEFAULT = 2 , WOLFSSL_FILETYPE_RAW = 3 , WOLFSSL_VERIFY_NONE = 0 , WOLFSSL_VERIFY_PEER = 1 , WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2 , WOLFSSL_VERIFY_CLIENT_ONCE = 4 , WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 8 , WOLFSSL_SESS_CACHE_OFF = 0x0000 , WOLFSSL_SESS_CACHE_CLIENT = 0x0001 , WOLFSSL_SESS_CACHE_SERVER = 0x0002 , WOLFSSL_SESS_CACHE_BOTH = 0x0003 , WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008 , WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100 , WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200 , WOLFSSL_SESS_CACHE_NO_INTERNAL = 0x0300 , WOLFSSL_ERROR_WANT_READ = 2 , WOLFSSL_ERROR_WANT_WRITE = 3 , WOLFSSL_ERROR_WANT_CONNECT = 7 , WOLFSSL_ERROR_WANT_ACCEPT = 8 , WOLFSSL_ERROR_SYSCALL = 5 , WOLFSSL_ERROR_WANT_X509_LOOKUP = 83 , WOLFSSL_ERROR_ZERO_RETURN = 6 , WOLFSSL_ERROR_SSL = 85 , WOLFSSL_SENT_SHUTDOWN = 1 , WOLFSSL_RECEIVED_SHUTDOWN = 2 , WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4 , WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101 , WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102 , WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103 , WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104 , WOLF_PEM_BUFSIZE = 1024 } |
| enum | { ERR_TXT_STRING = 1 } |
| enum | { WOLFSSL_BIO_ERROR = -1 , WOLFSSL_BIO_UNSET = -2 , WOLFSSL_BIO_SIZE = 17000 } |
| enum | fuzzer_type { FUZZ_HMAC = 0 , FUZZ_ENCRYPT = 1 , FUZZ_SIGNATURE = 2 , FUZZ_HASH = 3 , FUZZ_HEAD = 4 } |
| enum | IOerrors { WOLFSSL_CBIO_ERR_GENERAL = -1 , WOLFSSL_CBIO_ERR_WANT_READ = -2 , WOLFSSL_CBIO_ERR_WANT_WRITE = -2 , WOLFSSL_CBIO_ERR_CONN_RST = -3 , WOLFSSL_CBIO_ERR_ISR = -4 , WOLFSSL_CBIO_ERR_CONN_CLOSE = -5 , WOLFSSL_CBIO_ERR_TIMEOUT = -6 } |
| enum | { WOLFSSL_SSLV3 = 0 , WOLFSSL_TLSV1 = 1 , WOLFSSL_TLSV1_1 = 2 , WOLFSSL_TLSV1_2 = 3 , WOLFSSL_TLSV1_3 = 4 , WOLFSSL_USER_CA = 1 , WOLFSSL_CHAIN_CA = 2 } |
| enum | { WOLFSSL_SERVER_END = 0 , WOLFSSL_CLIENT_END = 1 , WOLFSSL_NEITHER_END = 3 , WOLFSSL_BLOCK_TYPE = 2 , WOLFSSL_STREAM_TYPE = 3 , WOLFSSL_AEAD_TYPE = 4 , WOLFSSL_TLS_HMAC_INNER_SZ = 13 } |
| enum | BulkCipherAlgorithm { wolfssl_cipher_null , wolfssl_rc4 , wolfssl_rc2 , wolfssl_des , wolfssl_triple_des , wolfssl_des40 , wolfssl_idea , wolfssl_aes , wolfssl_aes_gcm , wolfssl_aes_ccm , wolfssl_chacha , wolfssl_camellia , wolfssl_hc128 , wolfssl_rabbit } |
| enum | KDF_MacAlgorithm { wolfssl_sha256 = 4 , wolfssl_sha384 , wolfssl_sha512 } |
| enum | { WOLFSSL_SNI_HOST_NAME = 0 } |
| enum | { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01 , WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 , WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04 } |
| enum | { WOLFSSL_SNI_NO_MATCH = 0 , WOLFSSL_SNI_FAKE_MATCH = 1 , WOLFSSL_SNI_REAL_MATCH = 2 , WOLFSSL_SNI_FORCE_KEEP = 3 } |
| enum | { WOLFSSL_TRUSTED_CA_PRE_AGREED = 0 , WOLFSSL_TRUSTED_CA_KEY_SHA1 = 1 , WOLFSSL_TRUSTED_CA_X509_NAME = 2 , WOLFSSL_TRUSTED_CA_CERT_SHA1 = 3 } |
| enum | { WOLFSSL_ALPN_NO_MATCH = 0 , WOLFSSL_ALPN_MATCH = 1 , WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2 , WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4 } |
| enum | { WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255 , WOLFSSL_MAX_ALPN_NUMBER = 257 } |
| enum | { WOLFSSL_MFL_2_9 = 1 , WOLFSSL_MFL_2_10 = 2 , WOLFSSL_MFL_2_11 = 3 , WOLFSSL_MFL_2_12 = 4 , WOLFSSL_MFL_2_13 = 5 , WOLFSSL_MFL_2_8 = 6 , WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9 , WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8 } |
| enum | { WOLFSSL_CSR_OCSP = 1 } |
| enum | { WOLFSSL_CSR_OCSP_USE_NONCE = 0x01 } |
| enum | { WOLFSSL_CSR2_OCSP = 1 , WOLFSSL_CSR2_OCSP_MULTI = 2 } |
| enum | { WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 } |
| enum | { WOLFSSL_ECC_SECT163K1 = 1 , WOLFSSL_ECC_SECT163R1 = 2 , WOLFSSL_ECC_SECT163R2 = 3 , WOLFSSL_ECC_SECT193R1 = 4 , WOLFSSL_ECC_SECT193R2 = 5 , WOLFSSL_ECC_SECT233K1 = 6 , WOLFSSL_ECC_SECT233R1 = 7 , WOLFSSL_ECC_SECT239K1 = 8 , WOLFSSL_ECC_SECT283K1 = 9 , WOLFSSL_ECC_SECT283R1 = 10 , WOLFSSL_ECC_SECT409K1 = 11 , WOLFSSL_ECC_SECT409R1 = 12 , WOLFSSL_ECC_SECT571K1 = 13 , WOLFSSL_ECC_SECT571R1 = 14 , WOLFSSL_ECC_SECP160K1 = 15 , WOLFSSL_ECC_SECP160R1 = 16 , WOLFSSL_ECC_SECP160R2 = 17 , WOLFSSL_ECC_SECP192K1 = 18 , WOLFSSL_ECC_SECP192R1 = 19 , WOLFSSL_ECC_SECP224K1 = 20 , WOLFSSL_ECC_SECP224R1 = 21 , WOLFSSL_ECC_SECP256K1 = 22 , WOLFSSL_ECC_SECP256R1 = 23 , WOLFSSL_ECC_SECP384R1 = 24 , WOLFSSL_ECC_SECP521R1 = 25 , WOLFSSL_ECC_BRAINPOOLP256R1 = 26 , WOLFSSL_ECC_BRAINPOOLP384R1 = 27 , WOLFSSL_ECC_BRAINPOOLP512R1 = 28 , WOLFSSL_ECC_X25519 = 29 , WOLFSSL_ECC_X448 = 30 , WOLFSSL_FFDHE_2048 = 256 , WOLFSSL_FFDHE_3072 = 257 , WOLFSSL_FFDHE_4096 = 258 , WOLFSSL_FFDHE_6144 = 259 , WOLFSSL_FFDHE_8192 = 260 } |
| enum | { WOLFSSL_EC_PF_UNCOMPRESSED = 0 , WOLFSSL_EC_PF_X962_COMP_PRIME = 1 , WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2 } |
| enum | TicketEncRet { WOLFSSL_TICKET_RET_FATAL = -1 , WOLFSSL_TICKET_RET_OK = 0 , WOLFSSL_TICKET_RET_REJECT , WOLFSSL_TICKET_RET_CREATE } |
| enum | { WOLFSSL_NTRU_EESS439 = 0x0101 , WOLFSSL_NTRU_EESS593 = 0x0102 , WOLFSSL_NTRU_EESS743 = 0x0103 , WOLFSSL_LWE_XXX = 0x0201 , WOLFSSL_HFE_XXX = 0x0301 , WOLFSSL_NULL_QSH = 0xFFFF } |
| enum | { WOLFSSL_SYS_ACCEPT = 0 , WOLFSSL_SYS_BIND , WOLFSSL_SYS_CONNECT , WOLFSSL_SYS_FOPEN , WOLFSSL_SYS_FREAD , WOLFSSL_SYS_GETADDRINFO , WOLFSSL_SYS_GETSOCKOPT , WOLFSSL_SYS_GETSOCKNAME , WOLFSSL_SYS_GETHOSTBYNAME , WOLFSSL_SYS_GETNAMEINFO , WOLFSSL_SYS_GETSERVBYNAME , WOLFSSL_SYS_IOCTLSOCKET , WOLFSSL_SYS_LISTEN , WOLFSSL_SYS_OPENDIR , WOLFSSL_SYS_SETSOCKOPT , WOLFSSL_SYS_SOCKET } |
Functions | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLS_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLS_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_client_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_client_method_ex (void *heap) |
| This function initializes the DTLS v1.2 client method. | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_server_method_ex (void *heap) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLS_client_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLS_server_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_method (void) |
| This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not determined which side yet (server/client). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_server_method (void) |
| The wolfSSLv3_server_method() function is used to indicate that the application is a server and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv3_client_method (void) |
| The wolfSSLv3_client_method() function is used to indicate that the application is a client and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_server_method (void) |
| The wolfTLSv1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_client_method (void) |
| The wolfTLSv1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_server_method (void) |
| The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.1 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_1_client_method (void) |
| The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_server_method (void) |
| The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_2_client_method (void) |
| The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_server_method (void) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD * | wolfTLSv1_3_client_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_server_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLS_client_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_client_method (void) |
| The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_server_method (void) |
| The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_client_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfDTLSv1_2_server_method (void) |
| This function creates and initializes a WOLFSSL_METHOD for the server side. | |
| WOLFSSL_API int | wolfSSL_use_old_poly (WOLFSSL *, int) |
| Since there is some differences between the first release and newer versions of chacha-poly AEAD construction we have added an option to communicate with servers/clients using the older version. By default wolfSSL uses the new version. | |
| WOLFSSL_API int | wolfSSL_dtls_import (WOLFSSL *ssl, unsigned char *buf, unsigned int sz) |
| The wolfSSL_dtls_import() function is used to parse in a serialized session state. This allows for picking up the connection after the handshake has been completed. | |
| WOLFSSL_API int | wolfSSL_CTX_dtls_set_export (WOLFSSL_CTX *ctx, wc_dtls_export func) |
| The wolfSSL_CTX_dtls_set_export() function is used to set the callback function for exporting a session. It is allowed to pass in NULL as the parameter func to clear the export function previously stored. Used on the server side and is called immediately after handshake is completed. | |
| WOLFSSL_API int | wolfSSL_dtls_set_export (WOLFSSL *ssl, wc_dtls_export func) |
| The wolfSSL_dtls_set_export() function is used to set the callback function for exporting a session. It is allowed to pass in NULL as the parameter func to clear the export function previously stored. Used on the server side and is called immediately after handshake is completed. | |
| WOLFSSL_API int | wolfSSL_dtls_export (WOLFSSL *ssl, unsigned char *buf, unsigned int *sz) |
| The wolfSSL_dtls_export() function is used to serialize a WOLFSSL session into the provided buffer. Allows for less memory overhead than using a function callback for sending a session and choice over when the session is serialized. If buffer is NULL when passed to function then sz will be set to the size of buffer needed for serializing the WOLFSSL session. | |
| WOLFSSL_API int | wolfSSL_dtls_export_state_only (WOLFSSL *ssl, unsigned char *buf, unsigned int *sz) |
| WOLFSSL_API int | wolfSSL_CTX_load_static_memory (WOLFSSL_CTX **ctx, wolfSSL_method_func method, unsigned char *buf, unsigned int sz, int flag, int max) |
| This function is used to set aside static memory for a CTX. Memory set aside is then used for the CTX’s lifetime and for any SSL objects created from the CTX. By passing in a NULL ctx pointer and a wolfSSL_method_func function the creation of the CTX itself will also use static memory. wolfSSL_method_func has the function signature of WOLFSSL_METHOD* (wolfSSL_method_func)(void heap);. Passing in 0 for max makes it behave as if not set and no max concurrent use restrictions is in place. The flag value passed in determines how the memory is used and behavior while operating. Available flags are the following: 0 - default general memory, WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages and overrides general memory, so all memory in buffer passed in is used for IO, WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two buffers to themselves for their lifetime, WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running. | |
| WOLFSSL_API int | wolfSSL_CTX_is_static_memory (WOLFSSL_CTX *ctx, WOLFSSL_MEM_STATS *mem_stats) |
| This function does not change any of the connections behavior and is used only for gathering information about the static memory usage. | |
| WOLFSSL_API int | wolfSSL_is_static_memory (WOLFSSL *ssl, WOLFSSL_MEM_CONN_STATS *mem_stats) |
| wolfSSL_is_static_memory is used to gather information about a SSL’s static memory usage. The return value indicates if static memory is being used and WOLFSSL_MEM_CONN_STATS will be filled out if and only if the flag WOLFMEM_TRACK_STATS was passed to the parent CTX when loading in static memory. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_use_certificate_file (WOLFSSL_CTX *, const char *, int) |
| This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_use_PrivateKey_file (WOLFSSL_CTX *, const char *, int) |
| This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_load_verify_locations_ex (WOLFSSL_CTX *, const char *, const char *, unsigned int) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_load_verify_locations (WOLFSSL_CTX *, const char *, const char *) |
| This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”. | |
| WOLFSSL_API int | wolfSSL_CTX_trust_peer_cert (WOLFSSL_CTX *, const char *, int) |
| This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the examples for proper usage. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_use_certificate_chain_file (WOLFSSL_CTX *, const char *) |
| This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert. | |
| WOLFSSL_API int | wolfSSL_CTX_use_certificate_chain_file_format (WOLFSSL_CTX *, const char *file, int format) |
| WOLFSSL_API int | wolfSSL_CTX_use_RSAPrivateKey_file (WOLFSSL_CTX *, const char *, int) |
| This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format. | |
| WOLFSSL_API long | wolfSSL_get_verify_depth (WOLFSSL *ssl) |
| This function returns the maximum chain depth allowed, which is 9 by default, for a valid session i.e. there is a non-null session object (ssl). | |
| WOLFSSL_API long | wolfSSL_CTX_get_verify_depth (WOLFSSL_CTX *ctx) |
| This function gets the certificate chaining depth using the CTX structure. | |
| WOLFSSL_API void | wolfSSL_CTX_set_verify_depth (WOLFSSL_CTX *ctx, int depth) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_use_certificate_file (WOLFSSL *, const char *, int) |
| This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file is provided by the file argument. The format argument specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_use_PrivateKey_file (WOLFSSL *, const char *, int) |
| This function loads a private key file into the SSL session (WOLFSSL structure). The key file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_use_certificate_chain_file (WOLFSSL *, const char *) |
| This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate. | |
| WOLFSSL_API int | wolfSSL_use_certificate_chain_file_format (WOLFSSL *, const char *file, int format) |
| WOLFSSL_API int | wolfSSL_use_RSAPrivateKey_file (WOLFSSL *, const char *, int) |
| This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL structure). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format. | |
| WOLFSSL_API int | wolfSSL_CTX_der_load_verify_locations (WOLFSSL_CTX *, const char *, int) |
| This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as well. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The format argument specifies the format which the certificates are in either, SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path. Note that this function is only available when the wolfSSL library was compiled with WOLFSSL_DER_LOAD defined. | |
| WOLFSSL_API int | wolfSSL_CTX_use_NTRUPrivateKey_file (WOLFSSL_CTX *, const char *) |
| This function loads an NTRU private key file into the WOLFSSL Context. It behaves like the normal version, only differing in its ability to accept an NTRU raw key file. This function is needed since the format of the file is different than the normal key file (buffer) functions. Please see the examples for proper usage. | |
| WOLFSSL_API WOLFSSL_CTX * | wolfSSL_CTX_new_ex (WOLFSSL_METHOD *method, void *heap) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX * | wolfSSL_CTX_new (WOLFSSL_METHOD *) |
| This function creates a new SSL context, taking a desired SSL/TLS protocol method for input. | |
| WOLFSSL_API int | wolfSSL_CTX_up_ref (WOLFSSL_CTX *) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL * | wolfSSL_new (WOLFSSL_CTX *) |
| This function creates a new SSL session, taking an already created SSL context as input. | |
| WOLFSSL_API WOLFSSL_CTX * | wolfSSL_get_SSL_CTX (WOLFSSL *ssl) |
| WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM * | wolfSSL_get0_param (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_is_server (WOLFSSL *) |
| WOLFSSL_API WOLFSSL * | wolfSSL_write_dup (WOLFSSL *) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_set_fd (WOLFSSL *, int) |
| This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. | |
| WOLFSSL_API int | wolfSSL_set_write_fd (WOLFSSL *, int) |
| WOLFSSL_API int | wolfSSL_set_read_fd (WOLFSSL *, int) |
| WOLFSSL_API char * | wolfSSL_get_cipher_list (int priority) |
| Get the name of cipher at priority level passed in. | |
| WOLFSSL_API char * | wolfSSL_get_cipher_list_ex (WOLFSSL *ssl, int priority) |
| WOLFSSL_API int | wolfSSL_get_ciphers (char *, int) |
| This function gets the ciphers enabled in wolfSSL. | |
| WOLFSSL_API int | wolfSSL_get_ciphers_iana (char *, int) |
| WOLFSSL_API const char * | wolfSSL_get_cipher_name (WOLFSSL *ssl) |
| This function gets the cipher name in the format DHE-RSA by passing through argument to wolfSSL_get_cipher_name_internal. | |
| WOLFSSL_API const char * | wolfSSL_get_cipher_name_from_suite (const unsigned char, const unsigned char) |
| WOLFSSL_API const char * | wolfSSL_get_cipher_name_iana_from_suite (const unsigned char, const unsigned char) |
| WOLFSSL_API const char * | wolfSSL_get_shared_ciphers (WOLFSSL *ssl, char *buf, int len) |
| WOLFSSL_API const char * | wolfSSL_get_curve_name (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_get_fd (const WOLFSSL *) |
| This function returns the file descriptor (fd) used as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_connect (WOLFSSL *) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_write (WOLFSSL *, const void *, int) |
| This function writes sz bytes from the buffer, data, to the SSL connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS session if the handshake has not already been performed yet by wolfSSL_connect() or wolfSSL_accept(). wolfSSL_write() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_write() will return when the underlying I/O could not satisfy the needs of wolfSSL_write() to continue. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_write() when the underlying I/O is ready. If the underlying I/O is blocking, wolfSSL_write() will only return once the buffer data of size sz has been completely written or an error occurred. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_read (WOLFSSL *, void *, int) |
| This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data. The bytes read are removed from the internal receive buffer. If necessary wolfSSL_read() will negotiate an SSL/TLS session if the handshake has not already been performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a maximum size of 16kB (the max record size can be controlled by the MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an entire SSL record internally before it is able to process and decrypt the record. Because of this, a call to wolfSSL_read() will only be able to return the maximum buffer size which has been decrypted at the time of calling. There may be additional not-yet-decrypted data waiting in the internal wolfSSL receive buffer which will be retrieved and decrypted with the next call to wolfSSL_read(). If sz is larger than the number of bytes in the internal read buffer, SSL_read() will return the bytes available in the internal read buffer. If no bytes are buffered in the internal read buffer yet, a call to wolfSSL_read() will trigger processing of the next record. | |
| WOLFSSL_API int | wolfSSL_peek (WOLFSSL *, void *, int) |
| This function copies sz bytes from the SSL session (ssl) internal read buffer into the buffer data. This function is identical to wolfSSL_read() except that the data in the internal SSL session receive buffer is not removed or modified. If necessary, like wolfSSL_read(), wolfSSL_peek() will negotiate an SSL/TLS session if the handshake has not already been performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a maximum size of 16kB (the max record size can be controlled by the MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an entire SSL record internally before it is able to process and decrypt the record. Because of this, a call to wolfSSL_peek() will only be able to return the maximum buffer size which has been decrypted at the time of calling. There may be additional not-yet-decrypted data waiting in the internal wolfSSL receive buffer which will be retrieved and decrypted with the next call to wolfSSL_peek() / wolfSSL_read(). If sz is larger than the number of bytes in the internal read buffer, SSL_peek() will return the bytes available in the internal read buffer. If no bytes are buffered in the internal read buffer yet, a call to wolfSSL_peek() will trigger processing of the next record. | |
| WOLFSSL_API int | wolfSSL_accept (WOLFSSL *) |
| This function is called on the server side and waits for an SSL client to initiate the SSL/TLS handshake. When this function is called, the underlying communication channel has already been set up. wolfSSL_accept() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_accept() will return when the underlying I/O could not satisfy the needs of wolfSSL_accept to continue the handshake. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_accept when data is available to read and wolfSSL will pick up where it left off. When using a non-blocking socket, nothing needs to be done, but select() can be used to check for the required condition. If the underlying I/O is blocking, wolfSSL_accept() will only return once the handshake has been finished or an error occurred. | |
| WOLFSSL_API int | wolfSSL_CTX_mutual_auth (WOLFSSL_CTX *ctx, int req) |
| WOLFSSL_API int | wolfSSL_mutual_auth (WOLFSSL *ssl, int req) |
| WOLFSSL_API int | wolfSSL_send_hrr_cookie (WOLFSSL *ssl, const unsigned char *secret, unsigned int secretSz) |
| WOLFSSL_API int | wolfSSL_CTX_no_ticket_TLSv13 (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_no_ticket_TLSv13 (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_no_dhe_psk (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_no_dhe_psk (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_update_keys (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_allow_post_handshake_auth (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_allow_post_handshake_auth (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_request_certificate (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_set1_groups_list (WOLFSSL_CTX *ctx, char *list) |
| WOLFSSL_API int | wolfSSL_set1_groups_list (WOLFSSL *ssl, char *list) |
| WOLFSSL_API int | wolfSSL_preferred_group (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_set_groups (WOLFSSL_CTX *ctx, int *groups, int count) |
| WOLFSSL_API int | wolfSSL_set_groups (WOLFSSL *ssl, int *groups, int count) |
| WOLFSSL_API int | wolfSSL_connect_TLSv13 (WOLFSSL *) |
| This function is called on the client side and initiates an SSL/TLS handshake with a server. When this function is called, the underlying communication channel has already been set up. wolfSSL_connect() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_connect() will return when the underlying I/O could not satisfy the needs of wolfSSL_connect to continue the handshake. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_connect() when the underlying I/O is ready and wolfSSL will pick up where it left off. When using a non-blocking socket, nothing needs to be done, but select() can be used to check for the required condition. If the underlying I/O is blocking, wolfSSL_connect() will only return once the handshake has been finished or an error occurred. wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, unable to verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new(); Though it's not recommended. | |
| WOLFSSL_API int | wolfSSL_accept_TLSv13 (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_CTX_set_max_early_data (WOLFSSL_CTX *ctx, unsigned int sz) |
| WOLFSSL_API int | wolfSSL_set_max_early_data (WOLFSSL *ssl, unsigned int sz) |
| WOLFSSL_API int | wolfSSL_write_early_data (WOLFSSL *, const void *, int, int *) |
| WOLFSSL_API int | wolfSSL_read_early_data (WOLFSSL *, void *, int, int *) |
| WOLFSSL_ABI WOLFSSL_API void | wolfSSL_CTX_free (WOLFSSL_CTX *) |
| This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count and only frees the context when the reference count has reached 0. | |
| WOLFSSL_ABI WOLFSSL_API void | wolfSSL_free (WOLFSSL *) |
| This function frees an allocated wolfSSL object. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_shutdown (WOLFSSL *) |
| This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will try to send a “close notify” alert to the peer. The calling application can choose to wait for the peer to send its “close notify” alert in response or just go ahead and shut down the underlying connection after directly calling wolfSSL_shutdown (to save resources). Either option is allowed by the TLS specification. If the underlying connection will be used again in the future, the complete two-directional shutdown procedure must be performed to keep synchronization intact between the peers. wolfSSL_shutdown() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_shutdown() will return an error if the underlying I/O could not satisfy the needs of wolfSSL_shutdown() to continue. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_shutdown() when the underlying I/O is ready. | |
| WOLFSSL_API int | wolfSSL_send (WOLFSSL *, const void *, int sz, int flags) |
| This function writes sz bytes from the buffer, data, to the SSL connection, ssl, using the specified flags for the underlying write operation. If necessary wolfSSL_send() will negotiate an SSL/TLS session if the handshake has not already been performed yet by wolfSSL_connect() or wolfSSL_accept(). wolfSSL_send() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_send() will return when the underlying I/O could not satisfy the needs of wolfSSL_send to continue. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_send() when the underlying I/O is ready. If the underlying I/O is blocking, wolfSSL_send() will only return once the buffer data of size sz has been completely written or an error occurred. | |
| WOLFSSL_API int | wolfSSL_recv (WOLFSSL *, void *, int sz, int flags) |
| This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data using the specified flags for the underlying recv operation. The bytes read are removed from the internal receive buffer. This function is identical to wolfSSL_read() except that it allows the application to set the recv flags for the underlying read operation. If necessary wolfSSL_recv() will negotiate an SSL/TLS session if the handshake has not already been performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a maximum size of 16kB (the max record size can be controlled by the MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an entire SSL record internally before it is able to process and decrypt the record. Because of this, a call to wolfSSL_recv() will only be able to return the maximum buffer size which has been decrypted at the time of calling. There may be additional not-yet-decrypted data waiting in the internal wolfSSL receive buffer which will be retrieved and decrypted with the next call to wolfSSL_recv(). If sz is larger than the number of bytes in the internal read buffer, SSL_recv() will return the bytes available in the internal read buffer. If no bytes are buffered in the internal read buffer yet, a call to wolfSSL_recv() will trigger processing of the next record. | |
| WOLFSSL_API void | wolfSSL_CTX_set_quiet_shutdown (WOLFSSL_CTX *, int) |
| WOLFSSL_API void | wolfSSL_set_quiet_shutdown (WOLFSSL *, int) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_get_error (WOLFSSL *, int) |
| This function returns a unique error code describing why the previous API function call (wolfSSL_connect, wolfSSL_accept, wolfSSL_read, wolfSSL_write, etc.) resulted in an error return code (SSL_FAILURE). The return value of the previous function is passed to wolfSSL_get_error through ret. After wolfSSL_get_error is called and returns the unique error code, wolfSSL_ERR_error_string() may be called to get a human-readable error string. See wolfSSL_ERR_error_string() for more information. | |
| WOLFSSL_API int | wolfSSL_get_alert_history (WOLFSSL *, WOLFSSL_ALERT_HISTORY *) |
| This function gets the alert history. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_set_session (WOLFSSL *, WOLFSSL_SESSION *) |
| This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS connection. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. | |
| WOLFSSL_API long | wolfSSL_SSL_SESSION_set_timeout (WOLFSSL_SESSION *, long) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_get_session (WOLFSSL *) |
| This function returns a pointer to the current session (WOLFSSL_SESSION) used in ssl. The WOLFSSL_SESSION pointed to contains all the necessary information required to perform a session resumption and reestablish the connection without a new handshake. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. | |
| WOLFSSL_ABI WOLFSSL_API void | wolfSSL_flush_sessions (WOLFSSL_CTX *, long) |
| This function flushes session from the session cache which have expired. The time, tm, is used for the time comparison. Note that wolfSSL currently uses a static table for sessions, so no flushing is needed. As such, this function is currently just a stub. This function provides OpenSSL compatibility (SSL_flush_sessions) when wolfSSL is compiled with the OpenSSL compatibility layer. | |
| WOLFSSL_API int | wolfSSL_SetServerID (WOLFSSL *, const unsigned char *, int, int) |
| This function associates the client session with the server id. If the newSession flag is on, an existing session won’t be reused. | |
| WOLFSSL_API int | wolfSSL_BIO_new_bio_pair (WOLFSSL_BIO **, size_t, WOLFSSL_BIO **, size_t) |
| WOLFSSL_API int | wolfSSL_RSA_padding_add_PKCS1_PSS (WOLFSSL_RSA *rsa, unsigned char *EM, const unsigned char *mHash, const WOLFSSL_EVP_MD *Hash, int saltLen) |
| WOLFSSL_API int | wolfSSL_RSA_verify_PKCS1_PSS (WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen) |
| WOLFSSL_API WOLFSSL_RSA * | wolfSSL_d2i_RSAPrivateKey_bio (WOLFSSL_BIO *, WOLFSSL_RSA **) |
| WOLFSSL_API int | wolfSSL_CTX_use_certificate_ASN1 (WOLFSSL_CTX *, int, const unsigned char *) |
| WOLFSSL_API int | wolfSSL_CTX_use_RSAPrivateKey (WOLFSSL_CTX *, WOLFSSL_RSA *) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PrivateKey_bio (WOLFSSL_BIO *, WOLFSSL_EVP_PKEY **) |
| WOLFSSL_API int | wolfSSL_GetSessionIndex (WOLFSSL *ssl) |
| This function gets the session index of the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_GetSessionAtIndex (int index, WOLFSSL_SESSION *session) |
| This function gets the session at specified index of the session cache and copies it into memory. The WOLFSSL_SESSION structure holds the session information. | |
| WOLFSSL_API WOLFSSL_X509_CHAIN * | wolfSSL_SESSION_get_peer_chain (WOLFSSL_SESSION *session) |
| Returns the peer certificate chain from the WOLFSSL_SESSION struct. | |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_SESSION_get0_peer (WOLFSSL_SESSION *session) |
| WOLFSSL_API int | wolfSSL_get_ex_new_index (long argValue, void *arg, WOLFSSL_CRYPTO_EX_new *a, WOLFSSL_CRYPTO_EX_dup *b, WOLFSSL_CRYPTO_EX_free *c) |
| WOLFSSL_API void | wolfSSL_CTX_set_verify (WOLFSSL_CTX *, int, VerifyCallback verify_callback) |
| This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL context. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. | |
| WOLFSSL_API void | wolfSSL_CTX_set_cert_verify_callback (WOLFSSL_CTX *ctx, CertVerifyCallback cb, void *arg) |
| WOLFSSL_API void | wolfSSL_set_verify (WOLFSSL *, int, VerifyCallback verify_callback) |
| This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. | |
| WOLFSSL_API void | wolfSSL_set_verify_result (WOLFSSL *, long) |
| WOLFSSL_API void | wolfSSL_SetCertCbCtx (WOLFSSL *, void *) |
| This function stores user CTX object information for verify callback. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_pending (WOLFSSL *) |
| This function returns the number of bytes which are buffered and available in the SSL object to be read by wolfSSL_read(). | |
| WOLFSSL_API void | wolfSSL_load_error_strings (void) |
| This function is for OpenSSL compatibility (SSL_load_error_string) only and takes no action. | |
| WOLFSSL_API int | wolfSSL_library_init (void) |
| This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_Init() and exists for OpenSSL compatibility (SSL_library_init) when wolfSSL has been compiled with OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used wolfSSL initialization function. | |
| WOLFSSL_ABI WOLFSSL_API long | wolfSSL_CTX_set_session_cache_mode (WOLFSSL_CTX *, long) |
| This function enables or disables SSL session caching. Behavior depends on the value used for mode. The following values for mode are available: SSL_SESS_CACHE_OFF- disable session caching. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR - Disable auto-flushing of the session cache. Auto-flushing is turned on by default. | |
| WOLFSSL_API int | wolfSSL_set_session_secret_cb (WOLFSSL *, SessionSecretCb, void *) |
| This function sets the session secret callback function. The SessionSecretCb type has the signature: int (SessionSecretCb)(WOLFSSL ssl, void* secret, int* secretSz, void* ctx). The sessionSecretCb member of the WOLFSSL struct is set to the parameter cb. | |
| WOLFSSL_API int | wolfSSL_set_tls13_secret_cb (WOLFSSL *, Tls13SecretCb, void *) |
| WOLFSSL_API int | wolfSSL_save_session_cache (const char *) |
| This function persists the session cache to file. It doesn’t use memsave because of additional memory use. | |
| WOLFSSL_API int | wolfSSL_restore_session_cache (const char *) |
| This function restores the persistent session cache from file. It does not use memstore because of additional memory use. | |
| WOLFSSL_API int | wolfSSL_memsave_session_cache (void *, int) |
| This function persists session cache to memory. | |
| WOLFSSL_API int | wolfSSL_memrestore_session_cache (const void *, int) |
| This function restores the persistent session cache from memory. | |
| WOLFSSL_API int | wolfSSL_get_session_cache_memsize (void) |
| This function returns how large the session cache save buffer should be. | |
| WOLFSSL_API int | wolfSSL_CTX_save_cert_cache (WOLFSSL_CTX *, const char *) |
| This function writes the cert cache from memory to file. | |
| WOLFSSL_API int | wolfSSL_CTX_restore_cert_cache (WOLFSSL_CTX *, const char *) |
| This function persistes certificate cache from a file. | |
| WOLFSSL_API int | wolfSSL_CTX_memsave_cert_cache (WOLFSSL_CTX *, void *, int, int *) |
| This function persists the certificate cache to memory. | |
| WOLFSSL_API int | wolfSSL_CTX_memrestore_cert_cache (WOLFSSL_CTX *, const void *, int) |
| This function restores the certificate cache from memory. | |
| WOLFSSL_API int | wolfSSL_CTX_get_cert_cache_memsize (WOLFSSL_CTX *) |
| Returns the size the certificate cache save buffer needs to be. | |
| WOLFSSL_API int | wolfSSL_CTX_set_cipher_list (WOLFSSL_CTX *, const char *) |
| This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the default list for any new SSL sessions (WOLFSSL) created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the specific SSL context to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) | |
| WOLFSSL_API int | wolfSSL_set_cipher_list (WOLFSSL *, const char *) |
| This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_set_cipher_list() resets the cipher suite list for the specific SSL session to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256". Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) | |
| WOLFSSL_API void | wolfSSL_dtls_set_using_nonblock (WOLFSSL *, int) |
| This function informs the WOLFSSL DTLS object that the underlying UDP I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out. | |
| WOLFSSL_API int | wolfSSL_dtls_get_using_nonblock (WOLFSSL *) |
| This function allows the application to determine if wolfSSL is using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this function will return 1, otherwise 0. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out. This function is only meaningful to DTLS sessions. | |
| WOLFSSL_API int | wolfSSL_dtls_get_current_timeout (WOLFSSL *ssl) |
| This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user code needs to decide when to check for available recv data and how long it has been waiting. The value returned by this function indicates how long the application should wait. | |
| WOLFSSL_API int | wolfSSL_DTLSv1_get_timeout (WOLFSSL *ssl, WOLFSSL_TIMEVAL *timeleft) |
| WOLFSSL_API void | wolfSSL_DTLSv1_set_initial_timeout_duration (WOLFSSL *ssl, word32 duration_ms) |
| WOLFSSL_API int | wolfSSL_DTLSv1_handle_timeout (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_dtls_set_timeout_init (WOLFSSL *ssl, int) |
| This function sets the dtls timeout. | |
| WOLFSSL_API int | wolfSSL_dtls_set_timeout_max (WOLFSSL *ssl, int) |
| This function sets the maximum dtls timeout. | |
| WOLFSSL_API int | wolfSSL_dtls_got_timeout (WOLFSSL *ssl) |
| When using non-blocking sockets with DTLS, this function should be called on the WOLFSSL object when the controlling code thinks the transmission has timed out. It performs the actions needed to retry the last transmit, including adjusting the timeout value. If it has been too long, this will return a failure. | |
| WOLFSSL_API int | wolfSSL_dtls_retransmit (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_dtls (WOLFSSL *ssl) |
| This function is used to determine if the SSL session has been configured to use DTLS. | |
| WOLFSSL_API int | wolfSSL_dtls_set_peer (WOLFSSL *, void *, unsigned int) |
| This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz. | |
| WOLFSSL_API int | wolfSSL_dtls_get_peer (WOLFSSL *, void *, unsigned int *) |
| This function gets the sockaddr_in (of size peerSz) of the current DTLS peer. The function will compare peerSz to the actual DTLS peer size stored in the SSL session. If the peer will fit into peer, the peer’s sockaddr_in will be copied into peer, with peerSz set to the size of peer. | |
| WOLFSSL_API int | wolfSSL_CTX_dtls_set_sctp (WOLFSSL_CTX *) |
| WOLFSSL_API int | wolfSSL_dtls_set_sctp (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_CTX_dtls_set_mtu (WOLFSSL_CTX *, unsigned short) |
| WOLFSSL_API int | wolfSSL_dtls_set_mtu (WOLFSSL *, unsigned short) |
| WOLFSSL_API int | wolfSSL_dtls_get_drop_stats (WOLFSSL *, unsigned int *, unsigned int *) |
| WOLFSSL_API int | wolfSSL_CTX_mcast_set_member_id (WOLFSSL_CTX *, unsigned short) |
| WOLFSSL_API int | wolfSSL_set_secret (WOLFSSL *, unsigned short, const unsigned char *, unsigned int, const unsigned char *, const unsigned char *, const unsigned char *) |
| WOLFSSL_API int | wolfSSL_mcast_read (WOLFSSL *, unsigned short *, void *, int) |
| WOLFSSL_API int | wolfSSL_mcast_peer_add (WOLFSSL *, unsigned short, int) |
| WOLFSSL_API int | wolfSSL_mcast_peer_known (WOLFSSL *, unsigned short) |
| WOLFSSL_API int | wolfSSL_mcast_get_max_peers (void) |
| WOLFSSL_API int | wolfSSL_CTX_mcast_set_highwater_cb (WOLFSSL_CTX *, unsigned int, unsigned int, unsigned int, CallbackMcastHighwater) |
| WOLFSSL_API int | wolfSSL_mcast_set_highwater_ctx (WOLFSSL *, void *) |
| WOLFSSL_API int | wolfSSL_ERR_GET_LIB (unsigned long err) |
| WOLFSSL_API int | wolfSSL_ERR_GET_REASON (unsigned long err) |
| WOLFSSL_API char * | wolfSSL_ERR_error_string (unsigned long, char *) |
| This function converts an error code returned by wolfSSL_get_error() into a more human-readable error string. errNumber is the error code returned by wolfSSL_get_error() and data is the storage buffer which the error string will be placed in. The maximum length of data is 80 characters by default, as defined by MAX_ERROR_SZ is wolfssl/wolfcrypt/error.h. | |
| WOLFSSL_API void | wolfSSL_ERR_error_string_n (unsigned long e, char *buf, unsigned long sz) |
| This function is a version of wolfSSL_ERR_error_string() where len specifies the maximum number of characters that may be written to buf. Like wolfSSL_ERR_error_string(), this function converts an error code returned from wolfSSL_get_error() into a more human-readable error string. The human-readable string is placed in buf. | |
| WOLFSSL_API const char * | wolfSSL_ERR_reason_error_string (unsigned long) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_new_node (void *heap) |
| WOLFSSL_API void | wolfSSL_sk_free (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_sk_free_node (WOLFSSL_STACK *in) |
| WOLFSSL_API int | wolfSSL_sk_push_node (WOLFSSL_STACK **stack, WOLFSSL_STACK *in) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_get_node (WOLFSSL_STACK *sk, int idx) |
| WOLFSSL_API int | wolfSSL_sk_push (WOLFSSL_STACK *st, const void *data) |
| WOLFSSL_API int | wolfSSL_sk_ACCESS_DESCRIPTION_push (WOLF_STACK_OF(ACCESS_DESCRIPTION) *sk, WOLFSSL_ACCESS_DESCRIPTION *access) |
| typedef | WOLF_STACK_OF (WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES |
| WOLFSSL_API int | wolfSSL_sk_X509_push (WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk, WOLFSSL_X509 *x509) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_sk_X509_pop (WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_X509_dup (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_sk_X509_free (WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk) |
| WOLFSSL_API WOLFSSL_GENERAL_NAME * | wolfSSL_GENERAL_NAME_new (void) |
| WOLFSSL_API void | wolfSSL_GENERAL_NAME_free (WOLFSSL_GENERAL_NAME *gn) |
| WOLFSSL_API int | wolfSSL_sk_GENERAL_NAME_push (WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) *sk, WOLFSSL_GENERAL_NAME *gn) |
| WOLFSSL_API WOLFSSL_GENERAL_NAME * | wolfSSL_sk_GENERAL_NAME_value (WOLFSSL_STACK *sk, int i) |
| WOLFSSL_API int | wolfSSL_sk_GENERAL_NAME_num (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_sk_GENERAL_NAME_pop_free (WOLFSSL_STACK *sk, void(*f)(WOLFSSL_GENERAL_NAME *)) |
| WOLFSSL_API void | wolfSSL_sk_GENERAL_NAME_free (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_GENERAL_NAMES_free (WOLFSSL_GENERAL_NAMES *name) |
| WOLFSSL_API int | wolfSSL_sk_ACCESS_DESCRIPTION_num (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_AUTHORITY_INFO_ACCESS_free (WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) *sk) |
| WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION * | wolfSSL_sk_ACCESS_DESCRIPTION_value (WOLFSSL_STACK *sk, int idx) |
| WOLFSSL_API void | wolfSSL_sk_ACCESS_DESCRIPTION_free (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_sk_ACCESS_DESCRIPTION_pop_free (WOLFSSL_STACK *sk, void(*f)(WOLFSSL_ACCESS_DESCRIPTION *)) |
| WOLFSSL_API void | wolfSSL_ACCESS_DESCRIPTION_free (WOLFSSL_ACCESS_DESCRIPTION *access) |
| WOLFSSL_API void | wolfSSL_sk_X509_EXTENSION_pop_free (WOLF_STACK_OF(WOLFSSL_X509_EXTENSION) *sk, void(*f)(WOLFSSL_X509_EXTENSION *)) |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_X509_EXTENSION) *wolfSSL_sk_X509_EXTENSION_new_null(void) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_ASN1_OBJECT_new (void) |
| WOLFSSL_API void | wolfSSL_ASN1_OBJECT_free (WOLFSSL_ASN1_OBJECT *obj) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_new_asn1_obj (void) |
| WOLFSSL_API int | wolfSSL_sk_ASN1_OBJECT_push (WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT) *sk, WOLFSSL_ASN1_OBJECT *obj) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_sk_ASN1_OBJECT_pop (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT) *sk) |
| WOLFSSL_API void | wolfSSL_sk_ASN1_OBJECT_free (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT) *sk) |
| WOLFSSL_API void | wolfSSL_sk_ASN1_OBJECT_pop_free (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT) *sk, void(*f)(WOLFSSL_ASN1_OBJECT *)) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_to_UTF8 (unsigned char **out, WOLFSSL_ASN1_STRING *in) |
| WOLFSSL_API int | wolfSSL_sk_X509_EXTENSION_num (WOLF_STACK_OF(WOLFSSL_X509_EXTENSION) *sk) |
| WOLFSSL_API WOLFSSL_X509_EXTENSION * | wolfSSL_sk_X509_EXTENSION_value (WOLF_STACK_OF(WOLFSSL_X509_EXTENSION) *sk, int idx) |
| WOLFSSL_API int | wolfSSL_set_ex_data (WOLFSSL *, int, void *) |
| WOLFSSL_API int | wolfSSL_get_shutdown (const WOLFSSL *) |
| This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the Options structure. The Options structure is within the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_set_rfd (WOLFSSL *, int) |
| WOLFSSL_API int | wolfSSL_set_wfd (WOLFSSL *, int) |
| WOLFSSL_API void | wolfSSL_set_shutdown (WOLFSSL *, int) |
| WOLFSSL_API int | wolfSSL_set_session_id_context (WOLFSSL *, const unsigned char *, unsigned int) |
| WOLFSSL_API void | wolfSSL_set_connect_state (WOLFSSL *) |
| WOLFSSL_API void | wolfSSL_set_accept_state (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_session_reused (WOLFSSL *) |
| This function returns the resuming member of the options struct. The flag indicates whether or not to reuse a session. If not, a new session must be established. | |
| WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_SESSION_dup (WOLFSSL_SESSION *session) |
| WOLFSSL_API void | wolfSSL_SESSION_free (WOLFSSL_SESSION *session) |
| WOLFSSL_API int | wolfSSL_is_init_finished (WOLFSSL *) |
| This function checks to see if the connection is established. | |
| WOLFSSL_API const char * | wolfSSL_get_version (WOLFSSL *) |
| Returns the SSL version being used as a string. | |
| WOLFSSL_API int | wolfSSL_get_current_cipher_suite (WOLFSSL *ssl) |
| Returns the current cipher suit an ssl session is using. | |
| WOLFSSL_API WOLFSSL_CIPHER * | wolfSSL_get_current_cipher (WOLFSSL *) |
| This function returns a pointer to the current cipher in the ssl session. | |
| WOLFSSL_API char * | wolfSSL_CIPHER_description (const WOLFSSL_CIPHER *, char *, int) |
| WOLFSSL_API const char * | wolfSSL_CIPHER_get_name (const WOLFSSL_CIPHER *cipher) |
| This function matches the cipher suite in the SSL object with the available suites and returns the string representation. | |
| WOLFSSL_API const char * | wolfSSL_CIPHER_get_version (const WOLFSSL_CIPHER *cipher) |
| WOLFSSL_API word32 | wolfSSL_CIPHER_get_id (const WOLFSSL_CIPHER *cipher) |
| WOLFSSL_API const WOLFSSL_CIPHER * | wolfSSL_get_cipher_by_value (word16 value) |
| WOLFSSL_API const char * | wolfSSL_SESSION_CIPHER_get_name (WOLFSSL_SESSION *session) |
| WOLFSSL_API const char * | wolfSSL_get_cipher (WOLFSSL *) |
| This function matches the cipher suite in the SSL object with the available suites. | |
| WOLFSSL_API void | wolfSSL_sk_CIPHER_free (WOLF_STACK_OF(WOLFSSL_CIPHER) *sk) |
| WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_get1_session (WOLFSSL *ssl) |
| This function returns the WOLFSSL_SESSION from the WOLFSSL structure. | |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_new (void) |
| WOLFSSL_API int | wolfSSL_RSA_up_ref (WOLFSSL_RSA *rsa) |
| WOLFSSL_API int | wolfSSL_X509_up_ref (WOLFSSL_X509 *x509) |
| WOLFSSL_API int | wolfSSL_EVP_PKEY_up_ref (WOLFSSL_EVP_PKEY *pkey) |
| WOLFSSL_API int | wolfSSL_OCSP_parse_url (char *url, char **host, char **port, char **path, int *ssl) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_client_method (void) |
| The wolfSSLv23_client_method() function is used to indicate that the application is a client and will support the highest protocol version supported by the server between SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). Both wolfSSL clients and servers have robust version downgrade capability. If a specific protocol version method is used on either side, then only that version will be negotiated or an error will be returned. For example, a client that uses TLSv1 and tries to connect to a SSLv3 only server will fail, likewise connecting to a TLSv1.1 will fail as well. To resolve this issue, a client that uses the wolfSSLv23_client_method() function will use the highest protocol version supported by the server and downgrade to SSLv3 if needed. In this case, the client will be able to connect to a server running SSLv3 - TLSv1.2. | |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv2_client_method (void) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv2_server_method (void) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_new (WOLFSSL_BIO_METHOD *) |
| WOLFSSL_API int | wolfSSL_BIO_free (WOLFSSL_BIO *) |
| WOLFSSL_API void | wolfSSL_BIO_vfree (WOLFSSL_BIO *) |
| WOLFSSL_API int | wolfSSL_BIO_free_all (WOLFSSL_BIO *) |
| WOLFSSL_API int | wolfSSL_BIO_gets (WOLFSSL_BIO *bio, char *buf, int sz) |
| WOLFSSL_API int | wolfSSL_BIO_puts (WOLFSSL_BIO *bio, const char *buf) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_next (WOLFSSL_BIO *bio) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_find_type (WOLFSSL_BIO *bio, int type) |
| WOLFSSL_API int | wolfSSL_BIO_read (WOLFSSL_BIO *, void *, int) |
| WOLFSSL_API int | wolfSSL_BIO_write (WOLFSSL_BIO *, const void *, int) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_push (WOLFSSL_BIO *, WOLFSSL_BIO *append) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_pop (WOLFSSL_BIO *) |
| WOLFSSL_API int | wolfSSL_BIO_flush (WOLFSSL_BIO *) |
| WOLFSSL_API int | wolfSSL_BIO_pending (WOLFSSL_BIO *) |
| WOLFSSL_API void | wolfSSL_BIO_set_callback (WOLFSSL_BIO *bio, wolf_bio_info_cb callback_func) |
| WOLFSSL_API wolf_bio_info_cb | wolfSSL_BIO_get_callback (WOLFSSL_BIO *bio) |
| WOLFSSL_API void | wolfSSL_BIO_set_callback_arg (WOLFSSL_BIO *bio, char *arg) |
| WOLFSSL_API char * | wolfSSL_BIO_get_callback_arg (const WOLFSSL_BIO *bio) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_f_md (void) |
| WOLFSSL_API int | wolfSSL_BIO_get_md_ctx (WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_f_buffer (void) |
| WOLFSSL_API long | wolfSSL_BIO_set_write_buffer_size (WOLFSSL_BIO *, long size) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_f_ssl (void) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_new_socket (int sfd, int flag) |
| WOLFSSL_API int | wolfSSL_BIO_eof (WOLFSSL_BIO *) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_s_mem (void) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_f_base64 (void) |
| WOLFSSL_API void | wolfSSL_BIO_set_flags (WOLFSSL_BIO *, int) |
| WOLFSSL_API void | wolfSSL_BIO_clear_flags (WOLFSSL_BIO *bio, int flags) |
| WOLFSSL_API int | wolfSSL_BIO_set_ex_data (WOLFSSL_BIO *bio, int idx, void *data) |
| WOLFSSL_API void * | wolfSSL_BIO_get_ex_data (WOLFSSL_BIO *bio, int idx) |
| WOLFSSL_API long | wolfSSL_BIO_set_nbio (WOLFSSL_BIO *, long) |
| WOLFSSL_API int | wolfSSL_BIO_get_mem_data (WOLFSSL_BIO *bio, void *p) |
| This is used to set a byte pointer to the start of the internal memory buffer. | |
| WOLFSSL_API void | wolfSSL_BIO_set_init (WOLFSSL_BIO *, int) |
| WOLFSSL_API void | wolfSSL_BIO_set_data (WOLFSSL_BIO *, void *) |
| WOLFSSL_API void * | wolfSSL_BIO_get_data (WOLFSSL_BIO *) |
| WOLFSSL_API void | wolfSSL_BIO_set_shutdown (WOLFSSL_BIO *, int) |
| WOLFSSL_API int | wolfSSL_BIO_get_shutdown (WOLFSSL_BIO *) |
| WOLFSSL_API void | wolfSSL_BIO_clear_retry_flags (WOLFSSL_BIO *) |
| WOLFSSL_API int | wolfSSL_BIO_should_retry (WOLFSSL_BIO *bio) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_meth_new (int, const char *) |
| WOLFSSL_API void | wolfSSL_BIO_meth_free (WOLFSSL_BIO_METHOD *) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_write (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_write_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_read (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_read_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_puts (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_puts_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_gets (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_gets_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_ctrl (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_ctrl_get_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_create (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_create_cb) |
| WOLFSSL_API int | wolfSSL_BIO_meth_set_destroy (WOLFSSL_BIO_METHOD *, wolfSSL_BIO_meth_destroy_cb) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_new_mem_buf (const void *buf, int len) |
| WOLFSSL_API long | wolfSSL_BIO_set_ssl (WOLFSSL_BIO *, WOLFSSL *, int flag) |
| WOLFSSL_API long | wolfSSL_BIO_set_fd (WOLFSSL_BIO *b, int fd, int flag) |
| Sets the file descriptor for bio to use. | |
| WOLFSSL_API int | wolfSSL_BIO_set_close (WOLFSSL_BIO *b, long flag) |
| Sets the close flag, used to indicate that the i/o stream should be closed when the BIO is freed. | |
| WOLFSSL_API void | wolfSSL_set_bio (WOLFSSL *, WOLFSSL_BIO *rd, WOLFSSL_BIO *wr) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_s_file (void) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_s_bio (void) |
| WOLFSSL_API WOLFSSL_BIO_METHOD * | wolfSSL_BIO_s_socket (void) |
| This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD. | |
| WOLFSSL_API long | wolfSSL_BIO_ctrl (WOLFSSL_BIO *bp, int cmd, long larg, void *parg) |
| WOLFSSL_API long | wolfSSL_BIO_int_ctrl (WOLFSSL_BIO *bp, int cmd, long larg, int iarg) |
| WOLFSSL_API int | wolfSSL_BIO_set_write_buf_size (WOLFSSL_BIO *b, long size) |
| This is used to set the size of write buffer for a WOLFSSL_BIO. If write buffer has been previously set this function will free it when resetting the size. It is similar to wolfSSL_BIO_reset in that it resets read and write indexes to 0. | |
| WOLFSSL_API int | wolfSSL_BIO_make_bio_pair (WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) |
| This is used to pair two bios together. A pair of bios acts similar to a two way pipe writing to one can be read by the other and vice versa. It is expected that both bios be in the same thread, this function is not thread safe. Freeing one of the two bios removes both from being paired. If a write buffer size was not previously set for either of the bios it is set to a default size of 17000 (WOLFSSL_BIO_SIZE) before being paired. | |
| WOLFSSL_API int | wolfSSL_BIO_ctrl_reset_read_request (WOLFSSL_BIO *b) |
| This is used to set the read request flag back to 0. | |
| WOLFSSL_API int | wolfSSL_BIO_nread0 (WOLFSSL_BIO *bio, char **buf) |
| This is used to get a buffer pointer for reading from. Unlike wolfSSL_BIO_nread the internal read index is not advanced by the number returned from the function call. Reading past the value returned can result in reading out of array bounds. | |
| WOLFSSL_API int | wolfSSL_BIO_nread (WOLFSSL_BIO *bio, char **buf, int num) |
| This is used to get a buffer pointer for reading from. The internal read index is advanced by the number returned from the function call with buf being pointed to the beginning of the buffer to read from. In the case that less bytes are in the read buffer than the value requested with num the lesser value is returned. Reading past the value returned can result in reading out of array bounds. | |
| WOLFSSL_API int | wolfSSL_BIO_nwrite (WOLFSSL_BIO *bio, char **buf, int num) |
| Gets a pointer to the buffer for writing as many bytes as returned by the function. Writing more bytes to the pointer returned then the value returned can result in writing out of bounds. | |
| WOLFSSL_API int | wolfSSL_BIO_reset (WOLFSSL_BIO *bio) |
| Resets bio to an initial state. As an example for type BIO_BIO this resets the read and write index. | |
| WOLFSSL_API int | wolfSSL_BIO_seek (WOLFSSL_BIO *bio, int ofs) |
| This function adjusts the file pointer to the offset given. This is the offset from the head of the file. | |
| WOLFSSL_API int | wolfSSL_BIO_write_filename (WOLFSSL_BIO *bio, char *name) |
| This is used to set and write to a file. WIll overwrite any data currently in the file and is set to close the file when the bio is freed. | |
| WOLFSSL_API long | wolfSSL_BIO_set_mem_eof_return (WOLFSSL_BIO *bio, int v) |
| This is used to set the end of file value. Common value is -1 so as not to get confused with expected positive values. | |
| WOLFSSL_API long | wolfSSL_BIO_get_mem_ptr (WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m) |
| This is a getter function for WOLFSSL_BIO memory pointer. | |
| WOLFSSL_API int | wolfSSL_BIO_get_len (WOLFSSL_BIO *bio) |
| WOLFSSL_API void | wolfSSL_RAND_screen (void) |
| WOLFSSL_API const char * | wolfSSL_RAND_file_name (char *, unsigned long) |
| WOLFSSL_API int | wolfSSL_RAND_write_file (const char *) |
| WOLFSSL_API int | wolfSSL_RAND_load_file (const char *, long) |
| WOLFSSL_API int | wolfSSL_RAND_egd (const char *) |
| WOLFSSL_API int | wolfSSL_RAND_seed (const void *, int) |
| WOLFSSL_API void | wolfSSL_RAND_Cleanup (void) |
| WOLFSSL_API void | wolfSSL_RAND_add (const void *, int, double) |
| WOLFSSL_API int | wolfSSL_RAND_poll (void) |
| WOLFSSL_API WOLFSSL_COMP_METHOD * | wolfSSL_COMP_zlib (void) |
| WOLFSSL_API WOLFSSL_COMP_METHOD * | wolfSSL_COMP_rle (void) |
| WOLFSSL_API int | wolfSSL_COMP_add_compression_method (int, void *) |
| WOLFSSL_API unsigned long | wolfSSL_thread_id (void) |
| WOLFSSL_API void | wolfSSL_set_id_callback (unsigned long(*f)(void)) |
| WOLFSSL_API void | wolfSSL_set_locking_callback (void(*f)(int, int, const char *, int)) |
| WOLFSSL_API void | wolfSSL_set_dynlock_create_callback (WOLFSSL_dynlock_value *(*f)(const char *, int)) |
| WOLFSSL_API void | wolfSSL_set_dynlock_lock_callback (void(*f)(int, WOLFSSL_dynlock_value *, const char *, int)) |
| WOLFSSL_API void | wolfSSL_set_dynlock_destroy_callback (void(*f)(WOLFSSL_dynlock_value *, const char *, int)) |
| WOLFSSL_API int | wolfSSL_num_locks (void) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_STORE_CTX_get_current_cert (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API int | wolfSSL_X509_STORE_CTX_get_error (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API int | wolfSSL_X509_STORE_CTX_get_error_depth (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_set_verify_cb (WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) |
| WOLFSSL_API void | wolfSSL_X509_STORE_set_verify_cb (WOLFSSL_X509_STORE *st, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) |
| WOLFSSL_API int | wolfSSL_i2d_X509_NAME (WOLFSSL_X509_NAME *n, unsigned char **out) |
| WOLFSSL_API int | wolfSSL_RSA_print (WOLFSSL_BIO *bio, WOLFSSL_RSA *rsa, int offset) |
| WOLFSSL_API int | wolfSSL_X509_print_ex (WOLFSSL_BIO *bio, WOLFSSL_X509 *x509, unsigned long nmflags, unsigned long cflag) |
| WOLFSSL_API int | wolfSSL_X509_print (WOLFSSL_BIO *bio, WOLFSSL_X509 *x509) |
| WOLFSSL_ABI WOLFSSL_API char * | wolfSSL_X509_NAME_oneline (WOLFSSL_X509_NAME *, char *, int) |
| This function copies the name of the x509 into a buffer. | |
| WOLFSSL_API char * | wolfSSL_X509_get_name_oneline (WOLFSSL_X509_NAME *, char *, int) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_X509_get_issuer_name (WOLFSSL_X509 *) |
| This function returns the name of the certificate issuer. | |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_X509_get_subject_name (WOLFSSL_X509 *) |
| This function returns the subject member of the WOLFSSL_X509 structure. | |
| WOLFSSL_API int | wolfSSL_X509_ext_isSet_by_NID (WOLFSSL_X509 *, int) |
| WOLFSSL_API int | wolfSSL_X509_ext_get_critical_by_NID (WOLFSSL_X509 *, int) |
| WOLFSSL_API int | wolfSSL_X509_get_isCA (WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_X509_get_isSet_pathLength (WOLFSSL_X509 *) |
| WOLFSSL_API unsigned int | wolfSSL_X509_get_pathLength (WOLFSSL_X509 *) |
| WOLFSSL_API unsigned int | wolfSSL_X509_get_keyUsage (WOLFSSL_X509 *) |
| WOLFSSL_API unsigned char * | wolfSSL_X509_get_authorityKeyID (WOLFSSL_X509 *, unsigned char *, int *) |
| WOLFSSL_API unsigned char * | wolfSSL_X509_get_subjectKeyID (WOLFSSL_X509 *, unsigned char *, int *) |
| WOLFSSL_API int | wolfSSL_X509_verify (WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *pkey) |
| WOLFSSL_API int | wolfSSL_X509_set_subject_name (WOLFSSL_X509 *, WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_X509_set_issuer_name (WOLFSSL_X509 *, WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_X509_set_pubkey (WOLFSSL_X509 *, WOLFSSL_EVP_PKEY *) |
| WOLFSSL_API int | wolfSSL_X509_set_notAfter (WOLFSSL_X509 *x509, const WOLFSSL_ASN1_TIME *t) |
| WOLFSSL_API int | wolfSSL_X509_set_notBefore (WOLFSSL_X509 *x509, const WOLFSSL_ASN1_TIME *t) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_get_notBefore (const WOLFSSL_X509 *x509) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_get_notAfter (const WOLFSSL_X509 *x509) |
| WOLFSSL_API int | wolfSSL_X509_set_serialNumber (WOLFSSL_X509 *x509, WOLFSSL_ASN1_INTEGER *s) |
| WOLFSSL_API int | wolfSSL_X509_set_version (WOLFSSL_X509 *x509, long v) |
| WOLFSSL_API int | wolfSSL_X509_sign (WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md) |
| WOLFSSL_API int | wolfSSL_X509_NAME_entry_count (WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_X509_NAME_get_text_by_NID (WOLFSSL_X509_NAME *, int, char *, int) |
| This function gets the text related to the passed in NID value. | |
| WOLFSSL_API int | wolfSSL_X509_NAME_get_index_by_NID (WOLFSSL_X509_NAME *, int, int) |
| WOLFSSL_API WOLFSSL_ASN1_STRING * | wolfSSL_X509_NAME_ENTRY_get_data (WOLFSSL_X509_NAME_ENTRY *) |
| WOLFSSL_API WOLFSSL_ASN1_STRING * | wolfSSL_ASN1_STRING_new (void) |
| WOLFSSL_API WOLFSSL_ASN1_STRING * | wolfSSL_ASN1_STRING_type_new (int type) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_type (const WOLFSSL_ASN1_STRING *asn1) |
| WOLFSSL_API WOLFSSL_ASN1_STRING * | wolfSSL_d2i_DISPLAYTEXT (WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len) |
| WOLFSSL_API void | wolfSSL_ASN1_STRING_free (WOLFSSL_ASN1_STRING *asn1) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_set (WOLFSSL_ASN1_STRING *asn1, const void *data, int dataSz) |
| WOLFSSL_API unsigned char * | wolfSSL_ASN1_STRING_data (WOLFSSL_ASN1_STRING *) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_length (WOLFSSL_ASN1_STRING *) |
| WOLFSSL_API int | wolfSSL_X509_verify_cert (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API const char * | wolfSSL_X509_verify_cert_error_string (long) |
| WOLFSSL_API int | wolfSSL_X509_get_signature_type (WOLFSSL_X509 *) |
| This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure. | |
| WOLFSSL_API int | wolfSSL_X509_get_signature (WOLFSSL_X509 *, unsigned char *, int *) |
| Gets the X509 signature and stores it in the buffer. | |
| WOLFSSL_API int | wolfSSL_X509_get_pubkey_buffer (WOLFSSL_X509 *, unsigned char *, int *) |
| WOLFSSL_API int | wolfSSL_X509_get_pubkey_type (WOLFSSL_X509 *x509) |
| WOLFSSL_API int | wolfSSL_X509_LOOKUP_add_dir (WOLFSSL_X509_LOOKUP *, const char *, long) |
| WOLFSSL_API int | wolfSSL_X509_LOOKUP_load_file (WOLFSSL_X509_LOOKUP *, const char *, long) |
| WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD * | wolfSSL_X509_LOOKUP_hash_dir (void) |
| WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD * | wolfSSL_X509_LOOKUP_file (void) |
| WOLFSSL_API WOLFSSL_X509_LOOKUP * | wolfSSL_X509_STORE_add_lookup (WOLFSSL_X509_STORE *, WOLFSSL_X509_LOOKUP_METHOD *) |
| WOLFSSL_API WOLFSSL_X509_STORE * | wolfSSL_X509_STORE_new (void) |
| WOLFSSL_API void | wolfSSL_X509_STORE_free (WOLFSSL_X509_STORE *) |
| WOLFSSL_API int | wolfSSL_X509_STORE_add_cert (WOLFSSL_X509_STORE *, WOLFSSL_X509 *) |
| This function adds a certificate to the WOLFSSL_X509_STRE structure. | |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_X509_STORE_CTX_get_chain (WOLFSSL_X509_STORE_CTX *ctx) |
| This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated. | |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_X509_STORE_CTX_get1_chain (WOLFSSL_X509_STORE_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_X509_STORE_set_flags (WOLFSSL_X509_STORE *store, unsigned long flag) |
| This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in. An example of a flag used is WOLFSSL_CRL_CHECK. | |
| WOLFSSL_API int | wolfSSL_X509_STORE_set_default_paths (WOLFSSL_X509_STORE *) |
| WOLFSSL_API int | wolfSSL_X509_STORE_get_by_subject (WOLFSSL_X509_STORE_CTX *, int, WOLFSSL_X509_NAME *, WOLFSSL_X509_OBJECT *) |
| WOLFSSL_API WOLFSSL_X509_STORE_CTX * | wolfSSL_X509_STORE_CTX_new (void) |
| WOLFSSL_API int | wolfSSL_X509_STORE_CTX_init (WOLFSSL_X509_STORE_CTX *, WOLFSSL_X509_STORE *, WOLFSSL_X509 *, WOLF_STACK_OF(WOLFSSL_X509) *) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_free (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_cleanup (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_CRL_get_lastUpdate (WOLFSSL_X509_CRL *) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_CRL_get_nextUpdate (WOLFSSL_X509_CRL *) |
| WOLFSSL_ASN1_TIME * | wolfSSL_X509_gmtime_adj (WOLFSSL_ASN1_TIME *s, long adj) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_X509_get_pubkey (WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_X509_CRL_verify (WOLFSSL_X509_CRL *, WOLFSSL_EVP_PKEY *) |
| WOLFSSL_API void | wolfSSL_X509_OBJECT_free_contents (WOLFSSL_X509_OBJECT *) |
| WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO * | wolfSSL_d2i_PKCS8_PKEY_bio (WOLFSSL_BIO *bio, WOLFSSL_PKCS8_PRIV_KEY_INFO **pkey) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PUBKEY_bio (WOLFSSL_BIO *bio, WOLFSSL_EVP_PKEY **out) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PUBKEY (WOLFSSL_EVP_PKEY **key, const unsigned char **in, long inSz) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PrivateKey (int type, WOLFSSL_EVP_PKEY **out, const unsigned char **in, long inSz) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PrivateKey_EVP (WOLFSSL_EVP_PKEY **key, unsigned char **in, long inSz) |
| WOLFSSL_API int | wolfSSL_i2d_PrivateKey (WOLFSSL_EVP_PKEY *key, unsigned char **der) |
| WOLFSSL_API int | wolfSSL_X509_cmp_current_time (const WOLFSSL_ASN1_TIME *) |
| WOLFSSL_API int | wolfSSL_X509_cmp_time (const WOLFSSL_ASN1_TIME *asnTime, time_t *cmpTime) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_time_adj_ex (WOLFSSL_ASN1_TIME *asnTime, int offset_day, long offset_sec, time_t *in_tm) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_X509_time_adj (WOLFSSL_ASN1_TIME *asnTime, long offset_sec, time_t *in_tm) |
| WOLFSSL_API int | wolfSSL_sk_X509_REVOKED_num (WOLFSSL_X509_REVOKED *) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_set_time (WOLFSSL_X509_STORE_CTX *, unsigned long flags, time_t t) |
| WOLFSSL_API void | wolfSSL_X509_VERIFY_PARAM_set_hostflags (WOLFSSL_X509_VERIFY_PARAM *param, unsigned int flags) |
| WOLFSSL_API int | wolfSSL_X509_VERIFY_PARAM_set1_host (WOLFSSL_X509_VERIFY_PARAM *pParam, const char *name, unsigned int nameSz) |
| WOLFSSL_API int | wolfSSL_X509_VERIFY_PARAM_set1_ip_asc (WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc) |
| WOLFSSL_API WOLFSSL_X509_REVOKED * | wolfSSL_X509_CRL_get_REVOKED (WOLFSSL_X509_CRL *) |
| WOLFSSL_API WOLFSSL_X509_REVOKED * | wolfSSL_sk_X509_REVOKED_value (WOLFSSL_X509_REVOKED *, int) |
| WOLFSSL_API WOLFSSL_ASN1_INTEGER * | wolfSSL_X509_get_serialNumber (WOLFSSL_X509 *) |
| WOLFSSL_API void | wolfSSL_ASN1_INTEGER_free (WOLFSSL_ASN1_INTEGER *) |
| WOLFSSL_API WOLFSSL_ASN1_INTEGER * | wolfSSL_ASN1_INTEGER_new (void) |
| WOLFSSL_API WOLFSSL_ASN1_INTEGER * | wolfSSL_ASN1_INTEGER_dup (const WOLFSSL_ASN1_INTEGER *src) |
| WOLFSSL_API int | wolfSSL_ASN1_INTEGER_set (WOLFSSL_ASN1_INTEGER *a, long v) |
| WOLFSSL_API int | wolfSSL_ASN1_TIME_print (WOLFSSL_BIO *, const WOLFSSL_ASN1_TIME *) |
| WOLFSSL_API char * | wolfSSL_ASN1_TIME_to_string (WOLFSSL_ASN1_TIME *t, char *buf, int len) |
| WOLFSSL_API int | wolfSSL_ASN1_INTEGER_cmp (const WOLFSSL_ASN1_INTEGER *, const WOLFSSL_ASN1_INTEGER *) |
| WOLFSSL_API long | wolfSSL_ASN1_INTEGER_get (const WOLFSSL_ASN1_INTEGER *) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_ASN1_INTEGER_to_BN (const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) |
| This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure. | |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_ASN1_TIME_adj (WOLFSSL_ASN1_TIME *, time_t, int, long) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_ASN1_TIME_new (void) |
| WOLFSSL_API void | wolfSSL_ASN1_TIME_free (WOLFSSL_ASN1_TIME *t) |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_X509_NAME) *wolfSSL_load_client_CA_file(const char *) |
| WOLFSSL_API void | wolfSSL_CTX_set_client_CA_list (WOLFSSL_CTX *, WOLF_STACK_OF(WOLFSSL_X509_NAME) *) |
| WOLFSSL_API void | wolfSSL_CTX_set_client_cert_cb (WOLFSSL_CTX *ctx, client_cert_cb) |
| WOLFSSL_API void * | wolfSSL_X509_STORE_CTX_get_ex_data (WOLFSSL_X509_STORE_CTX *ctx, int idx) |
| WOLFSSL_API int | wolfSSL_X509_STORE_CTX_set_ex_data (WOLFSSL_X509_STORE_CTX *ctx, int idx, void *data) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_set_depth (WOLFSSL_X509_STORE_CTX *ctx, int depth) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_STORE_CTX_get0_current_issuer (WOLFSSL_X509_STORE_CTX *ctx) |
| WOLFSSL_API WOLFSSL_X509_STORE * | wolfSSL_X509_STORE_CTX_get0_store (WOLFSSL_X509_STORE_CTX *ctx) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_STORE_CTX_get0_cert (WOLFSSL_X509_STORE_CTX *) |
| WOLFSSL_API int | wolfSSL_get_ex_data_X509_STORE_CTX_idx (void) |
| WOLFSSL_API void | wolfSSL_X509_STORE_CTX_set_error (WOLFSSL_X509_STORE_CTX *ctx, int er) |
| void | wolfSSL_X509_STORE_CTX_set_error_depth (WOLFSSL_X509_STORE_CTX *ctx, int depth) |
| WOLFSSL_API void * | wolfSSL_get_ex_data (const WOLFSSL *, int) |
| WOLFSSL_API void | wolfSSL_CTX_set_default_passwd_cb_userdata (WOLFSSL_CTX *, void *userdata) |
| WOLFSSL_API void | wolfSSL_CTX_set_default_passwd_cb (WOLFSSL_CTX *, pem_password_cb *) |
| WOLFSSL_API pem_password_cb * | wolfSSL_CTX_get_default_passwd_cb (WOLFSSL_CTX *ctx) |
| This is a getter function for the password callback set in ctx. | |
| WOLFSSL_API void * | wolfSSL_CTX_get_default_passwd_cb_userdata (WOLFSSL_CTX *ctx) |
| This is a getter function for the password callback user data set in ctx. | |
| WOLFSSL_API void | wolfSSL_CTX_set_info_callback (WOLFSSL_CTX *, void(*)(const WOLFSSL *ssl, int type, int val)) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_peek_error (void) |
| WOLFSSL_API int | wolfSSL_GET_REASON (int) |
| WOLFSSL_API const char * | wolfSSL_alert_type_string_long (int) |
| WOLFSSL_API const char * | wolfSSL_alert_desc_string_long (int) |
| WOLFSSL_API const char * | wolfSSL_state_string_long (const WOLFSSL *) |
| WOLFSSL_API WOLFSSL_RSA * | wolfSSL_RSA_generate_key (int, unsigned long, void(*)(int, int, void *), void *) |
| WOLFSSL_API WOLFSSL_RSA * | wolfSSL_d2i_RSAPublicKey (WOLFSSL_RSA **r, const unsigned char **pp, long len) |
| WOLFSSL_API WOLFSSL_RSA * | wolfSSL_d2i_RSAPrivateKey (WOLFSSL_RSA **, const unsigned char **, long) |
| WOLFSSL_API int | wolfSSL_i2d_RSAPublicKey (WOLFSSL_RSA *r, const unsigned char **pp) |
| WOLFSSL_API int | wolfSSL_i2d_RSAPrivateKey (WOLFSSL_RSA *r, unsigned char **pp) |
| WOLFSSL_API void | wolfSSL_CTX_set_tmp_rsa_callback (WOLFSSL_CTX *, WOLFSSL_RSA *(*)(WOLFSSL *, int, int)) |
| WOLFSSL_API int | wolfSSL_PEM_def_callback (char *, int num, int w, void *key) |
| WOLFSSL_API long | wolfSSL_CTX_sess_accept (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_connect (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_accept_good (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_connect_good (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_accept_renegotiate (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_connect_renegotiate (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_hits (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_cb_hits (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_cache_full (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_misses (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_timeouts (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_sess_number (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_add_extra_chain_cert (WOLFSSL_CTX *, WOLFSSL_X509 *) |
| This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure. | |
| WOLFSSL_API long | wolfSSL_CTX_sess_set_cache_size (WOLFSSL_CTX *, long) |
| WOLFSSL_API long | wolfSSL_CTX_sess_get_cache_size (WOLFSSL_CTX *) |
| WOLFSSL_API long | wolfSSL_CTX_get_session_cache_mode (WOLFSSL_CTX *) |
| WOLFSSL_API int | wolfSSL_CTX_get_read_ahead (WOLFSSL_CTX *) |
| This function returns the get read ahead flag from a WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_CTX_set_read_ahead (WOLFSSL_CTX *, int v) |
| This function sets the read ahead flag in the WOLFSSL_CTX structure. | |
| WOLFSSL_API long | wolfSSL_CTX_set_tlsext_status_arg (WOLFSSL_CTX *, void *arg) |
| This function sets the options argument to use with OCSP. | |
| WOLFSSL_API long | wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg (WOLFSSL_CTX *, void *arg) |
| This function sets the optional argument to be passed to the PRF callback. | |
| WOLFSSL_API int | wolfSSL_CTX_add_client_CA (WOLFSSL_CTX *, WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_CTX_set_srp_password (WOLFSSL_CTX *, char *) |
| WOLFSSL_API int | wolfSSL_CTX_set_srp_username (WOLFSSL_CTX *, char *) |
| WOLFSSL_API long | wolfSSL_set_options (WOLFSSL *s, long op) |
| This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION. | |
| WOLFSSL_API long | wolfSSL_get_options (const WOLFSSL *s) |
| This function returns the current options mask. | |
| WOLFSSL_API long | wolfSSL_clear_options (WOLFSSL *s, long op) |
| WOLFSSL_API long | wolfSSL_clear_num_renegotiations (WOLFSSL *s) |
| WOLFSSL_API long | wolfSSL_total_renegotiations (WOLFSSL *s) |
| WOLFSSL_API long | wolfSSL_num_renegotiations (WOLFSSL *s) |
| WOLFSSL_API long | wolfSSL_set_tmp_dh (WOLFSSL *s, WOLFSSL_DH *dh) |
| WOLFSSL_API long | wolfSSL_set_tlsext_debug_arg (WOLFSSL *s, void *arg) |
| This is used to set the debug argument passed around. | |
| WOLFSSL_API long | wolfSSL_set_tlsext_status_type (WOLFSSL *s, int type) |
| This function is called when the client application request that a server send back an OCSP status response (also known as OCSP stapling).Currently, the only supported type is TLSEXT_STATUSTYPE_ocsp. | |
| WOLFSSL_API long | wolfSSL_set_tlsext_status_exts (WOLFSSL *s, void *arg) |
| WOLFSSL_API long | wolfSSL_get_tlsext_status_ids (WOLFSSL *s, void *arg) |
| WOLFSSL_API long | wolfSSL_set_tlsext_status_ids (WOLFSSL *s, void *arg) |
| WOLFSSL_API long | wolfSSL_get_tlsext_status_ocsp_resp (WOLFSSL *s, unsigned char **resp) |
| WOLFSSL_API long | wolfSSL_set_tlsext_status_ocsp_resp (WOLFSSL *s, unsigned char *resp, int len) |
| WOLFSSL_API void | wolfSSL_CONF_modules_unload (int all) |
| WOLFSSL_API char * | wolfSSL_CONF_get1_default_config_file (void) |
| WOLFSSL_API long | wolfSSL_get_tlsext_status_exts (WOLFSSL *s, void *arg) |
| WOLFSSL_API long | wolfSSL_get_verify_result (const WOLFSSL *ssl) |
| This is used to get the results after trying to verify the peer's certificate. | |
| WOLFSSL_API void | wolfSSL_ERR_print_errors_fp (XFILE, int err) |
| WOLFSSL_API void | wolfSSL_ERR_dump_errors_fp (XFILE fp) |
| WOLFSSL_API void | wolfSSL_ERR_print_errors_cb (int(*cb)(const char *str, size_t len, void *u), void *u) |
| This function uses the provided callback to handle error reporting. The callback function is executed for each error line. The string, length, and userdata are passed into the callback parameters. | |
| WOLFSSL_API void | wolfSSL_ERR_print_errors (WOLFSSL_BIO *bio) |
| WOLFSSL_API void | wolfSSL_CTX_set_psk_client_callback (WOLFSSL_CTX *, wc_psk_client_callback) |
| The function sets the client_psk_cb member of the WOLFSSL_CTX structure. | |
| WOLFSSL_API void | wolfSSL_set_psk_client_callback (WOLFSSL *, wc_psk_client_callback) |
| Sets the PSK client side callback. | |
| WOLFSSL_API void | wolfSSL_CTX_set_psk_client_tls13_callback (WOLFSSL_CTX *, wc_psk_client_tls13_callback) |
| WOLFSSL_API void | wolfSSL_set_psk_client_tls13_callback (WOLFSSL *, wc_psk_client_tls13_callback) |
| WOLFSSL_API const char * | wolfSSL_get_psk_identity_hint (const WOLFSSL *) |
| This function returns the psk identity hint. | |
| WOLFSSL_API const char * | wolfSSL_get_psk_identity (const WOLFSSL *) |
| The function returns a constant pointer to the client_identity member of the Arrays structure. | |
| WOLFSSL_API int | wolfSSL_CTX_use_psk_identity_hint (WOLFSSL_CTX *, const char *) |
| This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_use_psk_identity_hint (WOLFSSL *, const char *) |
| This function stores the hint argument in the server_hint member of the Arrays structure within the WOLFSSL structure. | |
| WOLFSSL_API void | wolfSSL_CTX_set_psk_server_callback (WOLFSSL_CTX *, wc_psk_server_callback) |
| This function sets the psk callback for the server side in the WOLFSSL_CTX structure. | |
| WOLFSSL_API void | wolfSSL_set_psk_server_callback (WOLFSSL *, wc_psk_server_callback) |
| Sets the psk callback for the server side by setting the WOLFSSL structure options members. | |
| WOLFSSL_API void | wolfSSL_CTX_set_psk_server_tls13_callback (WOLFSSL_CTX *, wc_psk_server_tls13_callback) |
| WOLFSSL_API void | wolfSSL_set_psk_server_tls13_callback (WOLFSSL *, wc_psk_server_tls13_callback) |
| WOLFSSL_API int | wolfSSL_CTX_allow_anon_cipher (WOLFSSL_CTX *) |
| This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilation. | |
| WOLFSSL_API void | wolfSSL_ERR_put_error (int lib, int fun, int err, const char *file, int line) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_get_error_line (const char **, int *) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_get_error_line_data (const char **, int *, const char **, int *) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_get_error (void) |
| WOLFSSL_API void | wolfSSL_ERR_clear_error (void) |
| WOLFSSL_API int | wolfSSL_RAND_status (void) |
| WOLFSSL_API int | wolfSSL_RAND_pseudo_bytes (unsigned char *buf, int num) |
| WOLFSSL_API int | wolfSSL_RAND_bytes (unsigned char *buf, int num) |
| WOLFSSL_API WOLFSSL_METHOD * | wolfSSLv23_server_method (void) |
| The wolfSSLv23_server_method() function is used to indicate that the application is a server and will support clients connecting with protocol version from SSL 3.0 - TLS 1.2. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). | |
| WOLFSSL_API long | wolfSSL_CTX_set_options (WOLFSSL_CTX *, long) |
| WOLFSSL_API long | wolfSSL_CTX_get_options (WOLFSSL_CTX *ctx) |
| WOLFSSL_API long | wolfSSL_CTX_clear_options (WOLFSSL_CTX *, long) |
| This function resets option bits of WOLFSSL_CTX object. | |
| WOLFSSL_API int | wolfSSL_CTX_check_private_key (const WOLFSSL_CTX *) |
| WOLFSSL_API void | wolfSSL_ERR_free_strings (void) |
| WOLFSSL_API void | wolfSSL_ERR_remove_state (unsigned long) |
| WOLFSSL_API int | wolfSSL_clear (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_state (WOLFSSL *ssl) |
| This is used to get the internal error state of the WOLFSSL structure. | |
| WOLFSSL_API void | wolfSSL_cleanup_all_ex_data (void) |
| WOLFSSL_API long | wolfSSL_CTX_set_mode (WOLFSSL_CTX *ctx, long mode) |
| WOLFSSL_API long | wolfSSL_CTX_get_mode (WOLFSSL_CTX *ctx) |
| WOLFSSL_API void | wolfSSL_CTX_set_default_read_ahead (WOLFSSL_CTX *ctx, int m) |
| WOLFSSL_API long | wolfSSL_SSL_get_mode (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_set_default_verify_paths (WOLFSSL_CTX *) |
| WOLFSSL_API int | wolfSSL_CTX_set_session_id_context (WOLFSSL_CTX *, const unsigned char *, unsigned int) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509 * | wolfSSL_get_peer_certificate (WOLFSSL *) |
| This function gets the peer’s certificate. | |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_X509) *wolfSSL_get_peer_cert_chain(const WOLFSSL *) |
| This function gets the peer’s certificate chain. | |
| WOLFSSL_API int | wolfSSL_want (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_want_read (WOLFSSL *) |
| This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_READ in return. If the underlying error state is SSL_ERROR_WANT_READ, this function will return 1, otherwise, 0. | |
| WOLFSSL_API int | wolfSSL_want_write (WOLFSSL *) |
| This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_WRITE in return. If the underlying error state is SSL_ERROR_WANT_WRITE, this function will return 1, otherwise, 0. | |
| WOLFSSL_API int | wolfSSL_BIO_vprintf (WOLFSSL_BIO *bio, const char *format, va_list args) |
| WOLFSSL_API int | wolfSSL_BIO_printf (WOLFSSL_BIO *, const char *,...) |
| WOLFSSL_API int | wolfSSL_BIO_dump (WOLFSSL_BIO *bio, const char *, int) |
| WOLFSSL_API int | wolfSSL_ASN1_UTCTIME_print (WOLFSSL_BIO *, const WOLFSSL_ASN1_UTCTIME *) |
| WOLFSSL_API int | wolfSSL_ASN1_GENERALIZEDTIME_print (WOLFSSL_BIO *, const WOLFSSL_ASN1_GENERALIZEDTIME *) |
| WOLFSSL_API void | wolfSSL_ASN1_GENERALIZEDTIME_free (WOLFSSL_ASN1_GENERALIZEDTIME *) |
| WOLFSSL_API int | wolfSSL_ASN1_TIME_check (const WOLFSSL_ASN1_TIME *) |
| WOLFSSL_API int | wolfSSL_ASN1_TIME_diff (int *pday, int *psec, const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_ASN1_TIME_set (WOLFSSL_ASN1_TIME *s, time_t t) |
| WOLFSSL_API int | wolfSSL_sk_num (WOLFSSL_STACK *sk) |
| WOLFSSL_API void * | wolfSSL_sk_value (WOLFSSL_STACK *sk, int i) |
| WOLFSSL_API void * | wolfSSL_CRYPTO_get_ex_data (const WOLFSSL_CRYPTO_EX_DATA *ex_data, int idx) |
| WOLFSSL_API int | wolfSSL_CRYPTO_set_ex_data (WOLFSSL_CRYPTO_EX_DATA *ex_data, int idx, void *data) |
| WOLFSSL_API void * | wolfSSL_CTX_get_ex_data (const WOLFSSL_CTX *, int) |
| WOLFSSL_API int | wolfSSL_CTX_set_ex_data (WOLFSSL_CTX *, int, void *) |
| WOLFSSL_API void | wolfSSL_CTX_sess_set_get_cb (WOLFSSL_CTX *, WOLFSSL_SESSION *(*f)(WOLFSSL *, unsigned char *, int, int *)) |
| WOLFSSL_API void | wolfSSL_CTX_sess_set_new_cb (WOLFSSL_CTX *, int(*f)(WOLFSSL *, WOLFSSL_SESSION *)) |
| WOLFSSL_API void | wolfSSL_CTX_sess_set_remove_cb (WOLFSSL_CTX *, void(*f)(WOLFSSL_CTX *, WOLFSSL_SESSION *)) |
| WOLFSSL_API int | wolfSSL_i2d_SSL_SESSION (WOLFSSL_SESSION *, unsigned char **) |
| WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_d2i_SSL_SESSION (WOLFSSL_SESSION **, const unsigned char **, long) |
| WOLFSSL_API long | wolfSSL_SESSION_get_timeout (const WOLFSSL_SESSION *) |
| WOLFSSL_API long | wolfSSL_SESSION_get_time (const WOLFSSL_SESSION *) |
| WOLFSSL_API int | wolfSSL_CTX_get_ex_new_index (long, void *, void *, void *, void *) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_check_domain_name (WOLFSSL *, const char *) |
| wolfSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before wolfSSL_connect() or wolfSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_Init (void) |
| Initializes the wolfSSL library for use. Must be called once per application and before any other call to the library. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_Cleanup (void) |
| Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free any resources used by the library. | |
| WOLFSSL_API const char * | wolfSSL_lib_version (void) |
| This function returns the current library version. | |
| WOLFSSL_API word32 | wolfSSL_lib_version_hex (void) |
| This function returns the current library version in hexadecimal notation. | |
| WOLFSSL_API int | wolfSSL_negotiate (WOLFSSL *ssl) |
| Performs the actual connect or accept based on the side of the SSL method. If called from the client side then an wolfSSL_connect() is done while a wolfSSL_accept() is performed if called from the server side. | |
| WOLFSSL_API int | wolfSSL_set_compression (WOLFSSL *ssl) |
| Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use –with-libz for the configure system and define HAVE_LIBZ otherwise. Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_set_timeout (WOLFSSL *, unsigned int) |
| This function sets the SSL session timeout value in seconds. | |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_set_timeout (WOLFSSL_CTX *, unsigned int) |
| This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context. | |
| WOLFSSL_API void | wolfSSL_CTX_set_current_time_cb (WOLFSSL_CTX *ctx, void(*cb)(const WOLFSSL *ssl, WOLFSSL_TIMEVAL *out_clock)) |
| WOLFSSL_API WOLFSSL_X509_CHAIN * | wolfSSL_get_peer_chain (WOLFSSL *ssl) |
| Retrieves the peer’s certificate chain. | |
| WOLFSSL_API int | wolfSSL_is_peer_alt_cert_chain (const WOLFSSL *ssl) |
| WOLFSSL_API WOLFSSL_X509_CHAIN * | wolfSSL_get_peer_alt_chain (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_get_chain_count (WOLFSSL_X509_CHAIN *chain) |
| Retrieve's the peers certificate chain count. | |
| WOLFSSL_API int | wolfSSL_get_chain_length (WOLFSSL_X509_CHAIN *, int idx) |
| Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx). | |
| WOLFSSL_API unsigned char * | wolfSSL_get_chain_cert (WOLFSSL_X509_CHAIN *, int idx) |
| Retrieves the peer’s ASN1.DER certificate at index (idx). | |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_get_chain_X509 (WOLFSSL_X509_CHAIN *, int idx) |
| This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates. | |
| WOLFSSL_ABI WOLFSSL_API void | wolfSSL_X509_free (WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_get_chain_cert_pem (WOLFSSL_X509_CHAIN *, int idx, unsigned char *buf, int inLen, int *outLen) |
| Retrieves the peer’s PEM certificate at index (idx). | |
| WOLFSSL_ABI WOLFSSL_API const unsigned char * | wolfSSL_get_sessionID (const WOLFSSL_SESSION *s) |
| Retrieves the session’s ID. The session ID is always 32 bytes long. | |
| WOLFSSL_API int | wolfSSL_X509_get_serial_number (WOLFSSL_X509 *, unsigned char *, int *) |
| Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 bytes long and be provided as the *inOutSz argument as input. After calling the function *inOutSz will hold the actual length in bytes written to the in buffer. | |
| WOLFSSL_API char * | wolfSSL_X509_get_subjectCN (WOLFSSL_X509 *) |
| Returns the common name of the subject from the certificate. | |
| WOLFSSL_API const unsigned char * | wolfSSL_X509_get_der (WOLFSSL_X509 *, int *) |
| This function gets the DER encoded certificate in the WOLFSSL_X509 struct. | |
| WOLFSSL_API const unsigned char * | wolfSSL_X509_get_tbs (WOLFSSL_X509 *, int *) |
| WOLFSSL_ABI WOLFSSL_API const byte * | wolfSSL_X509_notBefore (WOLFSSL_X509 *) |
| WOLFSSL_ABI WOLFSSL_API const byte * | wolfSSL_X509_notAfter (WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_X509_version (WOLFSSL_X509 *) |
| This function retrieves the version of the X509 certificate. | |
| WOLFSSL_API int | wolfSSL_cmp_peer_cert_to_file (WOLFSSL *, const char *) |
| WOLFSSL_ABI WOLFSSL_API char * | wolfSSL_X509_get_next_altname (WOLFSSL_X509 *) |
| This function returns the next, if any, altname from the peer certificate. | |
| WOLFSSL_API int | wolfSSL_X509_add_altname (WOLFSSL_X509 *, const char *, int) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_d2i_X509 (WOLFSSL_X509 **x509, const unsigned char **in, int len) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_d2i (WOLFSSL_X509 **x509, const unsigned char *in, int len) |
| WOLFSSL_API int | wolfSSL_i2d_X509 (WOLFSSL_X509 *x509, unsigned char **out) |
| WOLFSSL_API WOLFSSL_X509_CRL * | wolfSSL_d2i_X509_CRL (WOLFSSL_X509_CRL **crl, const unsigned char *in, int len) |
| WOLFSSL_API WOLFSSL_X509_CRL * | wolfSSL_d2i_X509_CRL_fp (XFILE file, WOLFSSL_X509_CRL **crl) |
| WOLFSSL_API void | wolfSSL_X509_CRL_free (WOLFSSL_X509_CRL *crl) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_d2i_fp (WOLFSSL_X509 **x509, XFILE file) |
| WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_load_certificate_file (const char *fname, int format) |
| The function loads the x509 certificate into memory. | |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_load_certificate_buffer (const unsigned char *buf, int sz, int format) |
| WOLFSSL_API unsigned char * | wolfSSL_X509_get_device_type (WOLFSSL_X509 *, unsigned char *, int *) |
| This function copies the device type from the x509 structure to the buffer. | |
| WOLFSSL_API unsigned char * | wolfSSL_X509_get_hw_type (WOLFSSL_X509 *, unsigned char *, int *) |
| The function copies the hwType member of the WOLFSSL_X509 structure to the buffer. | |
| WOLFSSL_API unsigned char * | wolfSSL_X509_get_hw_serial_number (WOLFSSL_X509 *, unsigned char *, int *) |
| This function returns the hwSerialNum member of the x509 object. | |
| WOLFSSL_API int | wolfSSL_connect_cert (WOLFSSL *ssl) |
| This function is called on the client side and initiates an SSL/TLS handshake with a server only long enough to get the peer’s certificate chain. When this function is called, the underlying communication channel has already been set up. wolfSSL_connect_cert() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_connect_cert() will return when the underlying I/O could not satisfy the needs of wolfSSL_connect_cert() to continue the handshake. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_connect_cert() when the underlying I/O is ready and wolfSSL will pick up where it left off. When using a non-blocking socket, nothing needs to be done, but select() can be used to check for the required condition. If the underlying I/O is blocking, wolfSSL_connect_cert() will only return once the peer’s certificate chain has been received. | |
| WOLFSSL_API WC_PKCS12 * | wolfSSL_d2i_PKCS12_bio (WOLFSSL_BIO *bio, WC_PKCS12 **pkcs12) |
| wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the structure WC_PKCS12. The information is divided up in the structure as a list of Content Infos along with a structure to hold optional MAC information. After the information has been divided into chunks (but not decrypted) in the structure WC_PKCS12, it can then be parsed and decrypted by calling. | |
| WOLFSSL_API int | wolfSSL_i2d_PKCS12_bio (WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) |
| wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert information from the structure WC_PKCS12 to WOLFSSL_BIO. | |
| WOLFSSL_API WOLFSSL_X509_PKCS12 * | wolfSSL_d2i_PKCS12_fp (XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) |
| WOLFSSL_API int | wolfSSL_PKCS12_parse (WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca) |
| PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple DES and RC4 for decryption so would recommend also enabling these features when enabling opensslextra (–enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so decryption with RC2 is currently not available. This may be noticeable with default encryption schemes used by OpenSSL command line to create .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this function does is check the MAC is correct if present. If the MAC fails then the function returns and does not try to decrypt any of the stored Content Infos. This function then parses through each Content Info looking for a bag type, if the bag type is known it is decrypted as needed and either stored in the list of certificates being built or as a key found. After parsing through all bags the key found is then compared with the certificate list until a matching pair is found. This matching pair is then returned as the key and certificate, optionally the certificate list found is returned as a STACK_OF certificates. At the moment a CRL, Secret or SafeContents bag will be skipped over and not parsed. It can be seen if these or other “Unknown” bags are skipped over by viewing the debug print out. Additional attributes such as friendly name are skipped over when parsing a PKCS12 file. | |
| WOLFSSL_API WC_PKCS12 * | wolfSSL_PKCS12_create (char *pass, char *name, WOLFSSL_EVP_PKEY *pkey, WOLFSSL_X509 *cert, WOLF_STACK_OF(WOLFSSL_X509) *ca, int keyNID, int certNID, int itt, int macItt, int keytype) |
| WOLFSSL_API void | wolfSSL_PKCS12_PBE_add (void) |
| WOLFSSL_API int | wolfSSL_SetTmpDH (WOLFSSL *, const unsigned char *p, int pSz, const unsigned char *g, int gSz) |
| Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE. | |
| WOLFSSL_API int | wolfSSL_SetTmpDH_buffer (WOLFSSL *, const unsigned char *b, long sz, int format) |
| The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman parameters. | |
| WOLFSSL_API int | wolfSSL_SetEnableDhKeyTest (WOLFSSL *, int) |
| WOLFSSL_API int | wolfSSL_SetTmpDH_file (WOLFSSL *, const char *f, int format) |
| This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters. | |
| WOLFSSL_API int | wolfSSL_CTX_SetTmpDH (WOLFSSL_CTX *, const unsigned char *p, int pSz, const unsigned char *g, int gSz) |
| Sets the parameters for the server CTX Diffie-Hellman. | |
| WOLFSSL_API int | wolfSSL_CTX_SetTmpDH_buffer (WOLFSSL_CTX *, const unsigned char *b, long sz, int format) |
| A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper. | |
| WOLFSSL_API int | wolfSSL_CTX_SetTmpDH_file (WOLFSSL_CTX *, const char *f, int format) |
| The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters. | |
| WOLFSSL_API int | wolfSSL_CTX_SetMinDhKey_Sz (WOLFSSL_CTX *, word16) |
| This function sets the minimum size of the Diffie Hellman key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_SetMinDhKey_Sz (WOLFSSL *, word16) |
| Sets the minimum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. | |
| WOLFSSL_API int | wolfSSL_CTX_SetMaxDhKey_Sz (WOLFSSL_CTX *, word16) |
| This function sets the maximum size of the Diffie Hellman key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_SetMaxDhKey_Sz (WOLFSSL *, word16) |
| Sets the maximum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. | |
| WOLFSSL_API int | wolfSSL_GetDhKey_Sz (WOLFSSL *) |
| Returns the value of dhKeySz that is a member of the options structure. This value represents the Diffie-Hellman key size in bytes. | |
| WOLFSSL_API int | wolfSSL_CTX_SetMinRsaKey_Sz (WOLFSSL_CTX *, short) |
| Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_SetMinRsaKey_Sz (WOLFSSL *, short) |
| Sets the minimum allowable key size in bytes for RSA located in the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_CTX_SetMinEccKey_Sz (WOLFSSL_CTX *, short) |
| Sets the minimum size in bytes for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_SetMinEccKey_Sz (WOLFSSL *, short) |
| Sets the value of the minEccKeySz member of the options structure. The options struct is a member of the WOLFSSL structure and is accessed through the ssl parameter. | |
| WOLFSSL_API int | wolfSSL_SetTmpEC_DHE_Sz (WOLFSSL *, word16) |
| WOLFSSL_API int | wolfSSL_CTX_SetTmpEC_DHE_Sz (WOLFSSL_CTX *, word16) |
| WOLFSSL_API int | wolfSSL_get_keyblock_size (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_get_keys (WOLFSSL *, unsigned char **ms, unsigned int *msLen, unsigned char **sr, unsigned int *srLen, unsigned char **cr, unsigned int *crLen) |
| WOLFSSL_API int | wolfSSL_make_eap_keys (WOLFSSL *, void *key, unsigned int len, const char *label) |
| This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret. | |
| WOLFSSL_API int | wolfSSL_writev (WOLFSSL *ssl, const struct iovec *iov, int iovcnt) |
| Simulates writev semantics but doesn’t actually do block at a time because of SSL_write() behavior and because front adds may be small. Makes porting into software that uses writev easier. | |
| WOLFSSL_API int | wolfSSL_CTX_UnloadCAs (WOLFSSL_CTX *) |
| This function unloads the CA signer list and frees the whole signer table. | |
| WOLFSSL_API int | wolfSSL_CTX_Unload_trust_peers (WOLFSSL_CTX *) |
| This function is used to unload all previously loaded trusted peer certificates. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. | |
| WOLFSSL_API int | wolfSSL_CTX_trust_peer_buffer (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from a buffer instead of a file. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_load_verify_buffer_ex (WOLFSSL_CTX *, const unsigned char *, long, int, int, word32) |
| WOLFSSL_API int | wolfSSL_CTX_load_verify_buffer (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_load_verify_chain_buffer_format (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_use_certificate_buffer (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_use_PrivateKey_buffer (WOLFSSL_CTX *, const unsigned char *, long, int) |
| This function loads a private key buffer into the SSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_CTX_use_PrivateKey_id (WOLFSSL_CTX *, const unsigned char *, long, int, long) |
| WOLFSSL_API int | wolfSSL_CTX_use_certificate_chain_buffer_format (WOLFSSL_CTX *, const unsigned char *, long, int) |
| WOLFSSL_API int | wolfSSL_CTX_use_certificate_chain_buffer (WOLFSSL_CTX *, const unsigned char *, long) |
| This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_use_certificate_buffer (WOLFSSL *, const unsigned char *, long, int) |
| This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_use_certificate_ASN1 (WOLFSSL *ssl, const unsigned char *der, int derSz) |
| WOLFSSL_API int | wolfSSL_use_PrivateKey_buffer (WOLFSSL *, const unsigned char *, long, int) |
| This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_use_PrivateKey_id (WOLFSSL *, const unsigned char *, long, int, long) |
| WOLFSSL_API int | wolfSSL_use_certificate_chain_buffer_format (WOLFSSL *, const unsigned char *, long, int) |
| WOLFSSL_API int | wolfSSL_use_certificate_chain_buffer (WOLFSSL *, const unsigned char *, long) |
| This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. | |
| WOLFSSL_API int | wolfSSL_UnloadCertsKeys (WOLFSSL *) |
| This function unloads any certificates or keys that SSL owns. | |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_get_certificate (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_set_group_messages (WOLFSSL_CTX *) |
| This function turns on grouping of handshake messages where possible. | |
| WOLFSSL_API int | wolfSSL_set_group_messages (WOLFSSL *) |
| This function turns on grouping of handshake messages where possible. | |
| WOLFSSL_API void | wolfSSL_SetFuzzerCb (WOLFSSL *ssl, CallbackFuzzer cbf, void *fCtx) |
| This function sets the fuzzer callback. | |
| WOLFSSL_API int | wolfSSL_DTLS_SetCookieSecret (WOLFSSL *, const byte *, word32) |
| WOLFSSL_ABI WOLFSSL_API WC_RNG * | wolfSSL_GetRNG (WOLFSSL *) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_SetMinVersion (WOLFSSL_CTX *, int) |
| This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method). | |
| WOLFSSL_API int | wolfSSL_SetMinVersion (WOLFSSL *, int) |
| This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method). | |
| WOLFSSL_API int | wolfSSL_GetObjectSize (void) |
| This function returns the size of the WOLFSSL object and will be dependent on build options and settings. If SHOW_SIZES has been defined when building wolfSSL, this function will also print the sizes of individual objects within the WOLFSSL object (Suites, Ciphers, etc.) to stdout. | |
| WOLFSSL_API int | wolfSSL_CTX_GetObjectSize (void) |
| WOLFSSL_API int | wolfSSL_METHOD_GetObjectSize (void) |
| WOLFSSL_API int | wolfSSL_GetOutputSize (WOLFSSL *, int) |
| Returns the record layer size of the plaintext input. This is helpful when an application wants to know how many bytes will be sent across the Transport layer, given a specified plaintext input size. This function must be called after the SSL/TLS handshake has been completed. | |
| WOLFSSL_API int | wolfSSL_GetMaxOutputSize (WOLFSSL *) |
| Returns the maximum record layer size for plaintext data. This will correspond to either the maximum SSL/TLS record size as specified by the protocol standard, the maximum TLS fragment size as set by the TLS Max Fragment Length extension. This function is helpful when the application has called wolfSSL_GetOutputSize() and received a INPUT_SIZE_E error. This function must be called after the SSL/TLS handshake has been completed. | |
| WOLFSSL_API int | wolfSSL_GetVersion (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_SetVersion (WOLFSSL *ssl, int version) |
| This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using the version as specified by version. This will override the protocol setting for the SSL session (ssl) - originally defined and set by the SSL context (wolfSSL_CTX_new()) method type. | |
| WOLFSSL_API void | wolfSSL_CTX_SetMacEncryptCb (WOLFSSL_CTX *, CallbackMacEncrypt) |
| Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. macOut is the output buffer where the result of the mac should be stored. macIn is the mac input buffer and macInSz notes the size of the buffer. macContent and macVerify are needed for wolfSSL_SetTlsHmacInner() and be passed along as is. encOut is the output buffer where the result on the encryption should be stored. encIn is the input buffer to encrypt while encSz is the size of the input. An example callback can be found wolfssl/test.h myMacEncryptCb(). | |
| WOLFSSL_API void | wolfSSL_SetMacEncryptCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetMacEncryptCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously stored with wolfSSL_SetMacEncryptCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetDecryptVerifyCb (WOLFSSL_CTX *, CallbackDecryptVerify) |
| Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. decOut is the output buffer where the result of the decryption should be stored. decIn is the encrypted input buffer and decInSz notes the size of the buffer. content and verify are needed for wolfSSL_SetTlsHmacInner() and be passed along as is. padSz is an output variable that should be set with the total value of the padding. That is, the mac size plus any padding and pad bytes. An example callback can be found wolfssl/test.h myDecryptVerifyCb(). | |
| WOLFSSL_API void | wolfSSL_SetDecryptVerifyCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetDecryptVerifyCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previously stored with wolfSSL_SetDecryptVerifyCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetEncryptMacCb (WOLFSSL_CTX *, CallbackEncryptMac) |
| WOLFSSL_API void | wolfSSL_SetEncryptMacCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEncryptMacCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetVerifyDecryptCb (WOLFSSL_CTX *, CallbackVerifyDecrypt) |
| WOLFSSL_API void | wolfSSL_SetVerifyDecryptCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetVerifyDecryptCtx (WOLFSSL *ssl) |
| WOLFSSL_API const unsigned char * | wolfSSL_GetMacSecret (WOLFSSL *, int) |
| Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies whether this is for verification of a peer message. | |
| WOLFSSL_API const unsigned char * | wolfSSL_GetClientWriteKey (WOLFSSL *) |
| Allows retrieval of the client write key from the handshake process. | |
| WOLFSSL_API const unsigned char * | wolfSSL_GetClientWriteIV (WOLFSSL *) |
| Allows retrieval of the client write IV (initialization vector) from the handshake process. | |
| WOLFSSL_API const unsigned char * | wolfSSL_GetServerWriteKey (WOLFSSL *) |
| Allows retrieval of the server write key from the handshake process. | |
| WOLFSSL_API const unsigned char * | wolfSSL_GetServerWriteIV (WOLFSSL *) |
| Allows retrieval of the server write IV (initialization vector) from the handshake process. | |
| WOLFSSL_API int | wolfSSL_GetKeySize (WOLFSSL *) |
| Allows retrieval of the key size from the handshake process. | |
| WOLFSSL_API int | wolfSSL_GetIVSize (WOLFSSL *) |
| Returns the iv_size member of the specs structure held in the WOLFSSL struct. | |
| WOLFSSL_API int | wolfSSL_GetSide (WOLFSSL *) |
| Allows retrieval of the side of this WOLFSSL connection. | |
| WOLFSSL_API int | wolfSSL_IsTLSv1_1 (WOLFSSL *) |
| Allows caller to determine if the negotiated protocol version is at least TLS version 1.1 or greater. | |
| WOLFSSL_API int | wolfSSL_GetBulkCipher (WOLFSSL *) |
| Allows caller to determine the negotiated bulk cipher algorithm from the handshake. | |
| WOLFSSL_API int | wolfSSL_GetCipherBlockSize (WOLFSSL *) |
| Allows caller to determine the negotiated cipher block size from the handshake. | |
| WOLFSSL_API int | wolfSSL_GetAeadMacSize (WOLFSSL *) |
| Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_AEAD_TYPE. | |
| WOLFSSL_API int | wolfSSL_GetHmacSize (WOLFSSL *) |
| Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOLFSSL_AEAD_TYPE. | |
| WOLFSSL_API int | wolfSSL_GetHmacType (WOLFSSL *) |
| Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOLFSSL_AEAD_TYPE. | |
| WOLFSSL_API int | wolfSSL_GetCipherType (WOLFSSL *) |
| Allows caller to determine the negotiated cipher type from the handshake. | |
| WOLFSSL_API int | wolfSSL_SetTlsHmacInner (WOLFSSL *, unsigned char *, word32, int, int) |
| Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to inner which should be at least wolfSSL_GetHmacSize() bytes. The size of the message is specified by sz, content is the type of message, and verify specifies whether this is a verification of a peer message. Valid for cipher types excluding WOLFSSL_AEAD_TYPE. | |
| WOLFSSL_API void | wolfSSL_CTX_SetEccKeyGenCb (WOLFSSL_CTX *, CallbackEccKeyGen) |
| WOLFSSL_API void | wolfSSL_SetEccKeyGenCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEccKeyGenCtx (WOLFSSL *ssl) |
| WOLFSSL_ABI WOLFSSL_API void | wolfSSL_CTX_SetEccSignCb (WOLFSSL_CTX *, CallbackEccSign) |
| Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myEccSign(). | |
| WOLFSSL_API void | wolfSSL_SetEccSignCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key Ecc Signing Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetEccSignCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key Ecc Signing Callback Context previously stored with wolfSSL_SetEccSignCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetEccVerifyCb (WOLFSSL_CTX *, CallbackEccVerify) |
| Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. sig is the signature to verify and sigSz denotes the length of the signature. hash is an input buffer containing the digest of the message and hashSz denotes the length in bytes of the hash. result is an output variable where the result of the verification should be stored, 1 for success and 0 for failure. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myEccVerify(). | |
| WOLFSSL_API void | wolfSSL_SetEccVerifyCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key Ecc Verification Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetEccVerifyCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key Ecc Verification Callback Context previously stored with wolfSSL_SetEccVerifyCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetEccSharedSecretCb (WOLFSSL_CTX *, CallbackEccSharedSecret) |
| WOLFSSL_API void | wolfSSL_SetEccSharedSecretCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEccSharedSecretCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetDhAgreeCb (WOLFSSL_CTX *, CallbackDhAgree) |
| WOLFSSL_API void | wolfSSL_SetDhAgreeCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetDhAgreeCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetEd25519SignCb (WOLFSSL_CTX *, CallbackEd25519Sign) |
| WOLFSSL_API void | wolfSSL_SetEd25519SignCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEd25519SignCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetEd25519VerifyCb (WOLFSSL_CTX *, CallbackEd25519Verify) |
| WOLFSSL_API void | wolfSSL_SetEd25519VerifyCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEd25519VerifyCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetX25519KeyGenCb (WOLFSSL_CTX *, CallbackX25519KeyGen) |
| WOLFSSL_API void | wolfSSL_SetX25519KeyGenCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetX25519KeyGenCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetX25519SharedSecretCb (WOLFSSL_CTX *, CallbackX25519SharedSecret) |
| WOLFSSL_API void | wolfSSL_SetX25519SharedSecretCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetX25519SharedSecretCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetEd448SignCb (WOLFSSL_CTX *, CallbackEd448Sign) |
| WOLFSSL_API void | wolfSSL_SetEd448SignCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEd448SignCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetEd448VerifyCb (WOLFSSL_CTX *, CallbackEd448Verify) |
| WOLFSSL_API void | wolfSSL_SetEd448VerifyCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetEd448VerifyCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetX448KeyGenCb (WOLFSSL_CTX *, CallbackX448KeyGen) |
| WOLFSSL_API void | wolfSSL_SetX448KeyGenCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetX448KeyGenCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetX448SharedSecretCb (WOLFSSL_CTX *, CallbackX448SharedSecret) |
| WOLFSSL_API void | wolfSSL_SetX448SharedSecretCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetX448SharedSecretCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaSignCb (WOLFSSL_CTX *, CallbackRsaSign) |
| Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaSign(). | |
| WOLFSSL_API void | wolfSSL_SetRsaSignCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key RSA Signing Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetRsaSignCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key RSA Signing Callback Context previously stored with wolfSSL_SetRsaSignCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaVerifyCb (WOLFSSL_CTX *, CallbackRsaVerify) |
| Allows caller to set the Public Key Callback for RSA Verification. The callback should return the number of plaintext bytes for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. sig is the signature to verify and sigSz denotes the length of the signature. out should be set to the beginning of the verification buffer after the decryption process and any padding. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaVerify(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaSignCheckCb (WOLFSSL_CTX *, CallbackRsaVerify) |
| WOLFSSL_API void | wolfSSL_SetRsaVerifyCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key RSA Verification Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetRsaVerifyCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key RSA Verification Callback Context previously stored with wolfSSL_SetRsaVerifyCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaPssSignCb (WOLFSSL_CTX *, CallbackRsaPssSign) |
| WOLFSSL_API void | wolfSSL_SetRsaPssSignCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetRsaPssSignCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaPssVerifyCb (WOLFSSL_CTX *, CallbackRsaPssVerify) |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaPssSignCheckCb (WOLFSSL_CTX *, CallbackRsaPssVerify) |
| WOLFSSL_API void | wolfSSL_SetRsaPssVerifyCtx (WOLFSSL *ssl, void *ctx) |
| WOLFSSL_API void * | wolfSSL_GetRsaPssVerifyCtx (WOLFSSL *ssl) |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaEncCb (WOLFSSL_CTX *, CallbackRsaEnc) |
| Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to encrypt while inSz denotes the length of the input. out is the output buffer where the result of the encryption should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the encryption should be stored there before returning. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaEnc(). | |
| WOLFSSL_API void | wolfSSL_SetRsaEncCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key RSA Public Encrypt Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetRsaEncCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key RSA Public Encrypt Callback Context previously stored with wolfSSL_SetRsaEncCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetRsaDecCb (WOLFSSL_CTX *, CallbackRsaDec) |
| Allows caller to set the Public Key Callback for RSA Private Decrypt. The callback should return the number of plaintext bytes for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to decrypt and inSz denotes the length of the input. out should be set to the beginning of the decryption buffer after the decryption process and any padding. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaDec(). | |
| WOLFSSL_API void | wolfSSL_SetRsaDecCtx (WOLFSSL *ssl, void *ctx) |
| Allows caller to set the Public Key RSA Private Decrypt Callback Context to ctx. | |
| WOLFSSL_API void * | wolfSSL_GetRsaDecCtx (WOLFSSL *ssl) |
| Allows caller to retrieve the Public Key RSA Private Decrypt Callback Context previously stored with wolfSSL_SetRsaDecCtx(). | |
| WOLFSSL_API void | wolfSSL_CTX_SetCACb (WOLFSSL_CTX *, CallbackCACache) |
| This function registers a callback with the SSL context (WOLFSSL_CTX) to be called when a new CA certificate is loaded into wolfSSL. The callback is given a buffer with the DER-encoded certificate. | |
| WOLFSSL_API WOLFSSL_CERT_MANAGER * | wolfSSL_CTX_GetCertManager (WOLFSSL_CTX *) |
| WOLFSSL_API WOLFSSL_CERT_MANAGER * | wolfSSL_CertManagerNew_ex (void *heap) |
| Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status. | |
| WOLFSSL_API WOLFSSL_CERT_MANAGER * | wolfSSL_CertManagerNew (void) |
| Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status. | |
| WOLFSSL_API void | wolfSSL_CertManagerFree (WOLFSSL_CERT_MANAGER *) |
| Frees all resources associated with the Certificate Manager context. Call this when you no longer need to use the Certificate Manager. | |
| WOLFSSL_API int | wolfSSL_CertManagerLoadCA (WOLFSSL_CERT_MANAGER *, const char *f, const char *d) |
| Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfile may contain several trusted CA certificates. If CApath is not NULL it specifies a directory containing CA certificates in PEM format. | |
| WOLFSSL_API int | wolfSSL_CertManagerLoadCABuffer (WOLFSSL_CERT_MANAGER *, const unsigned char *in, long sz, int format) |
| Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a temporary cm so as not to lose the information in the cm passed into the function. | |
| WOLFSSL_API int | wolfSSL_CertManagerUnloadCAs (WOLFSSL_CERT_MANAGER *cm) |
| This function unloads the CA signer list. | |
| WOLFSSL_API int | wolfSSL_CertManagerUnload_trust_peers (WOLFSSL_CERT_MANAGER *cm) |
| The function will free the Trusted Peer linked list and unlocks the trusted peer list. | |
| WOLFSSL_API int | wolfSSL_CertManagerVerify (WOLFSSL_CERT_MANAGER *, const char *f, int format) |
| Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1. | |
| WOLFSSL_API int | wolfSSL_CertManagerVerifyBuffer (WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format) |
| Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1. | |
| WOLFSSL_API int | wolfSSL_CertManagerCheckCRL (WOLFSSL_CERT_MANAGER *, unsigned char *, int sz) |
| Check CRL if the option is enabled and compares the cert to the CRL list. | |
| WOLFSSL_API int | wolfSSL_CertManagerEnableCRL (WOLFSSL_CERT_MANAGER *, int options) |
| Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. options include WOLFSSL_CRL_CHECKALL which performs CRL checking on each certificate in the chain versus the Leaf certificate only which is the default. | |
| WOLFSSL_API int | wolfSSL_CertManagerDisableCRL (WOLFSSL_CERT_MANAGER *) |
| Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. You can use this function to temporarily or permanently disable CRL checking with this Certificate Manager context that previously had CRL checking enabled. | |
| WOLFSSL_API void | wolfSSL_CertManagerSetVerify (WOLFSSL_CERT_MANAGER *cm, VerifyCallback vc) |
| The function sets the verifyCallback function in the Certificate Manager. If present, it will be called for each cert loaded. If there is a verification error, the verify callback can be used to over-ride the error. | |
| WOLFSSL_API int | wolfSSL_CertManagerLoadCRL (WOLFSSL_CERT_MANAGER *, const char *, int, int) |
| Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation checking. | |
| WOLFSSL_API int | wolfSSL_CertManagerLoadCRLBuffer (WOLFSSL_CERT_MANAGER *, const unsigned char *, long sz, int) |
| The function loads the CRL file by calling BufferLoadCRL. | |
| WOLFSSL_API int | wolfSSL_CertManagerSetCRL_Cb (WOLFSSL_CERT_MANAGER *, CbMissingCRL) |
| This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL record is not found then the cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This allows you to externally retrieve the CRL and load it. | |
| WOLFSSL_API int | wolfSSL_CertManagerFreeCRL (WOLFSSL_CERT_MANAGER *) |
| WOLFSSL_API int | wolfSSL_CertManagerSetCRL_IOCb (WOLFSSL_CERT_MANAGER *, CbCrlIO) |
| WOLFSSL_API int | wolfSSL_CertManagerCheckOCSPResponse (WOLFSSL_CERT_MANAGER *, byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest) |
| WOLFSSL_API int | wolfSSL_CertManagerCheckOCSP (WOLFSSL_CERT_MANAGER *, unsigned char *, int sz) |
| The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check option is enabled. | |
| WOLFSSL_API int | wolfSSL_CertManagerEnableOCSP (WOLFSSL_CERT_MANAGER *, int options) |
| Turns on OCSP if it’s turned off and if compiled with the set option available. | |
| WOLFSSL_API int | wolfSSL_CertManagerDisableOCSP (WOLFSSL_CERT_MANAGER *) |
| Disables OCSP certificate revocation. | |
| WOLFSSL_API int | wolfSSL_CertManagerSetOCSPOverrideURL (WOLFSSL_CERT_MANAGER *, const char *) |
| The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_CertManagerSetOCSP_Cb (WOLFSSL_CERT_MANAGER *, CbOCSPIO, CbOCSPRespFree, void *) |
| The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER. | |
| WOLFSSL_API int | wolfSSL_CertManagerEnableOCSPStapling (WOLFSSL_CERT_MANAGER *cm) |
| This function turns on OCSP stapling if it is not turned on as well as set the options. | |
| WOLFSSL_API int | wolfSSL_CertManagerDisableOCSPStapling (WOLFSSL_CERT_MANAGER *cm) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_CertManagerGetCerts (WOLFSSL_CERT_MANAGER *cm) |
| WOLFSSL_API int | wolfSSL_EnableCRL (WOLFSSL *ssl, int options) |
| Enables CRL certificate revocation. | |
| WOLFSSL_API int | wolfSSL_DisableCRL (WOLFSSL *ssl) |
| Disables CRL certificate revocation. | |
| WOLFSSL_API int | wolfSSL_LoadCRL (WOLFSSL *, const char *, int, int) |
| A wrapper function that ends up calling LoadCRL to load the certificate for revocation checking. | |
| WOLFSSL_API int | wolfSSL_LoadCRLBuffer (WOLFSSL *, const unsigned char *, long sz, int) |
| WOLFSSL_API int | wolfSSL_SetCRL_Cb (WOLFSSL *, CbMissingCRL) |
| Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_SetCRL_IOCb (WOLFSSL *ssl, CbCrlIO cb) |
| WOLFSSL_API int | wolfSSL_EnableOCSP (WOLFSSL *, int options) |
| This function enables OCSP certificate verification. | |
| WOLFSSL_API int | wolfSSL_DisableOCSP (WOLFSSL *) |
| Disables the OCSP certificate revocation option. | |
| WOLFSSL_API int | wolfSSL_SetOCSP_OverrideURL (WOLFSSL *, const char *) |
| This function sets the ocspOverrideURL member in the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_SetOCSP_Cb (WOLFSSL *, CbOCSPIO, CbOCSPRespFree, void *) |
| This function sets the OCSP callback in the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_EnableOCSPStapling (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_DisableOCSPStapling (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_CTX_EnableCRL (WOLFSSL_CTX *ctx, int options) |
| Enables CRL certificate verification through the CTX. | |
| WOLFSSL_API int | wolfSSL_CTX_DisableCRL (WOLFSSL_CTX *ctx) |
| This function disables CRL verification in the CTX structure. | |
| WOLFSSL_API int | wolfSSL_CTX_LoadCRL (WOLFSSL_CTX *, const char *, int, int) |
| This function loads CRL into the WOLFSSL_CTX structure through wolfSSL_CertManagerLoadCRL(). | |
| WOLFSSL_API int | wolfSSL_CTX_LoadCRLBuffer (WOLFSSL_CTX *, const unsigned char *, long sz, int) |
| WOLFSSL_API int | wolfSSL_CTX_SetCRL_Cb (WOLFSSL_CTX *, CbMissingCRL) |
| This function will set the callback argument to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER structure by calling wolfSSL_CertManagerSetCRL_Cb. | |
| WOLFSSL_API int | wolfSSL_CTX_SetCRL_IOCb (WOLFSSL_CTX *, CbCrlIO) |
| WOLFSSL_API int | wolfSSL_CTX_EnableOCSP (WOLFSSL_CTX *, int options) |
| This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates. The override URL is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (–enable-ocsp, #define HAVE_OCSP). | |
| WOLFSSL_API int | wolfSSL_CTX_DisableOCSP (WOLFSSL_CTX *) |
| This function disables OCSP certificate revocation checking by affecting the ocspEnabled member of the WOLFSSL_CERT_MANAGER structure. | |
| WOLFSSL_API int | wolfSSL_CTX_SetOCSP_OverrideURL (WOLFSSL_CTX *, const char *) |
| This function manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the individual certificate unless the WOLFSSL_OCSP_URL_OVERRIDE option is set using the wolfSSL_CTX_EnableOCSP. | |
| WOLFSSL_API int | wolfSSL_CTX_SetOCSP_Cb (WOLFSSL_CTX *, CbOCSPIO, CbOCSPRespFree, void *) |
| Sets the callback for the OCSP in the WOLFSSL_CTX structure. | |
| WOLFSSL_API int | wolfSSL_CTX_EnableOCSPStapling (WOLFSSL_CTX *) |
| This function enables OCSP stapling by calling wolfSSL_CertManagerEnableOCSPStapling(). | |
| WOLFSSL_API int | wolfSSL_CTX_DisableOCSPStapling (WOLFSSL_CTX *) |
| WOLFSSL_API int | wolfSSL_CTX_new_rng (WOLFSSL_CTX *) |
| WOLFSSL_API void | wolfSSL_KeepArrays (WOLFSSL *) |
| Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function before the handshake begins will prevent wolfSSL from freeing temporary arrays. Temporary arrays may be needed for things such as wolfSSL_get_keys() or PSK hints. When the user is done with temporary arrays, either wolfSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed. | |
| WOLFSSL_API void | wolfSSL_FreeArrays (WOLFSSL *) |
| Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() has been called before the handshake, wolfSSL will not free temporary arrays. This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources. | |
| WOLFSSL_API int | wolfSSL_KeepHandshakeResources (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_FreeHandshakeResources (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_UseClientSuites (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_UseClientSuites (WOLFSSL *ssl) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_SetDevId (WOLFSSL *, int devId) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_SetDevId (WOLFSSL_CTX *, int devId) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_GetDevId (WOLFSSL_CTX *, WOLFSSL *) |
| WOLFSSL_API void * | wolfSSL_CTX_GetHeap (WOLFSSL_CTX *ctx, WOLFSSL *ssl) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_UseSNI (WOLFSSL *, unsigned char, const void *, unsigned short) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_CTX_UseSNI (WOLFSSL_CTX *, unsigned char, const void *, unsigned short) |
| WOLFSSL_API void | wolfSSL_SNI_SetOptions (WOLFSSL *ssl, unsigned char type, unsigned char options) |
| This function is called on the server side to configure the behavior of the SSL session using Server Name Indication in the SSL object passed in the 'ssl' parameter. The options are explained below. | |
| WOLFSSL_API void | wolfSSL_CTX_SNI_SetOptions (WOLFSSL_CTX *ctx, unsigned char type, unsigned char options) |
| This function is called on the server side to configure the behavior of the SSL sessions using Server Name Indication for SSL objects created from the SSL context passed in the 'ctx' parameter. The options are explained below. | |
| WOLFSSL_API int | wolfSSL_SNI_GetFromBuffer (const unsigned char *clientHello, unsigned int helloSz, unsigned char type, unsigned char *sni, unsigned int *inOutSz) |
| WOLFSSL_API unsigned char | wolfSSL_SNI_Status (WOLFSSL *ssl, unsigned char type) |
| This function gets the status of an SNI object. | |
| WOLFSSL_API unsigned short | wolfSSL_SNI_GetRequest (WOLFSSL *ssl, unsigned char type, void **data) |
| This function is called on the server side to retrieve the Server Name Indication provided by the client in a SSL session. | |
| WOLFSSL_API int | wolfSSL_UseTrustedCA (WOLFSSL *ssl, unsigned char type, const unsigned char *certId, unsigned int certIdSz) |
| WOLFSSL_ABI WOLFSSL_API int | wolfSSL_UseALPN (WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options) |
| WOLFSSL_API int | wolfSSL_ALPN_GetProtocol (WOLFSSL *ssl, char **protocol_name, unsigned short *size) |
| WOLFSSL_API int | wolfSSL_ALPN_GetPeerProtocol (WOLFSSL *ssl, char **list, unsigned short *listSz) |
| WOLFSSL_API int | wolfSSL_ALPN_FreePeerProtocol (WOLFSSL *ssl, char **list) |
| WOLFSSL_API int | wolfSSL_UseMaxFragment (WOLFSSL *ssl, unsigned char mfl) |
| This function is called on the client side to enable the use of Maximum Fragment Length in the SSL object passed in the 'ssl' parameter. It means that the Maximum Fragment Length extension will be sent on ClientHello by wolfSSL clients. | |
| WOLFSSL_API int | wolfSSL_CTX_UseMaxFragment (WOLFSSL_CTX *ctx, unsigned char mfl) |
| This function is called on the client side to enable the use of Maximum Fragment Length for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the Maximum Fragment Length extension will be sent on ClientHello by wolfSSL clients. | |
| WOLFSSL_API int | wolfSSL_UseTruncatedHMAC (WOLFSSL *ssl) |
| This function is called on the client side to enable the use of Truncated HMAC in the SSL object passed in the 'ssl' parameter. It means that the Truncated HMAC extension will be sent on ClientHello by wolfSSL clients. | |
| WOLFSSL_API int | wolfSSL_CTX_UseTruncatedHMAC (WOLFSSL_CTX *ctx) |
| This function is called on the client side to enable the use of Truncated HMAC for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the Truncated HMAC extension will be sent on ClientHello by wolfSSL clients. | |
| WOLFSSL_API int | wolfSSL_UseOCSPStapling (WOLFSSL *ssl, unsigned char status_type, unsigned char options) |
| Stapling eliminates the need to contact the CA. Stapling lowers the cost of certificate revocation check presented in OCSP. | |
| WOLFSSL_API int | wolfSSL_CTX_UseOCSPStapling (WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options) |
| This function requests the certificate status during the handshake. | |
| WOLFSSL_API int | wolfSSL_UseOCSPStaplingV2 (WOLFSSL *ssl, unsigned char status_type, unsigned char options) |
| The function sets the status type and options for OCSP. | |
| WOLFSSL_API int | wolfSSL_CTX_UseOCSPStaplingV2 (WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options) |
| Creates and initializes the certificate status request for OCSP Stapling. | |
| WOLFSSL_API int | wolfSSL_UseSupportedCurve (WOLFSSL *ssl, word16 name) |
| This function is called on the client side to enable the use of Supported Elliptic Curves Extension in the SSL object passed in the 'ssl' parameter. It means that the supported curves enabled will be sent on ClientHello by wolfSSL clients. This function can be called more than one time to enable multiple curves. | |
| WOLFSSL_API int | wolfSSL_CTX_UseSupportedCurve (WOLFSSL_CTX *ctx, word16 name) |
| This function is called on the client side to enable the use of Supported Elliptic Curves Extension for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the supported curves enabled will be sent on ClientHello by wolfSSL clients. This function can be called more than one time to enable multiple curves. | |
| WOLFSSL_API int | wolfSSL_UseKeyShare (WOLFSSL *ssl, word16 group) |
| WOLFSSL_API int | wolfSSL_NoKeyShares (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_UseSecureRenegotiation (WOLFSSL *ssl) |
| This function forces secure renegotiation for the supplied WOLFSSL structure. This is not recommended. | |
| WOLFSSL_API int | wolfSSL_CTX_UseSecureRenegotiation (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_StartSecureRenegotiation (WOLFSSL *ssl, int resume) |
| WOLFSSL_API int | wolfSSL_Rehandshake (WOLFSSL *ssl) |
| This function executes a secure renegotiation handshake; this is user forced as wolfSSL discourages this functionality. | |
| WOLFSSL_API int | wolfSSL_SecureResume (WOLFSSL *ssl) |
| WOLFSSL_API long | wolfSSL_SSL_get_secure_renegotiation_support (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_UseSessionTicket (WOLFSSL *ssl) |
| Force provided WOLFSSL structure to use session ticket. The constant HAVE_SESSION_TICKET should be defined and the constant NO_WOLFSSL_CLIENT should not be defined to use this function. | |
| WOLFSSL_API int | wolfSSL_CTX_UseSessionTicket (WOLFSSL_CTX *ctx) |
| This function sets wolfSSL context to use a session ticket. | |
| WOLFSSL_API int | wolfSSL_get_SessionTicket (WOLFSSL *, unsigned char *, word32 *) |
| This function copies the ticket member of the Session structure to the buffer. | |
| WOLFSSL_API int | wolfSSL_set_SessionTicket (WOLFSSL *, const unsigned char *, word32) |
| This function sets the ticket member of the WOLFSSL_SESSION structure within the WOLFSSL struct. The buffer passed into the function is copied to memory. | |
| WOLFSSL_API int | wolfSSL_set_SessionTicket_cb (WOLFSSL *, CallbackSessionTicket, void *) |
| This function sets the session ticket callback. The type CallbackSessionTicket is a function pointer with the signature of: int (CallbackSessionTicket)(WOLFSSL, const unsigned char*, int, void*) | |
| WOLFSSL_API int | wolfSSL_CTX_set_TicketEncCb (WOLFSSL_CTX *ctx, SessionTicketEncCb) |
| This function sets the session ticket key encrypt callback function for a server to support session tickets as specified in RFC 5077. | |
| WOLFSSL_API int | wolfSSL_CTX_set_TicketHint (WOLFSSL_CTX *ctx, int) |
| This function sets the session ticket hint relayed to the client. For server side use. | |
| WOLFSSL_API int | wolfSSL_CTX_set_TicketEncCtx (WOLFSSL_CTX *ctx, void *) |
| This function sets the session ticket encrypt user context for the callback. For server side use. | |
| WOLFSSL_API int | wolfSSL_isQSH (WOLFSSL *ssl) |
| Checks if QSH is used in the supplied SSL session. | |
| WOLFSSL_API int | wolfSSL_UseSupportedQSH (WOLFSSL *ssl, unsigned short name) |
| WOLFSSL_API int | wolfSSL_UseClientQSHKeys (WOLFSSL *ssl, unsigned char flag) |
| If the flag is 1 keys will be sent in hello. If flag is 0 then the keys will not be sent during hello. | |
| WOLFSSL_API int | wolfSSL_DisableExtendedMasterSecret (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_DisableExtendedMasterSecret (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_SetHsDoneCb (WOLFSSL *, HandShakeDoneCb, void *) |
| This function sets the handshake done callback. The hsDoneCb and hsDoneCtx members of the WOLFSSL structure are set in this function. | |
| WOLFSSL_API int | wolfSSL_PrintSessionStats (void) |
| This function prints the statistics from the session. | |
| WOLFSSL_API int | wolfSSL_get_session_stats (unsigned int *active, unsigned int *total, unsigned int *peak, unsigned int *maxSessions) |
| WOLFSSL_API int | wolfSSL_MakeTlsMasterSecret (unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *cr, const unsigned char *sr, int tls1_2, int hash_type) |
| This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) and returns that value. | |
| WOLFSSL_API int | wolfSSL_MakeTlsExtendedMasterSecret (unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *sHash, word32 sHashLen, int tls1_2, int hash_type) |
| WOLFSSL_API int | wolfSSL_DeriveTlsKeys (unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type) |
| An external facing wrapper to derive TLS Keys. | |
| WOLFSSL_API int | wolfSSL_connect_ex (WOLFSSL *, HandShakeCallBack, TimeoutCallBack, WOLFSSL_TIMEVAL) |
| wolfSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[]. The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout. This extension can be called with either, both, or neither callbacks. | |
| WOLFSSL_API int | wolfSSL_accept_ex (WOLFSSL *, HandShakeCallBack, TimeoutCallBack, WOLFSSL_TIMEVAL) |
| wolfSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[]. The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout. This extension can be called with either, both, or neither callbacks. | |
| WOLFSSL_API void | wolfSSL_wolfSCEP (void) |
| WOLFSSL_API void | wolfSSL_cert_service (void) |
| WOLFSSL_API int | wolfSSL_X509_NAME_get_index_by_OBJ (WOLFSSL_X509_NAME *name, const WOLFSSL_ASN1_OBJECT *obj, int idx) |
| WOLFSSL_API const char * | wolfSSL_OBJ_nid2sn (int n) |
| WOLFSSL_API int | wolfSSL_OBJ_obj2nid (const WOLFSSL_ASN1_OBJECT *o) |
| WOLFSSL_API int | wolfSSL_OBJ_get_type (const WOLFSSL_ASN1_OBJECT *o) |
| WOLFSSL_API int | wolfSSL_OBJ_sn2nid (const char *sn) |
| WOLFSSL_API const char * | wolfSSL_OBJ_nid2ln (int n) |
| WOLFSSL_API int | wolfSSL_OBJ_ln2nid (const char *ln) |
| WOLFSSL_API int | wolfSSL_OBJ_cmp (const WOLFSSL_ASN1_OBJECT *a, const WOLFSSL_ASN1_OBJECT *b) |
| WOLFSSL_API int | wolfSSL_OBJ_txt2nid (const char *sn) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_OBJ_txt2obj (const char *s, int no_name) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_OBJ_nid2obj (int n) |
| WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT * | wolfSSL_OBJ_nid2obj_ex (int n, WOLFSSL_ASN1_OBJECT *arg_obj) |
| WOLFSSL_API int | wolfSSL_OBJ_obj2txt (char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name) |
| WOLFSSL_API void | wolfSSL_OBJ_cleanup (void) |
| WOLFSSL_API int | wolfSSL_OBJ_create (const char *oid, const char *sn, const char *ln) |
| WOLFSSL_LOCAL int | NIDToEccEnum (int n) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_peek_last_error_line (const char **file, int *line) |
| WOLFSSL_API long | wolfSSL_ctrl (WOLFSSL *ssl, int cmd, long opt, void *pt) |
| WOLFSSL_API long | wolfSSL_CTX_ctrl (WOLFSSL_CTX *ctx, int cmd, long opt, void *pt) |
| WOLFSSL_API long | wolfSSL_CTX_callback_ctrl (WOLFSSL_CTX *ctx, int cmd, void(*fp)(void)) |
| WOLFSSL_API long | wolfSSL_CTX_clear_extra_chain_certs (WOLFSSL_CTX *ctx) |
| WOLFSSL_API WOLFSSL_X509_NAME_ENTRY * | wolfSSL_X509_NAME_ENTRY_create_by_NID (WOLFSSL_X509_NAME_ENTRY **out, int nid, int type, const unsigned char *data, int dataSz) |
| WOLFSSL_API WOLFSSL_X509_NAME_ENTRY * | wolfSSL_X509_NAME_ENTRY_create_by_txt (WOLFSSL_X509_NAME_ENTRY **neIn, const char *txt, int format, const unsigned char *data, int dataSz) |
| WOLFSSL_API int | wolfSSL_X509_NAME_add_entry (WOLFSSL_X509_NAME *name, WOLFSSL_X509_NAME_ENTRY *entry, int idx, int set) |
| WOLFSSL_API int | wolfSSL_X509_NAME_add_entry_by_txt (WOLFSSL_X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set) |
| WOLFSSL_API int | wolfSSL_X509_NAME_add_entry_by_NID (WOLFSSL_X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set) |
| WOLFSSL_API int | wolfSSL_X509_NAME_cmp (const WOLFSSL_X509_NAME *x, const WOLFSSL_X509_NAME *y) |
| WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_X509_NAME_new (void) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_dup (WOLFSSL_X509 *) |
| WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_X509_NAME_dup (WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_check_private_key (const WOLFSSL *ssl) |
| This function checks that the private key is a match with the certificate being used. | |
| WOLFSSL_API void * | wolfSSL_X509_get_ext_d2i (const WOLFSSL_X509 *x509, int nid, int *c, int *idx) |
| This function looks for and returns the extension matching the passed in NID value. | |
| WOLFSSL_API int | wolfSSL_X509_get_ext_count (const WOLFSSL_X509 *passedCert) |
| WOLFSSL_API int | wolfSSL_X509_get_ext_by_NID (const WOLFSSL_X509 *x, int nid, int lastpos) |
| This function looks for and returns the extension index matching the passed in NID value. | |
| WOLFSSL_API int | wolfSSL_X509_add_ext (WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc) |
| WOLFSSL_API WOLFSSL_X509_EXTENSION * | wolfSSL_X509V3_EXT_conf_nid (WOLF_LHASH_OF(CONF_VALUE) *conf, WOLFSSL_X509V3_CTX *ctx, int nid, char *value) |
| WOLFSSL_API void | wolfSSL_X509V3_set_ctx (WOLFSSL_X509V3_CTX *ctx, WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject, WOLFSSL_X509 *req, WOLFSSL_X509_CRL *crl, int flag) |
| WOLFSSL_API void | wolfSSL_X509V3_set_ctx_nodb (WOLFSSL_X509V3_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_X509_digest (const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len) |
| This function returns the hash of the DER certificate. | |
| WOLFSSL_API int | wolfSSL_use_certificate (WOLFSSL *ssl, WOLFSSL_X509 *x509) |
| his is used to set the certificate for WOLFSSL structure to use during a handshake. | |
| WOLFSSL_API int | wolfSSL_use_PrivateKey (WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey) |
| This is used to set the private key for the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_use_PrivateKey_ASN1 (int pri, WOLFSSL *ssl, const unsigned char *der, long derSz) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_get_privatekey (const WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_use_RSAPrivateKey_ASN1 (WOLFSSL *ssl, unsigned char *der, long derSz) |
| This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expected. | |
| WOLFSSL_API int | wolfSSL_CTX_use_PrivateKey_ASN1 (int pri, WOLFSSL_CTX *ctx, unsigned char *der, long derSz) |
| WOLFSSL_API int | wolfSSL_X509_cmp (const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) |
| WOLFSSL_API WOLFSSL_X509_EXTENSION * | wolfSSL_X509_get_ext (const WOLFSSL_X509 *x, int loc) |
| WOLFSSL_API WOLFSSL_X509_EXTENSION * | wolfSSL_X509_set_ext (WOLFSSL_X509 *x, int loc) |
| WOLFSSL_API int | wolfSSL_X509_EXTENSION_get_critical (const WOLFSSL_X509_EXTENSION *ex) |
| WOLFSSL_API WOLFSSL_X509_EXTENSION * | wolfSSL_X509_EXTENSION_new (void) |
| WOLFSSL_API int | wolfSSL_sk_X509_EXTENSION_push (WOLFSSL_STACK *sk, WOLFSSL_X509_EXTENSION *ext) |
| WOLFSSL_API void | wolfSSL_sk_X509_EXTENSION_free (WOLFSSL_STACK *sk) |
| WOLFSSL_API void | wolfSSL_X509_EXTENSION_free (WOLFSSL_X509_EXTENSION *ext_to_free) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_new_x509_ext (void) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_X509_EXTENSION_get_object (WOLFSSL_X509_EXTENSION *ext) |
| WOLFSSL_API WOLFSSL_ASN1_STRING * | wolfSSL_X509_EXTENSION_get_data (WOLFSSL_X509_EXTENSION *ext) |
| WOLFSSL_API WOLFSSL_DH * | wolfSSL_DSA_dup_DH (const WOLFSSL_DSA *r) |
| This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure. | |
| WOLFSSL_API int | wolfSSL_SESSION_get_master_key (const WOLFSSL_SESSION *ses, unsigned char *out, int outSz) |
| This is used to get the master key after completing a handshake. | |
| WOLFSSL_API int | wolfSSL_SESSION_get_master_key_length (const WOLFSSL_SESSION *ses) |
| This is used to get the master secret key length. | |
| WOLFSSL_API void | wolfSSL_CTX_set_cert_store (WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str) |
| This is a setter function for the WOLFSSL_X509_STORE structure in ctx. | |
| WOLFSSL_API int | wolfSSL_i2d_X509_bio (WOLFSSL_BIO *bio, WOLFSSL_X509 *x509) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_d2i_X509_fp (XFILE fp, WOLFSSL_X509 **x509) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_X509_STORE_GetCerts (WOLFSSL_X509_STORE_CTX *s) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_d2i_X509_bio (WOLFSSL_BIO *bio, WOLFSSL_X509 **x509) |
| This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure. | |
| WOLFSSL_API WOLFSSL_X509_STORE * | wolfSSL_CTX_get_cert_store (WOLFSSL_CTX *ctx) |
| This is a getter function for the WOLFSSL_X509_STORE structure in ctx. | |
| WOLFSSL_API size_t | wolfSSL_BIO_wpending (const WOLFSSL_BIO *bio) |
| WOLFSSL_API size_t | wolfSSL_BIO_ctrl_pending (WOLFSSL_BIO *b) |
| Gets the number of pending bytes to read. If BIO type is BIO_BIO then is the number to read from pair. If BIO contains an SSL object then is pending data from SSL object (wolfSSL_pending(ssl)). If is BIO_MEMORY type then returns the size of memory buffer. | |
| WOLFSSL_API size_t | wolfSSL_get_server_random (const WOLFSSL *ssl, unsigned char *out, size_t outlen) |
| This is used to get the random data sent by the server during the handshake. | |
| WOLFSSL_API int | wolfSSL_get_server_tmp_key (const WOLFSSL *, WOLFSSL_EVP_PKEY **) |
| WOLFSSL_API int | wolfSSL_CTX_set_min_proto_version (WOLFSSL_CTX *, int) |
| WOLFSSL_API int | wolfSSL_CTX_set_max_proto_version (WOLFSSL_CTX *, int) |
| WOLFSSL_API size_t | wolfSSL_get_client_random (const WOLFSSL *ssl, unsigned char *out, size_t outSz) |
| This is used to get the random data sent by the client during the handshake. | |
| WOLFSSL_API int | wolfSSL_CTX_use_PrivateKey (WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_PEM_read_bio_X509 (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) |
| WOLFSSL_API WOLFSSL_X509_CRL * | wolfSSL_PEM_read_bio_X509_CRL (WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) |
| This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra information such as trusted/rejected use cases and friendly name for human readability. | |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_X509_INFO) *wolfSSL_PEM_X509_INFO_read_bio(WOLFSSL_BIO *bio |
| WOLFSSL_API WOLFSSL_X509_CRL * | wolfSSL_PEM_read_X509_CRL (XFILE fp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u) |
| WOLFSSL_API int | wolfSSL_PEM_get_EVP_CIPHER_INFO (char *header, EncryptedInfo *cipher) |
| WOLFSSL_API int | wolfSSL_PEM_do_header (EncryptedInfo *cipher, unsigned char *data, long *len, pem_password_cb *callback, void *ctx) |
| WOLFSSL_API void | wolfSSL_X509_NAME_ENTRY_free (WOLFSSL_X509_NAME_ENTRY *ne) |
| WOLFSSL_API WOLFSSL_X509_NAME_ENTRY * | wolfSSL_X509_NAME_ENTRY_new (void) |
| WOLFSSL_API void | wolfSSL_X509_NAME_free (WOLFSSL_X509_NAME *name) |
| WOLFSSL_API char | wolfSSL_CTX_use_certificate (WOLFSSL_CTX *, WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_CTX_add1_chain_cert (WOLFSSL_CTX *, WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_BIO_read_filename (WOLFSSL_BIO *b, const char *name) |
| WOLFSSL_API void | wolfSSL_set_verify_depth (WOLFSSL *ssl, int depth) |
| WOLFSSL_API void * | wolfSSL_get_app_data (const WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_set_app_data (WOLFSSL *ssl, void *arg) |
| WOLFSSL_API WOLFSSL_ASN1_OBJECT * | wolfSSL_X509_NAME_ENTRY_get_object (WOLFSSL_X509_NAME_ENTRY *ne) |
| WOLFSSL_API WOLFSSL_X509_NAME_ENTRY * | wolfSSL_X509_NAME_get_entry (WOLFSSL_X509_NAME *name, int loc) |
| WOLFSSL_API unsigned char * | wolfSSL_SHA1 (const unsigned char *d, size_t n, unsigned char *md) |
| WOLFSSL_API unsigned char * | wolfSSL_SHA256 (const unsigned char *d, size_t n, unsigned char *md) |
| WOLFSSL_API unsigned char * | wolfSSL_SHA384 (const unsigned char *d, size_t n, unsigned char *md) |
| WOLFSSL_API unsigned char * | wolfSSL_SHA512 (const unsigned char *d, size_t n, unsigned char *md) |
| WOLFSSL_API int | wolfSSL_X509_check_private_key (WOLFSSL_X509 *, WOLFSSL_EVP_PKEY *) |
| WOLFSSL_API int | wolfSSL_X509_check_ca (WOLFSSL_X509 *x509) |
| WOLFSSL_API long | wolfSSL_BIO_set_fp (WOLFSSL_BIO *bio, XFILE fp, int c) |
| This is used to set the internal file pointer for a BIO. | |
| WOLFSSL_API long | wolfSSL_BIO_get_fp (WOLFSSL_BIO *bio, XFILE *fp) |
| This is used to get the internal file pointer for a BIO. | |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_new_fp (XFILE fp, int c) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_BIO_new_file (const char *filename, const char *mode) |
| WOLFSSL_API long | wolfSSL_CTX_set_tmp_dh (WOLFSSL_CTX *, WOLFSSL_DH *) |
| Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters. | |
| WOLFSSL_API WOLFSSL_DH * | wolfSSL_PEM_read_bio_DHparams (WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) |
| WOLFSSL_API WOLFSSL_DSA * | wolfSSL_PEM_read_bio_DSAparams (WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) |
| This function get the DSA parameters from a PEM buffer in bio. | |
| WOLFSSL_API int | wolfSSL_PEM_write_bio_X509_REQ (WOLFSSL_BIO *bp, WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_PEM_write_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_PEM_write_bio_X509 (WOLFSSL_BIO *bp, WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_i2d_X509_REQ (WOLFSSL_X509 *req, unsigned char **out) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_X509_REQ_new (void) |
| WOLFSSL_API void | wolfSSL_X509_REQ_free (WOLFSSL_X509 *req) |
| WOLFSSL_API int | wolfSSL_X509_REQ_sign (WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md) |
| WOLFSSL_API int | wolfSSL_X509_REQ_add_extensions (WOLFSSL_X509 *req, WOLF_STACK_OF(WOLFSSL_X509_EXTENSION) *ext) |
| WOLFSSL_API int | wolfSSL_X509_REQ_set_subject_name (WOLFSSL_X509 *req, WOLFSSL_X509_NAME *name) |
| WOLFSSL_API int | wolfSSL_X509_REQ_set_pubkey (WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) |
| WOLFSSL_API int | wolfSSL_CRYPTO_set_mem_ex_functions (void *(*m)(size_t, const char *, int), void *(*r)(void *, size_t, const char *, int), void(*f)(void *)) |
| WOLFSSL_API void | wolfSSL_CRYPTO_cleanup_all_ex_data (void) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_768_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_1024_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_1536_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_2048_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_3072_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_4096_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_6144_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_BIGNUM * | wolfSSL_DH_8192_prime (WOLFSSL_BIGNUM *bn) |
| WOLFSSL_API WOLFSSL_DH * | wolfSSL_DH_generate_parameters (int prime_len, int generator, void(*callback)(int, int, void *), void *cb_arg) |
| WOLFSSL_API int | wolfSSL_DH_generate_parameters_ex (WOLFSSL_DH *, int, int, void(*callback)(int, int, void *)) |
| WOLFSSL_API void | wolfSSL_ERR_load_crypto_strings (void) |
| WOLFSSL_API unsigned long | wolfSSL_ERR_peek_last_error (void) |
| This function returns the absolute value of the last error from WOLFSSL_ERROR encountered. | |
| WOLFSSL_API int | wolfSSL_FIPS_mode (void) |
| WOLFSSL_API int | wolfSSL_FIPS_mode_set (int r) |
| WOLFSSL_API int | wolfSSL_RAND_set_rand_method (const void *meth) |
| WOLFSSL_API int | wolfSSL_CIPHER_get_bits (const WOLFSSL_CIPHER *c, int *alg_bits) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_X509_new (void) |
| WOLFSSL_API int | wolfSSL_sk_X509_num (const WOLF_STACK_OF(WOLFSSL_X509) *s) |
| WOLFSSL_API WOLFSSL_X509_INFO * | wolfSSL_X509_INFO_new (void) |
| WOLFSSL_API void | wolfSSL_X509_INFO_free (WOLFSSL_X509_INFO *info) |
| WOLFSSL_API WOLFSSL_STACK * | wolfSSL_sk_X509_INFO_new_null (void) |
| WOLFSSL_API int | wolfSSL_sk_X509_INFO_num (const WOLF_STACK_OF(WOLFSSL_X509_INFO) *) |
| WOLFSSL_API WOLFSSL_X509_INFO * | wolfSSL_sk_X509_INFO_value (const WOLF_STACK_OF(WOLFSSL_X509_INFO) *, int) |
| WOLFSSL_API int | wolfSSL_sk_X509_INFO_push (WOLF_STACK_OF(WOLFSSL_X509_INFO) *, WOLFSSL_X509_INFO *) |
| WOLFSSL_API WOLFSSL_X509_INFO * | wolfSSL_sk_X509_INFO_pop (WOLF_STACK_OF(WOLFSSL_X509_INFO) *) |
| WOLFSSL_API void | wolfSSL_sk_X509_INFO_pop_free (WOLF_STACK_OF(WOLFSSL_X509_INFO) *, void(*f)(WOLFSSL_X509_INFO *)) |
| WOLFSSL_API void | wolfSSL_sk_X509_INFO_free (WOLF_STACK_OF(WOLFSSL_X509_INFO) *) |
| WOLFSSL_API int | wolfSSL_sk_X509_NAME_push (WOLF_STACK_OF(WOLFSSL_X509_NAME) *, WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_sk_X509_NAME_find (const WOLF_STACK_OF(WOLFSSL_X509_NAME) *, WOLFSSL_X509_NAME *) |
| WOLFSSL_API int | wolfSSL_sk_X509_NAME_set_cmp_func (WOLF_STACK_OF(WOLFSSL_X509_NAME) *, wolf_sk_compare_cb) |
| WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_sk_X509_NAME_value (const WOLF_STACK_OF(WOLFSSL_X509_NAME) *, int) |
| WOLFSSL_API int | wolfSSL_sk_X509_NAME_num (const WOLF_STACK_OF(WOLFSSL_X509_NAME) *) |
| WOLFSSL_API WOLFSSL_X509_NAME * | wolfSSL_sk_X509_NAME_pop (WOLF_STACK_OF(WOLFSSL_X509_NAME) *) |
| WOLFSSL_API void | wolfSSL_sk_X509_NAME_pop_free (WOLF_STACK_OF(WOLFSSL_X509_NAME) *, void(*f)(WOLFSSL_X509_NAME *)) |
| WOLFSSL_API void | wolfSSL_sk_X509_NAME_free (WOLF_STACK_OF(WOLFSSL_X509_NAME) *) |
| WOLFSSL_API int | wolfSSL_sk_X509_OBJECT_num (const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s) |
| WOLFSSL_API int | wolfSSL_X509_NAME_print_ex (WOLFSSL_BIO *, WOLFSSL_X509_NAME *, int, unsigned long) |
| WOLFSSL_API WOLFSSL_ASN1_BIT_STRING * | wolfSSL_ASN1_BIT_STRING_new (void) |
| WOLFSSL_API void | wolfSSL_ASN1_BIT_STRING_free (WOLFSSL_ASN1_BIT_STRING *) |
| WOLFSSL_API WOLFSSL_ASN1_BIT_STRING * | wolfSSL_X509_get0_pubkey_bitstr (const WOLFSSL_X509 *) |
| WOLFSSL_API int | wolfSSL_ASN1_BIT_STRING_get_bit (const WOLFSSL_ASN1_BIT_STRING *, int) |
| WOLFSSL_API int | wolfSSL_ASN1_BIT_STRING_set_bit (WOLFSSL_ASN1_BIT_STRING *, int, int) |
| WOLFSSL_API int | wolfSSL_CTX_add_session (WOLFSSL_CTX *, WOLFSSL_SESSION *) |
| WOLFSSL_API int | wolfSSL_version (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_get_state (const WOLFSSL *) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_sk_X509_value (WOLF_STACK_OF(WOLFSSL_X509) *, int) |
| WOLFSSL_API WOLFSSL_X509 * | wolfSSL_sk_X509_shift (WOLF_STACK_OF(WOLFSSL_X509) *) |
| WOLFSSL_API void * | wolfSSL_sk_X509_OBJECT_value (WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *, int) |
| WOLFSSL_API void * | wolfSSL_SESSION_get_ex_data (const WOLFSSL_SESSION *, int) |
| WOLFSSL_API int | wolfSSL_SESSION_set_ex_data (WOLFSSL_SESSION *, int, void *) |
| WOLFSSL_API int | wolfSSL_SESSION_get_ex_new_index (long, void *, void *, void *, CRYPTO_free_func *) |
| WOLFSSL_API int | wolfSSL_X509_NAME_get_sz (WOLFSSL_X509_NAME *) |
| WOLFSSL_API const unsigned char * | wolfSSL_SESSION_get_id (WOLFSSL_SESSION *, unsigned int *) |
| WOLFSSL_API int | wolfSSL_SESSION_print (WOLFSSL_BIO *, const WOLFSSL_SESSION *) |
| WOLFSSL_API int | wolfSSL_set_tlsext_host_name (WOLFSSL *, const char *) |
| WOLFSSL_API const char * | wolfSSL_get_servername (WOLFSSL *, unsigned char) |
| WOLFSSL_API WOLFSSL_CTX * | wolfSSL_set_SSL_CTX (WOLFSSL *, WOLFSSL_CTX *) |
| WOLFSSL_API VerifyCallback | wolfSSL_CTX_get_verify_callback (WOLFSSL_CTX *) |
| WOLFSSL_API VerifyCallback | wolfSSL_get_verify_callback (WOLFSSL *) |
| WOLFSSL_API void | wolfSSL_CTX_set_servername_callback (WOLFSSL_CTX *, CallbackSniRecv) |
| WOLFSSL_API int | wolfSSL_CTX_set_tlsext_servername_callback (WOLFSSL_CTX *, CallbackSniRecv) |
| WOLFSSL_API int | wolfSSL_CTX_set_servername_arg (WOLFSSL_CTX *, void *) |
| WOLFSSL_API void | wolfSSL_ERR_remove_thread_state (void *) |
| WOLFSSL_API void | wolfSSL_print_all_errors_fp (XFILE fp) |
| WOLFSSL_API void | wolfSSL_THREADID_set_callback (void(*threadid_func)(void *)) |
| WOLFSSL_API void | wolfSSL_THREADID_set_numeric (void *id, unsigned long val) |
| WOLFSSL_API WOLFSSL_X509_NAME *WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_X509_OBJECT) *wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *) |
| WOLFSSL_API WOLFSSL_X509_OBJECT * | wolfSSL_sk_X509_OBJECT_delete (WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk, int i) |
| WOLFSSL_API void | wolfSSL_X509_OBJECT_free (WOLFSSL_X509_OBJECT *a) |
| WOLFSSL_API void | wolfSSL_sk_X509_pop_free (WOLF_STACK_OF(WOLFSSL_X509) *sk, void(*f)(WOLFSSL_X509 *)) |
| WOLFSSL_API int | wolfSSL_CTX_set1_curves_list (WOLFSSL_CTX *ctx, const char *names) |
| WOLFSSL_API int | wolfSSL_set1_curves_list (WOLFSSL *ssl, const char *names) |
| WOLFSSL_API int | wolfSSL_CTX_get_verify_mode (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_set_jobject (WOLFSSL *ssl, void *objPtr) |
| This function sets the jObjectRef member of the WOLFSSL structure. | |
| WOLFSSL_API void * | wolfSSL_get_jobject (WOLFSSL *ssl) |
| This function returns the jObjectRef member of the WOLFSSL structure. | |
| WOLFSSL_API int | wolfSSL_AsyncPoll (WOLFSSL *ssl, WOLF_EVENT_FLAG flags) |
| WOLFSSL_API int | wolfSSL_CTX_AsyncPoll (WOLFSSL_CTX *ctx, WOLF_EVENT **events, int maxEvents, WOLF_EVENT_FLAG flags, int *eventCount) |
| WOLFSSL_API int | wolfSSL_CTX_set_msg_callback (WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) |
| WOLFSSL_API int | wolfSSL_set_msg_callback (WOLFSSL *ssl, SSL_Msg_Cb cb) |
| This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback. | |
| WOLFSSL_API int | wolfSSL_CTX_set_msg_callback_arg (WOLFSSL_CTX *ctx, void *arg) |
| WOLFSSL_API int | wolfSSL_set_msg_callback_arg (WOLFSSL *ssl, void *arg) |
| This function sets associated callback context value in the ssl. The value is handed over to the callback argument. | |
| WOLFSSL_API unsigned long | wolfSSL_ERR_peek_error_line_data (const char **file, int *line, const char **data, int *flags) |
| WOLFSSL_API int | wolfSSL_CTX_set_alpn_protos (WOLFSSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) |
| WOLFSSL_API int | wolfSSL_set_alpn_protos (WOLFSSL *ssl, const unsigned char *protos, unsigned int protos_len) |
| WOLFSSL_API void * | wolfSSL_OPENSSL_memdup (const void *data, size_t siz, const char *file, int line) |
| WOLFSSL_API void | wolfSSL_ERR_load_BIO_strings (void) |
| WOLFSSL_API void | wolfSSL_OPENSSL_config (char *config_name) |
| WOLFSSL_LOCAL int | wolfSSL_get_ocsp_response (WOLFSSL *ssl, byte **response) |
| WOLFSSL_LOCAL char * | wolfSSL_get_ocsp_url (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_set_ocsp_url (WOLFSSL *ssl, char *url) |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_X509_get_ex_new_index (int idx, void *arg, void *a, void *b, void *c) |
| WOLFSSL_API void * | wolfSSL_X509_get_ex_data (WOLFSSL_X509 *x509, int idx) |
| WOLFSSL_API int | wolfSSL_X509_set_ex_data (WOLFSSL_X509 *x509, int idx, void *data) |
| WOLFSSL_API int | wolfSSL_X509_NAME_digest (const WOLFSSL_X509_NAME *data, const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len) |
| WOLFSSL_API long | wolfSSL_SSL_CTX_get_timeout (const WOLFSSL_CTX *ctx) |
| WOLFSSL_API long | wolfSSL_get_timeout (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_SSL_CTX_set_tmp_ecdh (WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh) |
| WOLFSSL_API int | wolfSSL_SSL_CTX_remove_session (WOLFSSL_CTX *, WOLFSSL_SESSION *c) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_SSL_get_rbio (const WOLFSSL *s) |
| WOLFSSL_API WOLFSSL_BIO * | wolfSSL_SSL_get_wbio (const WOLFSSL *s) |
| WOLFSSL_API int | wolfSSL_SSL_do_handshake (WOLFSSL *s) |
| WOLFSSL_API int | wolfSSL_SSL_in_init (WOLFSSL *) |
| WOLFSSL_API int | wolfSSL_SSL_in_connect_init (WOLFSSL *) |
| WOLFSSL_API WOLFSSL_SESSION * | wolfSSL_SSL_get0_session (const WOLFSSL *s) |
| WOLFSSL_API int | wolfSSL_X509_check_host (WOLFSSL_X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername) |
| WOLFSSL_API int | wolfSSL_i2a_ASN1_INTEGER (WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a) |
| WOLFSSL_API int | wolfSSL_CTX_set_tlsext_ticket_key_cb (WOLFSSL_CTX *, int(*)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv, WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)) |
| WOLFSSL_API int | wolfSSL_CTX_get_extra_chain_certs (WOLFSSL_CTX *ctx, WOLF_STACK_OF(X509) **chain) |
| WOLFSSL_API int | wolfSSL_CTX_set_tlsext_status_cb (WOLFSSL_CTX *ctx, int(*)(WOLFSSL *, void *)) |
| WOLFSSL_API int | wolfSSL_X509_STORE_CTX_get1_issuer (WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) |
| WOLFSSL_API void | wolfSSL_X509_email_free (WOLF_STACK_OF(WOLFSSL_STRING) *sk) |
| WOLFSSL_API | WOLF_STACK_OF (WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_X509_check_issued (WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) |
| WOLFSSL_API char * | wolfSSL_sk_WOLFSSL_STRING_value (WOLF_STACK_OF(WOLFSSL_STRING) *strings, int idx) |
| WOLFSSL_API int | PEM_write_bio_WOLFSSL_X509 (WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) |
| WOLFSSL_API void | wolfSSL_get0_alpn_selected (const WOLFSSL *ssl, const unsigned char **data, unsigned int *len) |
| WOLFSSL_API int | wolfSSL_select_next_proto (unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len) |
| WOLFSSL_API void | wolfSSL_CTX_set_alpn_select_cb (WOLFSSL_CTX *ctx, int(*cb)(WOLFSSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| WOLFSSL_API void | wolfSSL_CTX_set_next_protos_advertised_cb (WOLFSSL_CTX *s, int(*cb)(WOLFSSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| WOLFSSL_API void | wolfSSL_CTX_set_next_proto_select_cb (WOLFSSL_CTX *s, int(*cb)(WOLFSSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| WOLFSSL_API void | wolfSSL_get0_next_proto_negotiated (const WOLFSSL *s, const unsigned char **data, unsigned *len) |
| WOLFSSL_API const unsigned char * | SSL_SESSION_get0_id_context (const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length) |
| WOLFSSL_API size_t | SSL_get_finished (const WOLFSSL *s, void *buf, size_t count) |
| WOLFSSL_API size_t | SSL_get_peer_finished (const WOLFSSL *s, void *buf, size_t count) |
| WOLFSSL_API int | SSL_SESSION_set1_id (WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) |
| WOLFSSL_API int | SSL_SESSION_set1_id_context (WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) |
| WOLFSSL_API WOLFSSL_X509_ALGOR * | wolfSSL_X509_ALGOR_new (void) |
| WOLFSSL_API void | wolfSSL_X509_ALGOR_free (WOLFSSL_X509_ALGOR *alg) |
| WOLFSSL_API const WOLFSSL_X509_ALGOR * | wolfSSL_X509_get0_tbs_sigalg (const WOLFSSL_X509 *x) |
| WOLFSSL_API void | wolfSSL_X509_ALGOR_get0 (const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor) |
| WOLFSSL_API int | wolfSSL_X509_ALGOR_set0 (WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval) |
| WOLFSSL_API WOLFSSL_ASN1_TYPE * | wolfSSL_ASN1_TYPE_new (void) |
| WOLFSSL_API void | wolfSSL_ASN1_TYPE_free (WOLFSSL_ASN1_TYPE *at) |
| WOLFSSL_API WOLFSSL_X509_PUBKEY * | wolfSSL_X509_PUBKEY_new (void) |
| WOLFSSL_API void | wolfSSL_X509_PUBKEY_free (WOLFSSL_X509_PUBKEY *x) |
| WOLFSSL_API WOLFSSL_X509_PUBKEY * | wolfSSL_X509_get_X509_PUBKEY (const WOLFSSL_X509 *x509) |
| WOLFSSL_API int | wolfSSL_X509_PUBKEY_get0_param (WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa, WOLFSSL_X509_PUBKEY *pub) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_X509_PUBKEY_get (WOLFSSL_X509_PUBKEY *key) |
| WOLFSSL_API int | wolfSSL_X509_PUBKEY_set (WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) |
| WOLFSSL_API int | i2t_ASN1_OBJECT (char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) |
| WOLFSSL_API int | wolfSSL_i2a_ASN1_OBJECT (WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) |
| WOLFSSL_API void | SSL_CTX_set_tmp_dh_callback (WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh)(WOLFSSL *ssl, int is_export, int keylength)) |
| WOLFSSL_API | WOLF_STACK_OF (SSL_COMP) *SSL_COMP_get_compression_methods(void) |
| WOLFSSL_API int | wolfSSL_X509_STORE_load_locations (WOLFSSL_X509_STORE *str, const char *file, const char *dir) |
| WOLFSSL_API int | wolfSSL_X509_STORE_add_crl (WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x) |
| WOLFSSL_API int | wolfSSL_sk_SSL_CIPHER_num (const WOLF_STACK_OF(WOLFSSL_CIPHER) *p) |
| WOLFSSL_API int | wolfSSL_sk_SSL_CIPHER_find (WOLF_STACK_OF(WOLFSSL_CIPHER) *sk, const WOLFSSL_CIPHER *toFind) |
| WOLFSSL_API void | wolfSSL_sk_SSL_CIPHER_free (WOLF_STACK_OF(WOLFSSL_CIPHER) *sk) |
| WOLFSSL_API int | wolfSSL_sk_SSL_COMP_zero (WOLFSSL_STACK *st) |
| WOLFSSL_API int | wolfSSL_sk_SSL_COMP_num (WOLF_STACK_OF(WOLFSSL_COMP) *sk) |
| WOLFSSL_API WOLFSSL_CIPHER * | wolfSSL_sk_SSL_CIPHER_value (void *ciphers, int idx) |
| WOLFSSL_API void | ERR_load_SSL_strings (void) |
| WOLFSSL_API void | wolfSSL_EC_POINT_dump (const char *msg, const WOLFSSL_EC_POINT *p) |
| WOLFSSL_API const char * | wolfSSL_ASN1_tag2str (int tag) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_print_ex (WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) |
| WOLFSSL_API int | wolfSSL_ASN1_STRING_print (WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str) |
| WOLFSSL_API int | wolfSSL_ASN1_TIME_get_length (WOLFSSL_ASN1_TIME *t) |
| WOLFSSL_API unsigned char * | wolfSSL_ASN1_TIME_get_data (WOLFSSL_ASN1_TIME *t) |
| WOLFSSL_API WOLFSSL_ASN1_TIME * | wolfSSL_ASN1_TIME_to_generalizedtime (WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out) |
| WOLFSSL_API int | wolfSSL_i2c_ASN1_INTEGER (WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) |
| WOLFSSL_API int | wolfSSL_X509_CA_num (WOLFSSL_X509_STORE *store) |
| WOLFSSL_API long | wolfSSL_X509_get_version (const WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_X509_get_signature_nid (const WOLFSSL_X509 *x) |
| WOLFSSL_API int | wolfSSL_PEM_write_bio_PKCS8PrivateKey (WOLFSSL_BIO *bio, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_CIPHER *enc, char *passwd, int passwdSz, pem_password_cb *cb, void *ctx) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_PKCS8PrivateKey_bio (WOLFSSL_BIO *bio, WOLFSSL_EVP_PKEY **pkey, pem_password_cb *cb, void *u) |
| WOLFSSL_API WOLFSSL_EVP_PKEY * | wolfSSL_d2i_AutoPrivateKey (WOLFSSL_EVP_PKEY **pkey, const unsigned char **data, long length) |
| WOLFSSL_API unsigned long | wolfSSL_X509_subject_name_hash (const WOLFSSL_X509 *x509) |
| WOLFSSL_API int | wolfSSL_IsPrivatePkSet (WOLFSSL *ssl) |
| WOLFSSL_API int | wolfSSL_CTX_IsPrivatePkSet (WOLFSSL_CTX *ctx) |
| WOLFSSL_API int | wolfSSL_CTX_AllowEncryptThenMac (WOLFSSL_CTX *, int) |
| WOLFSSL_API int | wolfSSL_AllowEncryptThenMac (WOLFSSL *s, int) |
Variables | |
| C | |
| WOLFSSL_API pem_password_cb * | cb |
| WOLFSSL_API pem_password_cb void * | u |
Header file containing key wolfSSL API.
| enum AlertDescription |
| WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_client_method_ex | ( | void * | heap | ) |
This function initializes the DTLS v1.2 client method.
| none | No parameters. |
Example
| WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_server_method | ( | void | ) |
This function creates and initializes a WOLFSSL_METHOD for the server side.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_accept_ex | ( | WOLFSSL * | ssl, |
| HandShakeCallBack | hsCb, | ||
| TimeoutCallBack | toCb, | ||
| WOLFSSL_TIMEVAL | timeout ) |
wolfSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[]. The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout. This extension can be called with either, both, or neither callbacks.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_AllowEncryptThenMac | ( | WOLFSSL * | ssl, |
| int | set ) |
Sets whether Encrypt-Then-MAC extension can be negotiated against context. The default value comes from context.
ctx SSL/TLS context. set Whether to allow or not: 1 is allow and 0 is disallow. returns WOLFSSL_SUCCESS
| WOLFSSL_API void wolfSSL_ASN1_TYPE_free | ( | WOLFSSL_ASN1_TYPE * | at | ) |
Free WOLFSSL_ASN1_TYPE and all its members.
| at | Object to free |
| WOLFSSL_API WOLFSSL_ASN1_TYPE * wolfSSL_ASN1_TYPE_new | ( | void | ) |
Allocate a new WOLFSSL_ASN1_TYPE object.
| WOLFSSL_API int wolfSSL_CertManagerCheckCRL | ( | WOLFSSL_CERT_MANAGER * | cm, |
| unsigned char * | der, | ||
| int | sz ) |
Check CRL if the option is enabled and compares the cert to the CRL list.
| cm | a pointer to a WOLFSSL_CERT_MANAGER struct. |
| der | pointer to a DER formatted certificate. |
| sz | size of the certificate. |
Example
| WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect | ( | WOLFSSL * | ssl | ) |
\ingroup IO \brief This function is called on the client side and initiates an SSL/TLS handshake with a server. When this function is called, the underlying communication channel has already been set up.
wolfSSL_connect() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_connect() will return when the underlying I/O could not satisfy the needs of wolfSSL_connect to continue the handshake. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_connect() when the underlying I/O is ready and wolfSSL will pick up where it left off. When using a non-blocking socket, nothing needs to be done, but select() can be used to check for the required condition. If the underlying I/O is blocking, wolfSSL_connect() will only return once the handshake has been finished or an error occurred. wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, unable to verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new(); Though it's not recommended.
\return SSL_SUCCESS If successful.
\return SSL_FATAL_ERROR will be returned if an error occurred. To get a more detailed error code, call wolfSSL_get_error().
\param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
_Example_
\code
int ret = 0;
int err = 0;
WOLFSSL* ssl;
char buffer[80];
...
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, ret);
printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
}
\endcode
\sa wolfSSL_get_error
\sa wolfSSL_accept
| WOLFSSL_API int wolfSSL_connect_ex | ( | WOLFSSL * | ssl, |
| HandShakeCallBack | hsCb, | ||
| TimeoutCallBack | toCb, | ||
| WOLFSSL_TIMEVAL | timeout ) |
wolfSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[]. The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout. This extension can be called with either, both, or neither callbacks.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_connect_TLSv13 | ( | WOLFSSL * | ssl | ) |
This function is called on the client side and initiates an SSL/TLS handshake with a server. When this function is called, the underlying communication channel has already been set up. wolfSSL_connect() works with both blocking and non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_connect() will return when the underlying I/O could not satisfy the needs of wolfSSL_connect to continue the handshake. In this case, a call to wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then repeat the call to wolfSSL_connect() when the underlying I/O is ready and wolfSSL will pick up where it left off. When using a non-blocking socket, nothing needs to be done, but select() can be used to check for the required condition. If the underlying I/O is blocking, wolfSSL_connect() will only return once the handshake has been finished or an error occurred. wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, unable to verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new(); Though it's not recommended.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac | ( | WOLFSSL_CTX * | ctx, |
| int | set ) |
Sets whether Encrypt-Then-MAC extension can be negotiated against context. The default value: enabled.
ctx SSL/TLS context. set Whether to allow or not: 1 is allow and 0 is disallow. returns WOLFSSL_SUCCESS
| WOLFSSL_API int wolfSSL_CTX_DisableCRL | ( | WOLFSSL_CTX * | ctx | ) |
This function disables CRL verification in the CTX structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_DisableOCSP | ( | WOLFSSL_CTX * | ctx | ) |
This function disables OCSP certificate revocation checking by affecting the ocspEnabled member of the WOLFSSL_CERT_MANAGER structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_dtls_set_export | ( | WOLFSSL_CTX * | ctx, |
| wc_dtls_export | func ) |
The wolfSSL_CTX_dtls_set_export() function is used to set the callback function for exporting a session. It is allowed to pass in NULL as the parameter func to clear the export function previously stored. Used on the server side and is called immediately after handshake is completed.
| ctx | a pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new(). |
| func | wc_dtls_export function to use when exporting a session. |
Example
| WOLFSSL_API int wolfSSL_CTX_EnableCRL | ( | WOLFSSL_CTX * | ctx, |
| int | options ) |
Enables CRL certificate verification through the CTX.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_EnableOCSP | ( | WOLFSSL_CTX * | ctx, |
| int | options ) |
This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates. The override URL is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (–enable-ocsp, #define HAVE_OCSP).
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| options | value used to set the OCSP options. |
Example
| WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling | ( | WOLFSSL_CTX * | ctx | ) |
This function enables OCSP stapling by calling wolfSSL_CertManagerEnableOCSPStapling().
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_CTX_is_static_memory | ( | WOLFSSL_CTX * | ctx, |
| WOLFSSL_MEM_STATS * | mem_stats ) |
This function does not change any of the connections behavior and is used only for gathering information about the static memory usage.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| mem_stats | structure to hold information about static memory usage. |
Example
| WOLFSSL_API int wolfSSL_CTX_load_static_memory | ( | WOLFSSL_CTX ** | ctx, |
| wolfSSL_method_func | method, | ||
| unsigned char * | buf, | ||
| unsigned int | sz, | ||
| int | flag, | ||
| int | max ) |
This function is used to set aside static memory for a CTX. Memory set aside is then used for the CTX’s lifetime and for any SSL objects created from the CTX. By passing in a NULL ctx pointer and a wolfSSL_method_func function the creation of the CTX itself will also use static memory. wolfSSL_method_func has the function signature of WOLFSSL_METHOD* (wolfSSL_method_func)(void heap);. Passing in 0 for max makes it behave as if not set and no max concurrent use restrictions is in place. The flag value passed in determines how the memory is used and behavior while operating. Available flags are the following: 0 - default general memory, WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages and overrides general memory, so all memory in buffer passed in is used for IO, WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two buffers to themselves for their lifetime, WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running.
| ctx | address of pointer to a WOLFSSL_CTX structure. |
| method | function to create protocol. (should be NULL if ctx is not also NULL) |
| buf | memory to use for all operations. |
| sz | size of memory buffer being passed in. |
| flag | type of memory. |
| max | max concurrent operations. |
Example
| WOLFSSL_API int wolfSSL_CTX_LoadCRL | ( | WOLFSSL_CTX * | ctx, |
| const char * | path, | ||
| int | type, | ||
| int | monitor ) |
This function loads CRL into the WOLFSSL_CTX structure through wolfSSL_CertManagerLoadCRL().
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| path | the path to the certificate. |
| type | an integer variable holding the type of certificate. |
| monitor | an integer variable used to determine if the monitor path is requested. |
Example
| WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback | ( | WOLFSSL_CTX * | ctx, |
| wc_psk_client_callback | cb ) |
The function sets the client_psk_cb member of the WOLFSSL_CTX structure.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| cb | wc_psk_client_callback is a function pointer that will be stored in the WOLFSSL_CTX structure. |
Example
| WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback | ( | WOLFSSL_CTX * | ctx, |
| wc_psk_server_callback | cb ) |
This function sets the psk callback for the server side in the WOLFSSL_CTX structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer for the callback and will be stored in the WOLFSSL_CTX structure. |
Example
| WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb | ( | WOLFSSL_CTX * | ctx, |
| SessionTicketEncCb | cb ) |
This function sets the session ticket key encrypt callback function for a server to support session tickets as specified in RFC 5077.
| ctx | pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new(). |
| cb | user callback function to encrypt/decrypt session tickets |
| ssl(Callback) | pointer to the WOLFSSL object, created with wolfSSL_new() |
| key_name(Callback) | unique key name for this ticket context, should be randomly generated |
| iv(Callback) | unique IV for this ticket, up to 128 bits, should be randomly generated |
| mac(Callback) | up to 256 bit mac for this ticket |
| enc(Callback) | if this encrypt parameter is true the user should fill in key_name, iv, mac, and encrypt the ticket in-place of length inLen and set the resulting output length in *outLen. Returning WOLFSSL_TICKET_RET_OK tells wolfSSL that the encryption was successful. If this encrypt parameter is false, the user should perform a decrypt of the ticket in-place of length inLen using key_name, iv, and mac. The resulting decrypt length should be set in *outLen. Returning WOLFSSL_TICKET_RET_OK tells wolfSSL to proceed using the decrypted ticket. Returning WOLFSSL_TICKET_RET_CREATE tells wolfSSL to use the decrypted ticket but also to generate a new one to send to the client, helpful if recently rolled keys and don’t want to force a full handshake. Returning WOLFSSL_TICKET_RET_REJECT tells wolfSSL to reject this ticket, perform a full handshake, and create a new standard session ID for normal session resumption. Returning WOLFSSL_TICKET_RET_FATAL tells wolfSSL to end the connection attempt with a fatal error. |
| ticket(Callback) | the input/output buffer for the encrypted ticket. See the enc parameter |
| inLen(Callback) | the input length of the ticket parameter |
| outLen(Callback) | the resulting output length of the ticket parameter. When entering the callback outLen will indicate the maximum size available in the ticket buffer. |
| userCtx(Callback) | the user context set with wolfSSL_CTX_set_TicketEncCtx() |
Example
| WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx | ( | WOLFSSL_CTX * | ctx, |
| void * | userCtx ) |
This function sets the session ticket encrypt user context for the callback. For server side use.
| ctx | pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new(). |
| userCtx | the user context for the callback |
Example
| WOLFSSL_API int wolfSSL_CTX_set_TicketHint | ( | WOLFSSL_CTX * | ctx, |
| int | hint ) |
This function sets the session ticket hint relayed to the client. For server side use.
| ctx | pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new(). |
| hint | number of seconds the ticket might be valid for. Hint to client. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetCACb | ( | WOLFSSL_CTX * | ctx, |
| CallbackCACache | cb ) |
This function registers a callback with the SSL context (WOLFSSL_CTX) to be called when a new CA certificate is loaded into wolfSSL. The callback is given a buffer with the DER-encoded certificate.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| callback | function to be registered as the CA callback for the wolfSSL context, ctx. The signature of this function must follow that as shown above in the Synopsis section. |
Example
| WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb | ( | WOLFSSL_CTX * | ctx, |
| CbMissingCRL | cb ) |
This function will set the callback argument to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER structure by calling wolfSSL_CertManagerSetCRL_Cb.
| ctx | a pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new(). |
| cb | a pointer to a callback function of type CbMissingCRL. Signature requirement: void (CbMissingCRL)(const char url); |
Example
| WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackDecryptVerify | cb ) |
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. decOut is the output buffer where the result of the decryption should be stored. decIn is the encrypted input buffer and decInSz notes the size of the buffer. content and verify are needed for wolfSSL_SetTlsHmacInner() and be passed along as is. padSz is an output variable that should be set with the total value of the padding. That is, the mac size plus any padding and pad bytes. An example callback can be found wolfssl/test.h myDecryptVerifyCb().
| none | No parameters. |
Example
| WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackEccSign | cb ) |
Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myEccSign().
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackEccVerify | cb ) |
Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. sig is the signature to verify and sigSz denotes the length of the signature. hash is an input buffer containing the digest of the message and hashSz denotes the length in bytes of the hash. result is an output variable where the result of the verification should be stored, 1 for success and 0 for failure. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myEccVerify().
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackEncryptMac | cb ) |
Set the callback, against the context, that encrypts then MACs.
ctx SSL/TLS context. cb Callback function to use with Encrypt-Then-MAC.
| WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackMacEncrypt | cb ) |
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. macOut is the output buffer where the result of the mac should be stored. macIn is the mac input buffer and macInSz notes the size of the buffer. macContent and macVerify are needed for wolfSSL_SetTlsHmacInner() and be passed along as is. encOut is the output buffer where the result on the encryption should be stored. encIn is the input buffer to encrypt while encSz is the size of the input. An example callback can be found wolfssl/test.h myMacEncryptCb().
| No | parameters. |
Example
| WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb | ( | WOLFSSL_CTX * | ctx, |
| CbOCSPIO | ioCb, | ||
| CbOCSPRespFree | respFreeCb, | ||
| void * | ioCbCtx ) |
Sets the callback for the OCSP in the WOLFSSL_CTX structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| ioCb | a CbOCSPIO type that is a function pointer. |
| respFreeCb | a CbOCSPRespFree type that is a function pointer. |
| ioCbCtx | a void pointer that will be held in the WOLFSSL_CERT_MANAGER. |
Example
| WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL | ( | WOLFSSL_CTX * | ctx, |
| const char * | url ) |
This function manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the individual certificate unless the WOLFSSL_OCSP_URL_OVERRIDE option is set using the wolfSSL_CTX_EnableOCSP.
| ctx | pointer to the SSL context, created with wolfSSL_CTX_new(). |
| url | pointer to the OCSP URL for wolfSSL to use. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackRsaDec | cb ) |
Allows caller to set the Public Key Callback for RSA Private Decrypt. The callback should return the number of plaintext bytes for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to decrypt and inSz denotes the length of the input. out should be set to the beginning of the decryption buffer after the decryption process and any padding. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaDec().
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackRsaEnc | cb ) |
Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to encrypt while inSz denotes the length of the input. out is the output buffer where the result of the encryption should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the encryption should be stored there before returning. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaEnc().
| none | No parameters. |
Examples
| WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackRsaSign | cb ) |
Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaSign().
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackRsaVerify | cb ) |
Allows caller to set the Public Key Callback for RSA Verification. The callback should return the number of plaintext bytes for success or < 0 for an error. The ssl and ctx pointers are available for the user’s convenience. sig is the signature to verify and sigSz denotes the length of the signature. out should be set to the beginning of the verification buffer after the decryption process and any padding. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found wolfssl/test.h myRsaVerify().
| none | No parameters. |
| WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb | ( | WOLFSSL_CTX * | ctx, |
| CallbackVerifyDecrypt | cb ) |
Set the callback, against the context, that MAC verifies then decrypts.
ctx SSL/TLS context. cb Callback function to use with Encrypt-Then-MAC.
| WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions | ( | WOLFSSL_CTX * | ctx, |
| unsigned char | type, | ||
| unsigned char | options ) |
This function is called on the server side to configure the behavior of the SSL sessions using Server Name Indication for SSL objects created from the SSL context passed in the 'ctx' parameter. The options are explained below.
| ctx | pointer to a SSL context, created with wolfSSL_CTX_new(). |
| type | indicates which type of server name is been passed in data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 }; |
| options | a bitwise semaphore with the chosen options. The available options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort the handshake by sending a fatal-level unrecognized_name(112) alert if the hostname provided by the client mismatch with the servers. |
| WOLFSSL_SNI_CONTINUE_ON_MISMATCH | With this option set, the server will not send a SNI response instead of aborting the session. |
| WOLFSSL_SNI_ANSWER_ON_MISMATCH | With this option set, the server will send a SNI response as if the host names match instead of aborting the session. |
Example
| WOLFSSL_API int wolfSSL_CTX_UseMaxFragment | ( | WOLFSSL_CTX * | ctx, |
| unsigned char | mfl ) |
This function is called on the client side to enable the use of Maximum Fragment Length for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the Maximum Fragment Length extension will be sent on ClientHello by wolfSSL clients.
| ctx | pointer to a SSL context, created with wolfSSL_CTX_new(). |
| mfl | indicates which is the Maximum Fragment Length requested for the session. The available options are: enum { WOLFSSL_MFL_2_9 = 1 512 bytes, WOLFSSL_MFL_2_10 = 2 1024 bytes, WOLFSSL_MFL_2_11 = 3 2048 bytes WOLFSSL_MFL_2_12 = 4 4096 bytes, WOLFSSL_MFL_2_13 = 5 8192 bytes wolfSSL ONLY!!!, WOLFSSL_MFL_2_13 = 6 256 bytes wolfSSL ONLY!!! }; |
Example
| WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling | ( | WOLFSSL_CTX * | ctx, |
| unsigned char | status_type, | ||
| unsigned char | options ) |
This function requests the certificate status during the handshake.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| status_type | a byte type that is passed through to TLSX_UseCertificateStatusRequest() and stored in the CertificateStatusRequest structure. |
| options | a byte type that is passed through to TLSX_UseCertificateStatusRequest() and stored in the CertificateStatusRequest structure. |
Example
| WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2 | ( | WOLFSSL_CTX * | ctx, |
| unsigned char | status_type, | ||
| unsigned char | options ) |
Creates and initializes the certificate status request for OCSP Stapling.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| status_type | a byte type that is located in the CertificatStatusRequest structure and must be either WOLFSSL_CSR2_OCSP or WOLFSSL_CSR2_OCSP_MULTI. |
| options | a byte type that will be held in CertificateStatusRequestItemV2 struct. |
Example
| WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve | ( | WOLFSSL_CTX * | ctx, |
| word16 | name ) |
This function is called on the client side to enable the use of Supported Elliptic Curves Extension for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the supported curves enabled will be sent on ClientHello by wolfSSL clients. This function can be called more than one time to enable multiple curves.
| ctx | pointer to a SSL context, created with wolfSSL_CTX_new(). |
| name | indicates which curve will be supported for the session. The available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10, WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15, WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18, WOLFSSL_ECC_SECP521R1 = 0x19 }; |
Example
| WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC | ( | WOLFSSL_CTX * | ctx | ) |
This function is called on the client side to enable the use of Truncated HMAC for SSL objects created from the SSL context passed in the 'ctx' parameter. It means that the Truncated HMAC extension will be sent on ClientHello by wolfSSL clients.
| ctx | pointer to a SSL context, created with wolfSSL_CTX_new(). |
Example
| WOLFSSL_API int wolfSSL_DisableCRL | ( | WOLFSSL * | ssl | ) |
Disables CRL certificate revocation.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_DisableOCSP | ( | WOLFSSL * | ssl | ) |
Disables the OCSP certificate revocation option.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_dtls | ( | WOLFSSL * | ssl | ) |
This function is used to determine if the SSL session has been configured to use DTLS.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_dtls_export | ( | WOLFSSL * | ssl, |
| unsigned char * | buf, | ||
| unsigned int * | sz ) |
The wolfSSL_dtls_export() function is used to serialize a WOLFSSL session into the provided buffer. Allows for less memory overhead than using a function callback for sending a session and choice over when the session is serialized. If buffer is NULL when passed to function then sz will be set to the size of buffer needed for serializing the WOLFSSL session.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| buf | buffer to hold serialized session. |
| sz | size of buffer. |
Example
| WOLFSSL_API int wolfSSL_dtls_get_current_timeout | ( | WOLFSSL * | ssl | ) |
This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user code needs to decide when to check for available recv data and how long it has been waiting. The value returned by this function indicates how long the application should wait.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_dtls_get_peer | ( | WOLFSSL * | ssl, |
| void * | peer, | ||
| unsigned int * | peerSz ) |
This function gets the sockaddr_in (of size peerSz) of the current DTLS peer. The function will compare peerSz to the actual DTLS peer size stored in the SSL session. If the peer will fit into peer, the peer’s sockaddr_in will be copied into peer, with peerSz set to the size of peer.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| peer | pointer to memory location to store peer’s sockaddr_in structure. |
| peerSz | input/output size. As input, the size of the allocated memory pointed to by peer. As output, the size of the actual sockaddr_in structure pointed to by peer. |
Example
| WOLFSSL_API int wolfSSL_dtls_get_using_nonblock | ( | WOLFSSL * | ssl | ) |
This function allows the application to determine if wolfSSL is using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this function will return 1, otherwise 0. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out. This function is only meaningful to DTLS sessions.
| ssl | pointer to the DTLS session, created with wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_dtls_got_timeout | ( | WOLFSSL * | ssl | ) |
When using non-blocking sockets with DTLS, this function should be called on the WOLFSSL object when the controlling code thinks the transmission has timed out. It performs the actions needed to retry the last transmit, including adjusting the timeout value. If it has been too long, this will return a failure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_dtls_import | ( | WOLFSSL * | ssl, |
| unsigned char * | buf, | ||
| unsigned int | sz ) |
The wolfSSL_dtls_import() function is used to parse in a serialized session state. This allows for picking up the connection after the handshake has been completed.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| buf | serialized session to import. |
| sz | size of serialized session buffer. |
Example
| WOLFSSL_API int wolfSSL_dtls_set_export | ( | WOLFSSL * | ssl, |
| wc_dtls_export | func ) |
The wolfSSL_dtls_set_export() function is used to set the callback function for exporting a session. It is allowed to pass in NULL as the parameter func to clear the export function previously stored. Used on the server side and is called immediately after handshake is completed.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| func | wc_dtls_export function to use when exporting a session. |
Example
| WOLFSSL_API int wolfSSL_dtls_set_peer | ( | WOLFSSL * | ssl, |
| void * | peer, | ||
| unsigned int | peerSz ) |
This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| peer | pointer to peer’s sockaddr_in structure. |
| peerSz | size of the sockaddr_in structure pointed to by peer. |
Example
| WOLFSSL_API int wolfSSL_dtls_set_timeout_max | ( | WOLFSSL * | ssl, |
| int | timeout ) |
This function sets the maximum dtls timeout.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| timeout | an int type representing the dtls maximum timeout. |
Example
| WOLFSSL_API void wolfSSL_dtls_set_using_nonblock | ( | WOLFSSL * | ssl, |
| int | nonblock ) |
This function informs the WOLFSSL DTLS object that the underlying UDP I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.
| ssl | pointer to the DTLS session, created with wolfSSL_new(). |
| nonblock | value used to set non-blocking flag on WOLFSSL object. Use 1 to specify non-blocking, otherwise 0. |
Example
| WOLFSSL_API int wolfSSL_EnableCRL | ( | WOLFSSL * | ssl, |
| int | options ) |
Enables CRL certificate revocation.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| options | an integer that is used to determine the setting of crlCheckAll member of the WOLFSSL_CERT_MANAGER structure. |
Example
| WOLFSSL_API int wolfSSL_EnableOCSP | ( | WOLFSSL * | ssl, |
| int | options ) |
This function enables OCSP certificate verification.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| options | an integer type passed to wolfSSL_CertMangerENableOCSP() used for settings check. |
Example
| WOLFSSL_API char * wolfSSL_get_cipher_list_ex | ( | WOLFSSL * | ssl, |
| int | priority ) |
Get the name of cipher at priority level passed in.
| WOLFSSL_API int wolfSSL_GetAeadMacSize | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_AEAD_TYPE.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetBulkCipher | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated bulk cipher algorithm from the handshake.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetCipherBlockSize | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated cipher block size from the handshake.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetCipherType | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated cipher type from the handshake.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteIV | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the client write IV (initialization vector) from the handshake process.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteKey | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the client write key from the handshake process.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API void * wolfSSL_GetDecryptVerifyCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previously stored with wolfSSL_SetDecryptVerifyCtx().
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetEccSignCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key Ecc Signing Callback Context previously stored with wolfSSL_SetEccSignCtx().
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetEccVerifyCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key Ecc Verification Callback Context previously stored with wolfSSL_SetEccVerifyCtx().
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetEncryptMacCtx | ( | WOLFSSL * | ssl | ) |
Get the context being used with callback that encrypts then MACs.
ssl SSL/TLS object. returns callback function's context or NULL if SSL/TLS object is NULL.
| WOLFSSL_API int wolfSSL_GetHmacSize | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOLFSSL_AEAD_TYPE.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetHmacType | ( | WOLFSSL * | ssl | ) |
Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOLFSSL_AEAD_TYPE.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetKeySize | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the key size from the handshake process.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API void * wolfSSL_GetMacEncryptCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously stored with wolfSSL_SetMacEncryptCtx().
| none | No parameters. |
Example
| WOLFSSL_API const unsigned char * wolfSSL_GetMacSecret | ( | WOLFSSL * | ssl, |
| int | verify ) |
Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies whether this is for verification of a peer message.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
| verify | specifies whether this is for verification of a peer message. |
Example
| WOLFSSL_API int wolfSSL_GetMaxOutputSize | ( | WOLFSSL * | ssl | ) |
Returns the maximum record layer size for plaintext data. This will correspond to either the maximum SSL/TLS record size as specified by the protocol standard, the maximum TLS fragment size as set by the TLS Max Fragment Length extension. This function is helpful when the application has called wolfSSL_GetOutputSize() and received a INPUT_SIZE_E error. This function must be called after the SSL/TLS handshake has been completed.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetObjectSize | ( | void | ) |
This function returns the size of the WOLFSSL object and will be dependent on build options and settings. If SHOW_SIZES has been defined when building wolfSSL, this function will also print the sizes of individual objects within the WOLFSSL object (Suites, Ciphers, etc.) to stdout.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_GetOutputSize | ( | WOLFSSL * | ssl, |
| int | inSz ) |
Returns the record layer size of the plaintext input. This is helpful when an application wants to know how many bytes will be sent across the Transport layer, given a specified plaintext input size. This function must be called after the SSL/TLS handshake has been completed.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
| inSz | size of plaintext data. |
Example
| WOLFSSL_API void * wolfSSL_GetRsaDecCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key RSA Private Decrypt Callback Context previously stored with wolfSSL_SetRsaDecCtx().
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetRsaEncCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key RSA Public Encrypt Callback Context previously stored with wolfSSL_SetRsaEncCtx().
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetRsaSignCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key RSA Signing Callback Context previously stored with wolfSSL_SetRsaSignCtx().
| none | No parameters. |
| none | No parameters. |
Example
| WOLFSSL_API void * wolfSSL_GetRsaVerifyCtx | ( | WOLFSSL * | ssl | ) |
Allows caller to retrieve the Public Key RSA Verification Callback Context previously stored with wolfSSL_SetRsaVerifyCtx().
| none | No parameters. |
Example
| WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteIV | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the server write IV (initialization vector) from the handshake process.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
| WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteKey | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the server write key from the handshake process.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_GetSide | ( | WOLFSSL * | ssl | ) |
Allows retrieval of the side of this WOLFSSL connection.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API void * wolfSSL_GetVerifyDecryptCtx | ( | WOLFSSL * | ssl | ) |
Get the context being used with callback that MAC verifies then decrypts.
ssl SSL/TLS object. returns callback function's context or NULL if SSL/TLS object is NULL.
| WOLFSSL_API int wolfSSL_is_static_memory | ( | WOLFSSL * | ssl, |
| WOLFSSL_MEM_CONN_STATS * | mem_stats ) |
wolfSSL_is_static_memory is used to gather information about a SSL’s static memory usage. The return value indicates if static memory is being used and WOLFSSL_MEM_CONN_STATS will be filled out if and only if the flag WOLFMEM_TRACK_STATS was passed to the parent CTX when loading in static memory.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| mem_stats | structure to contain static memory usage. |
Example
| WOLFSSL_API int wolfSSL_IsTLSv1_1 | ( | WOLFSSL * | ssl | ) |
Allows caller to determine if the negotiated protocol version is at least TLS version 1.1 or greater.
| ssl | a pointer to a WOLFSSL object, created using wolfSSL_new(). |
Example
| WOLFSSL_API int wolfSSL_LoadCRL | ( | WOLFSSL * | ssl, |
| const char * | path, | ||
| int | type, | ||
| int | monitor ) |
A wrapper function that ends up calling LoadCRL to load the certificate for revocation checking.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| path | a constant character pointer that holds the path to the crl file. |
| type | an integer representing the type of certificate. |
| monitor | an integer variable used to verify the monitor path if requested. |
Example
| WOLFSSL_API void wolfSSL_set_psk_client_callback | ( | WOLFSSL * | ssl, |
| wc_psk_client_callback | cb ) |
Sets the PSK client side callback.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer to type wc_psk_client_callback. |
Example
| WOLFSSL_API void wolfSSL_set_psk_server_callback | ( | WOLFSSL * | ssl, |
| wc_psk_server_callback | cb ) |
Sets the psk callback for the server side by setting the WOLFSSL structure options members.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer for the callback and will be stored in the WOLFSSL structure. |
Example
| WOLFSSL_API int wolfSSL_set_session_secret_cb | ( | WOLFSSL * | ssl, |
| SessionSecretCb | cb, | ||
| void * | ctx ) |
This function sets the session secret callback function. The SessionSecretCb type has the signature: int (SessionSecretCb)(WOLFSSL ssl, void* secret, int* secretSz, void* ctx). The sessionSecretCb member of the WOLFSSL struct is set to the parameter cb.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a SessionSecretCb type that is a function pointer with the above signature. |
Example
| WOLFSSL_API int wolfSSL_set_SessionTicket_cb | ( | WOLFSSL * | ssl, |
| CallbackSessionTicket | cb, | ||
| void * | ctx ) |
This function sets the session ticket callback. The type CallbackSessionTicket is a function pointer with the signature of: int (CallbackSessionTicket)(WOLFSSL, const unsigned char*, int, void*)
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer to the type CallbackSessionTicket. |
| ctx | a void pointer to the session_ticket_ctx member of the WOLFSSL structure. |
Example
| WOLFSSL_API int wolfSSL_SetCRL_Cb | ( | WOLFSSL * | ssl, |
| CbMissingCRL | cb ) |
Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer to CbMissingCRL. |
Example
| WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetEccSignCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key Ecc Signing Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetEccVerifyCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key Ecc Verification Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetEncryptMacCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Set the context to use with callback that encrypts then MACs.
ssl SSL/TLS object. ctx Callback function's context.
| WOLFSSL_API void wolfSSL_SetFuzzerCb | ( | WOLFSSL * | ssl, |
| CallbackFuzzer | cbf, | ||
| void * | fCtx ) |
This function sets the fuzzer callback.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cbf | a CallbackFuzzer type that is a function pointer of the form: int (CallbackFuzzer)(WOLFSSL ssl, const unsigned char* buf, int sz, int type, void* fuzzCtx); |
| fCtx | a void pointer type that will be set to the fuzzerCtx member of the WOLFSSL structure. |
Example
| WOLFSSL_API int wolfSSL_SetHsDoneCb | ( | WOLFSSL * | ssl, |
| HandShakeDoneCb | cb, | ||
| void * | user_ctx ) |
This function sets the handshake done callback. The hsDoneCb and hsDoneCtx members of the WOLFSSL structure are set in this function.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| cb | a function pointer of type HandShakeDoneCb with the signature of the form: int (HandShakeDoneCb)(WOLFSSL, void*); |
| user_ctx | a void pointer to the user registered context. |
Example
| WOLFSSL_API void wolfSSL_SetMacEncryptCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_SetOCSP_Cb | ( | WOLFSSL * | ssl, |
| CbOCSPIO | ioCb, | ||
| CbOCSPRespFree | respFreeCb, | ||
| void * | ioCbCtx ) |
This function sets the OCSP callback in the WOLFSSL_CERT_MANAGER structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| ioCb | a function pointer to type CbOCSPIO. |
| respFreeCb | a function pointer to type CbOCSPRespFree which is the call to free the response memory. |
| ioCbCtx | a void pointer that will be held in the ocspIOCtx member of the CM. |
Example
| WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL | ( | WOLFSSL * | ssl, |
| const char * | url ) |
This function sets the ocspOverrideURL member in the WOLFSSL_CERT_MANAGER structure.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| url | a constant char pointer to the url that will be stored in the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure. |
Example
| WOLFSSL_API void wolfSSL_SetRsaDecCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key RSA Private Decrypt Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetRsaEncCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key RSA Public Encrypt Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetRsaSignCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key RSA Signing Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetRsaVerifyCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Allows caller to set the Public Key RSA Verification Callback Context to ctx.
| none | No parameters. |
Example
| WOLFSSL_API int wolfSSL_SetTlsHmacInner | ( | WOLFSSL * | ssl, |
| unsigned char * | inner, | ||
| word32 | sz, | ||
| int | content, | ||
| int | verify ) |
Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to inner which should be at least wolfSSL_GetHmacSize() bytes. The size of the message is specified by sz, content is the type of message, and verify specifies whether this is a verification of a peer message. Valid for cipher types excluding WOLFSSL_AEAD_TYPE.
| none | No parameters. |
Example
| WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx | ( | WOLFSSL * | ssl, |
| void * | ctx ) |
Set the context to use with callback that MAC verifies then decrypts.
ssl SSL/TLS object. ctx Callback function's context.
| WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest | ( | WOLFSSL * | ssl, |
| unsigned char | type, | ||
| void ** | data ) |
This function is called on the server side to retrieve the Server Name Indication provided by the client in a SSL session.
| ssl | pointer to a SSL object, created with wolfSSL_new(). |
| type | indicates which type of server name is been retrieved in data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 }; |
| data | pointer to the data provided by the client. |
Example
| WOLFSSL_API void wolfSSL_SNI_SetOptions | ( | WOLFSSL * | ssl, |
| unsigned char | type, | ||
| unsigned char | options ) |
This function is called on the server side to configure the behavior of the SSL session using Server Name Indication in the SSL object passed in the 'ssl' parameter. The options are explained below.
| ssl | pointer to a SSL object, created with wolfSSL_new(). |
| type | indicates which type of server name is been passed in data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 }; |
| options | a bitwise semaphore with the chosen options. The available options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort the handshake by sending a fatal-level unrecognized_name(112) alert if the hostname provided by the client mismatch with the servers. |
| WOLFSSL_SNI_CONTINUE_ON_MISMATCH | With this option set, the server will not send a SNI response instead of aborting the session. |
| WOLFSSL_SNI_ANSWER_ON_MISMATCH | - With this option set, the server will send a SNI response as if the host names match instead of aborting the session. |
Example
| WOLFSSL_API int wolfSSL_UseMaxFragment | ( | WOLFSSL * | ssl, |
| unsigned char | mfl ) |
This function is called on the client side to enable the use of Maximum Fragment Length in the SSL object passed in the 'ssl' parameter. It means that the Maximum Fragment Length extension will be sent on ClientHello by wolfSSL clients.
| ssl | pointer to a SSL object, created with wolfSSL_new(). |
| mfl | indicates witch is the Maximum Fragment Length requested for the session. The available options are: enum { WOLFSSL_MFL_2_9 = 1, 512 bytes WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192 bytes wolfSSL ONLY!!! }; |
Example
| WOLFSSL_API int wolfSSL_UseOCSPStapling | ( | WOLFSSL * | ssl, |
| unsigned char | status_type, | ||
| unsigned char | options ) |
Stapling eliminates the need to contact the CA. Stapling lowers the cost of certificate revocation check presented in OCSP.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| status_type | a byte type that is passed through to TLSX_UseCertificateStatusRequest() and stored in the CertificateStatusRequest structure. |
| options | a byte type that is passed through to TLSX_UseCertificateStatusRequest() and stored in the CertificateStatusRequest structure. |
Example
| WOLFSSL_API int wolfSSL_UseOCSPStaplingV2 | ( | WOLFSSL * | ssl, |
| unsigned char | status_type, | ||
| unsigned char | options ) |
The function sets the status type and options for OCSP.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| status_type | a byte type that loads the OCSP status type. |
| options | a byte type that holds the OCSP options, set in wolfSSL_SNI_SetOptions() and wolfSSL_CTX_SNI_SetOptions(). |
Example
| WOLFSSL_API int wolfSSL_UseSupportedCurve | ( | WOLFSSL * | ssl, |
| word16 | name ) |
This function is called on the client side to enable the use of Supported Elliptic Curves Extension in the SSL object passed in the 'ssl' parameter. It means that the supported curves enabled will be sent on ClientHello by wolfSSL clients. This function can be called more than one time to enable multiple curves.
| ssl | pointer to a SSL object, created with wolfSSL_new(). |
| name | indicates which curve will be supported for the session. The available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10, WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15, WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18, WOLFSSL_ECC_SECP521R1 = 0x19 }; |
Example
| WOLFSSL_API int wolfSSL_UseTruncatedHMAC | ( | WOLFSSL * | ssl | ) |
This function is called on the client side to enable the use of Truncated HMAC in the SSL object passed in the 'ssl' parameter. It means that the Truncated HMAC extension will be sent on ClientHello by wolfSSL clients.
| ssl | pointer to a SSL object, created with wolfSSL_new() |
Example
| WOLFSSL_API int wolfSSL_X509_ALGOR_set0 | ( | WOLFSSL_X509_ALGOR * | algor, |
| WOLFSSL_ASN1_OBJECT * | aobj, | ||
| int | ptype, | ||
| void * | pval ) |
Populate algor members.
| algor | The object to be set |
| aobj | The value to be set in algor->algorithm |
| ptype | The type of algor->parameter |
| pval | The value of algor->parameter |
| WOLFSSL_API int wolfSSL_X509_get_isCA | ( | WOLFSSL_X509 * | x509 | ) |
\ingroup CertsKeys
\brief Checks the isCa member of the WOLFSSL_X509 structure and returns
the value.
\return isCA returns the value in the isCA member of the WOLFSSL_X509
structure is returned.
\return 0 returned if there is not a valid x509 structure passed in.
\param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
_Example_
/code
WOLFSSL* ssl;
...
WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
WOLFSSL* ssl = wolfSSL_new(ctx);
...
if(wolfSSL_X509_get_isCA(ssl)){
This is the CA }else { Failure case }
| WOLFSSL_API void wolfSSL_X509_PUBKEY_free | ( | WOLFSSL_X509_PUBKEY * | x | ) |
Free WOLFSSL_X509_PUBKEY and all its members.
| at | Object to free |
| WOLFSSL_API WOLFSSL_X509_PUBKEY * wolfSSL_X509_PUBKEY_new | ( | void | ) |
Allocate a new WOLFSSL_X509_PUBKEY object.