PolarSSL v1.1.4
Data Structures | Defines | Typedefs | Enumerations | Functions | Variables
ssl.h File Reference

SSL/TLS functions. More...

#include <time.h>
#include "net.h"
#include "dhm.h"
#include "rsa.h"
#include "md5.h"
#include "sha1.h"
#include "x509.h"
#include "config.h"
Include dependency graph for ssl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _ssl_session
struct  _ssl_context

Defines

#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE   -0x7080
 The requested feature is not available.
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA   -0x7100
 Bad input parameters to function.
#define POLARSSL_ERR_SSL_INVALID_MAC   -0x7180
 Verification of the message MAC failed.
#define POLARSSL_ERR_SSL_INVALID_RECORD   -0x7200
 An invalid SSL record was received.
#define POLARSSL_ERR_SSL_CONN_EOF   -0x7280
 The connection indicated an EOF.
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER   -0x7300
 An unknown cipher was received.
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN   -0x7380
 The server has no ciphersuites in common with the client.
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND   -0x7400
 No session to recover was found.
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE   -0x7480
 No client certification received from the client, but required by the authentication mode.
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE   -0x7500
 Our own certificate(s) is/are too large to send in an SSL message.
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED   -0x7580
 The own certificate is not set, but needed by the server.
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED   -0x7600
 The own private key is not set, but needed.
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680
 No CA Chain is set, but required to operate.
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE   -0x7700
 An unexpected message was received from our peer.
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE   -0x7780
 A fatal alert message was received from our peer.
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED   -0x7800
 Verification of our peer failed.
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY   -0x7880
 The peer notified us that the connection is going to be closed.
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO   -0x7900
 Processing of the ClientHello handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO   -0x7980
 Processing of the ServerHello handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE   -0x7A00
 Processing of the Certificate handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST   -0x7A80
 Processing of the CertificateRequest handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE   -0x7B00
 Processing of the ServerKeyExchange handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE   -0x7B80
 Processing of the ServerHelloDone handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE   -0x7C00
 Processing of the ClientKeyExchange handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP   -0x7C80
 Processing of the ClientKeyExchange handshake message failed in DHM Read Public.
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS   -0x7D00
 Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY   -0x7D80
 Processing of the CertificateVerify handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC   -0x7E00
 Processing of the ChangeCipherSpec handshake message failed.
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED   -0x7E80
 Processing of the Finished handshake message failed.
#define POLARSSL_ERR_SSL_MALLOC_FAILED   -0x7F00
 Memory allocation failed.
#define SSL_MAJOR_VERSION_3   3
#define SSL_MINOR_VERSION_0   0
#define SSL_MINOR_VERSION_1   1
#define SSL_MINOR_VERSION_2   2
#define SSL_IS_CLIENT   0
#define SSL_IS_SERVER   1
#define SSL_COMPRESS_NULL   0
#define SSL_VERIFY_NONE   0
#define SSL_VERIFY_OPTIONAL   1
#define SSL_VERIFY_REQUIRED   2
#define SSL_MAX_CONTENT_LEN   16384
#define SSL_BUFFER_LEN   (SSL_MAX_CONTENT_LEN + 512)
#define SSL_RSA_RC4_128_MD5   0x04
#define SSL_RSA_RC4_128_SHA   0x05
#define SSL_RSA_DES_168_SHA   0x0A
#define SSL_EDH_RSA_DES_168_SHA   0x16
#define SSL_RSA_AES_128_SHA   0x2F
#define SSL_EDH_RSA_AES_128_SHA   0x33
#define SSL_RSA_AES_256_SHA   0x35
#define SSL_EDH_RSA_AES_256_SHA   0x39
#define SSL_RSA_CAMELLIA_128_SHA   0x41
#define SSL_EDH_RSA_CAMELLIA_128_SHA   0x45
#define SSL_RSA_CAMELLIA_256_SHA   0x84
#define SSL_EDH_RSA_CAMELLIA_256_SHA   0x88
#define SSL_MSG_CHANGE_CIPHER_SPEC   20
#define SSL_MSG_ALERT   21
#define SSL_MSG_HANDSHAKE   22
#define SSL_MSG_APPLICATION_DATA   23
#define SSL_ALERT_LEVEL_WARNING   1
#define SSL_ALERT_LEVEL_FATAL   2
#define SSL_ALERT_MSG_CLOSE_NOTIFY   0
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE   10
#define SSL_ALERT_MSG_BAD_RECORD_MAC   20
#define SSL_ALERT_MSG_DECRYPTION_FAILED   21
#define SSL_ALERT_MSG_RECORD_OVERFLOW   22
#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE   30
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE   40
#define SSL_ALERT_MSG_NO_CERT   41
#define SSL_ALERT_MSG_BAD_CERT   42
#define SSL_ALERT_MSG_UNSUPPORTED_CERT   43
#define SSL_ALERT_MSG_CERT_REVOKED   44
#define SSL_ALERT_MSG_CERT_EXPIRED   45
#define SSL_ALERT_MSG_CERT_UNKNOWN   46
#define SSL_ALERT_MSG_ILLEGAL_PARAMETER   47
#define SSL_ALERT_MSG_UNKNOWN_CA   48
#define SSL_ALERT_MSG_ACCESS_DENIED   49
#define SSL_ALERT_MSG_DECODE_ERROR   50
#define SSL_ALERT_MSG_DECRYPT_ERROR   51
#define SSL_ALERT_MSG_EXPORT_RESTRICTION   60
#define SSL_ALERT_MSG_PROTOCOL_VERSION   70
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY   71
#define SSL_ALERT_MSG_INTERNAL_ERROR   80
#define SSL_ALERT_MSG_USER_CANCELED   90
#define SSL_ALERT_MSG_NO_RENEGOTIATION   100
#define SSL_HS_HELLO_REQUEST   0
#define SSL_HS_CLIENT_HELLO   1
#define SSL_HS_SERVER_HELLO   2
#define SSL_HS_CERTIFICATE   11
#define SSL_HS_SERVER_KEY_EXCHANGE   12
#define SSL_HS_CERTIFICATE_REQUEST   13
#define SSL_HS_SERVER_HELLO_DONE   14
#define SSL_HS_CERTIFICATE_VERIFY   15
#define SSL_HS_CLIENT_KEY_EXCHANGE   16
#define SSL_HS_FINISHED   20
#define TLS_EXT_SERVERNAME   0
#define TLS_EXT_SERVERNAME_HOSTNAME   0

Typedefs

typedef struct _ssl_session ssl_session
typedef struct _ssl_context ssl_context

Enumerations

enum  ssl_states {
  SSL_HELLO_REQUEST, SSL_CLIENT_HELLO, SSL_SERVER_HELLO, SSL_SERVER_CERTIFICATE,
  SSL_SERVER_KEY_EXCHANGE, SSL_CERTIFICATE_REQUEST, SSL_SERVER_HELLO_DONE, SSL_CLIENT_CERTIFICATE,
  SSL_CLIENT_KEY_EXCHANGE, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED,
  SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_FLUSH_BUFFERS, SSL_HANDSHAKE_OVER
}

Functions

static const int * ssl_list_ciphersuites (void)
 Returns the list of ciphersuites supported by the SSL/TLS module.
const char * ssl_get_ciphersuite_name (const int ciphersuite_id)
 Return the name of the ciphersuite associated with the given ID.
int ssl_get_ciphersuite_id (const char *ciphersuite_name)
 Return the ID of the ciphersuite associated with the given name.
int ssl_init (ssl_context *ssl)
 Initialize an SSL context.
void ssl_session_reset (ssl_context *ssl)
 Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
void ssl_set_endpoint (ssl_context *ssl, int endpoint)
 Set the current endpoint type.
void ssl_set_authmode (ssl_context *ssl, int authmode)
 Set the certificate verification mode.
void ssl_set_verify (ssl_context *ssl, int(*f_vrfy)(void *, x509_cert *, int, int), void *p_vrfy)
 Set the verification callback (Optional).
void ssl_set_rng (ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Set the random number generator callback.
void ssl_set_dbg (ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg)
 Set the debug callback.
void ssl_set_bio (ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send)
 Set the underlying BIO read and write callbacks.
void ssl_set_scb (ssl_context *ssl, int(*s_get)(ssl_context *), int(*s_set)(ssl_context *))
 Set the session callbacks (server-side only)
void ssl_set_session (ssl_context *ssl, int resume, int timeout, ssl_session *session)
 Set the session resuming flag, timeout and data.
void ssl_set_ciphersuites (ssl_context *ssl, int *ciphersuites)
 Set the list of allowed ciphersuites.
void ssl_set_ca_chain (ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn)
 Set the data required to verify peer certificate.
void ssl_set_own_cert (ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key)
 Set own certificate and private key.
int ssl_set_dh_param (ssl_context *ssl, const char *dhm_P, const char *dhm_G)
 Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)
int ssl_set_dh_param_ctx (ssl_context *ssl, dhm_context *dhm_ctx)
 Set the Diffie-Hellman public P and G values, read from existing context (server-side only)
int ssl_set_hostname (ssl_context *ssl, const char *hostname)
 Set hostname for ServerName TLS Extension.
void ssl_set_max_version (ssl_context *ssl, int major, int minor)
 Set the maximum supported version sent from the client side.
size_t ssl_get_bytes_avail (const ssl_context *ssl)
 Return the number of data bytes available to read.
int ssl_get_verify_result (const ssl_context *ssl)
 Return the result of the certificate verification.
const char * ssl_get_ciphersuite (const ssl_context *ssl)
 Return the name of the current ciphersuite.
const char * ssl_get_version (const ssl_context *ssl)
 Return the current SSL version (SSLv3/TLSv1/etc)
int ssl_handshake (ssl_context *ssl)
 Perform the SSL handshake.
int ssl_read (ssl_context *ssl, unsigned char *buf, size_t len)
 Read at most 'len' application data bytes.
int ssl_write (ssl_context *ssl, const unsigned char *buf, size_t len)
 Write exactly 'len' application data bytes.
int ssl_close_notify (ssl_context *ssl)
 Notify the peer that the connection is being closed.
void ssl_free (ssl_context *ssl)
 Free an SSL context.
int ssl_handshake_client (ssl_context *ssl)
int ssl_handshake_server (ssl_context *ssl)
int ssl_derive_keys (ssl_context *ssl)
void ssl_calc_verify (ssl_context *ssl, unsigned char hash[36])
int ssl_read_record (ssl_context *ssl)
int ssl_fetch_input (ssl_context *ssl, size_t nb_want)
int ssl_write_record (ssl_context *ssl)
int ssl_flush_output (ssl_context *ssl)
int ssl_parse_certificate (ssl_context *ssl)
int ssl_write_certificate (ssl_context *ssl)
int ssl_parse_change_cipher_spec (ssl_context *ssl)
int ssl_write_change_cipher_spec (ssl_context *ssl)
int ssl_parse_finished (ssl_context *ssl)
int ssl_write_finished (ssl_context *ssl)

Variables

int ssl_default_ciphersuites []

Detailed Description

SSL/TLS functions.

Copyright (C) 2006-2010, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file ssl.h.


Define Documentation

Processing of the Certificate handshake message failed.

Definition at line 74 of file ssl.h.

Processing of the CertificateRequest handshake message failed.

Definition at line 75 of file ssl.h.

Processing of the CertificateVerify handshake message failed.

Definition at line 81 of file ssl.h.

Processing of the ChangeCipherSpec handshake message failed.

Definition at line 82 of file ssl.h.

Processing of the ClientHello handshake message failed.

Definition at line 72 of file ssl.h.

Processing of the ClientKeyExchange handshake message failed.

Definition at line 78 of file ssl.h.

Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret.

Definition at line 80 of file ssl.h.

Processing of the ClientKeyExchange handshake message failed in DHM Read Public.

Definition at line 79 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_FINISHED   -0x7E80

Processing of the Finished handshake message failed.

Definition at line 83 of file ssl.h.

Processing of the ServerHello handshake message failed.

Definition at line 73 of file ssl.h.

Processing of the ServerHelloDone handshake message failed.

Definition at line 77 of file ssl.h.

Processing of the ServerKeyExchange handshake message failed.

Definition at line 76 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_INPUT_DATA   -0x7100

Bad input parameters to function.

Definition at line 56 of file ssl.h.

#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680

No CA Chain is set, but required to operate.

Definition at line 67 of file ssl.h.

The own certificate is not set, but needed by the server.

Definition at line 65 of file ssl.h.

Our own certificate(s) is/are too large to send in an SSL message.

Definition at line 64 of file ssl.h.

#define POLARSSL_ERR_SSL_CONN_EOF   -0x7280

The connection indicated an EOF.

Definition at line 59 of file ssl.h.

A fatal alert message was received from our peer.

Definition at line 69 of file ssl.h.

The requested feature is not available.

Definition at line 55 of file ssl.h.

#define POLARSSL_ERR_SSL_INVALID_MAC   -0x7180

Verification of the message MAC failed.

Definition at line 57 of file ssl.h.

#define POLARSSL_ERR_SSL_INVALID_RECORD   -0x7200

An invalid SSL record was received.

Definition at line 58 of file ssl.h.

#define POLARSSL_ERR_SSL_MALLOC_FAILED   -0x7F00

Memory allocation failed.

Definition at line 84 of file ssl.h.

#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN   -0x7380

The server has no ciphersuites in common with the client.

Definition at line 61 of file ssl.h.

No client certification received from the client, but required by the authentication mode.

Definition at line 63 of file ssl.h.

#define POLARSSL_ERR_SSL_NO_SESSION_FOUND   -0x7400

No session to recover was found.

Definition at line 62 of file ssl.h.

#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY   -0x7880

The peer notified us that the connection is going to be closed.

Definition at line 71 of file ssl.h.

Verification of our peer failed.

Definition at line 70 of file ssl.h.

The own private key is not set, but needed.

Definition at line 66 of file ssl.h.

An unexpected message was received from our peer.

Definition at line 68 of file ssl.h.

#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER   -0x7300

An unknown cipher was received.

Definition at line 60 of file ssl.h.

#define SSL_ALERT_LEVEL_FATAL   2

Definition at line 136 of file ssl.h.

#define SSL_ALERT_LEVEL_WARNING   1

Definition at line 135 of file ssl.h.

#define SSL_ALERT_MSG_ACCESS_DENIED   49

Definition at line 153 of file ssl.h.

#define SSL_ALERT_MSG_BAD_CERT   42

Definition at line 146 of file ssl.h.

Definition at line 140 of file ssl.h.

#define SSL_ALERT_MSG_CERT_EXPIRED   45

Definition at line 149 of file ssl.h.

#define SSL_ALERT_MSG_CERT_REVOKED   44

Definition at line 148 of file ssl.h.

#define SSL_ALERT_MSG_CERT_UNKNOWN   46

Definition at line 150 of file ssl.h.

Definition at line 138 of file ssl.h.

#define SSL_ALERT_MSG_DECODE_ERROR   50

Definition at line 154 of file ssl.h.

Definition at line 143 of file ssl.h.

#define SSL_ALERT_MSG_DECRYPT_ERROR   51

Definition at line 155 of file ssl.h.

Definition at line 141 of file ssl.h.

Definition at line 156 of file ssl.h.

Definition at line 144 of file ssl.h.

Definition at line 151 of file ssl.h.

Definition at line 158 of file ssl.h.

Definition at line 159 of file ssl.h.

#define SSL_ALERT_MSG_NO_CERT   41

Definition at line 145 of file ssl.h.

Definition at line 161 of file ssl.h.

Definition at line 157 of file ssl.h.

Definition at line 142 of file ssl.h.

Definition at line 139 of file ssl.h.

#define SSL_ALERT_MSG_UNKNOWN_CA   48

Definition at line 152 of file ssl.h.

Definition at line 147 of file ssl.h.

#define SSL_ALERT_MSG_USER_CANCELED   90

Definition at line 160 of file ssl.h.

#define SSL_BUFFER_LEN   (SSL_MAX_CONTENT_LEN + 512)

Definition at line 108 of file ssl.h.

#define SSL_COMPRESS_NULL   0

Definition at line 96 of file ssl.h.

#define SSL_EDH_RSA_AES_128_SHA   0x33

Definition at line 118 of file ssl.h.

#define SSL_EDH_RSA_AES_256_SHA   0x39

Definition at line 120 of file ssl.h.

#define SSL_EDH_RSA_CAMELLIA_128_SHA   0x45

Definition at line 123 of file ssl.h.

#define SSL_EDH_RSA_CAMELLIA_256_SHA   0x88

Definition at line 125 of file ssl.h.

#define SSL_EDH_RSA_DES_168_SHA   0x16

Definition at line 116 of file ssl.h.

#define SSL_HS_CERTIFICATE   11

Definition at line 166 of file ssl.h.

#define SSL_HS_CERTIFICATE_REQUEST   13

Definition at line 168 of file ssl.h.

#define SSL_HS_CERTIFICATE_VERIFY   15

Definition at line 170 of file ssl.h.

#define SSL_HS_CLIENT_HELLO   1

Definition at line 164 of file ssl.h.

#define SSL_HS_CLIENT_KEY_EXCHANGE   16

Definition at line 171 of file ssl.h.

#define SSL_HS_FINISHED   20

Definition at line 172 of file ssl.h.

#define SSL_HS_HELLO_REQUEST   0

Definition at line 163 of file ssl.h.

#define SSL_HS_SERVER_HELLO   2

Definition at line 165 of file ssl.h.

#define SSL_HS_SERVER_HELLO_DONE   14

Definition at line 169 of file ssl.h.

#define SSL_HS_SERVER_KEY_EXCHANGE   12

Definition at line 167 of file ssl.h.

#define SSL_IS_CLIENT   0

Definition at line 94 of file ssl.h.

#define SSL_IS_SERVER   1

Definition at line 95 of file ssl.h.

#define SSL_MAJOR_VERSION_3   3

Definition at line 89 of file ssl.h.

#define SSL_MAX_CONTENT_LEN   16384

Definition at line 102 of file ssl.h.

#define SSL_MINOR_VERSION_0   0

SSL v3.0

Definition at line 90 of file ssl.h.

#define SSL_MINOR_VERSION_1   1

TLS v1.0

Definition at line 91 of file ssl.h.

#define SSL_MINOR_VERSION_2   2

TLS v1.1

Definition at line 92 of file ssl.h.

#define SSL_MSG_ALERT   21

Definition at line 131 of file ssl.h.

#define SSL_MSG_APPLICATION_DATA   23

Definition at line 133 of file ssl.h.

#define SSL_MSG_CHANGE_CIPHER_SPEC   20

Definition at line 130 of file ssl.h.

#define SSL_MSG_HANDSHAKE   22

Definition at line 132 of file ssl.h.

#define SSL_RSA_AES_128_SHA   0x2F

Definition at line 117 of file ssl.h.

#define SSL_RSA_AES_256_SHA   0x35

Definition at line 119 of file ssl.h.

#define SSL_RSA_CAMELLIA_128_SHA   0x41

Definition at line 122 of file ssl.h.

#define SSL_RSA_CAMELLIA_256_SHA   0x84

Definition at line 124 of file ssl.h.

#define SSL_RSA_DES_168_SHA   0x0A

Definition at line 115 of file ssl.h.

#define SSL_RSA_RC4_128_MD5   0x04

Definition at line 113 of file ssl.h.

#define SSL_RSA_RC4_128_SHA   0x05

Definition at line 114 of file ssl.h.

#define SSL_VERIFY_NONE   0

Definition at line 98 of file ssl.h.

#define SSL_VERIFY_OPTIONAL   1

Definition at line 99 of file ssl.h.

#define SSL_VERIFY_REQUIRED   2

Definition at line 100 of file ssl.h.

#define TLS_EXT_SERVERNAME   0

Definition at line 177 of file ssl.h.

Definition at line 178 of file ssl.h.


Typedef Documentation

typedef struct _ssl_context ssl_context

Definition at line 205 of file ssl.h.

typedef struct _ssl_session ssl_session

Definition at line 204 of file ssl.h.


Enumeration Type Documentation

enum ssl_states
Enumerator:
SSL_HELLO_REQUEST 
SSL_CLIENT_HELLO 
SSL_SERVER_HELLO 
SSL_SERVER_CERTIFICATE 
SSL_SERVER_KEY_EXCHANGE 
SSL_CERTIFICATE_REQUEST 
SSL_SERVER_HELLO_DONE 
SSL_CLIENT_CERTIFICATE 
SSL_CLIENT_KEY_EXCHANGE 
SSL_CERTIFICATE_VERIFY 
SSL_CLIENT_CHANGE_CIPHER_SPEC 
SSL_CLIENT_FINISHED 
SSL_SERVER_CHANGE_CIPHER_SPEC 
SSL_SERVER_FINISHED 
SSL_FLUSH_BUFFERS 
SSL_HANDSHAKE_OVER 

Definition at line 183 of file ssl.h.


Function Documentation

void ssl_calc_verify ( ssl_context ssl,
unsigned char  hash[36] 
)
int ssl_close_notify ( ssl_context ssl)

Notify the peer that the connection is being closed.

Parameters:
sslSSL context
int ssl_derive_keys ( ssl_context ssl)
int ssl_fetch_input ( ssl_context ssl,
size_t  nb_want 
)
Returns:
0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or another negative error code.
int ssl_flush_output ( ssl_context ssl)
void ssl_free ( ssl_context ssl)

Free an SSL context.

Parameters:
sslSSL context
size_t ssl_get_bytes_avail ( const ssl_context ssl)

Return the number of data bytes available to read.

Parameters:
sslSSL context
Returns:
how many bytes are available in the read buffer
const char* ssl_get_ciphersuite ( const ssl_context ssl)

Return the name of the current ciphersuite.

Parameters:
sslSSL context
Returns:
a string containing the ciphersuite name
int ssl_get_ciphersuite_id ( const char *  ciphersuite_name)

Return the ID of the ciphersuite associated with the given name.

Parameters:
ciphersuite_nameSSL ciphersuite name
Returns:
the ID with the ciphersuite or 0 if not found
const char* ssl_get_ciphersuite_name ( const int  ciphersuite_id)

Return the name of the ciphersuite associated with the given ID.

Parameters:
ciphersuite_idSSL ciphersuite ID
Returns:
a string containing the ciphersuite name
int ssl_get_verify_result ( const ssl_context ssl)

Return the result of the certificate verification.

Parameters:
sslSSL context
Returns:
0 if successful, or a combination of: BADCERT_EXPIRED BADCERT_REVOKED BADCERT_CN_MISMATCH BADCERT_NOT_TRUSTED
const char* ssl_get_version ( const ssl_context ssl)

Return the current SSL version (SSLv3/TLSv1/etc)

Parameters:
sslSSL context
Returns:
a string containing the SSL version
int ssl_handshake ( ssl_context ssl)

Perform the SSL handshake.

Parameters:
sslSSL context
Returns:
0 if successful, POLARSSL_ERR_NET_WANT_READ, POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
int ssl_init ( ssl_context ssl)

Initialize an SSL context.

Parameters:
sslSSL context
Returns:
0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed
static const int* ssl_list_ciphersuites ( void  ) [inline, static]

Returns the list of ciphersuites supported by the SSL/TLS module.

Returns:
a statically allocated array of ciphersuites, the last entry is 0.

Definition at line 347 of file ssl.h.

int ssl_read ( ssl_context ssl,
unsigned char *  buf,
size_t  len 
)

Read at most 'len' application data bytes.

Parameters:
sslSSL context
bufbuffer that will hold the data
lenhow many bytes must be read
Returns:
This function returns the number of bytes read, 0 for EOF, or a negative error code.
int ssl_read_record ( ssl_context ssl)
void ssl_session_reset ( ssl_context ssl)

Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.

Parameters:
sslSSL context
void ssl_set_authmode ( ssl_context ssl,
int  authmode 
)

Set the certificate verification mode.

Parameters:
sslSSL context
authmodecan be:

SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.

SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.

SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.

void ssl_set_bio ( ssl_context ssl,
int(*)(void *, unsigned char *, size_t)  f_recv,
void *  p_recv,
int(*)(void *, const unsigned char *, size_t)  f_send,
void *  p_send 
)

Set the underlying BIO read and write callbacks.

Parameters:
sslSSL context
f_recvread callback
p_recvread parameter
f_sendwrite callback
p_sendwrite parameter
void ssl_set_ca_chain ( ssl_context ssl,
x509_cert ca_chain,
x509_crl ca_crl,
const char *  peer_cn 
)

Set the data required to verify peer certificate.

Parameters:
sslSSL context
ca_chaintrusted CA chain
ca_crltrusted CA CRLs
peer_cnexpected peer CommonName (or NULL)
Note:
TODO: add two more parameters: depth and crl
void ssl_set_ciphersuites ( ssl_context ssl,
int *  ciphersuites 
)

Set the list of allowed ciphersuites.

Parameters:
sslSSL context
ciphersuites0-terminated list of allowed ciphersuites
void ssl_set_dbg ( ssl_context ssl,
void(*)(void *, int, const char *)  f_dbg,
void *  p_dbg 
)

Set the debug callback.

Parameters:
sslSSL context
f_dbgdebug function
p_dbgdebug parameter

Referenced by FCT_BGN().

int ssl_set_dh_param ( ssl_context ssl,
const char *  dhm_P,
const char *  dhm_G 
)

Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)

Parameters:
sslSSL context
dhm_PDiffie-Hellman-Merkle modulus
dhm_GDiffie-Hellman-Merkle generator
Returns:
0 if successful
int ssl_set_dh_param_ctx ( ssl_context ssl,
dhm_context dhm_ctx 
)

Set the Diffie-Hellman public P and G values, read from existing context (server-side only)

Parameters:
sslSSL context
dhm_ctxDiffie-Hellman-Merkle context
Returns:
0 if successful
void ssl_set_endpoint ( ssl_context ssl,
int  endpoint 
)

Set the current endpoint type.

Parameters:
sslSSL context
endpointmust be SSL_IS_CLIENT or SSL_IS_SERVER
int ssl_set_hostname ( ssl_context ssl,
const char *  hostname 
)

Set hostname for ServerName TLS Extension.

Parameters:
sslSSL context
hostnamethe server hostname
Returns:
0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
void ssl_set_max_version ( ssl_context ssl,
int  major,
int  minor 
)

Set the maximum supported version sent from the client side.

Parameters:
sslSSL context
majorMajor version number (only SSL_MAJOR_VERSION_3 supported)
minorMinor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
void ssl_set_own_cert ( ssl_context ssl,
x509_cert own_cert,
rsa_context rsa_key 
)

Set own certificate and private key.

Parameters:
sslSSL context
own_certown public certificate
rsa_keyown private RSA key
void ssl_set_rng ( ssl_context ssl,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Set the random number generator callback.

Parameters:
sslSSL context
f_rngRNG function
p_rngRNG parameter
void ssl_set_scb ( ssl_context ssl,
int(*)(ssl_context *)  s_get,
int(*)(ssl_context *)  s_set 
)

Set the session callbacks (server-side only)

Parameters:
sslSSL context
s_getsession get callback
s_setsession set callback
void ssl_set_session ( ssl_context ssl,
int  resume,
int  timeout,
ssl_session session 
)

Set the session resuming flag, timeout and data.

Parameters:
sslSSL context
resumeif 0 (default), the session will not be resumed
timeoutsession timeout in seconds, or 0 (no timeout)
sessionsession context
void ssl_set_verify ( ssl_context ssl,
int(*)(void *, x509_cert *, int, int)  f_vrfy,
void *  p_vrfy 
)

Set the verification callback (Optional).

If set, the verification callback is called once for every certificate in the chain. The verification function has the following parameter: (void *parameter, x509_cert certificate, int certifcate_depth, int preverify_ok). It should return 0 on SUCCESS.

Parameters:
sslSSL context
f_vrfyverification function
p_vrfyverification parameter
int ssl_write ( ssl_context ssl,
const unsigned char *  buf,
size_t  len 
)

Write exactly 'len' application data bytes.

Parameters:
sslSSL context
bufbuffer holding the data
lenhow many bytes must be written
Returns:
This function returns the number of bytes written, or a negative error code.
Note:
When this function returns POLARSSL_ERR_NET_WANT_WRITE, it must be called later with the *same* arguments, until it returns a positive value.
int ssl_write_record ( ssl_context ssl)

Variable Documentation