4 This directory does not contain OpenSSL itself, but the code here can be used as a wrapper for applications using the OpenSSL API.
5 It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file.
7 OpenSSL APIs not mentioned in this article are not open to public for the time,
8 also do not have the corresponding function.
9 If user calls it directly, it will always return an error or may show cannot link at compiling time.
14 - Chapter 1. SSL Context Method Create
15 - Chapter 2. SSL Context Fucntion
16 - Chapter 3. SSL Fucntion
17 - Chapter 4. SSL X509 Certification and Private Key Function
20 Chapter 1. SSL Context Method Create
21 ====================================
23 1.1 const SSL_METHOD* ``SSLv3_client_method`` (void)
31 SSLV3.0 version SSL context client method point
35 create the target SSL context method
41 const SSL_METHOD *method = SSLv3_client_method();
46 1.2 const SSL_METHOD* ``TLSv1_client_method`` (void)
54 TLSV1.0 version SSL context client method point
58 create the target SSL context method
64 const SSL_METHOD *method = TLSv1_client_method();
69 1.3 const SSL_METHOD* ``TLSv1_1_client_method`` (void)
77 TLSV1.1 version SSL context client method point
81 create the target SSL context method
87 const SSL_METHOD *method = TLSv1_1_client_method();
92 1.4 const SSL_METHOD* ``TLSv1_2_client_method`` (void)
100 TLSV1.2 version SSL context client method point
104 create the target SSL context method
110 const SSL_METHOD *method = TLSv1_2_client_method();
115 1.5 const SSL_METHOD* ``TLS_client_method`` (void)
123 TLSV1.2 version SSL context client method point
127 create the default SSL context method, it's always to be TLSV1.2
133 const SSL_METHOD *method = TLSv1_2_client_method();
138 1.6 const SSL_METHOD* ``SSLv3_server_method`` (void)
146 SSLV3.0 version SSL context server method point
150 create the target SSL context method
156 const SSL_METHOD *method = SSLv3_server_method();
161 1.7 const SSL_METHOD* ``TLSv1_server_method`` (void)
169 TLSV1.0 version SSL context server method point
173 create the target SSL context method
179 const SSL_METHOD *method = TLSv1_server_method();
184 1.8 const SSL_METHOD* ``TLSv1_1_server_method`` (void)
192 TLSV1.1 version SSL context server method point
196 create the target SSL context method
202 const SSL_METHOD *method = TLSv1_1_server_method();
208 1.9 const SSL_METHOD* ``TLSv1_2_server_method`` (void)
216 TLSV1.2 version SSL context server method point
220 create the target SSL context method
226 const SSL_METHOD *method = TLSv1_2_server_method();
231 1.10 const SSL_METHOD* ``TLS_server_method`` (void)
239 TLSV1.2 version SSL context server method point
243 create the default SSL context method, it's always to be TLSV1.2
249 const SSL_METHOD *method = TLSv1_2_server_method();
255 Chapter 2. SSL Context Fucntion
256 ===============================
259 2.1 SSL_CTX* ``SSL_CTX_new`` (const SSL_METHOD *method)
263 method - the SSL context method point
277 SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method());
283 2.2 ``void SSL_CTX_free`` (SSL_CTX *ctx)
287 ctx - the SSL context point
309 2.3 ``int SSL_CTX_set_ssl_version`` (SSL_CTX *ctx, const SSL_METHOD *meth)
313 ctx - SSL context point
314 meth - SSL method point
323 set the SSL context version
330 const SSL_METHOD *meth;
334 SSL_CTX_set_ssl_version(ctx, meth);
338 2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method`` (SSL_CTX *ctx)
342 ctx - SSL context point
350 get the SSL context method
356 const SSL_METHOD *method;
361 method = SSL_CTX_get_ssl_method(ctx);
366 Chapter 3. SSL Fucntion
367 =======================
370 3.1 SSL* ``SSL_new`` (SSL_CTX *ctx)
374 ctx - SSL context point
397 3.2 void ``SSL_free`` (SSL *ssl)
423 3.3 int ``SSL_do_handshake`` (SSL *ssl)
432 0 : failed, connect is close by remote
437 perform the SSL handshake
448 ret = SSL_do_handshake(ssl);
452 3.4 int ``SSL_connect`` (SSL *ssl)
461 0 : failed, connect is close by remote
466 connect to the remote SSL server
477 ret = SSL_connect(ssl);
481 3.5 int ``SSL_accept`` (SSL *ssl)
490 0 : failed, connect is close by remote
495 accept the remote connection
506 ret = SSL_accept(ssl);
510 3.6 int ``SSL_shutdown`` (SSL *ssl)
519 0 : failed, connect is close by remote
524 shutdown the connection
535 ret = SSL_shutdown(ssl);
539 3.7 int ``SSL_clear`` (SSL *ssl)
552 shutdown the connection
563 ret = SSL_clear(ssl);
567 3.8 int ``SSL_read`` (SSL *ssl, void *buffer, int len)
572 buffer - data buffer point
577 > 0 : OK, and return received data bytes
578 = 0 : no data received or connection is closed
583 read data from remote
596 ret = SSL_read(ssl, buf, len);
599 3.9 int ``SSL_write`` (SSL *ssl, const void *buffer, int len)
604 buffer - data buffer point
609 > 0 : OK, and return received data bytes
610 = 0 : no data sent or connection is closed
615 send the data to remote
628 ret = SSL_write(ssl, buf, len);
632 3.10 ``SSL_CTX *SSL_get_SSL_CTX`` (const SSL *ssl)
644 get SSL context of the SSL
655 ctx = SSL_get_SSL_CTX(ssl);
659 3.11 int ``SSL_get_shutdown`` (const SSL *ssl)
671 get SSL shutdown mode
682 mode = SSL_get_SSL_CTX(ssl);
686 3.12 void ``SSL_set_shutdown`` (SSL *ssl, int mode)
698 set SSL shutdown mode
709 SSL_set_shutdown(ssl, mode);
713 3.13 const SSL_METHOD* ``SSL_get_ssl_method`` (SSL *ssl)
725 set SSL shutdown mode
732 const SSL_METHOD *method;
736 method = SSL_get_ssl_method(ssl);
740 3.14 int ``SSL_set_ssl_method`` (SSL *ssl, const SSL_METHOD *method)
745 meth - SSL method point
762 const SSL_METHOD *method;
766 ret = SSL_set_ssl_method(ssl, method);
770 3.15 int ``SSL_pending`` (const SSL *ssl)
782 get received data bytes
793 ret = SSL_pending(ssl);
797 3.16 int ``SSL_has_pending`` (const SSL *ssl)
810 check if data is received
821 ret = SSL_has_pending(ssl);
825 3.17 int ``SSL_get_fd`` (const SSL *ssl)
838 get the socket of the SSL
849 ret = SSL_get_fd(ssl);
853 3.18 int ``SSL_get_rfd`` (const SSL *ssl)
866 get the read only socket of the SSL
877 ret = SSL_get_rfd(ssl);
881 3.19 int ``SSL_get_wfd`` (const SSL *ssl)
894 get the write only socket of the SSL
905 ret = SSL_get_wfd(ssl);
909 3.20 int ``SSL_set_fd`` (SSL *ssl, int fd)
935 ret = SSL_set_fd(ssl, socket);
939 3.21 int ``SSL_set_rfd`` (SSL *ssl, int fd)
953 set read only socket to SSL
965 ret = SSL_set_rfd(ssl, socket);
969 3.22 int ``SSL_set_wfd`` (SSL *ssl, int fd)
983 set write only socket to SSL
995 ret = SSL_set_wfd(ssl, socket);
999 3.23 int ``SSL_version`` (const SSL *ssl)
1022 version = SSL_version(ssl);
1026 3.24 const char* ``SSL_get_version`` (const SSL *ssl)
1038 get the SSL current version string
1049 version = SSL_get_version(ssl);
1053 3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state`` (const SSL *ssl)
1071 OSSL_HANDSHAKE_STATE state;
1076 state = SSL_get_state(ssl);
1080 3.26 const char* ``SSL_alert_desc_string`` (int value)
1084 value - SSL description
1092 get alert description string
1103 str = SSL_alert_desc_string(val);
1107 3.27 const char* ``SSL_alert_desc_string_long`` (int value)
1111 value - SSL description
1115 alert value long string
1119 get alert description long string
1130 str = SSL_alert_desc_string_long(val);
1134 3.28 const char* ``SSL_alert_type_string`` (int value)
1138 value - SSL type description
1146 get alert type string
1157 str = SSL_alert_type_string(val);
1161 3.29 const char* ``SSL_alert_type_string_long`` (int value)
1165 value - SSL type description
1169 alert type long string
1173 get alert type long string
1184 str = SSL_alert_type_string_long(val);
1187 3.30 const char* ``SSL_rstate_string`` (SSL *ssl)
1199 get the state string where SSL is reading
1210 str = SSL_rstate_string(ssl);
1214 3.31 const char* ``SSL_rstate_string_long`` (SSL *ssl)
1226 get the state long string where SSL is reading
1237 str = SSL_rstate_string_long(ssl);
1241 3.32 const char* ``SSL_state_string`` (const SSL *ssl)
1253 get the state string
1264 str = SSL_state_string(ssl);
1268 3.33 char* ``SSL_state_string_long`` (const SSL *ssl)
1280 get the state long string
1291 str = SSL_state_string(ssl);
1295 3.34 int ``SSL_get_error`` (const SSL *ssl, int ret_code)
1300 ret_code - SSL return code
1320 err = SSL_get_error(ssl, ret);
1323 3.35 int ``SSL_want`` (const SSL *ssl)
1331 specifical statement
1335 get the SSL specifical statement
1346 state = SSL_want(ssl);
1350 3.36 int ``SSL_want_nothing`` (const SSL *ssl)
1363 check if SSL want nothing
1374 ret = SSL_want(ssl);
1378 3.37 int ``SSL_want_read`` (const SSL *ssl)
1391 check if SSL want to read
1402 ret = SSL_want_read(ssl);
1406 3.38 int ``SSL_want_write`` (const SSL *ssl)
1419 check if SSL want to write
1430 ret = SSL_want_write(ssl);
1434 Chapter 4. SSL X509 Certification and Private Key Function
1435 ==========================================================
1438 4.1 X509* ``d2i_X509`` (X509 **cert, const unsigned char *buffer, long len)
1442 cert - a point pointed to X509 certification
1443 buffer - a point pointed to the certification context memory point
1444 length - certification bytes
1448 X509 certification object point
1452 load a character certification context into system context. If '*cert' is pointed to the
1453 certification, then load certification into it. Or create a new X509 certification object
1461 unsigned char *buffer;
1465 new = d2i_X509(&cert, buffer, len);
1469 4.2 int ``SSL_add_client_CA`` (SSL *ssl, X509 *x)
1474 x - CA certification point
1483 add CA client certification into the SSL
1495 ret = SSL_add_client_CA(ssl, new);
1499 4.3 int ``SSL_CTX_add_client_CA`` (SSL_CTX *ctx, X509 *x)
1503 ctx - SSL context point
1504 x - CA certification point
1513 add CA client certification into the SSL context
1525 ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new);
1529 4.4 X509* ``SSL_get_certificate`` (const SSL *ssl)
1537 SSL certification point
1541 get the SSL certification point
1552 cert = SSL_get_certificate(ssl);
1556 4.5 long ``SSL_get_verify_result`` (const SSL *ssl)
1564 the result of verifying
1568 get the verifying result of the SSL certification
1579 ret = SSL_get_verify_result(ssl);
1583 4.6 int ``SSL_CTX_use_certificate`` (SSL_CTX *ctx, X509 *x)
1587 ctx - the SSL context point
1588 pkey - certification object point
1597 load the certification into the SSL_CTX or SSL object
1609 ret = SSL_CTX_use_certificate(ctx, new);
1613 4.7 int ``SSL_CTX_use_certificate_ASN1`` (SSL_CTX *ctx, int len, const unsigned char *d)
1617 ctx - SSL context point
1618 len - certification length
1628 load the ASN1 certification into SSL context
1636 const unsigned char *buf;
1641 ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf);
1645 4.8 int ``SSL_CTX_use_PrivateKey`` (SSL_CTX *ctx, EVP_PKEY *pkey)
1649 ctx - SSL context point
1650 pkey - private key object point
1659 load the private key into the context object
1671 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
1675 4.9 int ``SSL_CTX_use_PrivateKey_ASN1`` (int pk, SSL_CTX *ctx, const unsigned char *d, long len)
1679 ctx - SSL context point
1681 len - private key length
1690 load the ASN1 private key into SSL context
1699 const unsigned char *buf;
1704 ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len);
1708 4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1`` (SSL_CTX *ctx, const unsigned char *d, long len)
1712 ctx - SSL context point
1714 len - private key length
1723 load the RSA ASN1 private key into SSL context
1731 const unsigned char *buf;
1736 ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len);
1740 4.11 int ``SSL_use_certificate_ASN1`` (SSL *ssl, int len, const unsigned char *d)
1755 load certification into the SSL
1763 const unsigned char *buf;
1768 ret = SSL_use_certificate_ASN1(ssl, len, buf);
1772 4.12 X509* ``SSL_get_peer_certificate`` (const SSL *ssl)
1784 get peer certification
1795 peer = SSL_get_peer_certificate(ssl);