Import OpenSSL 1.1.0i
This commit is contained in:
Steve Dower
@@ -506,10 +506,6 @@ Set supported curves to P-256, P-384:
|
||||
|
||||
SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
|
||||
|
||||
Set automatic support for any elliptic curve for key exchange:
|
||||
|
||||
SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
|
||||
|
||||
@@ -153,6 +153,13 @@ L<SSL_CTX_set_default_passwd_cb(3)>.
|
||||
of view, it however does not make sense as the data in the certificate
|
||||
is considered public anyway.)
|
||||
|
||||
All of the functions to set a new certificate will replace any existing
|
||||
certificate of the same type that has already been set. Similarly all of the
|
||||
functions to set a new private key will replace any private key that has already
|
||||
been set. Applications should call L<SSL_CTX_check_private_key(3)> or
|
||||
L<SSL_check_private_key(3)> as appropriate after loading a new certificate and
|
||||
private key to confirm that the certificate and key match.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
On success, the functions return 1.
|
||||
@@ -170,7 +177,7 @@ L<SSL_CTX_add_extra_chain_cert(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -2,8 +2,12 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_get1_supported_ciphers, SSL_get_client_ciphers,
|
||||
SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list
|
||||
SSL_get1_supported_ciphers,
|
||||
SSL_get_client_ciphers,
|
||||
SSL_get_ciphers,
|
||||
SSL_CTX_get_ciphers,
|
||||
SSL_get_cipher_list,
|
||||
SSL_get_shared_ciphers
|
||||
- get list of available SSL_CIPHERs
|
||||
|
||||
=head1 SYNOPSIS
|
||||
@@ -15,6 +19,7 @@ SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list
|
||||
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
|
||||
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
|
||||
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
|
||||
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@@ -25,16 +30,16 @@ is returned.
|
||||
SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>.
|
||||
|
||||
SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for
|
||||
B<ssl>, sorted by preference.
|
||||
B<ssl> as would be sent in a ClientHello (that is, sorted by preference).
|
||||
The list depends on settings like the cipher list, the supported protocol
|
||||
versions, the security level, and the enabled signature algorithms.
|
||||
SRP and PSK ciphers are only enabled if the appropriate callbacks or settings
|
||||
have been applied.
|
||||
This is the list that will be sent by the client to the server.
|
||||
The list supported by the server might include more ciphers in case there is a
|
||||
hole in the list of supported protocols.
|
||||
The server will also not use ciphers from this list depending on the
|
||||
configured certificates and DH parameters.
|
||||
The list of ciphers that would be sent in a ClientHello can differ from
|
||||
the list of ciphers that would be acceptable when acting as a server.
|
||||
For example, additional ciphers may be usable by a server if there is
|
||||
a gap in the list of supported protocols, and some ciphers may not be
|
||||
usable by a server if there is not a suitable certificate configured.
|
||||
If B<ssl> is NULL or no ciphers are available, NULL is returned.
|
||||
|
||||
SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the
|
||||
@@ -46,6 +51,19 @@ listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
|
||||
available, or there are less ciphers than B<priority> available, NULL
|
||||
is returned.
|
||||
|
||||
SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of
|
||||
SSL_CIPHER names that are available in both the client and the server. B<buf> is
|
||||
the buffer that should be populated with the list of names and B<size> is the
|
||||
size of that buffer. A pointer to B<buf> is returned on success or NULL on
|
||||
error. If the supplied buffer is not large enough to contain the complete list
|
||||
of names then a truncated list of names will be returned. Note that just because
|
||||
a ciphersuite is available (i.e. it is configured in the cipher list) and shared
|
||||
by both the client and the server it does not mean that it is enabled (see the
|
||||
description of SSL_get1_supported_ciphers() above). This function will return
|
||||
available shared ciphersuites whether or not they are enabled. This is a server
|
||||
side function only and must only be called after the completion of the initial
|
||||
handshake.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers()
|
||||
@@ -74,7 +92,7 @@ L<SSL_CIPHER_get_name(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -28,6 +28,11 @@ count of the B<SSL_SESSION> is incremented by one.
|
||||
The ssl session contains all information required to re-establish the
|
||||
connection without a new handshake.
|
||||
|
||||
A session will be automatically removed from the session cache and marked as
|
||||
non-resumable if the connection is not closed down cleanly, e.g. if a fatal
|
||||
error occurs on the connection or L<SSL_shutdown(3)> is not called prior to
|
||||
L<SSL_free(3)>.
|
||||
|
||||
SSL_get0_session() returns a pointer to the actual session. As the
|
||||
reference counter is not incremented, the pointer is only valid while
|
||||
the connection is in use. If L<SSL_clear(3)> or
|
||||
@@ -72,7 +77,7 @@ L<SSL_SESSION_free(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -15,7 +15,9 @@ SSL_get_version, SSL_is_dtls - get the protocol information of a connection
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_get_version() returns the name of the protocol used for the
|
||||
connection B<ssl>.
|
||||
connection B<ssl>. It should only be called after the initial handshake has been
|
||||
completed. Prior to that the results returned from this function may be
|
||||
unreliable.
|
||||
|
||||
SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
|
||||
|
||||
@@ -43,7 +45,7 @@ The connection uses the TLSv1.2 protocol.
|
||||
|
||||
=item unknown
|
||||
|
||||
This indicates that no version has been set (no connection established).
|
||||
This indicates an unknown protocol version.
|
||||
|
||||
=back
|
||||
|
||||
@@ -57,7 +59,7 @@ SSL_is_dtls() was added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -56,7 +56,7 @@ is cleared or freed, or a renegotiation takes place. Applications
|
||||
must not free the return value.
|
||||
|
||||
SSL clients are advised to use these functions in preference to
|
||||
explicitly calling L<X509_check_host(3)>. Hostname checks are out
|
||||
explicitly calling L<X509_check_host(3)>. Hostname checks may be out
|
||||
of scope with the RFC7671 DANE-EE(3) certificate usage, and the
|
||||
internal check will be suppressed as appropriate when DANE is
|
||||
enabled.
|
||||
@@ -111,7 +111,7 @@ These functions were first added to OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -91,12 +91,6 @@ includes both more private SSL headers and headers from the B<crypto> library.
|
||||
Whenever you need hard-core details on the internals of the SSL API, look
|
||||
inside this header file.
|
||||
|
||||
OPENSSL_VERSION_AT_LEAST(major,minor) can be
|
||||
used in C<#if> statements in order to determine which version of the library is
|
||||
being used. This can be used to either enable optional features at compile
|
||||
time, or work around issues with a previous version.
|
||||
See L<OPENSSL_VERSION_NUMBER(3)>.
|
||||
|
||||
=item B<ssl2.h>
|
||||
|
||||
Unused. Present for backwards compatibility only.
|
||||
@@ -574,7 +568,7 @@ fresh handle for each connection.
|
||||
|
||||
=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
|
||||
|
||||
=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
|
||||
=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int size);
|
||||
|
||||
=item int B<SSL_get_shutdown>(const SSL *ssl);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user