CyaSSL Manual
Chapter 17: CyaSSL API Reference
CyaSSL_Init
Synopsis:
int CyaSSL_Init(void);
Description:
Initializes the CyaSSL library for use. Must be called once per application and before any other call to the library.
Return Values:
If successful the call will return 0.
BAD_MUTEX_ERROR is an error that may be returned.
See Also:
CyaSSL_Cleanup
CyaSSL_Cleanup
Synopsis:
void CyaSSL_Cleanup(void);
Description:
Uninitializes the CyaSSL library from further use. Doesn’t have to be called though it will free any resources used by the library.
Return Values:
No return value for this function.
See Also:
CyaSSL_Init
CyaSSL_Debugging_ON
Synopsis:
int CyaSSL_Debugging_ON(void);
Description:
If logging has been enabled at build time this function turns on logging at runtime. To enable logging at build time use --enable-debug or define DEBUG_CYASSL
Return Values:
If successful this function will return 0.
NOT_COMPILED_IN is the error that will be returned if logging isn’t enabled for this build.
See Also:
CyaSSL_Debugging_OFF
CyaSSL_SetLoggingCb
CyaSSL_Debugging_OFF
Synopsis:
void CyaSSL_Debugging_ON(void);
Description:
This function turns off runtime logging messages. If they’re already off no action is taken.
Return Values:
No return values are returned by this function.
See Also:
CyaSSL_Debugging_ON
CyaSSL_SetLoggingCb
CyaSSL_SetLoggingCb
Synopsis:
int CyaSSL_SetLoggingCb(CyaSSL_Logging_cb log_function);
typedef void (*CyaSSL_Logging_cb)(const int logLevel, const char *const logMessage);
Description:
This function registers a logging callback that will be used to handle the CyaSSL log message. By default, if the system supports it fprintf() to stderr is used but by using this function anything can be done by the user.
Return Values:
If successful this function will return 0.
BAD_FUNC_ARG is the error that will be returned if a function pointer is not provided.
See Also:
CyaSSL_Debugging_ON
CyaSSL_Debugging_OFF
CyaSSL_SetAllocators
Synopsis:
int CyaSSL_SetAllocators(CyaSSL_Malloc_cb malloc_function,
CyaSSL_Free_cb free_function,
CyaSSL_Realloc_cb realloc_function);
typedef void *(*CyaSSL_Malloc_cb)(size_t size);
typedef void (*CyaSSL_Free_cb)(void *ptr);
typedef void *(*CyaSSL_Realloc_cb)(void *ptr, size_t size);
Description:
This function registers the allocation functions used by CyaSSL. By default, if the system supports it, malloc/free and realloc are used. Using this function allows the user at runtime to install their own memory handlers.
Return Values:
If successful this function will return 0.
BAD_FUNC_ARG is the error that will be returned if a function pointer is not provided.
See Also:
NA
CyaSSL_SetIORecv
Synopsis:
void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv);
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
Description:
This function registers a receive callback for CyaSSL to get input data. By default, CyaSSL uses EmbedReceive() as the callback which uses the system’s TCP recv() function. The user can register a function to get input from memory, some other network module, or from anywhere. Please see the EmbedReceive() function in src/io.c as a guide for how the function should work and for error codes. In particular, IO_ERR_WANT_READ should be returned for non blocking receive when no data is ready.
Return Values:
No return values are used for this function.
See Also:
CyaSSL_SetIOSend
CyaSSL_SetIOReadCtx
CyaSSL_SetIOWriteCtx
CyaSSL_SetIOSend
Synopsis:
void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend);
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
Description:
This function registers a send callback for CyaSSL to write output data. By default, CyaSSL uses EmbedSend() as the callback which uses the system’s TCP send() function. The user can register a function to send output to memory, some other network module, or to anywhere. Please see the EmbedSend() function in src/io.c as a guide for how the function should work and for error codes. In particular, IO_ERR_WANT_WRITE should be returned for non blocking send when the action cannot be taken yet.
Return Values:
No return values are used for this function.
See Also:
CyaSSL_SetIORecv
CyaSSL_SetIOReadCtx
CyaSSL_SetIOWriteCtx
CyaSSL_SetIOReadCtx
Synopsis:
void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *ctx);
Description:
This function registers a context for the SSL session’s receive callback function. By default, CyaSSL sets the file descriptor passed to CyaSSL_set_fd() as the context when CyaSSL is using the system’s TCP library. If you’ve registered your own receive callback you may want to set a specific context for the session. For example, if you’re using memory buffers the context may be a pointer to a structure describing where and how to access the memory buffers.
Return Values:
No return values are used for this function.
See Also:
CyaSSL_SetIORecv
CyaSSL_SetIOSend
CyaSSL_SetIOWriteCtx
CyaSSL_SetIOWriteCtx
Synopsis:
void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
Description:
This function registers a context for the SSL session’s send callback function. By default, CyaSSL sets the file descriptor passed to CyaSSL_set_fd() as the context when CyaSSL is using the system’s TCP library. If you’ve registered your own send callback you may want to set a specific context for the session. For example, if you’re using memory buffers the context may be a pointer to a structure describing where and how to access the memory buffers.
Return Values:
No return values are used for this function.
See Also:
CyaSSL_SetIORecv
CyaSSL_SetIOSend
CyaSSL_SetIOReadCtx
CyaSSL_CTX_use_PrivateKey_buffer
Synopsis:
int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx, const unsigned char* in, long sz, int format);
Description:
This function loads a private key buffer into the SSL Context. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
NO_PASSWORD will be returned if the key file is encrypted but no password is provided.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_use_PrivateKey_buffer
Synopsis:
int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl, const unsigned char* in, long sz, int format);
Description:
This function loads a private key buffer into the CYASSL object. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
NO_PASSWORD will be returned if the key file is encrypted but no password is provided.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_CTX_use_certificate_buffer
Synopsis:
int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx, const unsigned char* in,
long sz, int format);
Description:
This function loads a certificate buffer into the CYASSL Context. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
Synopsis:
int CyaSSL_use_certificate_buffer(CYASSL* ssl, const unsigned char* in, long sz, int format);
Description:
This function loads a certificate buffer into the CYASSL object. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_CTX_use_certificate_chain_buffer
Synopsis:
int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
const unsigned char* in,
long sz);
Description:
This function loads a certificate chain buffer into the CYASSL Context. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_use_certificate_chain_buffer
Synopsis:
int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl, const unsigned char* in, long sz);
Description:
This function loads a certificate chain buffer into the CYASSL object. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_CTX_load_verify_buffer
Synopsis:
int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in, long sz, int format);
Description:
This function loads a CA certificate buffer into the CYASSL Context. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
See Also:
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_CTX_der_load_verify_locations
Synopsis:
int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
int format);
Description:
This function loads a CA certificate file into the CYASSL Context. It behaves like the normal version except it also allowed DER certificates to be loaded. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
See Also:
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_CTX_use_NTRUPrivateKey_file
Synopsis:
int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file);
Description:
This function loads an NTRU private key file into the CYASSL Context. It behaves like the normal version, only differing in its ability to accept an NTRU raw key file. This function is needed since the format of the file is different than the normal key file (buffer) functions. Please see the examples for proper usage.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
NO_PASSWORD will be returned if the key file is encrypted but no password is provided.
See Also:
CyaSSL_CTX_load_verify_buffer
CyaSSL_CTX_use_certificate_buffer
CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL_CTX_use_certificate_chain_buffer
CyaSSL_use_certificate_buffer
CyaSSL_use_PrivateKey_buffer
CyaSSL_use_certificate_chain_buffer
CyaSSL_connect_ex
Synopsis:
int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
TimeoutCallBack toCb,
Timeval timeout);
typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);
typedef struct timeval Timeval;
typedef struct handShakeInfo_st {
char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated name */
char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ+1];
/* SSL packet names */
int numberPackets; /* actual # of packets */
int negotiationError; /* cipher/parameter err */
} HandShakeInfo;
typedef struct timeoutInfo_st {
chartimeoutName[MAX_TIMEOUT_NAME_SZ +1]; /*timeout Name*/
int flags; /* for future use*/
int numberPackets; /* actual # of packets */
PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of packets */
Timeval timeoutValue; /* timer that caused it */
} TimeoutInfo;
typedef struct packetInfo_st {
char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL name */
Timeval timestamp; /* when it occured*/
unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */
unsigned char* bufferValue; /* otherwise here (non 0) */
int valueSz; /* sz of value or buffer */
} PacketInfo;
Description:
CyaSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[].
The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout.
This extension can be called with either, both, or neither callbacks.
Return Values:
If successful the call will return SSL_SUCCESS.
GETTIME_ERROR will be returned if gettimeofday() encountered an error.
SETITIMER_ERROR will be returned if setitimer() encountered an error.
SIGACT_ERROR will be returned if sigaction() encountered an error.
SSL_FATAL_ERROR will be returned if the underlying CyaSSL_connect() call encountered an error.
See Also:
CyaSSL_accept_ex
CyaSSL_accept_ex
Synopsis:
int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
TimeoutCallBack toCb,
Timeval timeout);
typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);
typedef struct timeval Timeval;
typedef struct handShakeInfo_st {
char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated name */
char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ+1];
/* SSL packet names */
int numberPackets; /* actual # of packets */
int negotiationError; /* cipher/parameter err */
} HandShakeInfo;
typedef struct timeoutInfo_st {
chartimeoutName[MAX_TIMEOUT_NAME_SZ +1]; /*timeout Name*/
int flags; /* for future use*/
int numberPackets; /* actual # of packets */
PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of packets */
Timeval timeoutValue; /* timer that caused it */
} TimeoutInfo;
typedef struct packetInfo_st {
char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL name */
Timeval timestamp; /* when it occured*/
unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */
unsigned char* bufferValue; /* otherwise here (non 0) */
int valueSz; /* sz of value or buffer */
} PacketInfo;
Description:
CyaSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in embedded systems for debugging support when a debugger isn’t available and sniffing is impractical. The HandShake Callback will be called whether or not a handshake error occurred. No dynamic memory is used since the maximum number of SSL packets is known. Packet names can be accessed through packetNames[].
The connect extension also allows a Timeout Callback to be set along with a timeout value. This is useful if the user doesn’t want to wait for the TCP stack to timeout.
This extension can be called with either, both, or neither callbacks.
Return Values:
If successful the call will return SSL_SUCCESS.
GETTIME_ERROR will be returned if gettimeofday() encountered an error.
SETITIMER_ERROR will be returned if setitimer() encountered an error.
SIGACT_ERROR will be returned if sigaction() encountered an error.
SSL_FATAL_ERROR will be returned if the underlying CyaSSL_accept() call encountered an error.
See Also:
CyaSSL_connect_ex
CyaSSL_check_domain_name
Synopsis:
int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn);
Description:
CyaSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before CyaSSL_connect() or CyaSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received.
Return Values:
If successful the call will return SSL_SUCCESS.
SSL_FAILURE will be returned if a memory error was encountered.
See Also:
NA
CyaSSL_writev
Synopsis:
int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt);
Description:
Simulates writev semantics but doesn’t actually do block at a time because of CyaSSL_write() behavior and because front adds may be small. Makes porting into software that uses writev easier.
Return Values:
If successful the call will return SSL_SUCCESS.
MEMORY_ERROR will be returned if a memory error was encountered.
See Also:
SSL_write
CyaSSL_SetTmpDH
Synopsis:
int CyaSSL_SetTmpDH(CYASSL* ssl, unsigned char* p, int pSz, unsigned char* g,
int gSz);
Description:
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE.
Return Values:
If successful the call will return SSL_SUCCESS.
MEMORY_ERROR will be returned if a memory error was encountered.
SIDE_ERROR will be returned if this function is called on an SSL client instead of an SSL server.
See Also:
SSL_accept
CyaSSL_X509_get_serial_number
Synopsis:
int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, unsigned char* in,
int* inOutSz);
Description:
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 bytes long and be provided as the *inOutSz argument as input. After calling the function *inOutSz will hold the actual length in bytes written to the in buffer.
Return Values:
If successful the call will return SSL_SUCCESS.
BAD_FUNC_ARG will be returned if a bad function argument was encountered.
See Also:
SSL_get_peer_certificate
CyaSSL_get_sessionID
Synopsis:
const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* session);
Description:
Retrieves the session’s ID. The session ID is always 32 bytes long.
Return Values:
The session ID.
See Also:
SSL_get_session()
CyaSSL_negotiate
Synopsis:
int CyaSSL_negotiate(CYASSL* ssl);
Description:
Performs the actual connect or accept based on the side of the SSL method. If called from the client side then an CyaSSL_connect() is done while an CyaSSL_accept() is performed if called from the server side.
Return Values:
If successful the call will return 0.
SSL_FATAL_ERROR will be returned if the underlying call resulted in an error.
See Also:
SSL_connect
SSL_accept
CyaSSL_set_compression
Synopsis:
int CyaSSL_set_compression(CYASSL* ssl);
Description:
Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use --with-libz for the configure system and define HAVE_LIBZ otherwise.
Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks.
Return Values:
If successful the call will return 0.
NOT_COMPILED_IN will be returned if compression support wasn’t built into the library.
See Also:
NA
CyaSSL_PemCertToDer
Synopsis:
int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuffer, int derSz);
Description:
Loads the PEM certificate from fileName and converts it into DER format, placing the result into derBuffer which is of size derSz.
Return Values:
If successful the call will return the number of bytes written to derBuffer.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
See Also:
SSL_get_peer_certificate
CyaSSL_get_peer_chain
Synopsis:
X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl);
Description:
Retrieves the peer’s certificate chain.
Return Values:
If successful the call will return the peer’s certificate chain.
0 will be returned if an invalid CYASSL pointer is passed to the function.
See Also:
CyaSSL_get_chain_count
CyaSSL_get_chain_length
CyaSSL_get_chain_cert
CyaSSL_get_chain_cert_pem
CyaSSL_get_peer_count
Synopsis:
int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
Description:
Retrieves the peer’s certificate chain count.
Return Values:
If successful the call will return the peer’s certificate chain count.
0 will be returned if an invalid chain pointer is passed to the function.
See Also:
CyaSSL_get_peer_chain
CyaSSL_get_chain_length
CyaSSL_get_chain_cert
CyaSSL_get_chain_cert_pem
CyaSSL_get_peer_length
Synopsis:
int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx);
Description:
Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx).
Return Values:
If successful the call will return the peer’s certificate length in bytes by index.
0 will be returned if an invalid chain pointer is passed to the function.
See Also:
CyaSSL_get_peer_chain
CyaSSL_get_chain_count
CyaSSL_get_chain_cert
CyaSSL_get_chain_cert_pem
CyaSSL_get_chain_cert
Synopsis:
unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx);
Description:
Retrieves the peer’s ASN1.DER certificate at index (idx).
Return Values:
If successful the call will return the peer’s certificate by index.
0 will be returned if an invalid chain pointer is passed to the function.
See Also:
CyaSSL_get_peer_chain
CyaSSL_get_chain_count
CyaSSL_get_chain_length
CyaSSL_get_chain_cert_pem
CyaSSL_get_chain_cert_pem
Synopsis:
unsigned char* CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx);
Description:
Retrieves the peer’s PEM certificate at index (idx).
Return Values:
If successful the call will return the peer’s certificate by index.
0 will be returned if an invalid chain pointer is passed to the function.
See Also:
CyaSSL_get_peer_chain
CyaSSL_get_chain_count
CyaSSL_get_chain_length
CyaSSL_get_chain_cert
Docs -> CyaSSL Manual
Copyright 2012 Sawtooth Consulting Limited. All rights reserved.