SSL API

SSL Application Programming Interface (API) Reference

� Table of Contents

� Index

---

This reference section includes the OpenSSL SSL APIs, and is based on information provided by The Open Group. This information can also be found at the following URL:

http://www.openssl.org

The OpenSSL SSL library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols.

This library is provided in the form of a shareable image and is located at:

SYS$LIBRARY:SSL$LIBSSL_SHR.EXE (for 64-bit APIs)

SYS$LIBRARY:SSL$LIBSSL_SHR32.EXE (for 32-bit APIs)

The C header files (.H) that contain the prototypes for these APIs are found in SSL$ROOT:[INCLUDE]. A logical name, SSL$INCLUDE, allows you to access this directory. The logical name OPENSSL, which points to SSL$INCLUDE, is provided so that applications can use statements similar to the following:

#include <openssl/include.filename.h>

	NOTE: Do not confuse the OPENSSL logical name with the OPENSSL foreign symbol. The foreign symbol provides access to the OpenSSL command line interface.

Table of Contents

d2i_SSL_SESSION() - convert SSL_SESSION object from/to ASN1 representation

SSL() - OpenSSL SSL/TLS library

SSL_accept() - wait for a TLS/SSL client to initiate a TLS/SSL handshake

SSL_alert_type_string() - get textual description of alert information

SSL_CIPHER_get_name() - get SSL_CIPHER properties

SSL_clear() - reset SSL object to allow another connection

SSL_COMP_add_compression_method() - handle SSL/TLS integrated compression methods

SSL_connect() - initiate the TLS/SSL handshake with an TLS/SSL server

SSL_CTX_add_extra_chain_cert() - add certificate to chain

SSL_CTX_add_session() - manipulate session cache

SSL_CTX_ctrl() - internal handling functions for SSL_CTX and SSL objects

SSL_CTX_flush_sessions() - remove expired sessions

SSL_CTX_free() - free an allocated SSL_CTX object

SSL_CTX_get_ex_new_index() - internal application specific data functions

SSL_CTX_get_verify_mode() - get currently set verification parameters

SSL_CTX_load_verify_locations() - set default locations for trusted CA certificates

SSL_CTX_new() - create a new SSL_CTX object as framework for TLS/SSL enabled functions

SSL_CTX_sess_number() - obtain session cache statistics

SSL_CTX_sess_set_cache_size() - manipulate session cache size

SSL_CTX_sess_set_new_cb() - provide callback functions for server side external session caching

SSL_CTX_sessions() - access internal session cache

SSL_CTX_set_cert_store() - manipulate X509 certificate verification storage

SSL_CTX_set_cert_verify_callback() - set peer certificate verification procedure

SSL_CTX_set_cipher_list() - choose list of available SSL_CIPHERs

SSL_CTX_set_client_CA_list() - set list of CAs sent to the client when requesting a client certificate

SSL_CTX_set_client_cert_cb() - handle client certificate callback function

SSL_CTX_set_default_passwd_cb() - set passwd callback for encrypted PEM file handling

SSL_CTX_set_generate_session_id() - manipulate generation of SSL session IDs (server only)

SSL_CTX_set_info_callback() - handle information callback for SSL connections

SSL_CTX_set_max_cert_list() - manipulate allowed for the peer's certificate chain

SSL_CTX_set_mode() - manipulate SSL engine mode

SSL_CTX_set_msg_callback() - install callback for observing protocol messages

SSL_CTX_set_options() - manipulate SSL engine options

SSL_CTX_set_quiet_shutdown() - manipulate shutdown behaviour

SSL_CTX_set_session_cache_mode() - enable/disable session caching

SSL_CTX_set_session_id_context() - set context within which session can be reused (server side only)

SSL_CTX_set_ssl_version() - choose a new TLS/SSL method

SSL_CTX_set_timeout() - manipulate timeout values for session caching

SSL_CTX_set_tmp_dh_callback() - handle DH keys for ephemeral key exchange

SSL_CTX_set_tmp_rsa_callback() - handle RSA keys for ephemeral key exchange

SSL_CTX_set_verify() - set peer certificate verification parameters

SSL_CTX_use_certificate() - load certificate and key data

SSL_do_handshake() - perform a TLS/SSL handshake

SSL_free() - free an allocated SSL structure

SSL_get_ciphers() - get list of available SSL_CIPHERs

SSL_get_client_CA_list() - get list of client CAs

SSL_get_current_cipher() - get SSL_CIPHER of a connection

SSL_get_default_timeout() - get default session timeout value

SSL_get_error() - obtain result code for TLS/SSL I/O operation

SSL_get_ex_data_X509_STORE_CTX_idx() - get ex_data index to access SSL structure from X509_STORE_CTX

SSL_get_ex_new_index() - internal application specific data functions

SSL_get_fd() - get file descriptor linked to an SSL object

SSL_get_peer_cert_chain() - get the X509 certificate chain of the peer

SSL_get_peer_certificate() - get the X509 certificate of the peer

SSL_get_rbio() - get BIO linked to an SSL object

SSL_get_session() - retrieve TLS/SSL session data

SSL_get_SSL_CTX() - get the SSL_CTX from which an SSL is created

SSL_get_verify_result() - get result of peer certificate verification

SSL_get_version() - get the protocol version of a connection.

SSL_library_init() - initialize SSL library by registering algorithms

SSL_load_client_CA_file() - load certificate names from file

SSL_new() - create a new SSL structure for a connection

SSL_pending() - obtain number of readable bytes buffered in an SSL object

SSL_read() - read bytes from a TLS/SSL connection.

SSL_rstate_string() - get textual description of state of an SSL object during read operation

SSL_SESSION_free() - free an allocated SSL_SESSION structure

SSL_SESSION_get_ex_new_index() - internal application specific data functions

SSL_SESSION_get_time() - retrieve and manipulate session time and timeout settings

SSL_session_reused() - query whether a reused session was negotiated during handshake

SSL_set_bio() - connect the SSL object with a BIO

SSL_set_connect_state() - prepare SSL object to work in client or server mode

SSL_set_fd() - connect the SSL object with a file descriptor

SSL_set_session() - set a TLS/SSL session to be used during TLS/SSL connect

SSL_set_shutdown() - manipulate shutdown state of an SSL connection

SSL_set_verify_result() - override result of peer certificate verification

SSL_shutdown() - shut down a TLS/SSL connection

SSL_state_string() - get textual description of state of an SSL object

SSL_want() - obtain state information TLS/SSL I/O operation

SSL_write() - write bytes to a TLS/SSL connection.

출처 : http://h71000.www7.hp.com/doc/83final/ba554_90007/rn03.html