|
#define | MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
| The requested feature is not available. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 |
| Bad input parameters to function. More...
|
|
#define | MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 |
| Verification of the message MAC failed. More...
|
|
#define | MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 |
| An invalid SSL record was received. More...
|
|
#define | MBEDTLS_ERR_SSL_CONN_EOF -0x7280 |
| The connection indicated an EOF. More...
|
|
#define | MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
| An unknown cipher was received. More...
|
|
#define | MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
| The server has no ciphersuites in common with the client. More...
|
|
#define | MBEDTLS_ERR_SSL_NO_RNG -0x7400 |
| No RNG was provided to the SSL module. More...
|
|
#define | MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
| No client certification received from the client, but required by the authentication mode. More...
|
|
#define | MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
| Our own certificate(s) is/are too large to send in an SSL message. More...
|
|
#define | MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
| The own certificate is not set, but needed by the server. More...
|
|
#define | MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
| The own private key or pre-shared key is not set, but needed. More...
|
|
#define | MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
| No CA Chain is set, but required to operate. More...
|
|
#define | MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
| An unexpected message was received from our peer. More...
|
|
#define | MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
| A fatal alert message was received from our peer. More...
|
|
#define | MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
| Verification of our peer failed. More...
|
|
#define | MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
| The peer notified us that the connection is going to be closed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
| Processing of the ClientHello handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
| Processing of the ServerHello handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
| Processing of the Certificate handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
| Processing of the CertificateRequest handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
| Processing of the ServerKeyExchange handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
| Processing of the ServerHelloDone handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
| Processing of the ClientKeyExchange handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 |
| Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 |
| Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
| Processing of the CertificateVerify handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
| Processing of the ChangeCipherSpec handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
| Processing of the Finished handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 |
| Memory allocation failed. More...
|
|
#define | MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 |
| Hardware acceleration function returned with error. More...
|
|
#define | MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 |
| Hardware acceleration function skipped / left alone data. More...
|
|
#define | MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 |
| Processing of the compression / decompression failed. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 |
| Handshake protocol not within min/max boundaries. More...
|
|
#define | MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 |
| Processing of the NewSessionTicket handshake message failed. More...
|
|
#define | MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 |
| Session ticket has expired. More...
|
|
#define | MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 |
| Public key type mismatch (eg, asked for RSA key exchange and presented EC key) More...
|
|
#define | MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 |
| Unknown identity received (eg, PSK identity) More...
|
|
#define | MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 |
| Internal error (eg, unexpected failure in lower-level module) More...
|
|
#define | MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 |
| A counter would wrap (eg, too many messages exchanged). More...
|
|
#define | MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 |
| Unexpected message at ServerHello in renegotiation. More...
|
|
#define | MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 |
| DTLS client must retry for hello verification. More...
|
|
#define | MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 |
| A buffer is too small to receive or write a message. More...
|
|
#define | MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 |
| None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). More...
|
|
#define | MBEDTLS_ERR_SSL_WANT_READ -0x6900 |
| Connection requires a read call. More...
|
|
#define | MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 |
| Connection requires a write call. More...
|
|
#define | MBEDTLS_ERR_SSL_TIMEOUT -0x6800 |
| The operation timed out. More...
|
|
#define | MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 |
| The client initiated a reconnect from the same port. More...
|
|
#define | MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 |
| Record header looks valid but is not expected. More...
|
|
#define | MBEDTLS_ERR_SSL_NON_FATAL -0x6680 |
| The alert message received indicates a non-fatal error. More...
|
|
#define | MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 |
| Couldn't set the hash for verifying CertificateVerify. More...
|
|
#define | MBEDTLS_SSL_MAJOR_VERSION_3 3 |
|
#define | MBEDTLS_SSL_MINOR_VERSION_0 0 |
|
#define | MBEDTLS_SSL_MINOR_VERSION_1 1 |
|
#define | MBEDTLS_SSL_MINOR_VERSION_2 2 |
|
#define | MBEDTLS_SSL_MINOR_VERSION_3 3 |
|
#define | MBEDTLS_SSL_TRANSPORT_STREAM 0 |
|
#define | MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 |
|
#define | MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_512 1 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 |
|
#define | MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 |
|
#define | MBEDTLS_SSL_IS_CLIENT 0 |
|
#define | MBEDTLS_SSL_IS_SERVER 1 |
|
#define | MBEDTLS_SSL_IS_NOT_FALLBACK 0 |
|
#define | MBEDTLS_SSL_IS_FALLBACK 1 |
|
#define | MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 |
|
#define | MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 |
|
#define | MBEDTLS_SSL_ETM_DISABLED 0 |
|
#define | MBEDTLS_SSL_ETM_ENABLED 1 |
|
#define | MBEDTLS_SSL_COMPRESS_NULL 0 |
|
#define | MBEDTLS_SSL_COMPRESS_DEFLATE 1 |
|
#define | MBEDTLS_SSL_VERIFY_NONE 0 |
|
#define | MBEDTLS_SSL_VERIFY_OPTIONAL 1 |
|
#define | MBEDTLS_SSL_VERIFY_REQUIRED 2 |
|
#define | MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ |
|
#define | MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 |
|
#define | MBEDTLS_SSL_SECURE_RENEGOTIATION 1 |
|
#define | MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 |
|
#define | MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 |
|
#define | MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 |
|
#define | MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 |
|
#define | MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 |
|
#define | MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 |
|
#define | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 |
|
#define | MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 |
|
#define | MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 |
|
#define | MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 |
|
#define | MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 |
|
#define | MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ |
|
#define | MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 |
|
#define | MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 |
|
#define | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0 |
|
#define | MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1 |
|
#define | MBEDTLS_SSL_ARC4_ENABLED 0 |
|
#define | MBEDTLS_SSL_ARC4_DISABLED 1 |
|
#define | MBEDTLS_SSL_PRESET_DEFAULT 0 |
|
#define | MBEDTLS_SSL_PRESET_SUITEB 2 |
|
#define | MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 |
|
#define | MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 |
|
#define | MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 |
|
#define | MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 |
|
#define | MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 |
|
#define | MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF |
| renegotiation info ext More...
|
|
#define | MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 |
| RFC 7507 section 2. More...
|
|
#define | MBEDTLS_SSL_HASH_NONE 0 |
|
#define | MBEDTLS_SSL_HASH_MD5 1 |
|
#define | MBEDTLS_SSL_HASH_SHA1 2 |
|
#define | MBEDTLS_SSL_HASH_SHA224 3 |
|
#define | MBEDTLS_SSL_HASH_SHA256 4 |
|
#define | MBEDTLS_SSL_HASH_SHA384 5 |
|
#define | MBEDTLS_SSL_HASH_SHA512 6 |
|
#define | MBEDTLS_SSL_SIG_ANON 0 |
|
#define | MBEDTLS_SSL_SIG_RSA 1 |
|
#define | MBEDTLS_SSL_SIG_ECDSA 3 |
|
#define | MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 |
|
#define | MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 |
|
#define | MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 |
|
#define | MBEDTLS_SSL_MSG_ALERT 21 |
|
#define | MBEDTLS_SSL_MSG_HANDSHAKE 22 |
|
#define | MBEDTLS_SSL_MSG_APPLICATION_DATA 23 |
|
#define | MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 |
|
#define | MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 |
|
#define | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ |
|
#define | MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ |
|
#define | MBEDTLS_SSL_HS_HELLO_REQUEST 0 |
|
#define | MBEDTLS_SSL_HS_CLIENT_HELLO 1 |
|
#define | MBEDTLS_SSL_HS_SERVER_HELLO 2 |
|
#define | MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 |
|
#define | MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 |
|
#define | MBEDTLS_SSL_HS_CERTIFICATE 11 |
|
#define | MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 |
|
#define | MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 |
|
#define | MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 |
|
#define | MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 |
|
#define | MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 |
|
#define | MBEDTLS_SSL_HS_FINISHED 20 |
|
#define | MBEDTLS_TLS_EXT_SERVERNAME 0 |
|
#define | MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 |
|
#define | MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 |
|
#define | MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 |
|
#define | MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 |
|
#define | MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 |
|
#define | MBEDTLS_TLS_EXT_SIG_ALG 13 |
|
#define | MBEDTLS_TLS_EXT_ALPN 16 |
|
#define | MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ |
|
#define | MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ |
|
#define | MBEDTLS_TLS_EXT_SESSION_TICKET 35 |
|
#define | MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ |
|
#define | MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 |
|
#define | MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ |
|
#define | MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) |
|
|
The configuration options you can set for this module are in this section.
Either change them in config.h or define them on the compiler command line.
|
#define | MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 |
| Lifetime of session tickets (if enabled) More...
|
|
#define | MBEDTLS_SSL_MAX_CONTENT_LEN 16384 |
| Size of the input / output buffer. More...
|
|
|
typedef int | mbedtls_ssl_send_t (void *ctx, const unsigned char *buf, size_t len) |
| Callback type: send data on the network. More...
|
|
typedef int | mbedtls_ssl_recv_t (void *ctx, unsigned char *buf, size_t len) |
| Callback type: receive data from the network. More...
|
|
typedef int | mbedtls_ssl_recv_timeout_t (void *ctx, unsigned char *buf, size_t len, uint32_t timeout) |
| Callback type: receive data from the network, with timeout. More...
|
|
typedef void | mbedtls_ssl_set_timer_t (void *ctx, uint32_t int_ms, uint32_t fin_ms) |
| Callback type: set a pair of timers/delays to watch. More...
|
|
typedef int | mbedtls_ssl_get_timer_t (void *ctx) |
| Callback type: get status of timers/delays. More...
|
|
typedef struct mbedtls_ssl_session | mbedtls_ssl_session |
|
typedef struct mbedtls_ssl_context | mbedtls_ssl_context |
|
typedef struct mbedtls_ssl_config | mbedtls_ssl_config |
|
typedef struct
mbedtls_ssl_transform | mbedtls_ssl_transform |
|
typedef struct
mbedtls_ssl_handshake_params | mbedtls_ssl_handshake_params |
|
typedef struct
mbedtls_ssl_sig_hash_set_t | mbedtls_ssl_sig_hash_set_t |
|
typedef struct mbedtls_ssl_key_cert | mbedtls_ssl_key_cert |
|
typedef struct
mbedtls_ssl_flight_item | mbedtls_ssl_flight_item |
|
typedef int | mbedtls_ssl_ticket_write_t (void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime) |
| Callback type: generate and write session ticket. More...
|
|
typedef int | mbedtls_ssl_export_keys_t (void *p_expkey, const unsigned char *ms, const unsigned char *kb, size_t maclen, size_t keylen, size_t ivlen) |
| Callback type: Export key block and master secret. More...
|
|
typedef int | mbedtls_ssl_ticket_parse_t (void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) |
| Callback type: parse and load session ticket. More...
|
|
typedef int | mbedtls_ssl_cookie_write_t (void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen) |
| Callback type: generate a cookie. More...
|
|
typedef int | mbedtls_ssl_cookie_check_t (void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen) |
| Callback type: verify a cookie. More...
|
|
|
const int * | mbedtls_ssl_list_ciphersuites (void) |
| Returns the list of ciphersuites supported by the SSL/TLS module. More...
|
|
const char * | mbedtls_ssl_get_ciphersuite_name (const int ciphersuite_id) |
| Return the name of the ciphersuite associated with the given ID. More...
|
|
int | mbedtls_ssl_get_ciphersuite_id (const char *ciphersuite_name) |
| Return the ID of the ciphersuite associated with the given name. More...
|
|
void | mbedtls_ssl_init (mbedtls_ssl_context *ssl) |
| Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free() More...
|
|
int | mbedtls_ssl_setup (mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf) |
| Set up an SSL context for use. More...
|
|
int | mbedtls_ssl_session_reset (mbedtls_ssl_context *ssl) |
| Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. More...
|
|
void | mbedtls_ssl_conf_endpoint (mbedtls_ssl_config *conf, int endpoint) |
| Set the current endpoint type. More...
|
|
void | mbedtls_ssl_conf_transport (mbedtls_ssl_config *conf, int transport) |
| Set the transport type (TLS or DTLS). More...
|
|
void | mbedtls_ssl_conf_authmode (mbedtls_ssl_config *conf, int authmode) |
| Set the certificate verification mode Default: NONE on server, REQUIRED on client. More...
|
|
void | mbedtls_ssl_conf_verify (mbedtls_ssl_config *conf, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy) |
| Set the verification callback (Optional). More...
|
|
void | mbedtls_ssl_conf_rng (mbedtls_ssl_config *conf, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Set the random number generator callback. More...
|
|
void | mbedtls_ssl_conf_dbg (mbedtls_ssl_config *conf, void(*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg) |
| Set the debug callback. More...
|
|
void | mbedtls_ssl_set_bio (mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout) |
| Set the underlying BIO callbacks for write, read and read-with-timeout. More...
|
|
void | mbedtls_ssl_conf_read_timeout (mbedtls_ssl_config *conf, uint32_t timeout) |
| Set the timeout period for mbedtls_ssl_read() (Default: no timeout.) More...
|
|
void | mbedtls_ssl_set_timer_cb (mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer) |
| Set the timer callbacks (Mandatory for DTLS.) More...
|
|
void | mbedtls_ssl_conf_session_tickets_cb (mbedtls_ssl_config *conf, mbedtls_ssl_ticket_write_t *f_ticket_write, mbedtls_ssl_ticket_parse_t *f_ticket_parse, void *p_ticket) |
| Configure SSL session ticket callbacks (server only). More...
|
|
void | mbedtls_ssl_conf_export_keys_cb (mbedtls_ssl_config *conf, mbedtls_ssl_export_keys_t *f_export_keys, void *p_export_keys) |
| Configure key export callback. More...
|
|
void | mbedtls_ssl_conf_dtls_cookies (mbedtls_ssl_config *conf, mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_check_t *f_cookie_check, void *p_cookie) |
| Register callbacks for DTLS cookies (Server only. More...
|
|
int | mbedtls_ssl_set_client_transport_id (mbedtls_ssl_context *ssl, const unsigned char *info, size_t ilen) |
| Set client's transport-level identification info. More...
|
|
void | mbedtls_ssl_conf_dtls_anti_replay (mbedtls_ssl_config *conf, char mode) |
| Enable or disable anti-replay protection for DTLS. More...
|
|
void | mbedtls_ssl_conf_dtls_badmac_limit (mbedtls_ssl_config *conf, unsigned limit) |
| Set a limit on the number of records with a bad MAC before terminating the connection. More...
|
|
void | mbedtls_ssl_conf_handshake_timeout (mbedtls_ssl_config *conf, uint32_t min, uint32_t max) |
| Set retransmit timeout values for the DTLS handshake. More...
|
|
void | mbedtls_ssl_conf_session_cache (mbedtls_ssl_config *conf, void *p_cache, int(*f_get_cache)(void *, mbedtls_ssl_session *), int(*f_set_cache)(void *, const mbedtls_ssl_session *)) |
| Set the session cache callbacks (server-side only) If not set, no session resuming is done (except if session tickets are enabled too). More...
|
|
int | mbedtls_ssl_set_session (mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) |
| Request resumption of session (client-side only) Session data is copied from presented session structure. More...
|
|
void | mbedtls_ssl_conf_ciphersuites (mbedtls_ssl_config *conf, const int *ciphersuites) |
| Set the list of allowed ciphersuites and the preference order. More...
|
|
void | mbedtls_ssl_conf_ciphersuites_for_version (mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor) |
| Set the list of allowed ciphersuites and the preference order for a specific version of the protocol. More...
|
|
void | mbedtls_ssl_conf_cert_profile (mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile) |
| Set the X.509 security profile used for verification. More...
|
|
void | mbedtls_ssl_conf_ca_chain (mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl) |
| Set the data required to verify peer certificate. More...
|
|
int | mbedtls_ssl_conf_own_cert (mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key) |
| Set own certificate chain and private key. More...
|
|
int | mbedtls_ssl_conf_psk (mbedtls_ssl_config *conf, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len) |
| Set the Pre Shared Key (PSK) and the expected identity name. More...
|
|
int | mbedtls_ssl_set_hs_psk (mbedtls_ssl_context *ssl, const unsigned char *psk, size_t psk_len) |
| Set the Pre Shared Key (PSK) for the current handshake. More...
|
|
void | mbedtls_ssl_conf_psk_cb (mbedtls_ssl_config *conf, int(*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_psk) |
| Set the PSK callback (server-side only). More...
|
|
int | mbedtls_ssl_conf_dh_param (mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G) |
| Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG]) More...
|
|
int | mbedtls_ssl_conf_dh_param_ctx (mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) |
| Set the Diffie-Hellman public P and G values, read from existing context (server-side only) More...
|
|
void | mbedtls_ssl_conf_dhm_min_bitlen (mbedtls_ssl_config *conf, unsigned int bitlen) |
| Set the minimum length for Diffie-Hellman parameters. More...
|
|
void | mbedtls_ssl_conf_curves (mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves) |
| Set the allowed curves in order of preference. More...
|
|
void | mbedtls_ssl_conf_sig_hashes (mbedtls_ssl_config *conf, const int *hashes) |
| Set the allowed hashes for signatures during the handshake. More...
|
|
int | mbedtls_ssl_set_hostname (mbedtls_ssl_context *ssl, const char *hostname) |
| Set the hostname to check against the received server certificate. More...
|
|
int | mbedtls_ssl_set_hs_own_cert (mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key) |
| Set own certificate and key for the current handshake. More...
|
|
void | mbedtls_ssl_set_hs_ca_chain (mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl) |
| Set the data required to verify peer certificate for the current handshake. More...
|
|
void | mbedtls_ssl_set_hs_authmode (mbedtls_ssl_context *ssl, int authmode) |
| Set authmode for the current handshake. More...
|
|
void | mbedtls_ssl_conf_sni (mbedtls_ssl_config *conf, int(*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni) |
| Set server side ServerName TLS extension callback (optional, server-side only). More...
|
|
int | mbedtls_ssl_conf_alpn_protocols (mbedtls_ssl_config *conf, const char **protos) |
| Set the supported Application Layer Protocols. More...
|
|
const char * | mbedtls_ssl_get_alpn_protocol (const mbedtls_ssl_context *ssl) |
| Get the name of the negotiated Application Layer Protocol. More...
|
|
void | mbedtls_ssl_conf_max_version (mbedtls_ssl_config *conf, int major, int minor) |
| Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) More...
|
|
void | mbedtls_ssl_conf_min_version (mbedtls_ssl_config *conf, int major, int minor) |
| Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0) More...
|
|
void | mbedtls_ssl_conf_fallback (mbedtls_ssl_config *conf, char fallback) |
| Set the fallback flag (client-side only). More...
|
|
void | mbedtls_ssl_conf_encrypt_then_mac (mbedtls_ssl_config *conf, char etm) |
| Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED) More...
|
|
void | mbedtls_ssl_conf_extended_master_secret (mbedtls_ssl_config *conf, char ems) |
| Enable or disable Extended Master Secret negotiation. More...
|
|
void | mbedtls_ssl_conf_arc4_support (mbedtls_ssl_config *conf, char arc4) |
| Disable or enable support for RC4 (Default: MBEDTLS_SSL_ARC4_DISABLED) More...
|
|
void | mbedtls_ssl_conf_cert_req_ca_list (mbedtls_ssl_config *conf, char cert_req_ca_list) |
| Whether to send a list of acceptable CAs in CertificateRequest messages. More...
|
|
int | mbedtls_ssl_conf_max_frag_len (mbedtls_ssl_config *conf, unsigned char mfl_code) |
| Set the maximum fragment length to emit and/or negotiate (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake (Client: set maximum fragment length to emit and negotiate with the server during handshake) More...
|
|
void | mbedtls_ssl_conf_truncated_hmac (mbedtls_ssl_config *conf, int truncate) |
| Activate negotiation of truncated HMAC (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED) More...
|
|
void | mbedtls_ssl_conf_cbc_record_splitting (mbedtls_ssl_config *conf, char split) |
| Enable / Disable 1/n-1 record splitting (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED) More...
|
|
void | mbedtls_ssl_conf_session_tickets (mbedtls_ssl_config *conf, int use_tickets) |
| Enable / Disable session tickets (client only). More...
|
|
void | mbedtls_ssl_conf_renegotiation (mbedtls_ssl_config *conf, int renegotiation) |
| Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) More...
|
|
void | mbedtls_ssl_conf_legacy_renegotiation (mbedtls_ssl_config *conf, int allow_legacy) |
| Prevent or allow legacy renegotiation. More...
|
|
void | mbedtls_ssl_conf_renegotiation_enforced (mbedtls_ssl_config *conf, int max_records) |
| Enforce renegotiation requests. More...
|
|
void | mbedtls_ssl_conf_renegotiation_period (mbedtls_ssl_config *conf, const unsigned char period[8]) |
| Set record counter threshold for periodic renegotiation. More...
|
|
size_t | mbedtls_ssl_get_bytes_avail (const mbedtls_ssl_context *ssl) |
| Return the number of data bytes available to read. More...
|
|
uint32_t | mbedtls_ssl_get_verify_result (const mbedtls_ssl_context *ssl) |
| Return the result of the certificate verification. More...
|
|
const char * | mbedtls_ssl_get_ciphersuite (const mbedtls_ssl_context *ssl) |
| Return the name of the current ciphersuite. More...
|
|
const char * | mbedtls_ssl_get_version (const mbedtls_ssl_context *ssl) |
| Return the current SSL version (SSLv3/TLSv1/etc) More...
|
|
int | mbedtls_ssl_get_record_expansion (const mbedtls_ssl_context *ssl) |
| Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. More...
|
|
size_t | mbedtls_ssl_get_max_frag_len (const mbedtls_ssl_context *ssl) |
| Return the maximum fragment length (payload, in bytes). More...
|
|
const mbedtls_x509_crt * | mbedtls_ssl_get_peer_cert (const mbedtls_ssl_context *ssl) |
| Return the peer certificate from the current connection. More...
|
|
int | mbedtls_ssl_get_session (const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session) |
| Save session in order to resume it later (client-side only) Session data is copied to presented session structure. More...
|
|
int | mbedtls_ssl_handshake (mbedtls_ssl_context *ssl) |
| Perform the SSL handshake. More...
|
|
int | mbedtls_ssl_handshake_step (mbedtls_ssl_context *ssl) |
| Perform a single step of the SSL handshake. More...
|
|
int | mbedtls_ssl_renegotiate (mbedtls_ssl_context *ssl) |
| Initiate an SSL renegotiation on the running connection. More...
|
|
int | mbedtls_ssl_read (mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) |
| Read at most 'len' application data bytes. More...
|
|
int | mbedtls_ssl_write (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) |
| Try to write exactly 'len' application data bytes. More...
|
|
int | mbedtls_ssl_send_alert_message (mbedtls_ssl_context *ssl, unsigned char level, unsigned char message) |
| Send an alert message. More...
|
|
int | mbedtls_ssl_close_notify (mbedtls_ssl_context *ssl) |
| Notify the peer that the connection is being closed. More...
|
|
void | mbedtls_ssl_free (mbedtls_ssl_context *ssl) |
| Free referenced items in an SSL context and clear memory. More...
|
|
void | mbedtls_ssl_config_init (mbedtls_ssl_config *conf) |
| Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). More...
|
|
int | mbedtls_ssl_config_defaults (mbedtls_ssl_config *conf, int endpoint, int transport, int preset) |
| Load reasonnable default SSL configuration values. More...
|
|
void | mbedtls_ssl_config_free (mbedtls_ssl_config *conf) |
| Free an SSL configuration context. More...
|
|
void | mbedtls_ssl_session_init (mbedtls_ssl_session *session) |
| Initialize SSL session structure. More...
|
|
void | mbedtls_ssl_session_free (mbedtls_ssl_session *session) |
| Free referenced items in an SSL session including the peer certificate and clear memory. More...
|
|
SSL/TLS functions.
Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: GPL-2.0
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
This file is part of mbed TLS (https://tls.mbed.org)
Definition in file ssl.h.