My Project
Functions
wolfSSL Context and Session Set Up

Functions

WOLFSSL_METHOD * wolfSSLv23_method (void)
 This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not determined which side yet (server/client). More...
 
WOLFSSL_METHOD * wolfSSLv3_server_method (void)
 The wolfSSLv3_server_method() function is used to indicate that the application is a server and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfSSLv3_client_method (void)
 The wolfSSLv3_client_method() function is used to indicate that the application is a client and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_server_method (void)
 The wolfTLSv1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_client_method (void)
 The wolfTLSv1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_1_server_method (void)
 The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.1 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_1_client_method (void)
 The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_2_server_method (void)
 The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_2_client_method (void)
 The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfDTLSv1_client_method (void)
 The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). More...
 
WOLFSSL_METHOD * wolfDTLSv1_server_method (void)
 The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). More...
 
WOLFSSL_METHOD * wolfDTLSv1_3_server_method (void)
 The wolfDTLSv1_3_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLSv1.3 support (–enable-dtls13, or by defining wolfSSL_DTLS13). More...
 
WOLFSSL_METHOD * wolfDTLSv1_3_client_method (void)
 The wolfDTLSv1_3_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLSv1.3 support (–enable-dtls13, or by defining wolfSSL_DTLS13). More...
 
WOLFSSL_METHOD * wolfDTLS_server_method (void)
 The wolfDTLS_server_method() function is used to indicate that the application is a server and will support the highest version of DTLS available and all the version up to the minimum version allowed. The default minimum version allowed is based on the define WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using wolfSSL_SetMinVersion(). This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). More...
 
WOLFSSL_METHOD * wolfDTLS_client_method (void)
 The wolfDTLS_client_method() function is used to indicate that the application is a client and will support the highest version of DTLS available and all the version up to the minimum version allowed. The default minimum version allowed is based on the define WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using wolfSSL_SetMinVersion(). This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS). More...
 
int wolfSSL_use_old_poly (WOLFSSL *ssl, int value)
 Since there is some differences between the first release and newer versions of chacha-poly AEAD construction we have added an option to communicate with servers/clients using the older version. By default wolfSSL uses the new version. More...
 
int wolfSSL_CTX_trust_peer_cert (WOLFSSL_CTX *ctx, const char *file, int type)
 This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the examples for proper usage. More...
 
long wolfSSL_CTX_get_verify_depth (WOLFSSL_CTX *ctx)
 This function gets the certificate chaining depth using the CTX structure. More...
 
WOLFSSL_CTX * wolfSSL_CTX_new (WOLFSSL_METHOD *)
 This function creates a new SSL context, taking a desired SSL/TLS protocol method for input. More...
 
WOLFSSL * wolfSSL_new (WOLFSSL_CTX *)
 This function creates a new SSL session, taking an already created SSL context as input. More...
 
int wolfSSL_set_fd (WOLFSSL *ssl, int fd)
 This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. More...
 
int wolfSSL_set_dtls_fd_connected (WOLFSSL *ssl, int fd)
 This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. This is a DTLS specific API because it marks that the socket is connected. recvfrom and sendto calls on this fd will have the addr and addr_len parameters set to NULL. More...
 
int wolfDTLS_SetChGoodCb (WOLFSSL *ssl, ClientHelloGoodCb cb, void *user_ctx)
 Allows setting a callback for a correctly processed and verified DTLS client hello. When using a cookie exchange mechanism (either the HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie extension in DTLS 1.3) this callback is called after the cookie exchange has succeeded. This is useful to use one WOLFSSL object as the listener for new connections and being able to isolate the WOLFSSL object once the ClientHello is verified (either through a cookie exchange or just checking if the ClientHello had the correct format). DTLS 1.2: https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1 DTLS 1.3: https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2. More...
 
void wolfSSL_set_using_nonblock (WOLFSSL *ssl, int nonblock)
 This function informs the WOLFSSL object that the underlying I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking socket, call wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out. More...
 
void wolfSSL_CTX_free (WOLFSSL_CTX *)
 This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count and only frees the context when the reference count has reached 0. More...
 
void wolfSSL_free (WOLFSSL *)
 This function frees an allocated wolfSSL object. More...
 
int wolfSSL_set_session (WOLFSSL *ssl, WOLFSSL_SESSION *session)
 This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS connection. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get1_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. The object returned by wolfSSL_get1_session() needs to be freed after the application is done with it by calling wolfSSL_SESSION_free() on it. More...
 
void wolfSSL_CTX_set_verify (WOLFSSL_CTX *ctx, int mode, VerifyCallback verify_callback)
 This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL context. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. More...
 
void wolfSSL_set_verify (WOLFSSL *ssl, int mode, VerifyCallback verify_callback)
 This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert. More...
 
long wolfSSL_CTX_set_session_cache_mode (WOLFSSL_CTX *ctx, long mode)
 This function enables or disables SSL session caching. Behavior depends on the value used for mode. The following values for mode are available: SSL_SESS_CACHE_OFF- disable session caching. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR - Disable auto-flushing of the session cache. Auto-flushing is turned on by default. More...
 
int wolfSSL_CTX_memrestore_cert_cache (WOLFSSL_CTX *ctx, const void *mem, int sz)
 This function restores the certificate cache from memory. More...
 
int wolfSSL_CTX_set_cipher_list (WOLFSSL_CTX *ctx, const char *list)
 This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the default list for any new SSL sessions (WOLFSSL) created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the specific SSL context to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) More...
 
int wolfSSL_set_cipher_list (WOLFSSL *ssl, const char *list)
 This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_set_cipher_list() resets the cipher suite list for the specific SSL session to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256". Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c) More...
 
void wolfSSL_dtls13_set_send_more_acks (WOLFSSL *ssl, int value)
 This function sets whether the library should send ACKs to the other peer immediately when detecting disruption or not. Sending ACKs immediately assures minimum latency but it may consume more bandwidth than necessary. If the application manages the timer by itself and this option is set to 0 then application code can use wolfSSL_dtls13_use_quick_timeout() to determine if it should setup a quicker timeout to send those delayed ACKs. More...
 
int wolfSSL_dtls_set_timeout_init (WOLFSSL *ssl, int)
 This function sets the dtls timeout. More...
 
WOLFSSL_SESSION * wolfSSL_get1_session (WOLFSSL *ssl)
 This function returns the WOLFSSL_SESSION from the WOLFSSL structure as a reference type. This requires calling wolfSSL_SESSION_free to release the session reference. The WOLFSSL_SESSION pointed to contains all the necessary information required to perform a session resumption and reestablish the connection without a new handshake. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get1_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. The object returned by wolfSSL_get1_session() needs to be freed after the application is done with it by calling wolfSSL_SESSION_free() on it. More...
 
WOLFSSL_METHOD * wolfSSLv23_client_method (void)
 The wolfSSLv23_client_method() function is used to indicate that the application is a client and will support the highest protocol version supported by the server between SSL 3.0 - TLS 1.3. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). Both wolfSSL clients and servers have robust version downgrade capability. If a specific protocol version method is used on either side, then only that version will be negotiated or an error will be returned. For example, a client that uses TLSv1 and tries to connect to a SSLv3 only server will fail, likewise connecting to a TLSv1.1 will fail as well. To resolve this issue, a client that uses the wolfSSLv23_client_method() function will use the highest protocol version supported by the server and downgrade to SSLv3 if needed. In this case, the client will be able to connect to a server running SSLv3 - TLSv1.3. More...
 
WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN (const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn)
 This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure. More...
 
long wolfSSL_CTX_add_extra_chain_cert (WOLFSSL_CTX *ctx, WOLFSSL_X509 *x509)
 This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure. More...
 
int wolfSSL_CTX_get_read_ahead (WOLFSSL_CTX *ctx)
 This function returns the get read ahead flag from a WOLFSSL_CTX structure. More...
 
int wolfSSL_CTX_set_read_ahead (WOLFSSL_CTX *ctx, int v)
 This function sets the read ahead flag in the WOLFSSL_CTX structure. More...
 
long wolfSSL_CTX_set_tlsext_status_arg (WOLFSSL_CTX *ctx, void *arg)
 This function sets the options argument to use with OCSP. More...
 
long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg (WOLFSSL_CTX *ctx, void *arg)
 This function sets the optional argument to be passed to the PRF callback. More...
 
long wolfSSL_set_options (WOLFSSL *s, long op)
 This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION. More...
 
long wolfSSL_get_options (const WOLFSSL *ssl)
 This function returns the current options mask. More...
 
long wolfSSL_set_tlsext_debug_arg (WOLFSSL *ssl, void *arg)
 This is used to set the debug argument passed around. More...
 
long wolfSSL_get_verify_result (const WOLFSSL *ssl)
 This is used to get the results after trying to verify the peer's certificate. More...
 
int wolfSSL_CTX_allow_anon_cipher (WOLFSSL_CTX *)
 This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilation. More...
 
WOLFSSL_METHOD * wolfSSLv23_server_method (void)
 The wolfSSLv23_server_method() function is used to indicate that the application is a server and will support clients connecting with protocol version from SSL 3.0 - TLS 1.3. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
int wolfSSL_state (WOLFSSL *ssl)
 This is used to get the internal error state of the WOLFSSL structure. More...
 
int wolfSSL_check_domain_name (WOLFSSL *ssl, const char *dn)
 wolfSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before wolfSSL_connect() or wolfSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received. More...
 
int wolfSSL_set_compression (WOLFSSL *ssl)
 Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use –with-libz for the configure system and define HAVE_LIBZ otherwise. Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks. More...
 
int wolfSSL_set_timeout (WOLFSSL *ssl, unsigned int to)
 This function sets the SSL session timeout value in seconds. More...
 
int wolfSSL_CTX_set_timeout (WOLFSSL_CTX *ctx, unsigned int to)
 This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context. More...
 
int wolfSSL_CTX_UnloadCAs (WOLFSSL_CTX *)
 This function unloads the CA signer list and frees the whole signer table. More...
 
int wolfSSL_CTX_UnloadIntermediateCerts (WOLFSSL_CTX *ctx)
 This function unloads intermediate certificates added to the CA signer list and frees them. More...
 
int wolfSSL_CTX_Unload_trust_peers (WOLFSSL_CTX *)
 This function is used to unload all previously loaded trusted peer certificates. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. More...
 
int wolfSSL_CTX_trust_peer_buffer (WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
 This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from a buffer instead of a file. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage. More...
 
int wolfSSL_CTX_set_group_messages (WOLFSSL_CTX *)
 This function turns on grouping of handshake messages where possible. More...
 
int wolfSSL_set_group_messages (WOLFSSL *)
 This function turns on grouping of handshake messages where possible. More...
 
int wolfSSL_CTX_SetMinVersion (WOLFSSL_CTX *ctx, int version)
 This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method). More...
 
int wolfSSL_SetVersion (WOLFSSL *ssl, int version)
 This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using the version as specified by version. This will override the protocol setting for the SSL session (ssl) - originally defined and set by the SSL context (wolfSSL_CTX_new()) method type. More...
 
int wolfSSL_UseALPN (WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options)
 Setup ALPN use for a wolfSSL session. More...
 
int wolfSSL_CTX_UseSessionTicket (WOLFSSL_CTX *ctx)
 This function sets wolfSSL context to use a session ticket. More...
 
int wolfSSL_check_private_key (const WOLFSSL *ssl)
 This function checks that the private key is a match with the certificate being used. More...
 
int wolfSSL_use_certificate (WOLFSSL *ssl, WOLFSSL_X509 *x509)
 his is used to set the certificate for WOLFSSL structure to use during a handshake. More...
 
int wolfSSL_use_certificate_ASN1 (WOLFSSL *ssl, unsigned char *der, int derSz)
 This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected. More...
 
int wolfSSL_SESSION_get_master_key (const WOLFSSL_SESSION *ses, unsigned char *out, int outSz)
 This is used to get the master key after completing a handshake. More...
 
int wolfSSL_SESSION_get_master_key_length (const WOLFSSL_SESSION *ses)
 This is used to get the master secret key length. More...
 
void wolfSSL_CTX_set_cert_store (WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str)
 This is a setter function for the WOLFSSL_X509_STORE structure in ctx. More...
 
WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store (WOLFSSL_CTX *ctx)
 This is a getter function for the WOLFSSL_X509_STORE structure in ctx. More...
 
size_t wolfSSL_get_server_random (const WOLFSSL *ssl, unsigned char *out, size_t outlen)
 This is used to get the random data sent by the server during the handshake. More...
 
size_t wolfSSL_get_client_random (const WOLFSSL *ssl, unsigned char *out, size_t outSz)
 This is used to get the random data sent by the client during the handshake. More...
 
wc_pem_password_cb * wolfSSL_CTX_get_default_passwd_cb (WOLFSSL_CTX *ctx)
 This is a getter function for the password callback set in ctx. More...
 
void * wolfSSL_CTX_get_default_passwd_cb_userdata (WOLFSSL_CTX *ctx)
 This is a getter function for the password callback user data set in ctx. More...
 
long wolfSSL_CTX_clear_options (WOLFSSL_CTX *ctx, long opt)
 This function resets option bits of WOLFSSL_CTX object. More...
 
int wolfSSL_set_msg_callback (WOLFSSL *ssl, SSL_Msg_Cb cb)
 This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback. More...
 
int wolfSSL_set_msg_callback_arg (WOLFSSL *ssl, void *arg)
 This function sets associated callback context value in the ssl. The value is handed over to the callback argument. More...
 
int wolfSSL_send_hrr_cookie (WOLFSSL *ssl, const unsigned char *secret, unsigned int secretSz)
 This function is called on the server side to indicate that a HelloRetryRequest message must contain a Cookie and, in case of using protocol DTLS v1.3, that the handshake will always include a cookie exchange. Please note that when using protocol DTLS v1.3, the cookie exchange is enabled by default. The Cookie holds a hash of the current transcript so that another server process can handle the ClientHello in reply. The secret is used when generating the integrity check on the Cookie data. More...
 
int wolfSSL_disable_hrr_cookie (WOLFSSL *ssl)
 This function is called on the server side to indicate that a HelloRetryRequest message must NOT contain a Cookie and that, if using protocol DTLS v1.3, a cookie exchange will not be included in the handshake. Please note that not doing a cookie exchange when using protocol DTLS v1.3 can make the server susceptible to DoS/Amplification attacks. More...
 
int wolfSSL_CTX_no_ticket_TLSv13 (WOLFSSL_CTX *ctx)
 This function is called on the server to stop it from sending a resumption session ticket once the handshake is complete. More...
 
int wolfSSL_no_ticket_TLSv13 (WOLFSSL *ssl)
 This function is called on the server to stop it from sending a resumption session ticket once the handshake is complete. More...
 
int wolfSSL_CTX_no_dhe_psk (WOLFSSL_CTX *ctx)
 This function is called on a TLS v1.3 wolfSSL context to disallow Diffie-Hellman (DH) style key exchanges when handshakes are using pre-shared keys for authentication. More...
 
int wolfSSL_no_dhe_psk (WOLFSSL *ssl)
 This function is called on a TLS v1.3 client or server wolfSSL to disallow Diffie-Hellman (DH) style key exchanges when handshakes are using pre-shared keys for authentication. More...
 
int wolfSSL_CTX_allow_post_handshake_auth (WOLFSSL_CTX *ctx)
 This function is called on a TLS v1.3 client wolfSSL context to allow a client certificate to be sent post handshake upon request from server. This is useful when connecting to a web server that has some pages that require client authentication and others that don't. More...
 
int wolfSSL_allow_post_handshake_auth (WOLFSSL *ssl)
 This function is called on a TLS v1.3 client wolfSSL to allow a client certificate to be sent post handshake upon request from server. A Post-Handshake Client Authentication extension is sent in the ClientHello. This is useful when connecting to a web server that has some pages that require client authentication and others that don't. More...
 
int wolfSSL_CTX_set1_groups_list (WOLFSSL_CTX *ctx, char *list)
 This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of preference. The list is a null-terminated text string, and a colon-delimited list. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections. More...
 
int wolfSSL_set1_groups_list (WOLFSSL *ssl, char *list)
 This function sets the list of elliptic curve groups to allow on a wolfSSL in order of preference. The list is a null-terminated text string, and a colon-delimited list. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections. More...
 
int wolfSSL_CTX_set_groups (WOLFSSL_CTX *ctx, int *groups, int count)
 This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of preference. The list is an array of group identifiers with the number of identifiers specified in count. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections. More...
 
int wolfSSL_set_groups (WOLFSSL *ssl, int *groups, int count)
 This function sets the list of elliptic curve groups to allow on a wolfSSL. The list is an array of group identifiers with the number of identifiers specified in count. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections. More...
 
int wolfSSL_CTX_set_max_early_data (WOLFSSL_CTX *ctx, unsigned int sz)
 This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to exchange using the wolfSSL context. Call this function to limit the amount of early data to process to mitigate replay attacks. Early data is protected by keys derived from those of the connection that the session ticket was sent and therefore will be the same every time a session ticket is used in resumption. The value is included in the session ticket for resumption. A server value of zero indicates no early data is to be sent by client using session tickets. A client value of zero indicates that the client will not send any early data. It is recommended that the number of early data bytes be kept as low as practically possible in the application. More...
 
int wolfSSL_set_max_early_data (WOLFSSL *ssl, unsigned int sz)
 This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to exchange. Call this function to limit the amount of early data to process to mitigate replay attacks. Early data is protected by keys derived from those of the connection that the session ticket was sent and therefore will be the same every time a session ticket is used in resumption. The value is included in the session ticket for resumption. A server value of zero indicates no early data is to be sent by client using session tickets. A client value of zero indicates that the client will not send any early data. It is recommended that the number of early data bytes be kept as low as practically possible in the application. More...
 
void wolfSSL_CTX_set_psk_client_tls13_callback (WOLFSSL_CTX *ctx, wc_psk_client_tls13_callback cb)
 This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the WOLFSSL_CTX structure. More...
 
void wolfSSL_set_psk_client_tls13_callback (WOLFSSL *ssl, wc_psk_client_tls13_callback cb)
 This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the options field in WOLFSSL structure. More...
 
void wolfSSL_CTX_set_psk_server_tls13_callback (WOLFSSL_CTX *ctx, wc_psk_server_tls13_callback cb)
 This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the WOLFSSL_CTX structure. More...
 
void wolfSSL_set_psk_server_tls13_callback (WOLFSSL *ssl, wc_psk_server_tls13_callback cb)
 This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the options field in WOLFSSL structure. More...
 
int wolfSSL_UseKeyShare (WOLFSSL *ssl, word16 group)
 This function creates a key share entry from the group including generating a key pair. The KeyShare extension contains all the generated public keys for key exchange. If this function is called, then only the groups specified will be included. Call this function when a preferred group has been previously established for the server. More...
 
int wolfSSL_NoKeyShares (WOLFSSL *ssl)
 This function is called to ensure no key shares are sent in the ClientHello. This will force the server to respond with a HelloRetryRequest if a key exchange is required in the handshake. Call this function when the expected key exchange group is not known and to avoid the generation of keys unnecessarily. Note that an extra round-trip will be required to complete the handshake when a key exchange is required. More...
 
WOLFSSL_METHOD * wolfTLSv1_3_server_method_ex (void *heap)
 This function is used to indicate that the application is a server and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_3_client_method_ex (void *heap)
 This function is used to indicate that the application is a client and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_3_server_method (void)
 This function is used to indicate that the application is a server and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_3_client_method (void)
 This function is used to indicate that the application is a client and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). More...
 
WOLFSSL_METHOD * wolfTLSv1_3_method_ex (void *heap)
 This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not determined which side yet (server/client). More...
 
WOLFSSL_METHOD * wolfTLSv1_3_method (void)
 This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not determined which side yet (server/client). More...
 
int wolfSSL_CTX_set_client_cert_type (WOLFSSL_CTX *ctx, const char *buf, int len)
 In case this function is called in a client side, set certificate types that can be sent to its peer. In case called in a server side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set. More...
 
int wolfSSL_CTX_set_server_cert_type (WOLFSSL_CTX *ctx, const char *buf, int len)
 In case this function is called in a server side, set certificate types that can be sent to its peer. In case called in a client side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set. More...
 
int wolfSSL_set_client_cert_type (WOLFSSL *ssl, const char *buf, int len)
 In case this function is called in a client side, set certificate types that can be sent to its peer. In case called in a server side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set. More...
 
int wolfSSL_set_server_cert_type (WOLFSSL *ssl, const char *buf, int len)
 In case this function is called in a server side, set certificate types that can be sent to its peer. In case called in a client side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set. More...
 
void * wolfSSL_GetCookieCtx (WOLFSSL *ssl)
 This function returns the IOCB_CookieCtx member of the WOLFSSL structure. More...
 
int wolfSSL_SetIO_ISOTP (WOLFSSL *ssl, isotp_wolfssl_ctx *ctx, can_recv_fn recv_fn, can_send_fn send_fn, can_delay_fn delay_fn, word32 receive_delay, char *receive_buffer, int receive_buffer_size, void *arg)
 This function sets up the ISO-TP context if wolfSSL, for use when wolfSSL is compiled with WOLFSSL_ISOTP. More...
 

Detailed Description

Function Documentation

◆ wolfDTLS_client_method()

WOLFSSL_METHOD* wolfDTLS_client_method ( void  )

The wolfDTLS_client_method() function is used to indicate that the application is a client and will support the highest version of DTLS available and all the version up to the minimum version allowed. The default minimum version allowed is based on the define WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using wolfSSL_SetMinVersion(). This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLS_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLS_client_method
WOLFSSL_METHOD * wolfDTLS_client_method(void)
The wolfDTLS_client_method() function is used to indicate that the application is a client and will s...
wolfSSL_CTX_new
WOLFSSL_CTX * wolfSSL_CTX_new(WOLFSSL_METHOD *)
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input.
See also
wolfDTLS_server_method
wolfSSL_SetMinVersion

◆ wolfDTLS_server_method()

WOLFSSL_METHOD* wolfDTLS_server_method ( void  )

The wolfDTLS_server_method() function is used to indicate that the application is a server and will support the highest version of DTLS available and all the version up to the minimum version allowed. The default minimum version allowed is based on the define WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using wolfSSL_SetMinVersion(). This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLS_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLS_server_method
WOLFSSL_METHOD * wolfDTLS_server_method(void)
The wolfDTLS_server_method() function is used to indicate that the application is a server and will s...
See also
wolfDTLS_client_method
wolfSSL_SetMinVersion

◆ wolfDTLS_SetChGoodCb()

int wolfDTLS_SetChGoodCb ( WOLFSSL *  ssl,
ClientHelloGoodCb  cb,
void *  user_ctx 
)

Allows setting a callback for a correctly processed and verified DTLS client hello. When using a cookie exchange mechanism (either the HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie extension in DTLS 1.3) this callback is called after the cookie exchange has succeeded. This is useful to use one WOLFSSL object as the listener for new connections and being able to isolate the WOLFSSL object once the ClientHello is verified (either through a cookie exchange or just checking if the ClientHello had the correct format). DTLS 1.2: https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1 DTLS 1.3: https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2.

Returns
SSL_SUCCESS upon success.
BAD_FUNC_ARG upon failure.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
fdfile descriptor to use with SSL/TLS connection.

Example

// Called when we have verified a connection
static int chGoodCb(WOLFSSL* ssl, void* arg)
{
// setup peer and file descriptors
}
if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) {
// error setting callback
}
wolfDTLS_SetChGoodCb
int wolfDTLS_SetChGoodCb(WOLFSSL *ssl, ClientHelloGoodCb cb, void *user_ctx)
Allows setting a callback for a correctly processed and verified DTLS client hello....
See also
wolfSSL_set_dtls_fd_connected

◆ wolfDTLSv1_3_client_method()

WOLFSSL_METHOD* wolfDTLSv1_3_client_method ( void  )

The wolfDTLSv1_3_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLSv1.3 support (–enable-dtls13, or by defining wolfSSL_DTLS13).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLSv1_3_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLSv1_3_client_method
WOLFSSL_METHOD * wolfDTLSv1_3_client_method(void)
The wolfDTLSv1_3_client_method() function is used to indicate that the application is a client and wi...
See also
wolfDTLSv1_3_server_method

◆ wolfDTLSv1_3_server_method()

WOLFSSL_METHOD* wolfDTLSv1_3_server_method ( void  )

The wolfDTLSv1_3_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLSv1.3 support (–enable-dtls13, or by defining wolfSSL_DTLS13).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLSv1_3_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLSv1_3_server_method
WOLFSSL_METHOD * wolfDTLSv1_3_server_method(void)
The wolfDTLSv1_3_server_method() function is used to indicate that the application is a server and wi...
See also
wolfDTLSv1_3_client_method

◆ wolfDTLSv1_client_method()

WOLFSSL_METHOD* wolfDTLSv1_client_method ( void  )

The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLSv1_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLSv1_client_method
WOLFSSL_METHOD * wolfDTLSv1_client_method(void)
The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will...
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfDTLSv1_server_method()

WOLFSSL_METHOD* wolfDTLSv1_server_method ( void  )

The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will only support the DTLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). This function is only available when wolfSSL has been compiled with DTLS support (–enable-dtls, or by defining wolfSSL_DTLS).

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfDTLSv1_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfDTLSv1_server_method
WOLFSSL_METHOD * wolfDTLSv1_server_method(void)
The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will...
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfSSL_allow_post_handshake_auth()

int wolfSSL_allow_post_handshake_auth ( WOLFSSL *  ssl)

This function is called on a TLS v1.3 client wolfSSL to allow a client certificate to be sent post handshake upon request from server. A Post-Handshake Client Authentication extension is sent in the ClientHello. This is useful when connecting to a web server that has some pages that require client authentication and others that don't.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
SIDE_ERROR if called with a server.
0 if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_allow_post_handshake_auth(ssl);
if (ret != 0) {
// failed to allow post handshake authentication
}
wolfSSL_allow_post_handshake_auth
int wolfSSL_allow_post_handshake_auth(WOLFSSL *ssl)
This function is called on a TLS v1.3 client wolfSSL to allow a client certificate to be sent post ha...
See also
wolfSSL_CTX_allow_post_handshake_auth
wolfSSL_request_certificate

◆ wolfSSL_ASN1_INTEGER_to_BN()

WOLFSSL_BIGNUM* wolfSSL_ASN1_INTEGER_to_BN ( const WOLFSSL_ASN1_INTEGER *  ai,
WOLFSSL_BIGNUM *  bn 
)

This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.

Returns
pointer On successfully copying the WOLFSSL_ASN1_INTEGER value a WOLFSSL_BIGNUM pointer is returned.
Null upon failure.
Parameters
aiWOLFSSL_ASN1_INTEGER structure to copy from.
bnif wanting to copy into an already existing WOLFSSL_BIGNUM struct then pass in a pointer to it. Optionally this can be NULL and a new WOLFSSL_BIGNUM structure will be created.

Example

WOLFSSL_ASN1_INTEGER* ai;
WOLFSSL_BIGNUM* bn;
// create ai
bn = wolfSSL_ASN1_INTEGER_to_BN(ai, NULL);
// or if having already created bn and wanting to reuse structure
// wolfSSL_ASN1_INTEGER_to_BN(ai, bn);
// check bn is or return value is not NULL
wolfSSL_ASN1_INTEGER_to_BN
WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn)
This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.
See also
none

◆ wolfSSL_check_domain_name()

int wolfSSL_check_domain_name ( WOLFSSL *  ssl,
const char *  dn 
)

wolfSSL by default checks the peer certificate for a valid date range and a verified signature. Calling this function before wolfSSL_connect() or wolfSSL_accept() will add a domain name check to the list of checks to perform. dn holds the domain name to check against the peer certificate when it’s received.

Returns
SSL_SUCCESS upon success.
SSL_FAILURE will be returned if a memory error was encountered.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
dndomain name to check against the peer certificate when received.

Example

int ret = 0;
WOLFSSL* ssl;
char* domain = (char*) “www.yassl.com”;
...
ret = wolfSSL_check_domain_name(ssl, domain);
if (ret != SSL_SUCCESS) {
// failed to enable domain name check
}
wolfSSL_check_domain_name
int wolfSSL_check_domain_name(WOLFSSL *ssl, const char *dn)
wolfSSL by default checks the peer certificate for a valid date range and a verified signature....
See also
none

◆ wolfSSL_check_private_key()

int wolfSSL_check_private_key ( const WOLFSSL *  ssl)

This function checks that the private key is a match with the certificate being used.

Returns
SSL_SUCCESS On successfully match.
SSL_FAILURE If an error case was encountered.
<0 All error cases other than SSL_FAILURE are negative values.
Parameters
sslWOLFSSL structure to check.

Example

WOLFSSL* ssl;
int ret;
// create and set up ssl
ret = wolfSSL_check_private_key(ssl);
// check ret value
wolfSSL_check_private_key
int wolfSSL_check_private_key(const WOLFSSL *ssl)
This function checks that the private key is a match with the certificate being used.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_CTX_add_extra_chain_cert()

long wolfSSL_CTX_add_extra_chain_cert ( WOLFSSL_CTX *  ctx,
WOLFSSL_X509 *  x509 
)

This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure.

Returns
SSL_SUCCESS after successfully adding the certificate.
SSL_FAILURE if failing to add the certificate to the chain.
Parameters
ctxWOLFSSL_CTX structure to add certificate to.
x509certificate to add to the chain.

Example

WOLFSSL_CTX* ctx;
WOLFSSL_X509* x509;
int ret;
// create ctx
ret = wolfSSL_CTX_add_extra_chain_cert(ctx, x509);
// check ret value
wolfSSL_CTX_add_extra_chain_cert
long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x509)
This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_allow_anon_cipher()

int wolfSSL_CTX_allow_anon_cipher ( WOLFSSL_CTX *  )

This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilation.

Returns
SSL_SUCCESS returned if the function executed successfully and the haveAnnon member of the CTX is set to 1.
SSL_FAILURE returned if the CTX structure was NULL.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().

Example

WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
WOLFSSL* ssl = wolfSSL_new(ctx);
...
#ifdef HAVE_ANON
if(cipherList == NULL){
wolfSSL_CTX_allow_anon_cipher(ctx);
if(wolfSSL_CTX_set_cipher_list(ctx, “ADH_AES128_SHA”) != SSL_SUCCESS){
// failure case
}
}
#endif
wolfSSL_CTX_allow_anon_cipher
int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX *)
This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilat...
wolfSSL_new
WOLFSSL * wolfSSL_new(WOLFSSL_CTX *)
This function creates a new SSL session, taking an already created SSL context as input.
wolfSSL_CTX_set_cipher_list
int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX *ctx, const char *list)
This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the defa...
See also
none

◆ wolfSSL_CTX_allow_post_handshake_auth()

int wolfSSL_CTX_allow_post_handshake_auth ( WOLFSSL_CTX *  ctx)

This function is called on a TLS v1.3 client wolfSSL context to allow a client certificate to be sent post handshake upon request from server. This is useful when connecting to a web server that has some pages that require client authentication and others that don't.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
Returns
BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
SIDE_ERROR if called with a server.
0 if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_allow_post_handshake_auth(ctx);
if (ret != 0) {
// failed to allow post handshake authentication
}
See also
wolfSSL_allow_post_handshake_auth
wolfSSL_request_certificate

◆ wolfSSL_CTX_clear_options()

long wolfSSL_CTX_clear_options ( WOLFSSL_CTX *  ctx,
long  opt 
)

This function resets option bits of WOLFSSL_CTX object.

Returns
option new option bits
Parameters
ctxpointer to the SSL context.

Example

WOLFSSL_CTX* ctx = 0;
...
wolfSSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1);
See also
wolfSSL_CTX_new
wolfSSL_new
wolfSSL_free

◆ wolfSSL_CTX_free()

void wolfSSL_CTX_free ( WOLFSSL_CTX *  )

This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count and only frees the context when the reference count has reached 0.

Returns
none No return.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().

Example

WOLFSSL_CTX* ctx = 0;
...
wolfSSL_CTX_free(ctx);
See also
wolfSSL_CTX_new
wolfSSL_new
wolfSSL_free

◆ wolfSSL_CTX_get_cert_store()

WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store ( WOLFSSL_CTX *  ctx)

This is a getter function for the WOLFSSL_X509_STORE structure in ctx.

Returns
WOLFSSL_X509_STORE* On successfully getting the pointer.
NULL Returned if NULL arguments are passed in.
Parameters
ctxpointer to the WOLFSSL_CTX structure for getting cert store pointer.

Example

WOLFSSL_CTX ctx;
WOLFSSL_X509_STORE* st;
// setup ctx
st = wolfSSL_CTX_get_cert_store(ctx);
//use st
wolfSSL_CTX_get_cert_store
WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store(WOLFSSL_CTX *ctx)
This is a getter function for the WOLFSSL_X509_STORE structure in ctx.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free
wolfSSL_CTX_set_cert_store

◆ wolfSSL_CTX_get_default_passwd_cb()

wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb ( WOLFSSL_CTX *  ctx)

This is a getter function for the password callback set in ctx.

Returns
func On success returns the callback function.
NULL If ctx is NULL then NULL is returned.
Parameters
ctxWOLFSSL_CTX structure to get call back from.

Example

WOLFSSL_CTX* ctx;
wc_pem_password_cb cb;
// setup ctx
cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
//use cb
wolfSSL_CTX_get_default_passwd_cb
wc_pem_password_cb * wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx)
This is a getter function for the password callback set in ctx.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_get_default_passwd_cb_userdata()

void* wolfSSL_CTX_get_default_passwd_cb_userdata ( WOLFSSL_CTX *  ctx)

This is a getter function for the password callback user data set in ctx.

Returns
pointer On success returns the user data pointer.
NULL If ctx is NULL then NULL is returned.
Parameters
ctxWOLFSSL_CTX structure to get user data from.

Example

WOLFSSL_CTX* ctx;
void* data;
// setup ctx
data = wolfSSL_CTX_get_default_passwd_cb(ctx);
//use data
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_get_read_ahead()

int wolfSSL_CTX_get_read_ahead ( WOLFSSL_CTX *  ctx)

This function returns the get read ahead flag from a WOLFSSL_CTX structure.

Returns
flag On success returns the read ahead flag.
SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
Parameters
ctxWOLFSSL_CTX structure to get read ahead flag from.

Example

WOLFSSL_CTX* ctx;
int flag;
// setup ctx
flag = wolfSSL_CTX_get_read_ahead(ctx);
//check flag
wolfSSL_CTX_get_read_ahead
int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX *ctx)
This function returns the get read ahead flag from a WOLFSSL_CTX structure.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free
wolfSSL_CTX_set_read_ahead

◆ wolfSSL_CTX_get_verify_depth()

long wolfSSL_CTX_get_verify_depth ( WOLFSSL_CTX *  ctx)

This function gets the certificate chaining depth using the CTX structure.

Returns
MAX_CHAIN_DEPTH returned if the CTX struct is not NULL. The constant representation of the max certificate chain peer depth.
BAD_FUNC_ARG returned if the CTX structure is NULL.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().

Example

WOLFSSL_METHOD method; // protocol method
WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
long ret = wolfSSL_CTX_get_verify_depth(ctx);
if(ret == EXPECTED){
// You have the expected value
} else {
// Handle an unexpected depth
}
wolfSSL_CTX_get_verify_depth
long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX *ctx)
This function gets the certificate chaining depth using the CTX structure.
See also
wolfSSL_CTX_use_certificate_chain_file
wolfSSL_get_verify_depth

◆ wolfSSL_CTX_memrestore_cert_cache()

int wolfSSL_CTX_memrestore_cert_cache ( WOLFSSL_CTX *  ctx,
const void *  mem,
int  sz 
)

This function restores the certificate cache from memory.

Returns
SSL_SUCCESS returned if the function and subroutines executed without an error.
BAD_FUNC_ARG returned if the ctx or mem parameters are NULL or if the sz parameter is less than or equal to zero.
BUFFER_E returned if the cert cache memory buffer is too small.
CACHE_MATCH_ERROR returned if there was a cert cache header mismatch.
BAD_MUTEX_E returned if the lock mutex on failed.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
mema void pointer with a value that will be restored to the certificate cache.
szan int type that represents the size of the mem parameter.

Example

WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
WOLFSSL* ssl = WOLFSSL_new(ctx);
void* mem;
int sz = (*int) sizeof(mem);
if(wolfSSL_CTX_memrestore_cert_cache(ssl->ctx, mem, sz)){
// The success case
}
wolfSSL_CTX_memrestore_cert_cache
int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX *ctx, const void *mem, int sz)
This function restores the certificate cache from memory.
See also
CM_MemRestoreCertCache

◆ wolfSSL_CTX_new()

WOLFSSL_CTX* wolfSSL_CTX_new ( WOLFSSL_METHOD *  )

This function creates a new SSL context, taking a desired SSL/TLS protocol method for input.

Returns
pointer If successful the call will return a pointer to the newly-created WOLFSSL_CTX.
NULL upon failure.
Parameters
methodpointer to the desired WOLFSSL_METHOD to use for the SSL context. This is created using one of the wolfSSLvXX_XXXX_method() functions to specify SSL/TLS/DTLS protocol level.

Example

WOLFSSL_CTX* ctx = 0;
WOLFSSL_METHOD* method = 0;
method = wolfSSLv3_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
// context creation failed
}
wolfSSLv3_client_method
WOLFSSL_METHOD * wolfSSLv3_client_method(void)
The wolfSSLv3_client_method() function is used to indicate that the application is a client and will ...
See also
wolfSSL_new

◆ wolfSSL_CTX_no_dhe_psk()

int wolfSSL_CTX_no_dhe_psk ( WOLFSSL_CTX *  ctx)

This function is called on a TLS v1.3 wolfSSL context to disallow Diffie-Hellman (DH) style key exchanges when handshakes are using pre-shared keys for authentication.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
Returns
BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
0 if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_no_dhe_psk(ctx);
if (ret != 0) {
// failed to set no DHE for PSK handshakes
}
wolfSSL_CTX_no_dhe_psk
int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX *ctx)
This function is called on a TLS v1.3 wolfSSL context to disallow Diffie-Hellman (DH) style key excha...
See also
wolfSSL_no_dhe_psk

◆ wolfSSL_CTX_no_ticket_TLSv13()

int wolfSSL_CTX_no_ticket_TLSv13 ( WOLFSSL_CTX *  ctx)

This function is called on the server to stop it from sending a resumption session ticket once the handshake is complete.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
Returns
BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
SIDE_ERROR if called with a client.
0 if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_no_ticket_TLSv13(ctx);
if (ret != 0) {
// failed to set no ticket
}
wolfSSL_CTX_no_ticket_TLSv13
int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX *ctx)
This function is called on the server to stop it from sending a resumption session ticket once the ha...
See also
wolfSSL_no_ticket_TLSv13

◆ wolfSSL_CTX_set1_groups_list()

int wolfSSL_CTX_set1_groups_list ( WOLFSSL_CTX *  ctx,
char *  list 
)

This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of preference. The list is a null-terminated text string, and a colon-delimited list. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
[in]lista string that is a colon-delimited list of elliptic curve groups.
Returns
WOLFSSL_FAILURE if pointer parameters are NULL, there are more than WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not using TLS v1.3.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
const char* list = "P-384:P-256";
...
ret = wolfSSL_CTX_set1_groups_list(ctx, list);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
wolfSSL_CTX_set1_groups_list
int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of prefer...
See also
wolfSSL_set1_groups_list
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_UseKeyShare
wolfSSL_preferred_group

◆ wolfSSL_CTX_set_cert_store()

void wolfSSL_CTX_set_cert_store ( WOLFSSL_CTX *  ctx,
WOLFSSL_X509_STORE *  str 
)

This is a setter function for the WOLFSSL_X509_STORE structure in ctx.

Returns
none No return.
Parameters
ctxpointer to the WOLFSSL_CTX structure for setting cert store pointer.
strpointer to the WOLFSSL_X509_STORE to set in ctx.

Example

WOLFSSL_CTX ctx;
WOLFSSL_X509_STORE* st;
// setup ctx and st
st = wolfSSL_CTX_set_cert_store(ctx, st);
//use st
wolfSSL_CTX_set_cert_store
void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str)
This is a setter function for the WOLFSSL_X509_STORE structure in ctx.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_set_cipher_list()

int wolfSSL_CTX_set_cipher_list ( WOLFSSL_CTX *  ctx,
const char *  list 
)

This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the default list for any new SSL sessions (WOLFSSL) created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the specific SSL context to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c)

Returns
SSL_SUCCESS will be returned upon successful function completion.
SSL_FAILURE will be returned on failure.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
listnull-terminated text string and a colon-delimited list of cipher suites to use with the specified SSL context.

Example

WOLFSSL_CTX* ctx = 0;
...
ret = wolfSSL_CTX_set_cipher_list(ctx,
“DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
if (ret != SSL_SUCCESS) {
// failed to set cipher suite list
}
See also
wolfSSL_set_cipher_list
wolfSSL_CTX_new

◆ wolfSSL_CTX_set_client_cert_type()

int wolfSSL_CTX_set_client_cert_type ( WOLFSSL_CTX *  ctx,
const char *  buf,
int  len 
)

In case this function is called in a client side, set certificate types that can be sent to its peer. In case called in a server side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.

Returns
WOLFSSL_SUCCESS if cert types set successfully
BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or a duplicate value is found in buf.
Parameters
ctxWOLFSSL_CTX object pointer
bufA buffer where certificate types are stored
lenbuf size in bytes (same as number of certificate types included) Example
int ret;
WOLFSSL_CTX* ctx;
char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
int len = sizeof(buf)/sizeof(char);
...
ret = wolfSSL_CTX_set_client_cert_type(ctx, buf, len);
wolfSSL_CTX_set_client_cert_type
int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX *ctx, const char *buf, int len)
In case this function is called in a client side, set certificate types that can be sent to its peer....
See also
wolfSSL_set_client_cert_type
wolfSSL_CTX_set_server_cert_type
wolfSSL_set_server_cert_type
wolfSSL_get_negotiated_client_cert_type
wolfSSL_get_negotiated_server_cert_type

◆ wolfSSL_CTX_set_group_messages()

int wolfSSL_CTX_set_group_messages ( WOLFSSL_CTX *  )

This function turns on grouping of handshake messages where possible.

Returns
SSL_SUCCESS will be returned upon success.
BAD_FUNC_ARG will be returned if the input context is null.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().

Example

WOLFSSL_CTX* ctx = 0;
...
ret = wolfSSL_CTX_set_group_messages(ctx);
if (ret != SSL_SUCCESS) {
// failed to set handshake message grouping
}
wolfSSL_CTX_set_group_messages
int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX *)
This function turns on grouping of handshake messages where possible.
See also
wolfSSL_set_group_messages
wolfSSL_CTX_new

◆ wolfSSL_CTX_set_groups()

int wolfSSL_CTX_set_groups ( WOLFSSL_CTX *  ctx,
int *  groups,
int  count 
)

This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of preference. The list is an array of group identifiers with the number of identifiers specified in count. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
[in]groupsa list of key exchange groups by identifier.
[in]countthe number of key exchange groups in groups.
Returns
BAD_FUNC_ARG if a pointer parameter is null, the number of groups exceeds WOLFSSL_MAX_GROUP_COUNT or not using TLS v1.3.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
int count = 2;
...
ret = wolfSSL_CTX_set1_groups_list(ctx, groups, count);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
See also
wolfSSL_set_groups
wolfSSL_UseKeyShare
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_CTX_set1_groups_list
wolfSSL_set1_groups_list
wolfSSL_preferred_group

◆ wolfSSL_CTX_set_max_early_data()

int wolfSSL_CTX_set_max_early_data ( WOLFSSL_CTX *  ctx,
unsigned int  sz 
)

This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to exchange using the wolfSSL context. Call this function to limit the amount of early data to process to mitigate replay attacks. Early data is protected by keys derived from those of the connection that the session ticket was sent and therefore will be the same every time a session ticket is used in resumption. The value is included in the session ticket for resumption. A server value of zero indicates no early data is to be sent by client using session tickets. A client value of zero indicates that the client will not send any early data. It is recommended that the number of early data bytes be kept as low as practically possible in the application.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
[in]szthe amount of early data to accept in bytes.
Returns
BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
0 if successful.

Example

int ret;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_set_max_early_data(ctx, 128);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
wolfSSL_CTX_set_max_early_data
int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX *ctx, unsigned int sz)
This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to ex...
See also
wolfSSL_set_max_early_data
wolfSSL_write_early_data
wolfSSL_read_early_data

◆ wolfSSL_CTX_set_psk_client_tls13_callback()

void wolfSSL_CTX_set_psk_client_tls13_callback ( WOLFSSL_CTX *  ctx,
wc_psk_client_tls13_callback  cb 
)

This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the WOLFSSL_CTX structure.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
[in]cba Pre-Shared Key (PSK) callback for a TLS 1.3 client.

Example

WOLFSSL_CTX* ctx;
...
wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
See also
wolfSSL_set_psk_client_tls13_callback
wolfSSL_CTX_set_psk_server_tls13_callback
wolfSSL_set_psk_server_tls13_callback

◆ wolfSSL_CTX_set_psk_server_tls13_callback()

void wolfSSL_CTX_set_psk_server_tls13_callback ( WOLFSSL_CTX *  ctx,
wc_psk_server_tls13_callback  cb 
)

This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the WOLFSSL_CTX structure.

Parameters
[in,out]ctxa pointer to a WOLFSSL_CTX structure, created with wolfSSL_CTX_new().
[in]cba Pre-Shared Key (PSK) callback for a TLS 1.3 server.

Example

WOLFSSL_CTX* ctx;
...
wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_client_tls13_cb);
See also
wolfSSL_CTX_set_psk_client_tls13_callback
wolfSSL_set_psk_client_tls13_callback
wolfSSL_set_psk_server_tls13_callback

◆ wolfSSL_CTX_set_read_ahead()

int wolfSSL_CTX_set_read_ahead ( WOLFSSL_CTX *  ctx,
int  v 
)

This function sets the read ahead flag in the WOLFSSL_CTX structure.

Returns
SSL_SUCCESS If ctx read ahead flag set.
SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
Parameters
ctxWOLFSSL_CTX structure to set read ahead flag.
vread ahead flag

Example

WOLFSSL_CTX* ctx;
int flag;
int ret;
// setup ctx
ret = wolfSSL_CTX_set_read_ahead(ctx, flag);
// check return value
wolfSSL_CTX_set_read_ahead
int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX *ctx, int v)
This function sets the read ahead flag in the WOLFSSL_CTX structure.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free
wolfSSL_CTX_get_read_ahead

◆ wolfSSL_CTX_set_server_cert_type()

int wolfSSL_CTX_set_server_cert_type ( WOLFSSL_CTX *  ctx,
const char *  buf,
int  len 
)

In case this function is called in a server side, set certificate types that can be sent to its peer. In case called in a client side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.

Returns
WOLFSSL_SUCCESS if cert types set successfully
BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or a duplicate value is found in buf.
Parameters
ctxWOLFSSL_CTX object pointer
bufA buffer where certificate types are stored
lenbuf size in bytes (same as number of certificate types included) Example
int ret;
WOLFSSL_CTX* ctx;
char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
int len = sizeof(buf)/sizeof(char);
...
ret = wolfSSL_CTX_set_server_cert_type(ctx, buf, len);
wolfSSL_CTX_set_server_cert_type
int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX *ctx, const char *buf, int len)
In case this function is called in a server side, set certificate types that can be sent to its peer....
See also
wolfSSL_set_client_cert_type
wolfSSL_CTX_set_client_cert_type
wolfSSL_set_server_cert_type
wolfSSL_get_negotiated_client_cert_type
wolfSSL_get_negotiated_server_cert_type

◆ wolfSSL_CTX_set_session_cache_mode()

long wolfSSL_CTX_set_session_cache_mode ( WOLFSSL_CTX *  ctx,
long  mode 
)

This function enables or disables SSL session caching. Behavior depends on the value used for mode. The following values for mode are available: SSL_SESS_CACHE_OFF- disable session caching. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR - Disable auto-flushing of the session cache. Auto-flushing is turned on by default.

Returns
SSL_SUCCESS will be returned upon success.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
modemodifier used to change behavior of the session cache.

Example

WOLFSSL_CTX* ctx = 0;
...
ret = wolfSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
if (ret != SSL_SUCCESS) {
// failed to turn SSL session caching off
}
wolfSSL_CTX_set_session_cache_mode
long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX *ctx, long mode)
This function enables or disables SSL session caching. Behavior depends on the value used for mode....
See also
wolfSSL_flush_sessions
wolfSSL_get1_session
wolfSSL_set_session
wolfSSL_get_sessionID
wolfSSL_CTX_set_timeout

◆ wolfSSL_CTX_set_timeout()

int wolfSSL_CTX_set_timeout ( WOLFSSL_CTX *  ctx,
unsigned int  to 
)

This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context.

Returns
the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
defined on success. If not defined, SSL_SUCCESS will be returned.
BAD_FUNC_ARG will be returned when the input context (ctx) is null.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
tosession timeout value in seconds.

Example

WOLFSSL_CTX* ctx = 0;
...
ret = wolfSSL_CTX_set_timeout(ctx, 500);
if (ret != SSL_SUCCESS) {
// failed to set session timeout value
}
wolfSSL_CTX_set_timeout
int wolfSSL_CTX_set_timeout(WOLFSSL_CTX *ctx, unsigned int to)
This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context.
See also
wolfSSL_flush_sessions
wolfSSL_get1_session
wolfSSL_set_session
wolfSSL_get_sessionID
wolfSSL_CTX_set_session_cache_mode

◆ wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg()

long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg ( WOLFSSL_CTX *  ctx,
void *  arg 
)

This function sets the optional argument to be passed to the PRF callback.

Returns
SSL_FAILURE If ctx is NULL.
SSL_SUCCESS If successfully set.
Parameters
ctxWOLFSSL_CTX structure to set user argument.
arguser argument.

Example

WOLFSSL_CTX* ctx;
void* data;
int ret;
// setup ctx
ret = wolfSSL_CTX_set_tlsext_opaques_prf_input_callback_arg(ctx, data);
//check ret value
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_set_tlsext_status_arg()

long wolfSSL_CTX_set_tlsext_status_arg ( WOLFSSL_CTX *  ctx,
void *  arg 
)

This function sets the options argument to use with OCSP.

Returns
SSL_FAILURE If ctx or it’s cert manager is NULL.
SSL_SUCCESS If successfully set.
Parameters
ctxWOLFSSL_CTX structure to set user argument.
arguser argument.

Example

WOLFSSL_CTX* ctx;
void* data;
int ret;
// setup ctx
ret = wolfSSL_CTX_set_tlsext_status_arg(ctx, data);
//check ret value
wolfSSL_CTX_set_tlsext_status_arg
long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg)
This function sets the options argument to use with OCSP.
See also
wolfSSL_CTX_new
wolfSSL_CTX_free

◆ wolfSSL_CTX_set_verify()

void wolfSSL_CTX_set_verify ( WOLFSSL_CTX *  ctx,
int  mode,
VerifyCallback  verify_callback 
)

This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL context. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert.

Returns
none No return.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
modeflags indicating verification mode for peer's cert.
verify_callbackcallback to be called when verification fails. If no callback is desired, the NULL pointer can be used for verify_callback.

Example

WOLFSSL_CTX* ctx = 0;
...
wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER |
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
See also
wolfSSL_set_verify

◆ wolfSSL_CTX_SetMinVersion()

int wolfSSL_CTX_SetMinVersion ( WOLFSSL_CTX *  ctx,
int  version 
)

This function sets the minimum downgrade version allowed. Applicable only when the connection allows downgrade using (wolfSSLv23_client_method or wolfSSLv23_server_method).

Returns
SSL_SUCCESS returned if the function returned without error and the minimum version is set.
BAD_FUNC_ARG returned if the WOLFSSL_CTX structure was NULL or if the minimum version is not supported.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
versionan integer representation of the version to be set as the minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or WOLFSSL_TLSV1_2 = 3.

Example

WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
WOLFSSL* ssl = WOLFSSL_new(ctx);
int version; // macrop representation
if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
// Failed to set min version
}
wolfSSL_CTX_SetMinVersion
int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX *ctx, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
See also
SetMinVersionHelper

◆ wolfSSL_CTX_trust_peer_buffer()

int wolfSSL_CTX_trust_peer_buffer ( WOLFSSL_CTX *  ctx,
const unsigned char *  in,
long  sz,
int  format 
)

This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from a buffer instead of a file. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_FAILURE will be returned if ctx is NULL, or if both file and type are invalid.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
bufferpointer to the buffer containing certificates.
szlength of the buffer input.
typetype of certificate being loaded i.e. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_trust_peer_buffer(ctx, bufferPtr, bufferSz,
SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
// error loading trusted peer cert
}
...
wolfSSL_CTX_trust_peer_buffer
int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake....
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_file
wolfSSL_CTX_use_PrivateKey_file
wolfSSL_CTX_use_certificate_chain_file
wolfSSL_CTX_trust_peer_cert
wolfSSL_CTX_Unload_trust_peers
wolfSSL_use_certificate_file
wolfSSL_use_PrivateKey_file
wolfSSL_use_certificate_chain_file

◆ wolfSSL_CTX_trust_peer_cert()

int wolfSSL_CTX_trust_peer_cert ( WOLFSSL_CTX *  ctx,
const char *  file,
int  type 
)

This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake. The peer certificate sent during the handshake is compared by using the SKID when available and the signature. If these two things do not match then any loaded CAs are used. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the examples for proper usage.

Returns
SSL_SUCCES upon success.
SSL_FAILURE will be returned if ctx is NULL, or if both file and type are invalid.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
filepointer to name of the file containing certificates
typetype of certificate being loaded ie SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

int ret = 0;
WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
...
ret = wolfSSL_CTX_trust_peer_cert(ctx, “./peer-cert.pem”,
SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
// error loading trusted peer cert
}
...
wolfSSL_CTX_trust_peer_cert
int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX *ctx, const char *file, int type)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake....
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_file
wolfSSL_CTX_use_PrivateKey_file
wolfSSL_CTX_use_certificate_chain_file
wolfSSL_CTX_trust_peer_buffer
wolfSSL_CTX_Unload_trust_peers
wolfSSL_use_certificate_file
wolfSSL_use_PrivateKey_file
wolfSSL_use_certificate_chain_file

◆ wolfSSL_CTX_Unload_trust_peers()

int wolfSSL_CTX_Unload_trust_peers ( WOLFSSL_CTX *  )

This function is used to unload all previously loaded trusted peer certificates. Feature is enabled by defining the macro WOLFSSL_TRUST_PEER_CERT.

Returns
SSL_SUCCESS upon success.
BAD_FUNC_ARG will be returned if ctx is NULL.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().

Example

int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_Unload_trust_peers(ctx);
if (ret != SSL_SUCCESS) {
// error unloading trusted peer certs
}
...
wolfSSL_CTX_Unload_trust_peers
int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX *)
This function is used to unload all previously loaded trusted peer certificates. Feature is enabled b...
See also
wolfSSL_CTX_trust_peer_buffer
wolfSSL_CTX_trust_peer_cert

◆ wolfSSL_CTX_UnloadCAs()

int wolfSSL_CTX_UnloadCAs ( WOLFSSL_CTX *  )

This function unloads the CA signer list and frees the whole signer table.

Returns
SSL_SUCCESS returned on successful execution of the function.
BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there are otherwise unpermitted argument values passed in a subroutine.
BAD_MUTEX_E returned if there was a mutex error. The LockMutex() did not return 0.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().

Example

WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
// The function did not unload CAs
}
wolfSSL_CTX_UnloadCAs
int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX *)
This function unloads the CA signer list and frees the whole signer table.
wolfTLSv1_2_client_method
WOLFSSL_METHOD * wolfTLSv1_2_client_method(void)
The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and wil...
See also
wolfSSL_CertManagerUnloadCAs
LockMutex
UnlockMutex

◆ wolfSSL_CTX_UnloadIntermediateCerts()

int wolfSSL_CTX_UnloadIntermediateCerts ( WOLFSSL_CTX *  ctx)

This function unloads intermediate certificates added to the CA signer list and frees them.

Returns
SSL_SUCCESS returned on successful execution of the function.
BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there are otherwise unpermitted argument values passed in a subroutine.
BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
BAD_MUTEX_E returned if there was a mutex error. The LockMutex() did not return 0.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().

Example

WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
// The function did not unload CAs
}
wolfSSL_CTX_UnloadIntermediateCerts
int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX *ctx)
This function unloads intermediate certificates added to the CA signer list and frees them.
See also
wolfSSL_CTX_UnloadCAs
wolfSSL_CertManagerUnloadIntermediateCerts

◆ wolfSSL_CTX_UseSessionTicket()

int wolfSSL_CTX_UseSessionTicket ( WOLFSSL_CTX *  ctx)

This function sets wolfSSL context to use a session ticket.

Returns
SSL_SUCCESS Function executed successfully.
BAD_FUNC_ARG Returned if ctx is null.
MEMORY_E Error allocating memory in internal function.
Parameters
ctxThe WOLFSSL_CTX structure to use.

Example

wolfSSL_Init();
WOLFSSL_CTX* ctx;
WOLFSSL_METHOD method = // Some wolfSSL method ;
ctx = wolfSSL_CTX_new(method);
if(wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
{
// Error setting session ticket
}
wolfSSL_CTX_UseSessionTicket
int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX *ctx)
This function sets wolfSSL context to use a session ticket.
wolfSSL_Init
int wolfSSL_Init(void)
Initializes the wolfSSL library for use. Must be called once per application and before any other cal...
See also
TLSX_UseSessionTicket

◆ wolfSSL_disable_hrr_cookie()

int wolfSSL_disable_hrr_cookie ( WOLFSSL *  ssl)

This function is called on the server side to indicate that a HelloRetryRequest message must NOT contain a Cookie and that, if using protocol DTLS v1.3, a cookie exchange will not be included in the handshake. Please note that not doing a cookie exchange when using protocol DTLS v1.3 can make the server susceptible to DoS/Amplification attacks.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
WOLFSSL_SUCCESS if successful
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3
SIDE_ERROR if invoked on client
See also
wolfSSL_send_hrr_cookie

◆ wolfSSL_dtls13_set_send_more_acks()

void wolfSSL_dtls13_set_send_more_acks ( WOLFSSL *  ssl,
int  value 
)

This function sets whether the library should send ACKs to the other peer immediately when detecting disruption or not. Sending ACKs immediately assures minimum latency but it may consume more bandwidth than necessary. If the application manages the timer by itself and this option is set to 0 then application code can use wolfSSL_dtls13_use_quick_timeout() to determine if it should setup a quicker timeout to send those delayed ACKs.

Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
value1 to set the option, 0 to disable the option
See also
wolfSSL_dtls
wolfSSL_dtls_get_peer
wolfSSL_dtls_got_timeout
wolfSSL_dtls_set_peer
wolfSSL_dtls13_use_quick_timeout

◆ wolfSSL_dtls_set_timeout_init()

int wolfSSL_dtls_set_timeout_init ( WOLFSSL *  ssl,
int   
)

This function sets the dtls timeout.

Returns
SSL_SUCCESS returned if the function executes without an error. The dtls_timeout_init and the dtls_timeout members of SSL have been set.
BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if the timeout is not greater than 0. It will also return if the timeout argument exceeds the maximum value allowed.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
timeoutan int type that will be set to the dtls_timeout_init member of the WOLFSSL structure.

Example

WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
WOLFSSL* ssl = wolfSSL_new(ctx);
int timeout = TIMEOUT;
...
if(wolfSSL_dtls_set_timeout_init(ssl, timeout)){
// the dtls timeout was set
} else {
// Failed to set DTLS timeout.
}
wolfSSL_dtls_set_timeout_init
int wolfSSL_dtls_set_timeout_init(WOLFSSL *ssl, int)
This function sets the dtls timeout.
See also
wolfSSL_dtls_set_timeout_max
wolfSSL_dtls_got_timeout

◆ wolfSSL_free()

void wolfSSL_free ( WOLFSSL *  )

This function frees an allocated wolfSSL object.

Returns
none No return.
Parameters
sslpointer to the SSL object, created with wolfSSL_new().

Example

#include <wolfssl/ssl.h>
WOLFSSL* ssl = 0;
...
wolfSSL_free(ssl);
See also
wolfSSL_CTX_new
wolfSSL_new
wolfSSL_CTX_free

◆ wolfSSL_get1_session()

WOLFSSL_SESSION* wolfSSL_get1_session ( WOLFSSL *  ssl)

This function returns the WOLFSSL_SESSION from the WOLFSSL structure as a reference type. This requires calling wolfSSL_SESSION_free to release the session reference. The WOLFSSL_SESSION pointed to contains all the necessary information required to perform a session resumption and reestablish the connection without a new handshake. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get1_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. The object returned by wolfSSL_get1_session() needs to be freed after the application is done with it by calling wolfSSL_SESSION_free() on it.

Returns
WOLFSSL_SESSION On success return session pointer.
NULL will be returned if ssl is NULL, the SSL session cache is disabled, wolfSSL doesn’t have the Session ID available, or mutex functions fail.
Parameters
sslWOLFSSL structure to get session from.

Example

WOLFSSL* ssl;
WOLFSSL_SESSION* ses;
// attempt/complete handshake
wolfSSL_connect(ssl);
ses = wolfSSL_get1_session(ssl);
// check ses information
// disconnect / setup new SSL instance
wolfSSL_set_session(ssl, ses);
// attempt/resume handshake
wolfSSL_SESSION_free(ses);
wolfSSL_connect
int wolfSSL_connect(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server....
wolfSSL_get1_session
WOLFSSL_SESSION * wolfSSL_get1_session(WOLFSSL *ssl)
This function returns the WOLFSSL_SESSION from the WOLFSSL structure as a reference type....
wolfSSL_set_session
int wolfSSL_set_session(WOLFSSL *ssl, WOLFSSL_SESSION *session)
This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS co...
See also
wolfSSL_new
wolfSSL_free
wolfSSL_SESSION_free

◆ wolfSSL_get_client_random()

size_t wolfSSL_get_client_random ( const WOLFSSL *  ssl,
unsigned char *  out,
size_t  outSz 
)

This is used to get the random data sent by the client during the handshake.

Returns
>0 On successfully getting data returns a value greater than 0
0 If no random data buffer or an error state returns 0
max If outSz passed in is 0 then the maximum buffer size needed is returned
Parameters
sslWOLFSSL structure to get clients random data buffer from.
outbuffer to hold random data.
outSzsize of out buffer passed in. (if 0 function will return max buffer size needed)

Example

WOLFSSL ssl;
unsigned char* buffer;
size_t bufferSz;
size_t ret;
bufferSz = wolfSSL_get_client_random(ssl, NULL, 0);
buffer = malloc(bufferSz);
ret = wolfSSL_get_client_random(ssl, buffer, bufferSz);
// check ret value
wolfSSL_get_client_random
size_t wolfSSL_get_client_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz)
This is used to get the random data sent by the client during the handshake.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_get_options()

long wolfSSL_get_options ( const WOLFSSL *  ssl)

This function returns the current options mask.

Returns
val Returns the mask value stored in ssl.
Parameters
sslWOLFSSL structure to get options mask from.

Example

WOLFSSL* ssl;
unsigned long mask;
mask = wolfSSL_get_options(ssl);
// check mask
wolfSSL_get_options
long wolfSSL_get_options(const WOLFSSL *ssl)
This function returns the current options mask.
See also
wolfSSL_new
wolfSSL_free
wolfSSL_set_options

◆ wolfSSL_get_server_random()

size_t wolfSSL_get_server_random ( const WOLFSSL *  ssl,
unsigned char *  out,
size_t  outlen 
)

This is used to get the random data sent by the server during the handshake.

Returns
>0 On successfully getting data returns a value greater than 0
0 If no random data buffer or an error state returns 0
max If outSz passed in is 0 then the maximum buffer size needed is returned
Parameters
sslWOLFSSL structure to get clients random data buffer from.
outbuffer to hold random data.
outSzsize of out buffer passed in. (if 0 function will return max buffer size needed)

Example

WOLFSSL ssl;
unsigned char* buffer;
size_t bufferSz;
size_t ret;
bufferSz = wolfSSL_get_server_random(ssl, NULL, 0);
buffer = malloc(bufferSz);
ret = wolfSSL_get_server_random(ssl, buffer, bufferSz);
// check ret value
wolfSSL_get_server_random
size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen)
This is used to get the random data sent by the server during the handshake.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_get_verify_result()

long wolfSSL_get_verify_result ( const WOLFSSL *  ssl)

This is used to get the results after trying to verify the peer's certificate.

Returns
X509_V_OK On successful verification.
SSL_FAILURE If an NULL ssl passed in.
Parameters
sslWOLFSSL structure to get verification results from.

Example

WOLFSSL* ssl;
long ret;
// attempt/complete handshake
ret = wolfSSL_get_verify_result(ssl);
// check ret value
wolfSSL_get_verify_result
long wolfSSL_get_verify_result(const WOLFSSL *ssl)
This is used to get the results after trying to verify the peer's certificate.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_GetCookieCtx()

void* wolfSSL_GetCookieCtx ( WOLFSSL *  ssl)

This function returns the IOCB_CookieCtx member of the WOLFSSL structure.

Returns
pointer The function returns a void pointer value stored in the IOCB_CookieCtx.
NULL if the WOLFSSL struct is NULL
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
WOLFSSL* ssl = wolfSSL_new(ctx);
void* cookie;
...
cookie = wolfSSL_GetCookieCtx(ssl);
if(cookie != NULL){
// You have the cookie
}
wolfSSL_GetCookieCtx
void * wolfSSL_GetCookieCtx(WOLFSSL *ssl)
This function returns the IOCB_CookieCtx member of the WOLFSSL structure.
See also
wolfSSL_SetCookieCtx
wolfSSL_CTX_SetGenCookie

◆ wolfSSL_new()

WOLFSSL* wolfSSL_new ( WOLFSSL_CTX *  )

This function creates a new SSL session, taking an already created SSL context as input.

Returns
* If successful the call will return a pointer to the newly-created wolfSSL structure.
NULL Upon failure.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().

Example

#include <wolfssl/ssl.h>
WOLFSSL* ssl = NULL;
WOLFSSL_CTX* ctx = 0;
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
// context creation failed
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
// SSL object creation failed
}
See also
wolfSSL_CTX_new

◆ wolfSSL_no_dhe_psk()

int wolfSSL_no_dhe_psk ( WOLFSSL *  ssl)

This function is called on a TLS v1.3 client or server wolfSSL to disallow Diffie-Hellman (DH) style key exchanges when handshakes are using pre-shared keys for authentication.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
0 if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_no_dhe_psk(ssl);
if (ret != 0) {
// failed to set no DHE for PSK handshakes
}
wolfSSL_no_dhe_psk
int wolfSSL_no_dhe_psk(WOLFSSL *ssl)
This function is called on a TLS v1.3 client or server wolfSSL to disallow Diffie-Hellman (DH) style ...
See also
wolfSSL_CTX_no_dhe_psk

◆ wolfSSL_no_ticket_TLSv13()

int wolfSSL_no_ticket_TLSv13 ( WOLFSSL *  ssl)

This function is called on the server to stop it from sending a resumption session ticket once the handshake is complete.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
SIDE_ERROR if called with a client.
0 if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_no_ticket_TLSv13(ssl);
if (ret != 0) {
// failed to set no ticket
}
wolfSSL_no_ticket_TLSv13
int wolfSSL_no_ticket_TLSv13(WOLFSSL *ssl)
This function is called on the server to stop it from sending a resumption session ticket once the ha...
See also
wolfSSL_CTX_no_ticket_TLSv13

◆ wolfSSL_NoKeyShares()

int wolfSSL_NoKeyShares ( WOLFSSL *  ssl)

This function is called to ensure no key shares are sent in the ClientHello. This will force the server to respond with a HelloRetryRequest if a key exchange is required in the handshake. Call this function when the expected key exchange group is not known and to avoid the generation of keys unnecessarily. Note that an extra round-trip will be required to complete the handshake when a key exchange is required.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
Returns
BAD_FUNC_ARG if ssl is NULL.
SIDE_ERROR if called with a server.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_NoKeyShares(ssl);
if (ret != WOLFSSL_SUCCESS) {
// failed to set no key shares
}
wolfSSL_NoKeyShares
int wolfSSL_NoKeyShares(WOLFSSL *ssl)
This function is called to ensure no key shares are sent in the ClientHello. This will force the serv...
See also
wolfSSL_UseKeyShare

◆ wolfSSL_send_hrr_cookie()

int wolfSSL_send_hrr_cookie ( WOLFSSL *  ssl,
const unsigned char *  secret,
unsigned int  secretSz 
)

This function is called on the server side to indicate that a HelloRetryRequest message must contain a Cookie and, in case of using protocol DTLS v1.3, that the handshake will always include a cookie exchange. Please note that when using protocol DTLS v1.3, the cookie exchange is enabled by default. The Cookie holds a hash of the current transcript so that another server process can handle the ClientHello in reply. The secret is used when generating the integrity check on the Cookie data.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]secreta pointer to a buffer holding the secret. Passing NULL indicates to generate a new random secret.
[in]secretSzSize of the secret in bytes. Passing 0 indicates to use the default size: WC_SHA256_DIGEST_SIZE (or WC_SHA_DIGEST_SIZE when SHA-256 not available).
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
SIDE_ERROR if called with a client.
WOLFSSL_SUCCESS if successful.
MEMORY_ERROR if allocating dynamic memory for storing secret failed.
Another -ve value on internal error.

Example

int ret;
WOLFSSL* ssl;
char secret[32];
...
ret = wolfSSL__send_hrr_cookie(ssl, secret, sizeof(secret));
if (ret != WOLFSSL_SUCCESS) {
// failed to set use of Cookie and secret
}
See also
wolfSSL_new
wolfSSL_disable_hrr_cookie

◆ wolfSSL_SESSION_get_master_key()

int wolfSSL_SESSION_get_master_key ( const WOLFSSL_SESSION *  ses,
unsigned char *  out,
int  outSz 
)

This is used to get the master key after completing a handshake.

Returns
>0 On successfully getting data returns a value greater than 0
0 If no random data buffer or an error state returns 0
max If outSz passed in is 0 then the maximum buffer size needed is returned
Parameters
sesWOLFSSL_SESSION structure to get master secret buffer from.
outbuffer to hold data.
outSzsize of out buffer passed in. (if 0 function will return max buffer size needed)

Example

WOLFSSL_SESSION ssl;
unsigned char* buffer;
size_t bufferSz;
size_t ret;
// complete handshake and get session structure
bufferSz = wolfSSL_SESSION_get_master_secret(ses, NULL, 0);
buffer = malloc(bufferSz);
ret = wolfSSL_SESSION_get_master_secret(ses, buffer, bufferSz);
// check ret value
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_SESSION_get_master_key_length()

int wolfSSL_SESSION_get_master_key_length ( const WOLFSSL_SESSION *  ses)

This is used to get the master secret key length.

Returns
size Returns master secret key size.
Parameters
sesWOLFSSL_SESSION structure to get master secret buffer from.

Example

WOLFSSL_SESSION ssl;
unsigned char* buffer;
size_t bufferSz;
size_t ret;
// complete handshake and get session structure
bufferSz = wolfSSL_SESSION_get_master_secret_length(ses);
buffer = malloc(bufferSz);
// check ret value
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_set1_groups_list()

int wolfSSL_set1_groups_list ( WOLFSSL *  ssl,
char *  list 
)

This function sets the list of elliptic curve groups to allow on a wolfSSL in order of preference. The list is a null-terminated text string, and a colon-delimited list. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]lista string that is a colon separated list of key exchange groups.
Returns
WOLFSSL_FAILURE if pointer parameters are NULL, there are more than WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not using TLS v1.3.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL* ssl;
const char* list = "P-384:P-256";
...
ret = wolfSSL_CTX_set1_groups_list(ssl, list);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
See also
wolfSSL_CTX_set1_groups_list
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_UseKeyShare
wolfSSL_preferred_group

◆ wolfSSL_set_cipher_list()

int wolfSSL_set_cipher_list ( WOLFSSL *  ssl,
const char *  list 
)

This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to wolfSSL_set_cipher_list() resets the cipher suite list for the specific SSL session to the provided list each time the function is called. The cipher suite list, list, is a null-terminated text string, and a colon-delimited list. For example, one value for list may be "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256". Valid cipher values are the full name values from the cipher_names[] array in src/internal.c (for a definite list of valid cipher values check src/internal.c)

Returns
SSL_SUCCESS will be returned upon successful function completion.
SSL_FAILURE will be returned on failure.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
listnull-terminated text string and a colon-delimited list of cipher suites to use with the specified SSL session.

Example

int ret = 0;
WOLFSSL* ssl = 0;
...
ret = wolfSSL_set_cipher_list(ssl,
“DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
if (ret != SSL_SUCCESS) {
// failed to set cipher suite list
}
wolfSSL_set_cipher_list
int wolfSSL_set_cipher_list(WOLFSSL *ssl, const char *list)
This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the lis...
See also
wolfSSL_CTX_set_cipher_list
wolfSSL_new

◆ wolfSSL_set_client_cert_type()

int wolfSSL_set_client_cert_type ( WOLFSSL *  ssl,
const char *  buf,
int  len 
)

In case this function is called in a client side, set certificate types that can be sent to its peer. In case called in a server side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.

Returns
WOLFSSL_SUCCESS if cert types set successfully
BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or a duplicate value is found in buf.
Parameters
sslWOLFSSL object pointer
bufA buffer where certificate types are stored
lenbuf size in bytes (same as number of certificate types included) Example
int ret;
WOLFSSL* ssl;
char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
int len = sizeof(buf)/sizeof(char);
...
ret = wolfSSL_set_client_cert_type(ssl, buf, len);
wolfSSL_set_client_cert_type
int wolfSSL_set_client_cert_type(WOLFSSL *ssl, const char *buf, int len)
In case this function is called in a client side, set certificate types that can be sent to its peer....
See also
wolfSSL_CTX_set_client_cert_type
wolfSSL_CTX_set_server_cert_type
wolfSSL_set_server_cert_type
wolfSSL_get_negotiated_client_cert_type
wolfSSL_get_negotiated_server_cert_type

◆ wolfSSL_set_compression()

int wolfSSL_set_compression ( WOLFSSL *  ssl)

Turns on the ability to use compression for the SSL connection. Both sides must have compression turned on otherwise compression will not be used. The zlib library performs the actual data compression. To compile into the library use –with-libz for the configure system and define HAVE_LIBZ otherwise. Keep in mind that while compressing data before sending decreases the actual size of the messages being sent and received, the amount of data saved by compression usually takes longer in time to analyze than it does to send it raw on all but the slowest of networks.

Returns
SSL_SUCCESS upon success.
NOT_COMPILED_IN will be returned if compression support wasn’t built into the library.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().

Example

int ret = 0;
WOLFSSL* ssl = 0;
...
ret = wolfSSL_set_compression(ssl);
if (ret == SSL_SUCCESS) {
// successfully enabled compression for SSL session
}
wolfSSL_set_compression
int wolfSSL_set_compression(WOLFSSL *ssl)
Turns on the ability to use compression for the SSL connection. Both sides must have compression turn...
See also
none

◆ wolfSSL_set_dtls_fd_connected()

int wolfSSL_set_dtls_fd_connected ( WOLFSSL *  ssl,
int  fd 
)

This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor. This is a DTLS specific API because it marks that the socket is connected. recvfrom and sendto calls on this fd will have the addr and addr_len parameters set to NULL.

Returns
SSL_SUCCESS upon success.
BAD_FUNC_ARG upon failure.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
fdfile descriptor to use with SSL/TLS connection.

Example

int sockfd;
WOLFSSL* ssl = 0;
...
if (connect(sockfd, peer_addr, peer_addr_len) != 0) {
// handle connect error
}
...
ret = wolfSSL_set_dtls_fd_connected(ssl, sockfd);
if (ret != SSL_SUCCESS) {
// failed to set SSL file descriptor
}
wolfSSL_set_dtls_fd_connected
int wolfSSL_set_dtls_fd_connected(WOLFSSL *ssl, int fd)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection....
See also
wolfSSL_CTX_SetIOSend
wolfSSL_CTX_SetIORecv
wolfSSL_SetIOReadCtx
wolfSSL_SetIOWriteCtx
wolfDTLS_SetChGoodCb

◆ wolfSSL_set_fd()

int wolfSSL_set_fd ( WOLFSSL *  ssl,
int  fd 
)

This function assigns a file descriptor (fd) as the input/output facility for the SSL connection. Typically this will be a socket file descriptor.

Returns
SSL_SUCCESS upon success.
BAD_FUNC_ARG upon failure.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
fdfile descriptor to use with SSL/TLS connection.

Example

int sockfd;
WOLFSSL* ssl = 0;
...
ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != SSL_SUCCESS) {
// failed to set SSL file descriptor
}
wolfSSL_set_fd
int wolfSSL_set_fd(WOLFSSL *ssl, int fd)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection....
See also
wolfSSL_CTX_SetIOSend
wolfSSL_CTX_SetIORecv
wolfSSL_SetIOReadCtx
wolfSSL_SetIOWriteCtx

◆ wolfSSL_set_group_messages()

int wolfSSL_set_group_messages ( WOLFSSL *  )

This function turns on grouping of handshake messages where possible.

Returns
SSL_SUCCESS will be returned upon success.
BAD_FUNC_ARG will be returned if the input context is null.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().

Example

WOLFSSL* ssl = 0;
...
ret = wolfSSL_set_group_messages(ssl);
if (ret != SSL_SUCCESS) {
// failed to set handshake message grouping
}
wolfSSL_set_group_messages
int wolfSSL_set_group_messages(WOLFSSL *)
This function turns on grouping of handshake messages where possible.
See also
wolfSSL_CTX_set_group_messages
wolfSSL_new

◆ wolfSSL_set_groups()

int wolfSSL_set_groups ( WOLFSSL *  ssl,
int *  groups,
int  count 
)

This function sets the list of elliptic curve groups to allow on a wolfSSL. The list is an array of group identifiers with the number of identifiers specified in count. Call this function to set the key exchange elliptic curve parameters to use with the TLS v1.3 connections.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]groupsa list of key exchange groups by identifier.
[in]countthe number of key exchange groups in groups.
Returns
BAD_FUNC_ARG if a pointer parameter is null, the number of groups exceeds WOLFSSL_MAX_GROUP_COUNT, any of the identifiers are unrecognized or not using TLS v1.3.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL* ssl;
int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
int count = 2;
...
ret = wolfSSL_set_groups(ssl, groups, count);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
wolfSSL_set_groups
int wolfSSL_set_groups(WOLFSSL *ssl, int *groups, int count)
This function sets the list of elliptic curve groups to allow on a wolfSSL. The list is an array of g...
See also
wolfSSL_CTX_set_groups
wolfSSL_UseKeyShare
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_CTX_set1_groups_list
wolfSSL_set1_groups_list
wolfSSL_preferred_group

◆ wolfSSL_set_max_early_data()

int wolfSSL_set_max_early_data ( WOLFSSL *  ssl,
unsigned int  sz 
)

This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to exchange. Call this function to limit the amount of early data to process to mitigate replay attacks. Early data is protected by keys derived from those of the connection that the session ticket was sent and therefore will be the same every time a session ticket is used in resumption. The value is included in the session ticket for resumption. A server value of zero indicates no early data is to be sent by client using session tickets. A client value of zero indicates that the client will not send any early data. It is recommended that the number of early data bytes be kept as low as practically possible in the application.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]szthe amount of early data to accept from client in bytes.
Returns
BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
0 if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_set_max_early_data(ssl, 128);
if (ret != WOLFSSL_SUCCESS) {
// failed to set group list
}
wolfSSL_set_max_early_data
int wolfSSL_set_max_early_data(WOLFSSL *ssl, unsigned int sz)
This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to ex...
See also
wolfSSL_CTX_set_max_early_data
wolfSSL_write_early_data
wolfSSL_read_early_data

◆ wolfSSL_set_msg_callback()

int wolfSSL_set_msg_callback ( WOLFSSL *  ssl,
SSL_Msg_Cb  cb 
)

This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback.

Returns
SSL_SUCCESS On success.
SSL_FAILURE If an NULL ssl passed in.
Parameters
sslWOLFSSL structure to set callback argument.

Example

static cb(int write_p, int version, int content_type,
const void *buf, size_t len, WOLFSSL *ssl, void *arg)
WOLFSSL* ssl;
ret = wolfSSL_set_msg_callback(ssl, cb);
// check ret
wolfSSL_set_msg_callback
int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
This function sets a callback in the ssl. The callback is to observe handshake messages....
See also
wolfSSL_set_msg_callback_arg

◆ wolfSSL_set_msg_callback_arg()

int wolfSSL_set_msg_callback_arg ( WOLFSSL *  ssl,
void *  arg 
)

This function sets associated callback context value in the ssl. The value is handed over to the callback argument.

Returns
none No return.
Parameters
sslWOLFSSL structure to set callback argument.

Example

static cb(int write_p, int version, int content_type,
const void *buf, size_t len, WOLFSSL *ssl, void *arg)
WOLFSSL* ssl;
ret = wolfSSL_set_msg_callback(ssl, cb);
// check ret
wolfSSL_set_msg_callback(ssl, arg);
See also
wolfSSL_set_msg_callback

◆ wolfSSL_set_options()

long wolfSSL_set_options ( WOLFSSL *  s,
long  op 
)

This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.

Returns
val Returns the updated options mask value stored in ssl.
Parameters
sWOLFSSL structure to set options mask.
opThis function sets the options mask in the ssl. Some valid options are: SSL_OP_ALL SSL_OP_COOKIE_EXCHANGE SSL_OP_NO_SSLv2 SSL_OP_NO_SSLv3 SSL_OP_NO_TLSv1 SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_COMPRESSION

Example

WOLFSSL* ssl;
unsigned long mask;
mask = SSL_OP_NO_TLSv1
mask = wolfSSL_set_options(ssl, mask);
// check mask
wolfSSL_set_options
long wolfSSL_set_options(WOLFSSL *s, long op)
This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL,...
See also
wolfSSL_new
wolfSSL_free
wolfSSL_get_options

◆ wolfSSL_set_psk_client_tls13_callback()

void wolfSSL_set_psk_client_tls13_callback ( WOLFSSL *  ssl,
wc_psk_client_tls13_callback  cb 
)

This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the options field in WOLFSSL structure.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]cba Pre-Shared Key (PSK) callback for a TLS 1.3 client.

Example

WOLFSSL* ssl;
...
wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
See also
wolfSSL_CTX_set_psk_client_tls13_callback
wolfSSL_CTX_set_psk_server_tls13_callback
wolfSSL_set_psk_server_tls13_callback

◆ wolfSSL_set_psk_server_tls13_callback()

void wolfSSL_set_psk_server_tls13_callback ( WOLFSSL *  ssl,
wc_psk_server_tls13_callback  cb 
)

This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the options field in WOLFSSL structure.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]cba Pre-Shared Key (PSK) callback for a TLS 1.3 server.

Example

WOLFSSL* ssl;
...
wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb);
See also
wolfSSL_CTX_set_psk_client_tls13_callback
wolfSSL_set_psk_client_tls13_callback
wolfSSL_CTX_set_psk_server_tls13_callback

◆ wolfSSL_set_server_cert_type()

int wolfSSL_set_server_cert_type ( WOLFSSL *  ssl,
const char *  buf,
int  len 
)

In case this function is called in a server side, set certificate types that can be sent to its peer. In case called in a client side, set certificate types that can be acceptable from its peer. Put cert types in the buffer with prioritised order. To reset the settings to default, pass NULL for the buffer or pass zero for len. By default, certificate type is only X509. In case both side intend to send or accept "Raw public key" cert, WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.

Returns
WOLFSSL_SUCCESS if cert types set successfully
BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or a duplicate value is found in buf.
Parameters
ctxWOLFSSL_CTX object pointer
bufA buffer where certificate types are stored
lenbuf size in bytes (same as number of certificate types included) Example
int ret;
WOLFSSL* ssl;
char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
int len = sizeof(buf)/sizeof(char);
...
ret = wolfSSL_set_server_cert_type(ssl, buf, len);
wolfSSL_set_server_cert_type
int wolfSSL_set_server_cert_type(WOLFSSL *ssl, const char *buf, int len)
In case this function is called in a server side, set certificate types that can be sent to its peer....
See also
wolfSSL_set_client_cert_type
wolfSSL_CTX_set_server_cert_type
wolfSSL_set_server_cert_type
wolfSSL_get_negotiated_client_cert_type
wolfSSL_get_negotiated_server_cert_type

◆ wolfSSL_set_session()

int wolfSSL_set_session ( WOLFSSL *  ssl,
WOLFSSL_SESSION *  session 
)

This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS connection. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get1_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default. The object returned by wolfSSL_get1_session() needs to be freed after the application is done with it by calling wolfSSL_SESSION_free() on it.

Returns
SSL_SUCCESS will be returned upon successfully setting the session.
SSL_FAILURE will be returned on failure. This could be caused by the session cache being disabled, or if the session has timed out.
When OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL are defined, SSL_SUCCESS will be returned even if the session has timed out.
Parameters
sslpointer to the SSL object, created with wolfSSL_new().
sessionpointer to the WOLFSSL_SESSION used to set the session for ssl.

Example

int ret;
WOLFSSL* ssl;
WOLFSSL_SESSION* session;
...
session = wolfSSL_get1_session(ssl);
if (session == NULL) {
// failed to get session object from ssl object
}
...
ret = wolfSSL_set_session(ssl, session);
if (ret != SSL_SUCCESS) {
// failed to set the SSL session
}
wolfSSL_SESSION_free(session);
...
See also
wolfSSL_get1_session

◆ wolfSSL_set_timeout()

int wolfSSL_set_timeout ( WOLFSSL *  ssl,
unsigned int  to 
)

This function sets the SSL session timeout value in seconds.

Returns
SSL_SUCCESS will be returned upon successfully setting the session.
BAD_FUNC_ARG will be returned if ssl is NULL.
Parameters
sslpointer to the SSL object, created with wolfSSL_new().
tovalue, in seconds, used to set the SSL session timeout.

Example

int ret = 0;
WOLFSSL* ssl = 0;
...
ret = wolfSSL_set_timeout(ssl, 500);
if (ret != SSL_SUCCESS) {
// failed to set session timeout value
}
...
wolfSSL_set_timeout
int wolfSSL_set_timeout(WOLFSSL *ssl, unsigned int to)
This function sets the SSL session timeout value in seconds.
See also
wolfSSL_get1_session
wolfSSL_set_session

◆ wolfSSL_set_tlsext_debug_arg()

long wolfSSL_set_tlsext_debug_arg ( WOLFSSL *  ssl,
void *  arg 
)

This is used to set the debug argument passed around.

Returns
SSL_SUCCESS On successful setting argument.
SSL_FAILURE If an NULL ssl passed in.
Parameters
sslWOLFSSL structure to set argument in.
argargument to use.

Example

WOLFSSL* ssl;
void* args;
int ret;
// create ssl object
ret = wolfSSL_set_tlsext_debug_arg(ssl, args);
// check ret value
wolfSSL_set_tlsext_debug_arg
long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg)
This is used to set the debug argument passed around.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_set_using_nonblock()

void wolfSSL_set_using_nonblock ( WOLFSSL *  ssl,
int  nonblock 
)

This function informs the WOLFSSL object that the underlying I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking socket, call wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.

Returns
none No return.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
nonblockvalue used to set non-blocking flag on WOLFSSL object. Use 1 to specify non-blocking, otherwise 0.

Example

WOLFSSL* ssl = 0;
...
wolfSSL_set_using_nonblock(ssl, 1);
See also
wolfSSL_get_using_nonblock
wolfSSL_dtls_got_timeout
wolfSSL_dtls_get_current_timeout

◆ wolfSSL_set_verify()

void wolfSSL_set_verify ( WOLFSSL *  ssl,
int  mode,
VerifyCallback  verify_callback 
)

This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback. The verification mode of peer certificates is a logically OR’d list of flags. The possible flag values include: SSL_VERIFY_NONE Client mode: the client will not verify the certificate received from the server and the handshake will continue as normal. Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled. SSL_VERIFY_PEER Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect. Server mode: the server will send a certificate request to the client and verify the client certificate received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when used on the client side. Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server). SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client side. Server mode: the verification is the same as SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection. If a PSK connection is being made then the connection will go through without a peer cert.

Returns
none No return.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
modeflags indicating verification mode for peer's cert.
verify_callbackcallback to be called when verification fails. If no callback is desired, the NULL pointer can be used for verify_callback.

Example

WOLFSSL* ssl = 0;
...
wolfSSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
See also
wolfSSL_CTX_set_verify

◆ wolfSSL_SetIO_ISOTP()

int wolfSSL_SetIO_ISOTP ( WOLFSSL *  ssl,
isotp_wolfssl_ctx *  ctx,
can_recv_fn  recv_fn,
can_send_fn  send_fn,
can_delay_fn  delay_fn,
word32  receive_delay,
char *  receive_buffer,
int  receive_buffer_size,
void *  arg 
)

This function sets up the ISO-TP context if wolfSSL, for use when wolfSSL is compiled with WOLFSSL_ISOTP.

Returns
0 on success, WOLFSSL_CBIO_ERR_GENERAL on failure
Parameters
sslthe wolfSSL context
ctxa user created ISOTP context which this function initializes
recv_fna user CAN bus receive callback
send_fna user CAN bus send callback
delay_fna user microsecond granularity delay function
receive_delaya set amount of microseconds to delay each CAN bus packet
receive_buffera user supplied buffer to receive data, recommended that is allocated to ISOTP_DEFAULT_BUFFER_SIZE bytes
receive_buffer_size- The size of receive_buffer
argan arbitrary pointer sent to recv_fn and send_fn

Example

struct can_info can_con_info;
isotp_wolfssl_ctx isotp_ctx;
char *receive_buffer = malloc(ISOTP_DEFAULT_BUFFER_SIZE);
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
WOLFSSL* ssl = wolfSSL_new(ctx);
...
wolfSSL_SetIO_ISOTP(ssl, &isotp_ctx, can_receive, can_send, can_delay, 0,
receive_buffer, ISOTP_DEFAULT_BUFFER_SIZE, &can_con_info);

◆ wolfSSL_SetVersion()

int wolfSSL_SetVersion ( WOLFSSL *  ssl,
int  version 
)

This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using the version as specified by version. This will override the protocol setting for the SSL session (ssl) - originally defined and set by the SSL context (wolfSSL_CTX_new()) method type.

Returns
SSL_SUCCESS upon success.
BAD_FUNC_ARG will be returned if the input SSL object is NULL or an incorrect protocol version is given for version.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
versionSSL/TLS protocol version. Possible values include WOLFSSL_SSLV3, WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2.

Example

int ret = 0;
WOLFSSL* ssl;
...
ret = wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1);
if (ret != SSL_SUCCESS) {
// failed to set SSL session protocol version
}
wolfSSL_SetVersion
int wolfSSL_SetVersion(WOLFSSL *ssl, int version)
This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using ...
See also
wolfSSL_CTX_new

◆ wolfSSL_state()

int wolfSSL_state ( WOLFSSL *  ssl)

This is used to get the internal error state of the WOLFSSL structure.

Returns
wolfssl_error returns ssl error state, usually a negative
BAD_FUNC_ARG if ssl is NULL.
ssl WOLFSSL structure to get state from.

Example

WOLFSSL* ssl;
int ret;
// create ssl object
ret = wolfSSL_state(ssl);
// check ret value
wolfSSL_state
int wolfSSL_state(WOLFSSL *ssl)
This is used to get the internal error state of the WOLFSSL structure.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_use_certificate()

int wolfSSL_use_certificate ( WOLFSSL *  ssl,
WOLFSSL_X509 *  x509 
)

his is used to set the certificate for WOLFSSL structure to use during a handshake.

Returns
SSL_SUCCESS On successful setting argument.
SSL_FAILURE If a NULL argument passed in.
Parameters
sslWOLFSSL structure to set certificate in.
x509certificate to use.

Example

WOLFSSL* ssl;
WOLFSSL_X509* x509
int ret;
// create ssl object and x509
ret = wolfSSL_use_certificate(ssl, x509);
// check ret value
wolfSSL_use_certificate
int wolfSSL_use_certificate(WOLFSSL *ssl, WOLFSSL_X509 *x509)
his is used to set the certificate for WOLFSSL structure to use during a handshake.
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_use_certificate_ASN1()

int wolfSSL_use_certificate_ASN1 ( WOLFSSL *  ssl,
unsigned char *  der,
int  derSz 
)

This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected.

Returns
SSL_SUCCESS On successful setting argument.
SSL_FAILURE If a NULL argument passed in.
Parameters
sslWOLFSSL structure to set certificate in.
derDER certificate to use.
derSzsize of the DER buffer passed in.

Example

WOLFSSL* ssl;
unsigned char* der;
int derSz;
int ret;
// create ssl object and set DER variables
ret = wolfSSL_use_certificate_ASN1(ssl, der, derSz);
// check ret value
wolfSSL_use_certificate_ASN1
int wolfSSL_use_certificate_ASN1(WOLFSSL *ssl, unsigned char *der, int derSz)
This is used to set the certificate for WOLFSSL structure to use during a handshake....
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSL_use_old_poly()

int wolfSSL_use_old_poly ( WOLFSSL *  ssl,
int  value 
)

Since there is some differences between the first release and newer versions of chacha-poly AEAD construction we have added an option to communicate with servers/clients using the older version. By default wolfSSL uses the new version.

Returns
0 upon success
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
valuewhether or not to use the older version of setting up the information for poly1305. Passing a flag value of 1 indicates yes use the old poly AEAD, to switch back to using the new version pass a flag value of 0.

Example

int ret = 0;
WOLFSSL* ssl;
...
ret = wolfSSL_use_old_poly(ssl, 1);
if (ret != 0) {
// failed to set poly1305 AEAD version
}
wolfSSL_use_old_poly
int wolfSSL_use_old_poly(WOLFSSL *ssl, int value)
Since there is some differences between the first release and newer versions of chacha-poly AEAD cons...
See also
none

◆ wolfSSL_UseALPN()

int wolfSSL_UseALPN ( WOLFSSL *  ssl,
char *  protocol_name_list,
unsigned int  protocol_name_listSz,
unsigned char  options 
)

Setup ALPN use for a wolfSSL session.

Returns
WOLFSSL_SUCCESS: upon success.
BAD_FUNC_ARG Returned if ssl or protocol_name_list is null or protocol_name_listSz is too large or options contain something not supported.
MEMORY_ERROR Error allocating memory for protocol list.
SSL_FAILURE upon failure.
Parameters
sslThe wolfSSL session to use.
protocol_name_listList of protocol names to use. Comma delimited string is required.
protocol_name_listSzSize of the list of protocol names.
optionsWOLFSSL_ALPN_CONTINUE_ON_MISMATCH or WOLFSSL_ALPN_FAILED_ON_MISMATCH.

Example

wolfSSL_Init();
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_METHOD method = // Some wolfSSL method
ctx = wolfSSL_CTX_new(method);
ssl = wolfSSL_new(ctx);
char alpn_list[] = {};
if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
WOLFSSL_APN_FAILED_ON_MISMATCH) != WOLFSSL_SUCCESS)
{
// Error setting session ticket
}
wolfSSL_UseALPN
int wolfSSL_UseALPN(WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options)
Setup ALPN use for a wolfSSL session.
See also
TLSX_UseALPN

◆ wolfSSL_UseKeyShare()

int wolfSSL_UseKeyShare ( WOLFSSL *  ssl,
word16  group 
)

This function creates a key share entry from the group including generating a key pair. The KeyShare extension contains all the generated public keys for key exchange. If this function is called, then only the groups specified will be included. Call this function when a preferred group has been previously established for the server.

Parameters
[in,out]ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
[in]groupa key exchange group identifier.
Returns
BAD_FUNC_ARG if ssl is NULL.
MEMORY_E when dynamic memory allocation fails.
WOLFSSL_SUCCESS if successful.

Example

int ret;
WOLFSSL* ssl;
...
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
if (ret != WOLFSSL_SUCCESS) {
// failed to set key share
}
wolfSSL_UseKeyShare
int wolfSSL_UseKeyShare(WOLFSSL *ssl, word16 group)
This function creates a key share entry from the group including generating a key pair....
See also
wolfSSL_preferred_group
wolfSSL_CTX_set1_groups_list
wolfSSL_set1_groups_list
wolfSSL_CTX_set_groups
wolfSSL_set_groups
wolfSSL_NoKeyShares

◆ wolfSSLv23_client_method()

WOLFSSL_METHOD* wolfSSLv23_client_method ( void  )

The wolfSSLv23_client_method() function is used to indicate that the application is a client and will support the highest protocol version supported by the server between SSL 3.0 - TLS 1.3. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new(). Both wolfSSL clients and servers have robust version downgrade capability. If a specific protocol version method is used on either side, then only that version will be negotiated or an error will be returned. For example, a client that uses TLSv1 and tries to connect to a SSLv3 only server will fail, likewise connecting to a TLSv1.1 will fail as well. To resolve this issue, a client that uses the wolfSSLv23_client_method() function will use the highest protocol version supported by the server and downgrade to SSLv3 if needed. In this case, the client will be able to connect to a server running SSLv3 - TLSv1.3.

Returns
pointer upon success a pointer to a WOLFSSL_METHOD.
Failure If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfSSLv23_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfSSLv23_client_method
WOLFSSL_METHOD * wolfSSLv23_client_method(void)
The wolfSSLv23_client_method() function is used to indicate that the application is a client and will...
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSL_CTX_new

◆ wolfSSLv23_method()

WOLFSSL_METHOD* wolfSSLv23_method ( void  )

This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not determined which side yet (server/client).

Returns
WOLFSSL_METHOD* On successful creations returns a WOLFSSL_METHOD pointer
NULL Null if memory allocation error or failure to create method
Parameters
noneNo parameters.

Example

WOLFSSL* ctx;
ctx = wolfSSL_CTX_new(wolfSSLv23_method());
// check ret value
wolfSSLv23_method
WOLFSSL_METHOD * wolfSSLv23_method(void)
This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not dete...
See also
wolfSSL_new
wolfSSL_free

◆ wolfSSLv23_server_method()

WOLFSSL_METHOD* wolfSSLv23_server_method ( void  )

The wolfSSLv23_server_method() function is used to indicate that the application is a server and will support clients connecting with protocol version from SSL 3.0 - TLS 1.3. This function allocates memory for and initializes a new WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
pointer If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
Failure If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters

Example

WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfSSLv23_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfSSLv23_server_method
WOLFSSL_METHOD * wolfSSLv23_server_method(void)
The wolfSSLv23_server_method() function is used to indicate that the application is a server and will...
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSL_CTX_new

◆ wolfSSLv3_client_method()

WOLFSSL_METHOD* wolfSSLv3_client_method ( void  )

The wolfSSLv3_client_method() function is used to indicate that the application is a client and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfSSLv3_client_method();
if (method == NULL) {
unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
See also
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfSSLv3_server_method()

WOLFSSL_METHOD* wolfSSLv3_server_method ( void  )

The wolfSSLv3_server_method() function is used to indicate that the application is a server and will only support the SSL 3.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfSSLv3_server_method();
if (method == NULL) {
unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfSSLv3_server_method
WOLFSSL_METHOD * wolfSSLv3_server_method(void)
The wolfSSLv3_server_method() function is used to indicate that the application is a server and will ...
See also
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfTLSv1_1_client_method()

WOLFSSL_METHOD* wolfTLSv1_1_client_method ( void  )

The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_1_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_1_client_method
WOLFSSL_METHOD * wolfTLSv1_1_client_method(void)
The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and wil...
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfTLSv1_1_server_method()

WOLFSSL_METHOD* wolfTLSv1_1_server_method ( void  )

The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.1 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_1_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_1_server_method
WOLFSSL_METHOD * wolfTLSv1_1_server_method(void)
The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and wil...
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfTLSv1_2_client_method()

WOLFSSL_METHOD* wolfTLSv1_2_client_method ( void  )

The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_2_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfTLSv1_2_server_method()

WOLFSSL_METHOD* wolfTLSv1_2_server_method ( void  )

The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and will only support the TLS 1.2 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_2_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_2_server_method
WOLFSSL_METHOD * wolfTLSv1_2_server_method(void)
The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and wil...
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfTLSv1_3_client_method()

WOLFSSL_METHOD* wolfTLSv1_3_client_method ( void  )

This function is used to indicate that the application is a client and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_3_client_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_3_client_method
WOLFSSL_METHOD * wolfTLSv1_3_client_method(void)
This function is used to indicate that the application is a client and will only support the TLS 1....
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method_ex
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfTLSv1_3_client_method_ex()

WOLFSSL_METHOD* wolfTLSv1_3_client_method_ex ( void *  heap)

This function is used to indicate that the application is a client and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Parameters
[in]heapa pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
Returns
If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_3_client_method_ex(NULL);
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_3_client_method_ex
WOLFSSL_METHOD * wolfTLSv1_3_client_method_ex(void *heap)
This function is used to indicate that the application is a client and will only support the TLS 1....
See also
wolfSSLv3_client_method
wolfTLSv1_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfTLSv1_3_method()

WOLFSSL_METHOD* wolfTLSv1_3_method ( void  )

This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not determined which side yet (server/client).

Returns
WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD pointer
NULL Null if memory allocation error or failure to create method

Example

WOLFSSL* ctx;
ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
// check ret value
wolfTLSv1_3_method
WOLFSSL_METHOD * wolfTLSv1_3_method(void)
This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not det...
See also
wolfSSL_new
wolfSSL_free

◆ wolfTLSv1_3_method_ex()

WOLFSSL_METHOD* wolfTLSv1_3_method_ex ( void *  heap)

This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not determined which side yet (server/client).

Parameters
[in]heapa pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
Returns
WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD pointer
NULL Null if memory allocation error or failure to create method

Example

WOLFSSL* ctx;
ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
// check ret value
wolfTLSv1_3_method_ex
WOLFSSL_METHOD * wolfTLSv1_3_method_ex(void *heap)
This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not det...
See also
wolfSSL_new
wolfSSL_free

◆ wolfTLSv1_3_server_method()

WOLFSSL_METHOD* wolfTLSv1_3_server_method ( void  )

This function is used to indicate that the application is a server and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_3_server_method();
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_3_server_method
WOLFSSL_METHOD * wolfTLSv1_3_server_method(void)
This function is used to indicate that the application is a server and will only support the TLS 1....
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method_ex
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfTLSv1_3_server_method_ex()

WOLFSSL_METHOD* wolfTLSv1_3_server_method_ex ( void *  heap)

This function is used to indicate that the application is a server and will only support the TLS 1.3 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Parameters
[in]heapa pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
Returns
If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_3_server_method_ex(NULL);
if (method == NULL) {
// unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_3_server_method_ex
WOLFSSL_METHOD * wolfTLSv1_3_server_method_ex(void *heap)
This function is used to indicate that the application is a server and will only support the TLS 1....
See also
wolfSSLv3_server_method
wolfTLSv1_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new

◆ wolfTLSv1_client_method()

WOLFSSL_METHOD* wolfTLSv1_client_method ( void  )

The wolfTLSv1_client_method() function is used to indicate that the application is a client and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_client_method();
if (method == NULL) {
unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_client_method
WOLFSSL_METHOD * wolfTLSv1_client_method(void)
The wolfTLSv1_client_method() function is used to indicate that the application is a client and will ...
See also
wolfSSLv3_client_method
wolfTLSv1_1_client_method
wolfTLSv1_2_client_method
wolfTLSv1_3_client_method
wolfDTLSv1_client_method
wolfSSLv23_client_method
wolfSSL_CTX_new

◆ wolfTLSv1_server_method()

WOLFSSL_METHOD* wolfTLSv1_server_method ( void  )

The wolfTLSv1_server_method() function is used to indicate that the application is a server and will only support the TLS 1.0 protocol. This function allocates memory for and initializes a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context with wolfSSL_CTX_new().

Returns
* If successful, the call will return a pointer to the newly created WOLFSSL_METHOD structure.
FAIL If memory allocation fails when calling XMALLOC, the failure value of the underlying malloc() implementation will be returned (typically NULL with errno will be set to ENOMEM).
Parameters
noneNo parameters.

Example

#include <wolfssl/ssl.h>
WOLFSSL_METHOD* method;
WOLFSSL_CTX* ctx;
method = wolfTLSv1_server_method();
if (method == NULL) {
unable to get method
}
ctx = wolfSSL_CTX_new(method);
...
wolfTLSv1_server_method
WOLFSSL_METHOD * wolfTLSv1_server_method(void)
The wolfTLSv1_server_method() function is used to indicate that the application is a server and will ...
See also
wolfSSLv3_server_method
wolfTLSv1_1_server_method
wolfTLSv1_2_server_method
wolfTLSv1_3_server_method
wolfDTLSv1_server_method
wolfSSLv23_server_method
wolfSSL_CTX_new