diff options
Diffstat (limited to 'secure/lib/libcrypto/man/BIO_f_ssl.3')
-rw-r--r-- | secure/lib/libcrypto/man/BIO_f_ssl.3 | 87 |
1 files changed, 62 insertions, 25 deletions
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 67cf4ea..36a1f0a 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Mar 17 09:38:28 2004 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,25 +126,26 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "0.9.7d" "2004-03-17" "OpenSSL" -.UC +.TH BIO_f_ssl 3 "2005-02-24" "0.9.7d" "OpenSSL" .SH "NAME" BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, -BIO_ssl_shutdown \- \s-1SSL\s0 \s-1BIO\s0 +BIO_ssl_shutdown \- SSL BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include <openssl/bio.h> \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& BIO_METHOD *BIO_f_ssl(void); .Ve +.PP .Vb 9 \& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) \& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) @@ -165,6 +157,7 @@ BIO_ssl_shutdown \- \s-1SSL\s0 \s-1BIO\s0 \& #define BIO_get_num_renegotiates(b) \e \& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); .Ve +.PP .Vb 5 \& BIO *BIO_new_ssl(SSL_CTX *ctx,int client); \& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -172,6 +165,7 @@ BIO_ssl_shutdown \- \s-1SSL\s0 \s-1BIO\s0 \& int BIO_ssl_copy_session_id(BIO *to,BIO *from); \& void BIO_ssl_shutdown(BIO *bio); .Ve +.PP .Vb 1 \& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) .Ve @@ -272,7 +266,7 @@ processing. .IX Header "EXAMPLE" This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an \&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the -unencrypted example in BIO_s_connect(3). +unencrypted example in \fIBIO_s_connect\fR\|(3). .PP .Vb 5 \& BIO *sbio, *out; @@ -281,47 +275,58 @@ unencrypted example in BIO_s_connect(3). \& SSL_CTX *ctx; \& SSL *ssl; .Ve +.PP .Vb 3 \& ERR_load_crypto_strings(); \& ERR_load_SSL_strings(); \& OpenSSL_add_all_algorithms(); .Ve +.PP .Vb 3 \& /* We would seed the PRNG here if the platform didn't \& * do it automatically \& */ .Ve +.PP .Vb 1 \& ctx = SSL_CTX_new(SSLv23_client_method()); .Ve +.PP .Vb 4 \& /* We'd normally set some stuff like the verify paths and \& * mode here because as things stand this will connect to \& * any server whose certificate is signed by any CA. \& */ .Ve +.PP .Vb 1 \& sbio = BIO_new_ssl_connect(ctx); .Ve +.PP .Vb 1 \& BIO_get_ssl(sbio, &ssl); .Ve +.PP .Vb 4 \& if(!ssl) { \& fprintf(stderr, "Can't locate SSL pointer\en"); \& /* whatever ... */ \& } .Ve +.PP .Vb 2 \& /* Don't want any retries */ \& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); .Ve +.PP .Vb 1 \& /* We might want to do other things with ssl here */ .Ve +.PP .Vb 1 \& BIO_set_conn_hostname(sbio, "localhost:https"); .Ve +.PP .Vb 6 \& out = BIO_new_fp(stdout, BIO_NOCLOSE); \& if(BIO_do_connect(sbio) <= 0) { @@ -330,6 +335,7 @@ unencrypted example in BIO_s_connect(3). \& /* whatever ... */ \& } .Ve +.PP .Vb 5 \& if(BIO_do_handshake(sbio) <= 0) { \& fprintf(stderr, "Error establishing SSL connection\en"); @@ -337,9 +343,11 @@ unencrypted example in BIO_s_connect(3). \& /* whatever ... */ \& } .Ve +.PP .Vb 1 \& /* Could examine ssl here to get connection info */ .Ve +.PP .Vb 8 \& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); \& for(;;) { @@ -350,6 +358,7 @@ unencrypted example in BIO_s_connect(3). \& BIO_free_all(sbio); \& BIO_free(out); .Ve +.PP Here is a simple server example. It makes use of a buffering \&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. It creates a pseudo web page containing the actual request from @@ -362,63 +371,78 @@ a client and also echoes the request to standard output. \& SSL_CTX *ctx; \& SSL *ssl; .Ve +.PP .Vb 3 \& ERR_load_crypto_strings(); \& ERR_load_SSL_strings(); \& OpenSSL_add_all_algorithms(); .Ve +.PP .Vb 1 \& /* Might seed PRNG here */ .Ve +.PP .Vb 1 \& ctx = SSL_CTX_new(SSLv23_server_method()); .Ve +.PP .Vb 3 \& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) \& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) \& || !SSL_CTX_check_private_key(ctx)) { .Ve +.PP .Vb 4 \& fprintf(stderr, "Error setting up SSL_CTX\en"); \& ERR_print_errors_fp(stderr); \& return 0; \& } .Ve +.PP .Vb 3 \& /* Might do other things here like setting verify locations and \& * DH and/or RSA temporary key callbacks \& */ .Ve +.PP .Vb 2 \& /* New SSL BIO setup as server */ \& sbio=BIO_new_ssl(ctx,0); .Ve +.PP .Vb 1 \& BIO_get_ssl(sbio, &ssl); .Ve +.PP .Vb 4 \& if(!ssl) { \& fprintf(stderr, "Can't locate SSL pointer\en"); \& /* whatever ... */ \& } .Ve +.PP .Vb 2 \& /* Don't want any retries */ \& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); .Ve +.PP .Vb 1 \& /* Create the buffering BIO */ .Ve +.PP .Vb 1 \& bbio = BIO_new(BIO_f_buffer()); .Ve +.PP .Vb 2 \& /* Add to chain */ \& sbio = BIO_push(bbio, sbio); .Ve +.PP .Vb 1 \& acpt=BIO_new_accept("4433"); .Ve +.PP .Vb 5 \& /* By doing this when a new connection is established \& * we automatically have sbio inserted into it. The @@ -426,12 +450,15 @@ a client and also echoes the request to standard output. \& * will be freed when the accept BIO is freed. \& */ .Ve +.PP .Vb 1 \& BIO_set_accept_bios(acpt,sbio); .Ve +.PP .Vb 1 \& out = BIO_new_fp(stdout, BIO_NOCLOSE); .Ve +.PP .Vb 6 \& /* Setup accept BIO */ \& if(BIO_do_accept(acpt) <= 0) { @@ -440,6 +467,7 @@ a client and also echoes the request to standard output. \& return 0; \& } .Ve +.PP .Vb 6 \& /* Now wait for incoming connection */ \& if(BIO_do_accept(acpt) <= 0) { @@ -448,17 +476,21 @@ a client and also echoes the request to standard output. \& return 0; \& } .Ve +.PP .Vb 3 \& /* We only want one connection so remove and free \& * accept BIO \& */ .Ve +.PP .Vb 1 \& sbio = BIO_pop(acpt); .Ve +.PP .Vb 1 \& BIO_free_all(acpt); .Ve +.PP .Vb 5 \& if(BIO_do_handshake(sbio) <= 0) { \& fprintf(stderr, "Error in SSL handshake\en"); @@ -466,11 +498,13 @@ a client and also echoes the request to standard output. \& return 0; \& } .Ve +.PP .Vb 3 \& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en"); \& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); \& BIO_puts(sbio, "--------------------------------------------------\er\en"); .Ve +.PP .Vb 8 \& for(;;) { \& len = BIO_gets(sbio, tmpbuf, 1024); @@ -481,14 +515,17 @@ a client and also echoes the request to standard output. \& if((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) break; \& } .Ve +.PP .Vb 2 \& BIO_puts(sbio, "--------------------------------------------------\er\en"); \& BIO_puts(sbio, "\er\en"); .Ve +.PP .Vb 2 \& /* Since there is a buffering BIO present we had better flush it */ \& BIO_flush(sbio); .Ve +.PP .Vb 1 \& BIO_free_all(sbio); .Ve |