OpenSSL-APIs
Note
The OpenSSL-API will be discontinued in ESP-IDF from v5.0. Please use ESP-TLS <esp_tls> instead.
The code of this API (located in openssl directory), does not contain OpenSSL itself but is intended as a wrapper for applications using the OpenSSL API. It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file.
OpenSSL APIs not mentioned in this article are not open to public for the time, also do not have the corresponding function. If user calls it directly, it will always return an error or may show cannot link at compiling time.
Chapter Introduction
Chapter 1. SSL Context Method Create
Chapter 2. SSL Context Function
Chapter 3. SSL Function
Chapter 4. SSL X509 Certification and Private Key Function
Chapter 1. SSL Context Method Create
1.1 const SSL_METHOD* SSLv3_client_method (void)
Arguments:
noneReturn:
SSLV3.0 version SSL context client method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = SSLv3_client_method(); ... }
1.2 const SSL_METHOD* TLSv1_client_method (void)
Arguments:
noneReturn:
TLSV1.0 version SSL context client method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_client_method(); ... }
1.3 const SSL_METHOD* TLSv1_1_client_method (void)
Arguments:
noneReturn:
TLSV1.1 version SSL context client method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_1_client_method(); ... }
1.4 const SSL_METHOD* TLSv1_2_client_method (void)
Arguments:
noneReturn:
TLSV1.2 version SSL context client method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_2_client_method(); ... }
1.5 const SSL_METHOD* TLS_client_method (void)
Arguments:
noneReturn:
TLSV1.2 version SSL context client method pointDescription:
create the default SSL context method, it's always to be TLSV1.2Example:
void example(void) { const SSL_METHOD *method = TLSv1_2_client_method(); ... }
1.6 const SSL_METHOD* SSLv3_server_method (void)
Arguments:
noneReturn:
SSLV3.0 version SSL context server method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = SSLv3_server_method(); ... }
1.7 const SSL_METHOD* TLSv1_server_method (void)
Arguments:
noneReturn:
TLSV1.0 version SSL context server method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_server_method(); ... }
1.8 const SSL_METHOD* TLSv1_1_server_method (void)
Arguments:
noneReturn:
TLSV1.1 version SSL context server method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_1_server_method(); ... }
1.9 const SSL_METHOD* TLSv1_2_server_method (void)
Arguments:
noneReturn:
TLSV1.2 version SSL context server method pointDescription:
create the target SSL context methodExample:
void example(void) { const SSL_METHOD *method = TLSv1_2_server_method(); ... }
1.10 const SSL_METHOD* TLS_server_method (void)
Arguments:
noneReturn:
TLSV1.2 version SSL context server method pointDescription:
create the default SSL context method, it's always to be TLSV1.2Example:
void example(void) { const SSL_METHOD *method = TLSv1_2_server_method(); ... }
Chapter 2. SSL Context Function
2.1 SSL_CTX* SSL_CTX_new (const SSL_METHOD * method)
Arguments:
method - the SSL context method pointReturn:
context pointDescription:
create a SSL contextExample:
void example(void) { SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method()); ... }
2.2 void SSL_CTX_free (SSL_CTX * ctx)
Arguments:
ctx - the SSL context pointReturn:
noneDescription:
free a SSL contextExample:
void example(void) { SSL_CTX *ctx; ... ... SSL_CTX_free(ctx); }
2.3 int SSL_CTX_set_ssl_version (SSL_CTX * ctx, const SSL_METHOD * meth)
Arguments:
ctx - SSL context point meth - SSL method pointReturn:
1 : OK 0 : failedDescription:
set the SSL context versionExample:
void example(void) { SSL_CTX *ctx; const SSL_METHOD *meth; ... ... SSL_CTX_set_ssl_version(ctx, meth); }
2.4 const SSL_METHOD* SSL_CTX_get_ssl_method (SSL_CTX * ctx)
Arguments:
ctx - SSL context pointReturn:
SSL context methodDescription:
get the SSL context methodExample:
void example(void) { const SSL_METHOD *method; SSL_CTX *ctx; ... ... method = SSL_CTX_get_ssl_method(ctx); }
Chapter 3. SSL Function
3.1 SSL* SSL_new (SSL_CTX * ctx)
Arguments:
ctx - SSL context pointReturn:
SSL methodDescription:
create a SSLExample:
void example(void) { SSL *ssl; SSL_CTX *ctx; ... ... ssl = SSL_new(ctx); }
3.2 void SSL_free (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
noneDescription:
free SSLExample:
void example(void) { SSL *ssl; ... ... SSL_free(ssl); }
3.3 int SSL_do_handshake (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : OK 0 : failed, connect is close by remote -1 : a error catchDescription:
perform the SSL handshakeExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_do_handshake(ssl); }
3.4 int SSL_connect (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : OK 0 : failed, connect is close by remote -1 : a error catchDescription:
connect to the remote SSL serverExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_connect(ssl); }
3.5 int SSL_accept (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : OK 0 : failed, connect is close by remote -1 : a error catchDescription:
accept the remote connectionExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_accept(ssl); }
3.6 int SSL_shutdown (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : OK 0 : failed, connect is close by remote -1 : a error catchDescription:
shutdown the connectionExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_shutdown(ssl); }
3.7 int SSL_clear (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : OK 0 : failedDescription:
shutdown the connectionExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_clear(ssl); }
3.8 int SSL_read (SSL * ssl, void * buffer, int len)
Arguments:
ssl - point buffer - data buffer point len - data lengthReturn:
> 0 : OK, and return received data bytes = 0 : no data received or connection is closed < 0 : an error catchDescription:
read data from remoteExample:
void example(void) { SSL *ssl; char *buf; int len; int ret; ... ... ret = SSL_read(ssl, buf, len); }
3.9 int SSL_write (SSL * ssl, const void * buffer, int len)
Arguments:
ssl - SSL point buffer - data buffer point len - data lengthReturn:
> 0 : OK, and return received data bytes = 0 : no data sent or connection is closed < 0 : an error catchDescription:
send the data to remoteExample:
void example(void) { SSL *ssl; char *buf; int len; int ret; ... ... ret = SSL_write(ssl, buf, len); }
3.10 SSL_CTX *SSL_get_SSL_CTX (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL contextDescription:
get SSL context of the SSLExample:
void example(void) { SSL *ssl; SSL_CTX *ctx; ... ... ctx = SSL_get_SSL_CTX(ssl); }
3.11 int SSL_get_shutdown (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
shutdown modeDescription:
get SSL shutdown modeExample:
void example(void) { SSL *ssl; int mode; ... ... mode = SSL_get_SSL_CTX(ssl); }
3.12 void SSL_set_shutdown (SSL * ssl, int mode)
Arguments:
ssl - SSL pointReturn:
shutdown modeDescription:
set SSL shutdown modeExample:
void example(void) { SSL *ssl; int mode = 0; ... ... SSL_set_shutdown(ssl, mode); }
3.13 const SSL_METHOD* SSL_get_ssl_method (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL methodDescription:
set SSL shutdown modeExample:
void example(void) { SSL *ssl; const SSL_METHOD *method; ... ... method = SSL_get_ssl_method(ssl); }
3.14 int SSL_set_ssl_method (SSL * ssl, const SSL_METHOD * method)
Arguments:
ssl - SSL point meth - SSL method pointReturn:
1 : OK 0 : failedDescription:
set the SSL methodExample:
void example(void) { int ret; SSL *ssl; const SSL_METHOD *method; ... ... ret = SSL_set_ssl_method(ssl, method); }
3.15 int SSL_pending (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
data bytesDescription:
get received data bytesExample:
void example(void) { int ret; SSL *ssl; ... ... ret = SSL_pending(ssl); }
3.16 int SSL_has_pending (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
1 : Yes 0 : NoDescription:
check if data is receivedExample:
void example(void) { int ret; SSL *ssl; ... ... ret = SSL_has_pending(ssl); }
3.17 int SSL_get_fd (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
>= 0 : socket id < 0 : a error catchDescription:
get the socket of the SSLExample:
void example(void) { int ret; SSL *ssl; ... ... ret = SSL_get_fd(ssl); }
3.18 int SSL_get_rfd (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
>= 0 : socket id < 0 : a error catchDescription:
get the read only socket of the SSLExample:
void example(void) { int ret; SSL *ssl; ... ... ret = SSL_get_rfd(ssl); }
3.19 int SSL_get_wfd (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
>= 0 : socket id < 0 : a error catchDescription:
get the write only socket of the SSLExample:
void example(void) { int ret; SSL *ssl; ... ... ret = SSL_get_wfd(ssl); }
3.20 int SSL_set_fd (SSL * ssl, int fd)
Arguments:
ssl - SSL point fd - socket idReturn:
1 : OK 0 : failedDescription:
set socket to SSLExample:
void example(void) { int ret; SSL *ssl; int socket; ... ... ret = SSL_set_fd(ssl, socket); }
3.21 int SSL_set_rfd (SSL * ssl, int fd)
Arguments:
ssl - SSL point fd - socket idReturn:
1 : OK 0 : failedDescription:
set read only socket to SSLExample:
void example(void) { int ret; SSL *ssl; int socket; ... ... ret = SSL_set_rfd(ssl, socket); }
3.22 int SSL_set_wfd (SSL * ssl, int fd)
Arguments:
ssl - SSL point fd - socket idReturn:
1 : OK 0 : failedDescription:
set write only socket to SSLExample:
void example(void) { int ret; SSL *ssl; int socket; ... ... ret = SSL_set_wfd(ssl, socket); }
3.23 int SSL_version (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL versionDescription:
get SSL versionExample:
void example(void) { int version; SSL *ssl; ... ... version = SSL_version(ssl); }
3.24 const char* SSL_get_version (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL version stringDescription:
get the SSL current version stringExample:
void example(void) { char *version; SSL *ssl; ... ... version = SSL_get_version(ssl); }
3.25 OSSL_HANDSHAKE_STATE SSL_get_state (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL stateDescription:
get the SSL stateExample:
void example(void) { OSSL_HANDSHAKE_STATE state; SSL *ssl; ... ... state = SSL_get_state(ssl); }
3.26 const char* SSL_alert_desc_string (int value)
Arguments:
value - SSL descriptionReturn:
alert value stringDescription:
get alert description stringExample:
void example(void) { int val; char *str; ... ... str = SSL_alert_desc_string(val); }
3.27 const char* SSL_alert_desc_string_long (int value)
Arguments:
value - SSL descriptionReturn:
alert value long stringDescription:
get alert description long stringExample:
void example(void) { int val; char *str; ... ... str = SSL_alert_desc_string_long(val); }
3.28 const char* SSL_alert_type_string (int value)
Arguments:
value - SSL type descriptionReturn:
alert type stringDescription:
get alert type stringExample:
void example(void) { int val; char *str; ... ... str = SSL_alert_type_string(val); }
3.29 const char* SSL_alert_type_string_long (int value)
Arguments:
value - SSL type descriptionReturn:
alert type long stringDescription:
get alert type long stringExample:
void example(void) { int val; char *str; ... ... str = SSL_alert_type_string_long(val); }
3.30 const char* SSL_rstate_string (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
state stringDescription:
get the state string where SSL is readingExample:
void example(void) { SSL *ssl; char *str; ... ... str = SSL_rstate_string(ssl); }
3.31 const char* SSL_rstate_string_long (SSL * ssl)
Arguments:
ssl - SSL pointReturn:
state long stringDescription:
get the state long string where SSL is readingExample:
void example(void) { SSL *ssl; char *str; ... ... str = SSL_rstate_string_long(ssl); }
3.32 const char* SSL_state_string (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
state stringDescription:
get the state stringExample:
void example(void) { SSL *ssl; const char *str; ... ... str = SSL_state_string(ssl); }
3.33 char* SSL_state_string_long (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
state long stringDescription:
get the state long stringExample:
void example(void) { SSL *ssl; char *str; ... ... str = SSL_state_string(ssl); }
3.34 int SSL_get_error (const SSL * ssl, int ret_code)
Arguments:
ssl - SSL point ret_code - SSL return codeReturn:
SSL error numberDescription:
get SSL error codeExample:
void example(void) { SSL *ssl; int ret; int err; ... ... err = SSL_get_error(ssl, ret); }
3.35 int SSL_want (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
specifical statementDescription:
get the SSL specifical statementExample:
void example(void) { SSL *ssl; int state; ... ... state = SSL_want(ssl); }
3.36 int SSL_want_nothing (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
0 : false 1 : trueDescription:
check if SSL want nothingExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_want(ssl); }
3.37 int SSL_want_read (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
0 : false 1 : trueDescription:
check if SSL want to readExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_want_read(ssl); }
3.38 int SSL_want_write (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
0 : false 1 : trueDescription:
check if SSL want to writeExample:
void example(void) { SSL *ssl; int ret; ... ... ret = SSL_want_write(ssl); }
Chapter 4. SSL X509 Certification and Private Key Function
4.1 X509 * d2i_X509 (X509 ** cert, const unsigned char * buffer, long len)
Arguments:
cert - a point pointed to X509 certification buffer - a point pointed to the certification context memory point length - certification bytesReturn:
X509 certification object pointDescription:
load a character certification context into system context. If '*cert' is pointed to the certification, then load certification into it. Or create a new X509 certification objectExample:
void example(void) { X509 *new; X509 *cert; unsigned char *buffer; long len; ... ... new = d2i_X509(&cert, buffer, len); }
4.2 int SSL_add_client_CA (SSL * ssl, X509 * x)
Arguments:
ssl - SSL point x - CA certification pointReturn:
1 : OK 0 : failedDescription:
add CA client certification into the SSLExample:
void example(void) { int ret; SSL *ssl; X509 *new; ... ... ret = SSL_add_client_CA(ssl, new); }
4.3 int SSL_CTX_add_client_CA (SSL_CTX * ctx, X509 * x)
Arguments:
ctx - SSL context point x - CA certification pointReturn:
1 : OK 0 : failedDescription:
add CA client certification into the SSL contextExample:
void example(void) { int ret; SSL_CTX *ctx; X509 *new; ... ... ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new); }
4.4 X509* SSL_get_certificate (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
SSL certification pointDescription:
get the SSL certification pointExample:
void example(void) { SSL *ssl; X509 *cert; ... ... cert = SSL_get_certificate(ssl); }
4.5 long SSL_get_verify_result (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
the result of verifyingDescription:
get the verifying result of the SSL certificationExample:
void example(void) { SSL *ssl; long ret; ... ... ret = SSL_get_verify_result(ssl); }
4.6 int SSL_CTX_use_certificate (SSL_CTX * ctx, X509 * x)
Arguments:
ctx - the SSL context point pkey - certification object pointReturn:
1 : OK 0 : failedDescription:
load the certification into the SSL_CTX or SSL objectExample:
void example(void) { int ret; SSL_CTX *ctx X509 *new; ... ... ret = SSL_CTX_use_certificate(ctx, new); }
4.7 int SSL_CTX_use_certificate_ASN1 (SSL_CTX * ctx, int len, const unsigned char * d)
Arguments:
ctx - SSL context point len - certification length d - data pointReturn:
1 : OK 0 : failedDescription:
load the ASN1 certification into SSL contextExample:
void example(void) { int ret; SSL_CTX *ctx; const unsigned char *buf; int len; ... ... ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf); }
4.8 int SSL_CTX_use_PrivateKey (SSL_CTX * ctx, EVP_PKEY * pkey)
Arguments:
ctx - SSL context point pkey - private key object pointReturn:
1 : OK 0 : failedDescription:
load the private key into the context objectExample:
void example(void) { int ret; SSL_CTX *ctx; EVP_PKEY *pkey; ... ... ret = SSL_CTX_use_PrivateKey(ctx, pkey); }
4.9 int SSL_CTX_use_PrivateKey_ASN1 (int pk, SSL_CTX * ctx, const unsigned char * d, long len)
Arguments:
ctx - SSL context point d - data point len - private key lengthReturn:
1 : OK 0 : failedDescription:
load the ASN1 private key into SSL contextExample:
void example(void) { int ret; int pk; SSL_CTX *ctx; const unsigned char *buf; long len; ... ... ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len); }
4.10 int SSL_CTX_use_RSAPrivateKey_ASN1 (SSL_CTX * ctx, const unsigned char * d, long len)
Arguments:
ctx - SSL context point d - data point len - private key lengthReturn:
1 : OK 0 : failedDescription:
load the RSA ASN1 private key into SSL contextExample:
void example(void) { int ret; SSL_CTX *ctx; const unsigned char *buf; long len; ... ... ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len); }
4.11 int SSL_use_certificate_ASN1 (SSL * ssl, int len, const unsigned char * d)
Arguments:
ssl - SSL point len - data bytes d - data pointReturn:
1 : OK 0 : failedDescription:
load certification into the SSLExample:
void example(void) { int ret; SSL *ssl; const unsigned char *buf; long len; ... ... ret = SSL_use_certificate_ASN1(ssl, len, buf); }
4.12 X509* SSL_get_peer_certificate (const SSL * ssl)
Arguments:
ssl - SSL pointReturn:
peer certificationDescription:
get peer certificationExample:
void example(void) { SSL *ssl; X509 *peer; ... ... peer = SSL_get_peer_certificate(ssl); }