785 wc_dtls_export func);
942 wolfSSL_method_func method,
943 unsigned char* buf,
unsigned int sz,
980 WOLFSSL_MEM_STATS* mem_stats);
1013 WOLFSSL_MEM_CONN_STATS* mem_stats);
1167 const char* format);
1232 const char* path,
unsigned int flags);
1718 const char* file,
int format);
2420 int wolfSSL_send(WOLFSSL* ssl,
const void* data,
int sz,
int flags);
2480 int wolfSSL_recv(WOLFSSL* ssl,
void* data,
int sz,
int flags);
2707 int len,
int newSession);
2840 VerifyCallback verify_callback);
4874 char* buf,
int len);
5017 WOLFSSL_X509_STORE_CTX* ctx);
5047 unsigned long flag);
5141 WOLFSSL_BIGNUM *bn);
5275 WOLFSSL_CTX* ctx,
void* arg);
5480 int (*cb)(
const char *str,
size_t len,
void *u),
void *u);
5520 wc_psk_client_callback);
5559 wc_psk_client_callback);
5722 wc_psk_server_callback cb);
5766 wc_psk_server_callback cb);
6420 unsigned char* buf,
int inLen,
int* outLen);
6761 unsigned char* in,
int* inOutSz);
6844 WC_PKCS12** pkcs12);
6936 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
WOLF_STACK_OF(WOLFSSL_X509)** ca);
6968 const unsigned char* g,
int gSz);
7109 int pSz,
const unsigned char* g,
int gSz);
7154 long sz,
int format);
7680 long sz,
int format);
7732 long sz,
int format);
7792 const unsigned char* in,
long sz,
7793 int format,
int userChain, word32 flags);
7846 const unsigned char* in,
7847 long sz,
int format);
7894 const unsigned char* in,
long sz,
7944 const unsigned char* in,
long sz,
7993 const unsigned char* in,
long sz);
8040 long sz,
int format);
8089 long sz,
int format);
8135 const unsigned char* in,
long sz);
8273 const unsigned char* secret,
8274 unsigned int secretSz);
8554 CallbackDecryptVerify cb);
8920 word32 sz,
int content,
int verify);
9519 const unsigned char* in,
long sz,
int format);
9684 const unsigned char* buff,
long sz,
int format);
9748 unsigned char* der,
int sz);
9860 const char* path,
int type,
int monitor);
9897 const unsigned char* buff,
long sz,
10004 unsigned char* der,
int sz);
10130 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
10162 WOLFSSL_CERT_MANAGER* cm);
10249 int wolfSSL_LoadCRL(WOLFSSL* ssl,
const char* path,
int type,
int monitor);
10650 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
10778 const void* data,
unsigned short size);
10817 const void* data,
unsigned short size);
10866 unsigned char options);
10911 unsigned char type,
unsigned char options);
10952 const unsigned char* clientHello,
unsigned int helloSz,
10953 unsigned char type,
unsigned char* sni,
unsigned int* inOutSz);
11024 unsigned char type,
void** data);
11066 unsigned int protocol_name_listSz,
11067 unsigned char options);
11108 unsigned short *size);
11151 unsigned short *listSz);
11336 unsigned char status_type,
unsigned char options);
11377 unsigned char status_type,
unsigned char options);
11407 unsigned char status_type,
unsigned char options);
11442 unsigned char status_type,
unsigned char options);
11750 CallbackSessionTicket cb,
void* ctx);
11834 SessionTicketEncCb);
11982 unsigned int* total,
11983 unsigned int* peak,
11984 unsigned int* maxSessions);
12031 const unsigned char* pms, word32 pmsLen,
12032 const unsigned char* cr,
const unsigned char* sr,
12033 int tls1_2,
int hash_type);
12078 const unsigned char* ms, word32 msLen,
12079 const unsigned char* sr,
const unsigned char* cr,
12080 int tls1_2,
int hash_type);
12114 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
12146 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
12256 int nid,
int lastPos);
12289 int nid,
int* c,
int* idx);
12318 const WOLFSSL_EVP_MD* digest,
unsigned char* buf,
unsigned int* len);
12435 unsigned char* der,
long derSz);
12527 unsigned char* out,
int outSz);
12580 WOLFSSL_X509_STORE* str);
12696 unsigned char *out,
size_t outlen);
12730 unsigned char* out,
size_t outSz);
12810 (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb,
void *u);
12868 WOLFSSL_DSA **x, wc_pem_password_cb *cb,
void *u);
12918 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(
const WOLFSSL*);
13191 const unsigned char* secret,
unsigned int secretSz);
13920 int sz,
int* outSz);
14000 wc_psk_client_tls13_callback cb);
14027 wc_psk_client_tls13_callback cb);
14055 wc_psk_server_tls13_callback cb);
14082 wc_psk_server_tls13_callback cb);
14411 const unsigned char** key,
unsigned int* keySz);
14424 const unsigned char** key,
unsigned int* keySz);
14447 unsigned int mLen,
unsigned char* sigRet,
14448 unsigned int* sigLen, WOLFSSL_RSA* rsa,
14449 int flag,
int padding);
14549 unsigned int size);
14571 unsigned int* size);
14594 unsigned int bufferSz);
14637 unsigned int bufferSz);
int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expe...
int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER *cm)
This function turns on OCSP stapling if it is not turned on as well as set the options.
int wolfSSL_UseSupportedCurve(WOLFSSL *ssl, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension i...
int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX *ctx, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
int wolfSSL_GetBulkCipher(WOLFSSL *)
Allows caller to determine the negotiated bulk cipher algorithm from the handshake.
WOLFSSL_METHOD * wolfTLSv1_3_method(void)
This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not det...
WOLFSSL_METHOD * wolfTLSv1_3_server_method(void)
This function is used to indicate that the application is a server and will only support the TLS 1...
int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME *name, int nid, char *buf, int len)
This function gets the text related to the passed in NID value.
void wolfSSL_set_using_nonblock(WOLFSSL *ssl, int nonblock)
This function informs the WOLFSSL object that the underlying I/O is non-blocking. After an applicatio...
void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX *ctx, CallbackDecryptVerify cb)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should r...
int wolfSSL_peek(WOLFSSL *ssl, void *data, int sz)
This function copies sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
WOLFSSL_CTX * wolfSSL_CTX_new(WOLFSSL_METHOD *)
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input...
WOLFSSL_METHOD * wolfSSLv23_client_method(void)
The wolfSSLv23_client_method() function is used to indicate that the application is a client and will...
const char * wolfSSL_get_version(WOLFSSL *)
Returns the SSL version being used as a string.
const unsigned char * wolfSSL_GetMacSecret(WOLFSSL *ssl, int verify)
Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies wh...
long wolfSSL_CTX_clear_options(WOLFSSL_CTX *ctx, long opt)
This function resets option bits of WOLFSSL_CTX object.
int wolfSSL_set_compression(WOLFSSL *ssl)
Turns on the ability to use compression for the SSL connection. Both sides must have compression turn...
void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX *ctx, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL sessions using Server...
int wolfSSL_get_fd(const WOLFSSL *)
This function returns the file descriptor (fd) used as the input/output facility for the SSL connecti...
void wolfSSL_FreeArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() ha...
int wolfSSL_CTX_set_groups(WOLFSSL_CTX *ctx, int *groups, int count)
This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of prefer...
int wolfSSL_dtls_cid_get_rx(WOLFSSL *ssl, unsigned char *buffer, unsigned int bufferSz)
Copy the ConnectionID used by the other peer to send records in this connection into the buffer point...
int wolfSSL_SetMinRsaKey_Sz(WOLFSSL *ssl, short keySz)
Sets the minimum allowable key size in bits for RSA located in the WOLFSSL structure.
int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX *)
This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilat...
int wolfSSL_SetMaxDhKey_Sz(WOLFSSL *ssl, word16 keySz_bits)
Sets the maximum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.
int wolfSSL_GetSessionIndex(WOLFSSL *ssl)
This function gets the session index of the WOLFSSL structure.
int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX *ctx, const char *fname)
This function writes the cert cache from memory to file.
WOLFSSL_METHOD * wolfTLSv1_3_client_method_ex(void *heap)
This function is used to indicate that the application is a client and will only support the TLS 1...
unsigned char * wolfSSL_X509_get_device_type(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz)
This function copies the device type from the x509 structure to the buffer.
int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX *ctx, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension f...
int wolfSSL_get_session_cache_memsize(void)
This function returns how large the session cache save buffer should be.
const unsigned char * wolfSSL_X509_get_der(WOLFSSL_X509 *x509, int *outSz)
This function gets the DER encoded certificate in the WOLFSSL_X509 struct.
int wolfSSL_set_psk_callback_ctx(WOLFSSL *ssl, void *psk_ctx)
Sets a PSK user context in the WOLFSSL structure options member.
int wolfSSL_set_cipher_list(WOLFSSL *ssl, const char *list)
This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the lis...
long wolfSSL_get_verify_depth(WOLFSSL *ssl)
This function returns the maximum chain depth allowed, which is 9 by default, for a valid session i...
void * wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509 *x509, int nid, int *c, int *idx)
This function looks for and returns the extension matching the passed in NID value.
wolfSSL_accept_TLSv13(WOLFSSL *ssl)
This function is called on the server side and waits for a SSL/TLS client to initiate the SSL/TLS han...
int wolfSSL_dtls(WOLFSSL *ssl)
This function is used to determine if the SSL session has been configured to use DTLS.
unsigned char * wolfSSL_X509_get_hw_type(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz)
The function copies the hwType member of the WOLFSSL_X509 structure to the buffer.
int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format, int userChain, word32 flags)
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffere...
const char * wolfSSL_get_psk_identity(const WOLFSSL *)
The function returns a constant pointer to the client_identity member of the Arrays structure...
int wolfSSL_CRYPTO_get_ex_new_index(int, void *, void *, void *, void *)
Get a new index for external data. This entry applies also for the following API: ...
int wolfSSL_X509_version(WOLFSSL_X509 *)
This function retrieves the version of the X509 certificate.
int wolfSSL_X509_get_signature(WOLFSSL_X509 *x509, unsigned char *buf, int *bufSz)
Gets the X509 signature and stores it in the buffer.
int wolfSSL_CTX_set_timeout(WOLFSSL_CTX *ctx, unsigned int to)
This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context...
void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX *ctx, CallbackMacEncrypti cb)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should retu...
int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER *cm, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx)
The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
WOLFSSL_METHOD * wolfDTLSv1_server_method(void)
The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will...
WOLFSSL_METHOD * wolfTLSv1_3_method_ex(void *heap)
This function returns a WOLFSSL_METHOD similar to wolfTLSv1_3_client_method except that it is not det...
void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX *ctx, wc_psk_server_callback cb)
This function sets the psk callback for the server side in the WOLFSSL_CTX structure.
const unsigned char * wolfSSL_GetClientWriteKey(WOLFSSL *)
Allows retrieval of the client write key from the handshake process.
void wolfSSL_CTX_SetCACb(WOLFSSL_CTX *ctx, CallbackCACache cb)
This function registers a callback with the SSL context (WOLFSSL_CTX) to be called when a new CA cert...
void wolfSSL_SetFuzzerCb(WOLFSSL *ssl, CallbackFuzzer cbf, void *fCtx)
This function sets the fuzzer callback.
WOLFSSL_METHOD * wolfDTLSv1_client_method(void)
The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will...
int wolfSSL_get_ephemeral_key(WOLFSSL *ssl, int keyAlgo, const unsigned char **key, unsigned int *keySz)
This function returns pointer to loaded key as ASN.1/DER.
WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn)
This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.
WOLFSSL_METHOD * wolfDTLS_client_method(void)
The wolfDTLS_client_method() function is used to indicate that the application is a client and will s...
void wolfSSL_CTX_free(WOLFSSL_CTX *)
This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count...
int wolfSSL_CTX_GetDevId(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
This function retrieves the Device Id.
int wolfSSL_CTX_SetDevId(WOLFSSL_CTX *ctx, int devId)
This function sets the Device Id at the WOLFSSL_CTX context level.
void * wolfSSL_GetMacEncryptCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously s...
unsigned long wolfSSL_ERR_peek_last_error(void)
This function returns the absolute value of the last error from WOLFSSL_ERROR encountered.
int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN *chain, int idx)
Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx).
int wolfSSL_get_error(WOLFSSL *ssl, int ret)
This function returns a unique error code describing why the previous API function call (wolfSSL_conn...
int wolfSSL_update_keys(WOLFSSL *ssl)
This function is called on a TLS v1.3 client or server wolfSSL to force the rollover of keys...
int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX **ctx, wolfSSL_method_func method, unsigned char *buf, unsigned int sz, int flag, int max)
This function is used to set aside static memory for a CTX. Memory set aside is then used for the CTX...
int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX *ctx, unsigned int sz)
This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to ex...
int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX *ctx)
This function disables CRL verification in the CTX structure.
int wolfSSL_UseOCSPStapling(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
Stapling eliminates the need to contact the CA. Stapling lowers the cost of certificate revocation ch...
WOLFSSL_METHOD * wolfTLSv1_2_client_method(void)
The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and wil...
int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION *session)
This function gets the session at specified index of the session cache and copies it into memory...
int wolfSSL_dtls_cid_is_enabled(WOLFSSL *ssl)
If invoked after the handshake is complete it checks if ConnectionID was successfully negotiated for ...
void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER *)
Frees all resources associated with the Certificate Manager context. Call this when you no longer nee...
int wolfSSL_write(WOLFSSL *ssl, const void *data, int sz)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl. If necessary...
WOLFSSL_X509_NAME * wolfSSL_X509_get_issuer_name(WOLFSSL_X509 *)
This function returns the name of the certificate issuer.
int wolfSSL_SetMinVersion(WOLFSSL *ssl, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX *ctx, const char *file, int format)
This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX)...
void * wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX *ctx)
Allows caller to retrieve the Public Key Ecc Signing Callback Context previously stored with wolfSSL_...
void * wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx)
This is a getter function for the password callback user data set in ctx.
int wolfSSL_is_static_memory(WOLFSSL *ssl, WOLFSSL_MEM_CONN_STATS *mem_stats)
wolfSSL_is_static_memory is used to gather information about a SSL’s static memory usage...
void wolfSSL_SNI_SetOptions(WOLFSSL *ssl, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL session using Server ...
int wolfSSL_GetOutputSize(WOLFSSL *ssl, int inSz)
Returns the record layer size of the plaintext input. This is helpful when an application wants to kn...
int wolfSSL_GetHmacType(WOLFSSL *)
Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOL...
void wolfSSL_set_psk_server_tls13_callback(WOLFSSL *ssl, wc_psk_server_tls13_callback cb)
This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the options field in WOLFSSL structure.
int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER *cm, const char *path, int type, int monitor)
Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation ch...
int wolfSSL_GetObjectSize(void)
This function returns the size of the WOLFSSL object and will be dependent on build options and setti...
int wolfSSL_SNI_GetFromBuffer(const unsigned char *clientHello, unsigned int helloSz, unsigned char type, unsigned char *sni, unsigned int *inOutSz)
This function is called on the server side to retrieve the Server Name Indication provided by the cli...
int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX *ctx, const char *url)
This function manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the i...
void * wolfSSL_get_psk_callback_ctx(WOLFSSL *ssl)
Get a PSK user context in the WOLFSSL structure options member.
void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX *ctx, wc_psk_client_callback)
The function sets the client_psk_cb member of the WOLFSSL_CTX structure.
int wolfSSL_SetMinDhKey_Sz(WOLFSSL *ssl, word16 keySz_bits)
Sets the minimum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.
int wolfSSL_UseALPN(WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options)
Setup ALPN use for a wolfSSL session.
int wolfSSL_set_groups(WOLFSSL *ssl, int *groups, int count)
This function sets the list of elliptic curve groups to allow on a wolfSSL. The list is an array of g...
int wolfSSL_want_read(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_READ in return...
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX *ctx, const char *file, const char *format)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”.
int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
Creates and initializes the certificate status request for OCSP Stapling.
int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
This function adjusts the file pointer to the offset given. This is the offset from the head of the f...
const char * wolfSSL_get_psk_identity_hint(const WOLFSSL *)
This function returns the psk identity hint.
WOLFSSL_METHOD * wolfDTLSv1_3_server_method(void)
The wolfDTLSv1_3_server_method() function is used to indicate that the application is a server and wi...
long wolfSSL_get_verify_result(const WOLFSSL *ssl)
This is used to get the results after trying to verify the peer's certificate.
void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX *ctx, void *userCtx)
This function stores user CTX object information for verify callback.
int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag)
Sets the close flag, used to indicate that the i/o stream should be closed when the BIO is freed...
int wolfSSL_set_timeout(WOLFSSL *ssl, unsigned int to)
This function sets the SSL session timeout value in seconds.
int wolfSSL_EnableOCSP(WOLFSSL *ssl, int options)
This function enables OCSP certificate verification.
int wolfSSL_check_private_key(const WOLFSSL *ssl)
This function checks that the private key is a match with the certificate being used.
int wolfSSL_SetCRL_Cb(WOLFSSL *ssl, CbMissingCRL cb)
Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER *cm, unsigned char *der, int sz)
The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check o...
int wolfSSL_read_early_data(WOLFSSL *ssl, void *data, int sz, int *outSz)
This function reads any early data from a client on resumption. Call this function instead of wolfSSL...
WOLFSSL_X509 * wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u)
This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra informati...
int wolfSSL_SetMinEccKey_Sz(WOLFSSL *ssl, short keySz)
Sets the value of the minEccKeySz member of the options structure. The options struct is a member of ...
int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO *bio, void *p)
This is used to set a byte pointer to the start of the internal memory buffer.
void wolfSSL_X509_free(WOLFSSL_X509 *x509)
This function frees a WOLFSSL_X509 structure.
long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg)
This function sets the options argument to use with OCSP.
void wolfSSL_set_psk_client_callback(WOLFSSL *ssl, wc_psk_client_callback)
Sets the PSK client side callback.
void wolfSSL_set_psk_client_tls13_callback(WOLFSSL *ssl, wc_psk_client_tls13_callback cb)
This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the options field in WOLFSSL structure.
int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX *ctx, const char *file, int type)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
void * wolfSSL_GetRsaEncCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Public Encrypt Callback Context previously stored with w...
int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void *arg)
This function sets associated callback context value in the ssl. The value is handed over to the call...
void wolfSSL_KeepArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function befo...
WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store(WOLFSSL_CTX *ctx)
This is a getter function for the WOLFSSL_X509_STORE structure in ctx.
long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX *ctx, void *arg)
This function sets the optional argument to be passed to the PRF callback.
WOLFSSL_BIO_METHOD * wolfSSL_BIO_s_socket(void)
This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
int wolfSSL_preferred_group(WOLFSSL *ssl)
This function returns the key exchange group the client prefers to use in the TLS v1...
int wolfSSL_set_jobject(WOLFSSL *ssl, void *objPtr)
This function sets the jObjectRef member of the WOLFSSL structure.
int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX *ctx, short keySz)
Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structur...
long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE *fp)
This is used to get the internal file pointer for a BIO.
int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format)
Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SS...
int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *cm)
This function frees the CRL stored in the Cert Manager. An application can update the CRL by calling ...
void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str)
This is a setter function for the WOLFSSL_X509_STORE structure in ctx.
int wolfSSL_use_psk_identity_hint(WOLFSSL *ssl, const char *hint)
This function stores the hint argument in the server_hint member of the Arrays structure within the W...
int wolfSSL_accept(WOLFSSL *)
This function is called on the server side and waits for an SSL client to initiate the SSL/TLS handsh...
int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX *)
This function disables OCSP certificate revocation checking by affecting the ocspEnabled member of th...
long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX *ctx, long mode)
This function enables or disables SSL session caching. Behavior depends on the value used for mode...
int wolfSSL_restore_session_cache(const char *)
This function restores the persistent session cache from file. It does not use memstore because of ad...
int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
This is used to set and write to a file. WIll overwrite any data currently in the file and is set to ...
int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX *ctx, wc_dtls_export func)
The wolfSSL_CTX_dtls_set_export() function is used to set the callback function for exporting a sessi...
int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX *ctx)
This function is called on a TLS v1.3 wolfSSL context to disallow Diffie-Hellman (DH) style key excha...
int wolfSSL_use_PrivateKey_file(WOLFSSL *ssl, const char *file, int format)
This function loads a private key file into the SSL session (WOLFSSL structure). The key file is prov...
int wolfSSL_get_SessionTicket(WOLFSSL *ssl, unsigned char *buf, word32 *bufSz)
This function copies the ticket member of the Session structure to the buffer.
int wolfSSL_check_domain_name(WOLFSSL *ssl, const char *dn)
wolfSSL by default checks the peer certificate for a valid date range and a verified signature...
const char * wolfSSL_get_cipher(WOLFSSL *)
This function matches the cipher suite in the SSL object with the available suites.
int wolfSSL_write_early_data(OLFSSL *ssl, const void *data, int sz, int *outSz)
This function writes early data to the server on resumption. Call this function instead of wolfSSL_co...
WOLFSSL_X509_CHAIN * wolfSSL_get_peer_chain(WOLFSSL *ssl)
Retrieves the peer’s certificate chain.
int wolfSSL_Cleanup(void)
Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free ...
void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX *ctx, CallbackRsaDec cb)
Allows caller to set the Public Key Callback for RSA Private Decrypt. The callback should return the ...
int wolfSSL_SetTmpDH(WOLFSSL *ssl, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be ...
WOLFSSL_METHOD * wolfSSLv23_server_method(void)
The wolfSSLv23_server_method() function is used to indicate that the application is a server and will...
WOLFSSL_METHOD * wolfTLSv1_server_method(void)
The wolfTLSv1_server_method() function is used to indicate that the application is a server and will ...
char * wolfSSL_X509_get_next_altname(WOLFSSL_X509 *)
This function returns the next, if any, altname from the peer certificate.
void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX *ctx, CallbackEccSign cb)
Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for succes...
int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX *ctx, const char *file, int format)
This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by th...
int wolfSSL_SetOCSP_Cb(WOLFSSL *ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx)
This function sets the OCSP callback in the WOLFSSL_CERT_MANAGER structure.
WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notAfter(WOLFSSL_X509 *)
This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x...
int wolfSSL_LoadCRL(WOLFSSL *ssl, const char *path, int type, int monitor)
A wrapper function that ends up calling LoadCRL to load the certificate for revocation checking...
void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX *ctx, CallbackRsaEnc cb)
Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for...
int wolfSSL_DisableOCSP(WOLFSSL *)
Disables the OCSP certificate revocation option.
int wolfSSL_GetMaxOutputSize(WOLFSSL *)
Returns the maximum record layer size for plaintext data. This will correspond to either the maximum ...
int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX *ssl, short keySz)
Sets the minimum size in bits for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER ...
int wolfSSL_X509_get_isCA(WOLFSSL_X509 *)
Checks the isCa member of the WOLFSSL_X509 structure and returns the value.
long wolfSSL_get_options(const WOLFSSL *s)
This function returns the current options mask.
int wolfSSL_save_session_cache(const char *)
This function persists the session cache to file. It doesn’t use memsave because of additional memor...
WOLFSSL_SESSION * wolfSSL_get_session(WOLFSSL *ssl)
When NO_SESSION_CACHE_REF is defined this function returns a pointer to the current session (WOLFSSL_...
int wolfSSL_GetCipherType(WOLFSSL *)
Allows caller to determine the negotiated cipher type from the handshake.
size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen)
This is used to get the random data sent by the server during the handshake.
int wolfSSL_SetVersion(WOLFSSL *ssl, int version)
This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using ...
int wolfSSL_UnloadCertsKeys(WOLFSSL *)
This function unloads any certificates or keys that SSL owns.
WC_RNG byte * b
Definition: random.h:210
int wolfSSL_GetDhKey_Sz(WOLFSSL *)
Returns the value of dhKeySz (in bits) that is a member of the options structure. This value represen...
int wolfSSL_dtls_got_timeout(WOLFSSL *ssl)
When using non-blocking sockets with DTLS, this function should be called on the WOLFSSL object when ...
void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX *ctx, CallbackRsaSign cb)
Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for succes...
int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE *store, unsigned long flag)
This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in...
void wolfSSL_ERR_error_string_n(unsigned long e, char *buf, unsigned long sz)
This function is a version of wolfSSL_ERR_error_string() where len specifies the maximum number of ch...
char * wolfSSL_X509_get_subjectCN(WOLFSSL_X509 *)
Returns the common name of the subject from the certificate.
void wolfSSL_SetEccSignCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key Ecc Signing Callback Context to ctx.
int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX *ctx)
This function is called on the server to stop it from sending a resumption session ticket once the ha...
int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX *ctx)
This function is called on a TLS v1.3 client wolfSSL context to allow a client certifcate to be sent ...
int wolfSSL_send(WOLFSSL *ssl, const void *data, int sz, int flags)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl, using the specified ...
int wolfSSL_GetKeySize(WOLFSSL *)
Allows retrieval of the key size from the handshake process.
int wolfSSL_SetServerID(WOLFSSL *ssl, const unsigned char *id, int len, int newSession)
This function associates the client session with the server id. If the newSession flag is on...
int wolfSSL_library_init(void)
This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_In...
WOLFSSL_CIPHER * wolfSSL_get_current_cipher(WOLFSSL *)
This function returns a pointer to the current cipher in the ssl session.
int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN *chain)
Retrieve's the peers certificate chain count.
WOLFSSL_METHOD * wolfSSLv23_method(void)
This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not dete...
int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffere...
int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX *ctx, CbMissingCRL cb)
This function will set the callback argument to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER s...
void * wolfSSL_GetEccSignCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key Ecc Signing Callback Context previously stored with wolfSSL_...
void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX *ctx, CallbackEccVerify cb)
Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for s...
int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX *ctx)
This function attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent CA certificate...
int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER *cm)
This function unloads the CA signer list.
int wolfSSL_dtls_export(WOLFSSL *ssl, unsigned char *buf, unsigned int *sz)
The wolfSSL_dtls_export() function is used to serialize a WOLFSSL session into the provided buffer...
int wolfSSL_PrintSessionStats(void)
This function prints the statistics from the session.
const char * wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER *cipher)
This function matches the cipher suite in the SSL object with the available suites and returns the st...
void wolfSSL_set_psk_server_callback(WOLFSSL *ssl, wc_psk_server_callback cb)
Sets the psk callback for the server side by setting the WOLFSSL structure options members...
int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *ctx, const char *file)
This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing t...
WC_PKCS12 * wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 **pkcs12)
wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the stru...
void wolfSSL_dtls_set_using_nonblock(WOLFSSL *ssl, int nonblock)
This function informs the WOLFSSL DTLS object that the underlying UDP I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.
int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX *)
This function is used to unload all previously loaded trusted peer certificates. Feature is enabled b...
void * wolfSSL_GetRsaVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Verification Callback Context previously stored with wol...
int wolfSSL_GetCipherBlockSize(WOLFSSL *)
Allows caller to determine the negotiated cipher block size from the handshake.
int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size)
This is used to set the size of write buffer for a WOLFSSL_BIO. If write buffer has been previously s...
int wolfSSL_dtls_cid_get_rx_size(WOLFSSL *ssl, unsigned int *size)
Get the size of the ConnectionID used by the other peer to send records in this connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
int wolfSSL_read(WOLFSSL *ssl, void *data, int sz)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
int wolfSSL_set_SessionTicket(WOLFSSL *ssl, const unsigned char *buf, word32 bufSz)
This function sets the ticket member of the WOLFSSL_SESSION structure within the WOLFSSL struct...
WOLFSSL_STACK * wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX *ctx)
This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
const byte * wolfSSL_X509_notBefore(WOLFSSL_X509 *x509)
This function the certificate "not before" validity encoded as a byte array.
WOLFSSL_METHOD * wolfSSLv3_client_method(void)
The wolfSSLv3_client_method() function is used to indicate that the application is a client and will ...
int wolfSSL_key_update_response(WOLFSSL *ssl, int *required)
This function is called on a TLS v1.3 client or server wolfSSL to determine whether a rollover of key...
int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER *)
Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manag...
int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER *cm, const char *f, const char *d)
Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfi...
WOLFSSL_METHOD * wolfDTLSv1_3_client_method(void)
The wolfDTLSv1_3_client_method() function is used to indicate that the application is a client and wi...
int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX *ctx, const char *f, int format)
The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters...
int wolfSSL_PKCS12_parse(WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509)**ca)
PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple D...
int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
This is used to get a buffer pointer for reading from. The internal read index is advanced by the num...
int wolfSSL_state(WOLFSSL *ssl)
This is used to get the internal error state of the WOLFSSL structure.
int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x509, int nid, int lastPos)
This function looks for and returns the extension index matching the passed in NID value...
int wolfSSL_is_init_finished(WOLFSSL *)
This function checks to see if the connection is established.
word32 wolfSSL_lib_version_hex(void)
This function returns the current library version in hexadecimal notation.
int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER *cm, int options)
Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manage...
WOLFSSL_DSA * wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u)
This function get the DSA parameters from a PEM buffer in bio.
int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
This is used to pair two bios together. A pair of bios acts similar to a two way pipe writing to one ...
int wolfSSL_pending(WOLFSSL *)
This function returns the number of bytes which are buffered and available in the SSL object to be re...
int wolfSSL_SetTlsHmacInner(WOLFSSL *ssl, byte *inner, word32 sz, int content, int verify)
Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to in...
int wolfSSL_DTLS_SetCookieSecret(WOLFSSL *ssl, const unsigned char *secret, unsigned int secretSz)
This function sets a new dtls cookie secret.
unsigned char * wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz)
This function returns the hwSerialNum member of the x509 object.
int wolfSSL_use_certificate(WOLFSSL *ssl, WOLFSSL_X509 *x509)
his is used to set the certificate for WOLFSSL structure to use during a handshake.
int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER *cm)
The function will free the Trusted Peer linked list and unlocks the trusted peer list.
int wolfSSL_dtls_cid_get_tx(WOLFSSL *ssl, unsigned char *buffer, unsigned int bufferSz)
Copy the ConnectionID used when sending records in this connection into the buffer pointer by the par...
int wolfSSL_MakeTlsMasterSecret(unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *cr, const unsigned char *sr, int tls1_2, int hash_type)
This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) a...
int wolfSSL_DeriveTlsKeys(unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type)
An external facing wrapper to derive TLS Keys.
int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
void wolfSSL_SetEccVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key Ecc Verification Callback Context to ctx.
void * wolfSSL_GetRsaSignCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Signing Callback Context previously stored with wolfSSL_...
WOLFSSL_X509 * wolfSSL_d2i_X509_bio(WOLFSSL_BIO *bio, WOLFSSL_X509 **x509)
This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure.
void wolfSSL_SetRsaDecCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Private Decrypt Callback Context to ctx.
int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX *)
This function returns the get read ahead flag from a WOLFSSL_CTX structure.
int wolfSSL_GetIVSize(WOLFSSL *)
Returns the iv_size member of the specs structure held in the WOLFSSL struct.
int wolfSSL_negotiate(WOLFSSL *ssl)
Performs the actual connect or accept based on the side of the SSL method. If called from the client ...
int wolfSSL_want_write(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_WRITE in return...
int wolfSSL_UseSessionTicket(WOLFSSL *ssl)
Force provided WOLFSSL structure to use session ticket. The constant HAVE_SESSION_TICKET should be de...
int wolfSSL_memsave_session_cache(void *mem, int sz)
This function persists session cache to memory.
int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER *cm, int options)
Turns on OCSP if it’s turned off and if compiled with the set option available.
int wolfSSL_send_SessionTicket(WOLFSSL *ssl)
This function sends a session ticket to the client after a TLS v1.3 handhsake has been established...
int wolfSSL_dtls_cid_set(WOLFSSL *ssl, unsigned char *cid, unsigned int size)
Set the ConnectionID used by the other peer to send records in this connection. See RFC 9146 and RFC ...
void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER *cm, VerifyCallback vc)
The function sets the verifyCallback function in the Certificate Manager. If present, it will be called for each cert loaded. If there is a verification error, the verify callback can be used to over-ride the error.
long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX *ctx)
This function gets the certificate chaining depth using the CTX structure.
long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
This is used to set the end of file value. Common value is -1 so as not to get confused with expected...
int wolfSSL_X509_get_serial_number(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz)
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 ...
int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION *ses, unsigned char *out, int outSz)
This is used to get the master key after completing a handshake.
char * wolfSSL_ERR_error_string(unsigned long, char *)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
int wolfSSL_UseTruncatedHMAC(WOLFSSL *ssl)
This function is called on the client side to enable the use of Truncated HMAC in the SSL object pass...
WOLFSSL_METHOD * wolfDTLSv1_2_client_method_ex(void *heap)
This function initializes the DTLS v1.2 client method.
int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX *ctx, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx)
Sets the callback for the OCSP in the WOLFSSL_CTX structure.
int wolfSSL_dtls_cid_get_tx_size(WOLFSSL *ssl, unsigned int *size)
Get the size of the ConnectionID used to send records in this connection. See RFC 9146 and RFC 9147...
int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *chain, int idx, unsigned char *buf, int inLen, int *outLen)
Retrieves the peer’s PEM certificate at index (idx).
int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER *cm, unsigned char *der, int sz)
Check CRL if the option is enabled and compares the cert to the CRL list.
int wolfSSL_use_certificate_chain_file(WOLFSSL *ssl, const char *file)
This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate.
int wolfSSL_get_session_stats(unsigned int *active, unsigned int *total, unsigned int *peak, unsigned int *maxSessions)
This function gets the statistics for the session.
int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX *ctx, int keyAlgo, const char *key, unsigned int keySz, int format)
This function sets a fixed / static ephemeral key for testing only.
void * wolfSSL_GetRsaDecCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Private Decrypt Callback Context previously stored with ...
int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX *ctx, const unsigned char *b, long sz, int format)
A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper.
const byte * wolfSSL_X509_notAfter(WOLFSSL_X509 *x509)
This function the certificate "not after" validity encoded as a byte array.
int wolfSSL_no_ticket_TLSv13(WOLFSSL *ssl)
This function is called on the server to stop it from sending a resumption session ticket once the ha...
size_t wolfSSL_get_client_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz)
This is used to get the random data sent by the client during the handshake.
int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
Resets bio to an initial state. As an example for type BIO_BIO this resets the read and write index...
int wolfSSL_IsTLSv1_1(WOLFSSL *)
Allows caller to determine if the negotiated protocol version is at least TLS version 1...
int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER *cm, CbMissingCRL cb)
This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL re...
int wolfSSL_dtls_get_peer(WOLFSSL *ssl, void *peer, unsigned int *peerSz)
This function gets the sockaddr_in (of size peerSz) of the current DTLS peer. The function will compa...
void wolfSSL_ERR_print_errors_fp(XFILE fp, int err)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
WOLFSSL_METHOD * wolfDTLSv1_2_server_method(void)
This function creates and initializes a WOLFSSL_METHOD for the server side.
int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION *ses)
This is used to get the master secret key length.
int wolfSSL_get_ciphers(char *buf, int len)
This function gets the ciphers enabled in wolfSSL.
WOLFSSL_METHOD * wolfTLSv1_1_client_method(void)
The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and wil...
char * wolfSSL_get_cipher_list(int priority)
Get the name of cipher at priority level passed in.
WC_RNG * wolfSSL_GetRNG(WOLFSSL *ssl)
This function retrieves the random number.
int wolfSSL_set_group_messages(WOLFSSL *)
This function turns on grouping of handshake messages where possible.
int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX *ctx, int v)
This function sets the read ahead flag in the WOLFSSL_CTX structure.
int wolfSSL_set_max_early_data(WOLFSSL *ssl, unsigned int sz)
This function sets the maximum amount of early data that a TLS v1.3 client or server is willing to ex...
int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX *ctx, const void *mem, int sz)
This function restores the certificate cache from memory.
int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int type)
The function loads the CRL file by calling BufferLoadCRL.
int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b)
This is used to set the read request flag back to 0.
int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX *ctx, int options)
This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates. The override URL is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (–enable-ocsp, #define HAVE_OCSP).
WOLF_STACK_OF(WOLFSSL_X509)*wolfSSL_get_peer_cert_chain(const WOLFSSL *)
This function gets the peer’s certificate chain.
int wolfSSL_recv(WOLFSSL *ssl, void *data, int sz, int flags)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data usi...
int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
Gets a pointer to the buffer for writing as many bytes as returned by the function. Writing more bytes to the pointer returned then the value returned can result in writing out of bounds.
int wolfSSL_Rehandshake(WOLFSSL *ssl)
This function executes a secure renegotiation handshake; this is user forced as wolfSSL discourages t...
int wolfSSL_shutdown(WOLFSSL *)
This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will ...
WOLFSSL_X509 * wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN *chain, int idx)
This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates...
WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew(void)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
int wolfSSL_ALPN_GetProtocol(WOLFSSL *ssl, char **protocol_name, unsigned short *size)
This function gets the protocol name set by the server.
int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
This is used to get a buffer pointer for reading from. Unlike wolfSSL_BIO_nread the internal read ind...
unsigned char * wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN *chain, int idx)
Retrieves the peer’s ASN1.DER certificate at index (idx).
void wolfSSL_free(WOLFSSL *)
This function frees an allocated wolfSSL object.
WOLFSSL_METHOD * wolfTLSv1_2_server_method(void)
The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and wil...
int wolfSSL_dtls_cid_use(WOLFSSL *ssl)
Enable use of ConnectionID extensions for the SSL object. See RFC 9146 and RFC 9147.
int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *in, long sz, int format)
Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a tempo...
int wolfSSL_UseMaxFragment(WOLFSSL *ssl, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length in the SSL ob...
void wolfSSL_load_error_strings(void)
This function is for OpenSSL compatibility (SSL_load_error_string) only and takes no action...
void wolfSSL_SetRsaEncCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Public Encrypt Callback Context to ctx.
WOLFSSL_METHOD * wolfTLSv1_3_client_method(void)
This function is used to indicate that the application is a client and will only support the TLS 1...
unsigned char wolfSSL_SNI_Status(WOLFSSL *ssl, unsigned char type)
This function gets the status of an SNI object.
WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notBefore(WOLFSSL_X509 *)
The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x...
void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX *ctx, void *userCtx)
Allows caller to set the Public Key Ecc Signing Callback Context to ctx.
int wolfSSL_connect(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server...
int wolfSSL_make_eap_keys(WOLFSSL *ssl, void *key, unsigned int len, const char *label)
This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret...
int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX *ctx)
This function sets wolfSSL context to use a session ticket.
void wolfSSL_SetCertCbCtx(WOLFSSL *ssl, void *ctx)
This function stores user CTX object information for verify callback.
int wolfSSL_dtls13_use_quick_timeout(WOLFSSL *ssl)
This function returns true if the application should setup a quicker timeout. When using non-blocking...
int wolfSSL_SetTmpDH_buffer(WOLFSSL *ssl, const unsigned char *b, long sz, int format)
The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman paramet...
int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX *ctx)
This function is called on the client side to enable the use of Truncated HMAC for SSL objects create...
int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback.
WOLFSSL_METHOD * wolfSSLv3_server_method(void)
The wolfSSLv3_server_method() function is used to indicate that the application is a server and will ...
const char * wolfSSL_get_cipher_name(WOLFSSL *ssl)
This function gets the cipher name in the format DHE-RSA by passing through argument to wolfSSL_get_c...
int wolfSSL_set_SessionTicket_cb(WOLFSSL *ssl, CallbackSessionTicket cb, void *ctx)
This function sets the session ticket callback. The type CallbackSessionTicket is a function pointer ...
int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a private key buffer into the SSL Context. It behaves like the non-buffered versi...
int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX *ctx, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length for SSL objec...
int wolfSSL_use_PrivateKey(WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey)
This is used to set the private key for the WOLFSSL structure.
void * wolfSSL_get_jobject(WOLFSSL *ssl)
This function returns the jObjectRef member of the WOLFSSL structure.
int wolfSSL_set_session(WOLFSSL *ssl, WOLFSSL_SESSION *session)
This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS co...
int wolfSSL_dtls_set_timeout_init(WOLFSSL *ssl, int)
This function sets the dtls timeout.
int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX *ctx, word16 keySz_bits)
This function sets the maximum size (in bits) of the Diffie Hellman key size by accessing the maxDhKe...
int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX *ctx, const char *file, const char *path, unsigned int flags)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”.
int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX *ctx, const char *path, int type, int monitor)
This function loads CRL into the WOLFSSL_CTX structure through wolfSSL_CertManagerLoadCRL().
int wolfSSL_UseOCSPStaplingV2(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
The function sets the status type and options for OCSP.
const unsigned char * wolfSSL_get_sessionID(const WOLFSSL_SESSION *s)
Retrieves the session’s ID. The session ID is always 32 bytes long.
int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
This function sets the list of elliptic curve groups to allow on a wolfSSL context in order of prefer...
int wolfSSL_get_shutdown(const WOLFSSL *)
This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the...
int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX *ctx, void *)
This function sets the session ticket encrypt user context for the callback. For server side use...
int wolfSSL_UseSNI(WOLFSSL *ssl, unsigned char type, const void *data, unsigned short size)
This function enables the use of Server Name Indication in the SSL object passed in the 'ssl' paramet...
int wolfSSL_get_using_nonblock(WOLFSSL *)
This function allows the application to determine if wolfSSL is using non-blocking I/O...
int wolfSSL_use_certificate_chain_buffer(WOLFSSL *ssl, const unsigned char *in, long sz)
This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffe...
int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size)
This function enables the use of Server Name Indication for SSL objects created from the SSL context ...
int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX *)
This function turns on grouping of handshake messages where possible.
int wolfSSL_UseSecureRenegotiation(WOLFSSL *ssl)
This function forces secure renegotiation for the supplied WOLFSSL structure. This is not recommended...
const char * wolfSSL_lib_version(void)
This function returns the current library version.
int wolfSSL_Init(void)
Initializes the wolfSSL library for use. Must be called once per application and before any other cal...
void wolfSSL_dtls13_set_send_more_acks(WOLFSSL *ssl, int value)
This function sets whether the library should send ACKs to the other peer immediately when detecting ...
int wolfSSL_GetSide(WOLFSSL *)
Allows retrieval of the side of this WOLFSSL connection.
int wolfSSL_get_alert_history(WOLFSSL *ssl, WOLFSSL_ALERT_HISTORY *h)
This function gets the alert history.
int wolfSSL_use_certificate_ASN1(WOLFSSL *ssl, unsigned char *der, int derSz)
This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected.
int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX *ctx, const char *file, int format)
This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by th...
int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX *)
This function enables OCSP stapling by calling wolfSSL_CertManagerEnableOCSPStapling().
int wolfSSL_dtls_retransmit(WOLFSSL *ssl)
When using non-blocking sockets with DTLS, this function retransmits the last handshake flight ignori...
int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char *m, unsigned int mLen, unsigned char *sigRet, unsigned int *sigLen, WOLFSSL_RSA *rsa, int flag, int padding)
Sign a message with the chosen message digest, padding, and RSA key.
void wolfSSL_set_verify(WOLFSSL *ssl, int mode, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
int wolfSSL_session_reused(WOLFSSL *)
This function returns the resuming member of the options struct. The flag indicates whether or not to...
int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX *ctx, SessionTicketEncCb)
This function sets the session ticket key encrypt callback function for a server to support session t...
int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX *)
Returns the size the certificate cache save buffer needs to be.
int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX *ctx, const char *list)
This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the defa...
long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg)
This is used to set the debug argument passed around.
int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX *ctx, int)
This function sets the session ticket hint relayed to the client. For server side use...
int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX *)
This function unloads the CA signer list and frees the whole signer table.
long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m)
This is a getter function for WOLFSSL_BIO memory pointer.
int wolfSSL_EnableCRL(WOLFSSL *ssl, int options)
Enables CRL certificate revocation.
int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl)
checks if DTLSv1.3 stack has some messages sent but not yet acknowledged by the other peer ...
int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX *ctx, word16)
This function sets the minimum size (in bits) of the Diffie Hellman key size by accessing the minDhKe...
int wolfSSL_UseKeyShare(WOLFSSL *ssl, word16 group)
This function creates a key share entry from the group including generating a key pair...
int wolfSSL_SetDevId(WOLFSSL *ssl, int devId)
This function sets the Device Id at the WOLFSSL session level.
WOLFSSL_X509 * wolfSSL_X509_load_certificate_file(const char *fname, int format)
The function loads the x509 certificate into memory.
int wolfDTLS_SetChGoodCb(WOLFSSL *ssl, ClientHelloGoodCb cb, void *user_ctx)
Allows setting a callback for a correctly processed and verified DTLS client hello. When using a cookie exchange mechanism (either the HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie extension in DTLS 1.3) this callback is called after the cookie exchange has succeeded. This is useful to use one WOLFSSL object as the listener for new connections and being able to isolate the WOLFSSL object once the ClientHello is verified (either through a cookie exchange or just checking if the ClientHello had the correct format). DTLS 1.2: https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1 DTLS 1.3: https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2.
WOLFSSL_METHOD * wolfTLSv1_3_server_method_ex(void *heap)
This function is used to indicate that the application is a server and will only support the TLS 1...
size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b)
Gets the number of pending bytes to read. If BIO type is BIO_BIO then is the number to read from pair...
int wolfSSL_use_old_poly(WOLFSSL *ssl, int value)
Since there is some differences between the first release and newer versions of chacha-poly AEAD cons...
int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
This function requests the certificate status during the handshake.
int wolfSSL_send_hrr_cookie(WOLFSSL *ssl, const unsigned char *secret, unsigned int secretSz)
This function is called on the server side to indicate that a HelloRetryRequest message must contain ...
void * wolfSSL_GetEccVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key Ecc Verification Callback Context previously stored with wol...
int wolfSSL_set_session_secret_cb(WOLFSSL *ssl, SessionSecretCb cb, void *ctx)
This function sets the session secret callback function. The SessionSecretCb type has the signature: ...
int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX *ctx, WOLFSSL_MEM_STATS *mem_stats)
This function does not change any of the connections behavior and is used only for gathering informat...
int wolfSSL_writev(WOLFSSL *ssl, const struct iovec *iov, int iovcnt)
Simulates writev semantics but doesn’t actually do block at a time because of SSL_write() behavior a...
WOLFSSL_X509 * wolfSSL_X509_d2i_fp(WOLFSSL_X509 **x509, FILE *file)
If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 ...
void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm)
This function flushes session from the session cache which have expired. The time, tm, is used for the time comparison. Note that wolfSSL currently uses a static table for sessions, so no flushing is needed. As such, this function is currently just a stub. This function provides OpenSSL compatibility (SSL_flush_sessions) when wolfSSL is compiled with the OpenSSL compatibility layer.
int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER *cm, const char *f, int format)
Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILET...
void wolfSSL_ERR_print_errors_cb(int(*cb)(const char *str, size_t len, void *u), void *u)
This function uses the provided callback to handle error reporting. The callback function is executed...
int wolfSSL_X509_get_signature_type(WOLFSSL_X509 *)
This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure.
long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
This function is called when the client application request that a server send back an OCSP status re...
int wolfSSL_GetHmacSize(WOLFSSL *)
Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOL...
void * wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX *ctx)
Get a PSK user context in the WOLFSSL_CTX structure.
WOLFSSL_METHOD * wolfTLSv1_client_method(void)
The wolfTLSv1_client_method() function is used to indicate that the application is a client and will ...
int wolfSSL_SetTmpDH_file(WOLFSSL *ssl, const char *f, int format)
This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters.
int wolfSSL_use_PrivateKey_buffer(WOLFSSL *ssl, const unsigned char *in, long sz, int format)
This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered ve...
int wolfSSL_request_certificate(WOLFSSL *ssl)
This function requests a client certificate from the TLS v1.3 client. This is useful when a web serve...
int wolfSSL_set_dtls_fd_connected(WOLFSSL *ssl, int fd)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection...
int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered v...
long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x509)
This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure...
int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list)
This function sets the list of elliptic curve groups to allow on a wolfSSL in order of preference...
int wolfSSL_dtls_set_export(WOLFSSL *ssl, wc_dtls_export func)
The wolfSSL_dtls_set_export() function is used to set the callback function for exporting a session...
int wolfSSL_get_current_cipher_suite(WOLFSSL *ssl)
Returns the current cipher suit an ssl session is using.
void wolfSSL_SetRsaSignCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Signing Callback Context to ctx.
int wolfSSL_SetHsDoneCb(WOLFSSL *ssl, HandShakeDoneCb cb, void *user_ctx)
This function sets the handshake done callback. The hsDoneCb and hsDoneCtx members of the WOLFSSL str...
int wolfSSL_GetAeadMacSize(WOLFSSL *)
Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_A...
char * wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME *name, char *in, int sz)
This function copies the name of the x509 into a buffer.
unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s)
Get the maximum size of Early Data from a session.
const unsigned char * wolfSSL_GetServerWriteIV(WOLFSSL *)
Allows retrieval of the server write IV (initialization vector) from the handshake process...
int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX *ctx, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Sets the parameters for the server CTX Diffie-Hellman.
unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type, void **data)
This function is called on the server side to retrieve the Server Name Indication provided by the cli...
long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh)
Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters.
int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX *ctx, const char *hint)
This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure...
int wolfSSL_use_certificate_buffer(WOLFSSL *ssl, const unsigned char *in, long sz, int format)
This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered ve...
WOLFSSL_X509_CHAIN * wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION *session)
Returns the peer certificate chain from the WOLFSSL_SESSION struct.
int wolfSSL_set_ephemeral_key(WOLFSSL *ssl, int keyAlgo, const char *key, unsigned int keySz, int format)
This function sets a fixed / static ephemeral key for testing only.
int wolfSSL_tls_export(WOLFSSL *ssl, unsigned char *buf, unsigned int *sz)
Used to export a serialized TLS session. This function is for importing a serialized state of the con...
void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX *ctx, wc_psk_client_tls13_callback cb)
This function sets the Pre-Shared Key (PSK) client side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the client_psk_tls13_cb member of the WOLFSSL_CTX structure.
int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER *cm, const char *url)
The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure...
WOLFSSL_METHOD * wolfTLSv1_1_server_method(void)
The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and wil...
long wolfSSL_set_options(WOLFSSL *s, long op)
This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER *)
Disables OCSP certificate revocation.
int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format)
This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-b...
void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX *ctx, CallbackRsaVerify cb)
Allows caller to set the Public Key Callback for RSA Verification. The callback should return the num...
int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX *ctx, void *psk_ctx)
Sets a PSK user context in the WOLFSSL_CTX structure.
WOLFSSL_X509_NAME * wolfSSL_X509_get_subject_name(WOLFSSL_X509 *)
This function returns the subject member of the WOLFSSL_X509 structure.
int wolfSSL_connect_cert(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server only long...
int wolfSSL_accept_ex(WOLFSSL *ssl, HandShakeCallBacki hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
wolfSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in...
int wolfSSL_dtls_import(WOLFSSL *ssl, unsigned char *buf, unsigned int sz)
The wolfSSL_dtls_import() function is used to parse in a serialized session state. This allows for picking up the connection after the handshake has been completed.
void wolfSSL_SetRsaVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Verification Callback Context to ctx.
int wolfSSL_X509_digest(const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len)
This function returns the hash of the DER certificate.
void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX *ctx, wc_psk_server_tls13_callback cb)
This function sets the Pre-Shared Key (PSK) server side callback for TLS v1.3 connections. The callback is used to find a PSK identity and return its key and the name of the cipher to use for the handshake. The function sets the server_psk_tls13_cb member of the WOLFSSL_CTX structure.
int wolfSSL_use_RSAPrivateKey_file(WOLFSSL *ssl, const char *file, int format)
This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL stru...
int wolfSSL_dtls_get_current_timeout(WOLFSSL *ssl)
This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user code needs to decide when to check for available recv data and how long it has been waiting. The value returned by this function indicates how long the application should wait.
WOLFSSL * wolfSSL_new(WOLFSSL_CTX *)
This function creates a new SSL session, taking an already created SSL context as input...
int wolfSSL_set_fd(WOLFSSL *ssl, int fd)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection...
int wolfSSL_dtls_set_timeout_max(WOLFSSL *ssl, int)
This function sets the maximum dtls timeout.
int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX *ctx, const char *file, int format)
This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatte...
WOLFSSL_X509 * wolfSSL_get_peer_certificate(WOLFSSL *ssl)
This function gets the peer’s certificate.
const unsigned char * wolfSSL_GetServerWriteKey(WOLFSSL *)
Allows retrieval of the server write key from the handshake process.
int wolfSSL_disable_hrr_cookie(WOLFSSL *ssl)
This function is called on the server side to indicate that a HelloRetryRequest message must NOT cont...
int wolfSSL_DisableCRL(WOLFSSL *ssl)
Disables CRL certificate revocation.
void * wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX *ctx)
This function gets the session ticket encrypt user context for the callback. For server side use...
const unsigned char * wolfSSL_GetClientWriteIV(WOLFSSL *)
Allows retrieval of the client write IV (initialization vector) from the handshake process...
WOLFSSL_SESSION * wolfSSL_get1_session(WOLFSSL *ssl)
This function returns the WOLFSSL_SESSION from the WOLFSSL structure as a reference type...
int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX *ctx, const char *fname)
This function persistes certificate cache from a file.
int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected...
WC_PKCS12 * wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert information from the structure WC_PKCS12 t...
const char ** wolfSSL_get_system_CA_dirs(word32 *num)
This function returns a pointer to an array of strings representing directories wolfSSL will search f...
int wolfSSL_allow_post_handshake_auth(WOLFSSL *ssl)
This function is called on a TLS v1.3 client wolfSSL to allow a client certifcate to be sent post han...
WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew_ex(void *heap)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
int wolfSSL_use_certificate_file(WOLFSSL *ssl, const char *file, int format)
This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file...
int wolfSSL_memrestore_session_cache(const void *mem, int sz)
This function restores the persistent session cache from memory.
int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL *ssl, char **list, unsigned short *listSz)
This function copies the alpn_client_list data from the SSL object to the buffer. ...
WOLFSSL_DH * wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r)
This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure.
void wolfSSL_SetDecryptVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx...
void wolfSSL_SetMacEncryptCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx...
int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX *ctx, int keyAlgo, const unsigned char **key, unsigned int *keySz)
This function returns pointer to loaded key as ASN.1/DER.
int wolfSSL_connect_ex(WOLFSSL *ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
wolfSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful i...
int wolfSSL_connect_TLSv13(WOLFSSL *)
This function is called on the client side and initiates a TLS v1.3 handshake with a server...
int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz)
This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buff...
int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX *ctx, int options)
Enables CRL certificate verification through the CTX.
long wolfSSL_BIO_set_fd(WOLFSSL_BIO *b, int fd, int flag)
Sets the file descriptor for bio to use.
int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE *store, WOLFSSL_X509 *x509)
This function adds a certificate to the WOLFSSL_X509_STRE structure.
int wolfSSL_tls_import(WOLFSSL *ssl, const unsigned char *buf, unsigned int sz)
Used to import a serialized TLS session. This function is for importing the state of the connection...
wc_pem_password_cb * wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx)
This is a getter function for the password callback set in ctx.
void * wolfSSL_GetDecryptVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previousl...
int wolfSSL_NoKeyShares(WOLFSSL *ssl)
This function is called to ensure no key shares are sent in the ClientHello. This will force the serv...
int wolfSSL_SetOCSP_OverrideURL(WOLFSSL *ssl, const char *url)
This function sets the ocspOverrideURL member in the WOLFSSL_CERT_MANAGER structure.
int wolfSSL_no_dhe_psk(WOLFSSL *ssl)
This function is called on a TLS v1.3 client or server wolfSSL to disallow Diffie-Hellman (DH) style ...
WOLFSSL_METHOD * wolfDTLS_server_method(void)
The wolfDTLS_server_method() function is used to indicate that the application is a server and will s...
void wolfSSL_CTX_set_verify(WOLFSSL_CTX *ctx, int mode, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX *ctx, void *mem, int sz, int *used)
This function persists the certificate cache to memory.
int wolfSSL_dtls_get_using_nonblock(WOLFSSL *)
This function allows the application to determine if wolfSSL is using non-blocking I/O with UDP...
int wolfSSL_dtls_set_peer(WOLFSSL *ssl, void *peer, unsigned int peerSz)
This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz.
long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
This is used to set the internal file pointer for a BIO.