Transport layer security. More...
Go to the source code of this file.
Macros | |
| #define | MAIN_ERR_PREFIX "TLS: " |
| Message prefix for TLS module. | |
| #define | CFG_USE_TLS_WILDCARD_SUBJECT 1 |
| Set this to 1 to accept wildcard for left-most component of X.509 certificate subjects. More... | |
| #define | TLS_CIPHERS_TLS13 |
| Cipher suite list for TLSv1.3. More... | |
| #define | TLS_CIPHERS_DEFAULT |
| Default (strong) cipher suite list for TLSv1.0 to TLSv1.2 protocols. More... | |
| #define | TLS_CIPHERS_WEAK |
| Optional (weak) cipher suite list for TLSv1.0 to TLSv1.2 protocols. More... | |
| #define | TLS_SIGALGS_TLS13 |
| Additional signature algorithms for TLSv1.3 protocol. More... | |
| #define | TLS_SIGALGS "RSA+SHA512:RSA+SHA384:RSA+SHA256" |
| Signature algorithms for TLSv1.2 protocol. More... | |
| #define | TLS_ECDHE_GROUPS_TLS13 "X448:X25519:P-256" |
| ECDHE groups for TLSv1.3 protocol. | |
| #define | TLS_FFDHE_GROUPS "ffdhe8192:ffdhe6144:ffdhe4096:ffdhe3072" |
| FFDHE groups for TLSv1.2 and TLSv1.3 protocols. More... | |
Functions | |
| int | tls_init (void) |
| Init TLS subsystem. More... | |
| void | tls_exit (void) |
| Shutdown TLS subsystem. | |
| int | tls_vulnerability_check (int check) |
| Check TLS subsystem for known vulnerabilities. More... | |
| const char * | tls_sni (const char *sn) |
| Check whether server name used for connection is not an IP address. More... | |
| int | tls_open (int sd, void **co, int weak, const char *sni) |
| Establish TLS encryption layer on top of open network connection. More... | |
| int | tls_close (void **co) |
| Terminate TLS encryption layer on top of network connection. More... | |
| int | tls_get_ciphersuite (void **co, const char **pv, const char **cs, const char **kx) |
| Get protocol and cipher suite name that was negotiated for connection. More... | |
| int | tls_cert_verify (void **co, void **cert, const char *cn, int weak) |
| Check whether server has presented a certificate and verify it. More... | |
| int | tls_cert_get_string (void *cert, const char **cbuf) |
| Print certificate. More... | |
| posix_ssize_t | tls_send (void *co, const void *buf, size_t len) |
| Send data. More... | |
| posix_ssize_t | tls_recv (void *co, void *buf, size_t len, int peek) |
| Receive data. More... | |
| int | tls_crl_update_check (void) |
| Check whether CRL update interval has elapsed. More... | |
| void | tls_crl_update_control (int crl_upd_disable) |
| Enable or disable automatic CRL updates. More... | |
| void | tls_free (void *p) |
| Free an object allocated by TLS module. More... | |
Transport layer security.
Copyright (c) 2012-2022 by the developers. See the LICENSE file for details.
If nothing else is specified, function return zero to indicate success and a negative value to indicate an error.
Definition in file tls.c.