NetBurner 3.5.5
PDF Version
Macros | Enumerations | Functions
ssl.h File Reference

NetBurner SSL/TLS API. More...

#include <nettypes.h>
#include <predef.h>
#include <nbrtos.h>
#include <tcp.h>
#include <crypto/wolfssl/ssl.h>
#include <crypto/wolfssl/error-ssl.h>
#include <random.h>

Go to the source code of this file.

Macros

#define SSL_ERROR_FAILED_NEGOTIATION   (-256)
 The SSL system failed to successfully negotiate a connection.
 
#define SSL_ERROR_CERTIFICATE_UNKNOWN   (-258)
 The received certificate could not be decoded.
 
#define SSL_ERROR_CERTIFICATE_NAME_FAILED   (-260)
 The connected name did not match common_name.
 
#define SSL_ERROR_CERTIFICATE_VERIFY_FAILED   (-261)
 The server returned a certificate that we did not trust.
 
#define SSL_ERROR_NO_BUFFER   (-262)
 Unable to get a buffer from the pool.
 
#define SSL_ERROR_HANDSHAKE_INCOMPLETE   (-265)
 The SSL handshake is not complete yet.
 
#define SSL_ERROR_NO_SERVER_CERTIFICATE   (-257)
 The server wasn't able to load the certificate.
 
#define SSL_ERROR_NO_SERVER_KEY   (-258)
 The server wasn't able to load the key.
 
#define SSL_ERROR_UNABLE_TO_LOAD_CIPHERS   (-259)
 The client was unable to load the cipher list.
 
#define SSL_ERROR_CERTIFICATE_CHECK   (-260)
 The server was unable to check the certificate.
 

Enumerations

enum class  ExpireRetCodes : unsigned char { ExpireRetCodes::E_CERT_VALID = 0 , ExpireRetCodes::E_CERT_EXPIRED = 1 , ExpireRetCodes::E_BAD_EXPIRATION_VALUE = 2 , ExpireRetCodes::E_NO_SYSTEM_TIME = 3 }
 Return values for SSL_IsCertExpired(). More...
 

Functions

int SSL_connect (IPADDR ip, uint16_t remotePort, uint32_t timeout, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, int intf=-1)
 SSL mirror of the TCP::connect() call.
 
int SSL_connect (IPADDR ip, uint16_t localPort, uint16_t remotePort, uint32_t timeout, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, int intf=-1)
 Old version of SSL_Connect with local port.
 
int SSL_makeSecure (int tcpFd, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true, uint32_t timeout=WAIT_FOREVER)
 SSL mirror of the TCP::connect() call, but uses an existing TCP file descriptor.
 
int SSL_negotiate (int tcpFd, const char *common_name, bool reuseSessionPort=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true)
 Executes the TLS negotiation over a given socket, to establish a secure communication channel through that socket.
 
int SSLReadWithTimeout (int fd, char *cp, int size, uint32_t timeout)
 SSL mirror of the ReadWithTiemout() function.
 
uint32_t SetMaxSessionReuseTime (uint32_t newLifetimeTicks)
 Allows one to specify at runtime what the longest duration that an established session can be used for before new connections must be fully renegotiated.
 
bool IsSSL_CertNKeyValid (const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Validate candidate certificate and private key.
 
bool SSL_AddCertToClientCaList (const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Attempts to add a cert to the Certificate Authority List to the client SSL context.
 
bool SSL_AddCertToServerCaList (const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Attempts to add a cert to the Certificate Authority List to the client SSL context.
 
bool SSL_ClearClientCaList ()
 Clears certs that have been added to the client's Certificate Authority list.
 
bool SSL_ClearServerCaList ()
 Clears certs that have been added to the server's Certificate Authority list.
 
uint16_t SSLGetRxBufferSpaceUsed (int fd)
 Returns the amount of data buffered to be read from the socket.
 
uint16_t SSLGetTxBufferAvailSpace (int fd)
 Returns the amount of data buffered to be read from the socket.
 
void SslInit ()
 This function initializes the SSL library.
 
void SSL_DumpSSLSockets ()
 Prints the current state of all used sockets to stdio.
 
void SSL_ClientReadyCert (const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Add a key and certificate to the client.
 
void SSL_ServerReadyCert (const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Add a key and certificate to the server.
 
ExpireRetCodes SSL_IsCertExpired (unsigned char *certBuff, int certLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns whether the given certificate has expired or not.
 
bool SSL_GetIssuerFromCert (unsigned char *certBuff, int certLen, unsigned char *issBuf, int issBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns the issuer from a certificate blob in the PEM format.
 
bool SSL_GetSubjectNameFromCert (unsigned char *certBuff, int certLen, unsigned char *subNamBuf, int subNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns the subject name from a certificate blob in the PEM format.
 
bool SSL_GetAltNameFromCert (unsigned char *certBuff, int certLen, unsigned char *altNamBuf, int altNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns an alternate name from a certificate blob in the PEM format.
 
bool SSL_GetExpirationDate (unsigned char *certBuff, int certLen, unsigned char *expBuf, int expBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns the expiration data of the certificate in question.
 
bool SSL_GetTimeToExpire (unsigned char *certBuff, int certLen, uint16_t certBuffFormat, time_t &timeToExp)
 Returns whether the given certificate has expired or not.
 
bool SSL_GetCnFromCert (unsigned char *certBuff, int certLen, unsigned char *comNamBuf, int comNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
 Returns the common name from a certificate blob in the PEM format.
 
const char * GetCertificatePEM ()
 Function that returns a pointer to the compiled in server certificate.
 
int GetCertificateLen ()
 Function that returns the length of the compiled in server certificate.
 
const char * GetPrivateKeyPEM ()
 Function that returns a pointer to the compiled in server key.
 
int GetPrivateKeyLen ()
 Function that the length of the compiled in server key.
 
void SslSetVerifyPeerClient (bool verifyPeer)
 Sets whether or not verify peer should be enabled on the global SSL client context.
 
void SslSetVerifyPeerServer (bool verifyPeer)
 Sets whether or not verify peer should be enabled on the global SSL server context.
 
bool SSL_IsCertAddedToClientCaList ()
 Checks to see if any certificates have been added to the global SSL client context.
 
bool SSL_IsCertAddedToServerCaList ()
 Checks to see if any certificates have been added to the global SSL server context.
 
SSL socket option functions
int SSL_getsocketerror (int fd)
 Returns the socket error state for the specified SSL socket.
 

SSL Server Functions

BOOL(* IsSSLfd )(int fd)
 Returns whether or not a file descriptor is an SSL file descriptor.
 
int(* SSL_GetRawSocket )(int sslSocketFd)
 Returns the TCP file descriptor associated with an SSL socket file descriptor.
 
int(* SSL_setsockoption )(int fd, int option)
 Set SSL TCP socket options.
 
int(* SSL_clrsockoption )(int fd, int option)
 Clear SSL TCP socket options.
 
int(* SSL_getsockoption )(int fd)
 Returns the options for the specified SSL TCP socket.
 
int SSL_accept (int fdListen, IPADDR *address, uint16_t *port, uint16_t timeout, bool waitForNegotiation=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, const char *commonName=nullptr)
 This call is a mirror of the TCP::accept() call.
 
IPADDR SSL_GetSocketRemoteAddr (int fd)
 Returns the remote address of this connected socket.
 
uint16_t SSL_GetSocketRemotePort (int fd)
 Returns the remote port of this connected socket.
 
IPADDR SSL_GetSocketLocalAddr (int fd)
 Returns the local address of this connected socket.
 
uint16_t SSL_GetSocketLocalPort (int fd)
 Returns the local port of this connected socket.
 
int SSL_GetSocketInterface (int fd)
 Return the network interface associated with an SSL TCP socket.
 
uint16_t SSL_GetTcpRtxCount (int fd)
 Returns the number of re-transmits that have occurred on the specified SSL connection.
 
uint32_t SSL_TcpGetLastRxTime (int fd)
 SSL mirror of TcpGetLastRxTime().
 
uint32_t SSL_TcpGetLastRxInterval (int fd)
 SSL mirror of TcpGetLastRxInterval().
 
void SSL_TcpSendKeepAlive (int fd)
 SSL mirror of TcpSendKeepAlive().
 
bool SSLSocketsAvail ()
 Returns whether or not there are any sockets available.
 
int FreeSSLSockets ()
 Returns the number of currently free SSL sockets.
 

Detailed Description

NetBurner SSL/TLS API.