RSA BSAFE Micro Edition Suite

Streamlined security for mobile and embedded devices
Search  Print

SSL Context Functions

This section describes the functions used to support the SSL_CTX structure.

Typedefs

typedef int SSL_CTX_INFO
 The type of information identifiers of SSL_CTX structure. More...


Functions

SSL_CTX* R_CDECL SSL_CTX_new (SSL_METHOD *meth)
 Creates a new context structure using the SSL_METHOD reference and initializes the default values. More...

void R_CDECL SSL_CTX_free (SSL_CTX *ctx)
 Deallocates the memory and frees the state information for the SSL_CTX structure passed in. More...

int R_CDECL SSL_CTX_set_cipher_list (SSL_CTX *ctx, char *str)
 Specifies the cipher suites and order for the SSL_CTX ctx. More...

long SSL_CTX_set_rsa_blinding_mode (SSL_CTX *ctx, int mode)
 Sets the blinding mode for all the loaded RSA keys. More...

long R_CDECL SSL_CTX_set_options (SSL_CTX *ctx, long op)
 Specifies options related to the functioning of the SSL protocol. More...

long R_CDECL SSL_CTX_get_options (SSL_CTX *ctx)
 Returns options related to the functioning of the SSL protocol. More...

Typedef Documentation

typedef int SSL_CTX_INFO
 

The type of information identifiers of SSL_CTX structure. See SSL Context Information Types for more information.

Function Documentation

void R_CDECL SSL_CTX_free SSL_CTX   ctx ;
 

Deallocates the memory and frees the state information for the SSL_CTX structure passed in.

Parameters:
ctx [In] The SSL_CTX structure to free.
note.gif
The SSL_CTX structure uses reference counts to ensure the structure is only deallocated when there are no SSL structures referencing the structure. If SSL structures are using the SSL_CTX, it will not be freed by SSL_CTX_free(). It is only freed when the last SSL structure is freed.
Samples:
bio_client.c, bio_server.c, cache_server.c, nbio_client.c, nbio_server.c, p7ssl_client.c, p7ssl_server.c, simple.c, sock_client.c, sock_server.c, ssl_client.c, and ssl_server.c.

long R_CDECL SSL_CTX_get_options SSL_CTX   ctx ;
 

Returns options related to the functioning of the SSL protocol. This function is used to enable bug compatibility with other SSL implementations.

Parameters:
ctx [In] The SSL_CTX reference where the options have been set.
See Option Codes for valid values.
Returns:
The current options set against the SSL_CTX.
See also:
SSL_CTX_set_options().

SSL_CTX* R_CDECL SSL_CTX_new SSL_METHOD   meth ;
 

Creates a new context structure using the SSL_METHOD reference and initializes the default values. The default values may be overridden for the individual SSL structures set against the SSL_CTX structure. An SSL_CTX is needed to create SSL structures.

Parameters:
meth [In] The SSL protocol method used to initialize the SSL_CTX reference.
Returns:
A new SSL_CTX structure used to initialize the default values for the SSL connection.
NULL indicates error.
note.gif
Memory is allocated for the SSL_CTX. Errors may be on the error stack if the function fails.
See also:
SSL_CTX_free().
Samples:
bio_client.c, bio_server.c, cache_server.c, nbio_client.c, nbio_server.c, p7ssl_client.c, p7ssl_server.c, simple.c, sock_client.c, sock_server.c, ssl_client.c, and ssl_server.c.

int R_CDECL SSL_CTX_set_cipher_list SSL_CTX   ctx,
char *    str
;
 

Specifies the cipher suites and order for the SSL_CTX ctx. The list of ciphers is passed in str.

Parameters:
ctx [In, Out] The SSL_CTX reference against which the default cipher list is set.
str [In] The list of cipher suite names to load. The options are:
  • RC4-SHA
  • RC4-MD5
  • EXP-RC4-MD5
  • DES-CBC3-SHA
  • DES-CBC-SHA
  • EXP-DES-CBC-SHA
  • AES128-SHA
  • AES256-SHA
  • NULL-SHA
  • NULL-MD5
Note that NULL-* cipher suites will not be used unless SSL_feature_set() is called with the argument SSL_FEATURE_ALLOW_ENULL.
Returns:
1 indicates success.
0 indicates that the cipher list was not loaded.
note.gif
This function ignores any unrecognized cipher names. No error is displayed indicating the cipher was ignored. Any SSL cipher suites that are dependent on ciphers/digests not loaded via PRODUCT_LIBRARY_NEW() are not available.

See also:
SSL_set_cipher_list().
Samples:
bio_client.c, bio_server.c, cache_server.c, nbio_client.c, nbio_server.c, p7ssl_client.c, p7ssl_server.c, simple.c, sock_client.c, sock_server.c, ssl_client.c, and ssl_server.c.

long R_CDECL SSL_CTX_set_options SSL_CTX   ctx,
long    op
;
 

Specifies options related to the functioning of the SSL protocol. This function is used to enable bug compatibility with other SSL implementations.

Parameters:
ctx [In] The SSL_CTX reference against which the options are set.
op [In] The bitmask of options to enable.
See Option Codes for valid values.
Returns:
The current options (including the options just set).
See also:
SSL_CTX_get_options() and SSL_set_options().
Samples:
bio_client.c, bio_server.c, cache_server.c, nbio_client.c, nbio_server.c, p7ssl_client.c, p7ssl_server.c, simple.c, sock_client.c, sock_server.c, ssl_client.c, and ssl_server.c.

long SSL_CTX_set_rsa_blinding_mode SSL_CTX   ctx,
int    mode
;
 

Sets the blinding mode for all the loaded RSA keys. The default mode is on.

Parameters:
ctx [In, Out] The SSL_CTX reference that binds the temporary key.
mode [In] The blinding mode.
See SSL Context Blinding Modes for valid values.
Returns:
1 indicates success.
<= 0 indicates error.

Copyright (c) 1999-2005 RSA Security Inc. All rights reserved. 072-001001-2100-001-000 - 2.1