|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
|
|
Packit |
c4476c |
SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
|
|
Packit |
c4476c |
SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
|
|
Packit |
c4476c |
SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
|
|
Packit |
c4476c |
- EC supported curve functions
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/ssl.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
|
|
Packit |
c4476c |
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
|
|
Packit |
c4476c |
int SSL_set1_groups_list(SSL *ssl, char *list);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_get1_groups(SSL *ssl, int *groups);
|
|
Packit |
c4476c |
int SSL_get_shared_group(SSL *s, int n);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
|
|
Packit |
c4476c |
int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
|
|
Packit |
c4476c |
int SSL_set1_curves_list(SSL *ssl, char *list);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_get1_curves(SSL *ssl, int *curves);
|
|
Packit |
c4476c |
int SSL_get_shared_curve(SSL *s, int n);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
For all of the functions below that set the supported groups there must be at
|
|
Packit |
c4476c |
least one group in the list.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
|
|
Packit |
c4476c |
groups in the array B<glist>. The array consist of all NIDs of groups in
|
|
Packit |
c4476c |
preference order. For a TLS client the groups are used directly in the
|
|
Packit |
c4476c |
supported groups extension. For a TLS server the groups are used to
|
|
Packit |
c4476c |
determine the set of shared groups.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to
|
|
Packit |
c4476c |
string B<list>. The string is a colon separated list of group NIDs or
|
|
Packit |
c4476c |
names, for example "P-521:P-384:P-256".
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_set1_groups() and SSL_set1_groups_list() are similar except they set
|
|
Packit |
c4476c |
supported groups for the SSL structure B<ssl>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get1_groups() returns the set of supported groups sent by a client
|
|
Packit |
c4476c |
in the supported groups extension. It returns the total number of
|
|
Packit |
c4476c |
supported groups. The B<groups> parameter can be B<NULL> to simply
|
|
Packit |
c4476c |
return the number of groups for memory allocation purposes. The
|
|
Packit |
c4476c |
B<groups> array is in the form of a set of group NIDs in preference
|
|
Packit |
c4476c |
order. It can return zero if the client did not send a supported groups
|
|
Packit |
c4476c |
extension.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_shared_group() returns shared group B<n> for a server-side
|
|
Packit |
c4476c |
SSL B<ssl>. If B<n> is -1 then the total number of shared groups is
|
|
Packit |
c4476c |
returned, which may be zero. Other than for diagnostic purposes,
|
|
Packit |
c4476c |
most applications will only be interested in the first shared group
|
|
Packit |
c4476c |
so B<n> is normally set to zero. If the value B<n> is out of range,
|
|
Packit |
c4476c |
NID_undef is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
All these functions are implemented as macros.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The curve functions are synonyms for the equivalently named group functions and
|
|
Packit |
c4476c |
are identical in every respect. They exist because, prior to TLS1.3, there was
|
|
Packit |
c4476c |
only the concept of supported curves. In TLS1.3 this was renamed to supported
|
|
Packit |
c4476c |
groups, and extended to include Diffie Hellman groups. The group functions
|
|
Packit |
c4476c |
should be used in preference.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If an application wishes to make use of several of these functions for
|
|
Packit |
c4476c |
configuration purposes either on a command line or in a file it should
|
|
Packit |
c4476c |
consider using the SSL_CONF interface instead of manually parsing options.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and
|
|
Packit |
c4476c |
SSL_set1_groups_list(), return 1 for success and 0 for failure.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get1_groups() returns the number of groups, which may be zero.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_shared_group() returns the NID of shared group B<n> or NID_undef if there
|
|
Packit |
c4476c |
is no shared group B<n>; or the total number of shared groups if B<n>
|
|
Packit |
c4476c |
is -1.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
When called on a client B<ssl>, SSL_get_shared_group() has no meaning and
|
|
Packit |
c4476c |
returns -1.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<SSL_CTX_add_extra_chain_cert(3)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 HISTORY
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The curve functions were added in OpenSSL 1.0.2. The equivalent group
|
|
Packit |
c4476c |
functions were added in OpenSSL 1.1.1.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|