1 /* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
3 * Copyright (c) 1996-2002 Sampo Kellomaki <sampo@iki.fi>
4 * Copyright (C) 2005 Florian Ragwitz <rafl@debian.org>
5 * Copyright (C) 2005 Mike McCauley <mikem@open.com.au>
9 * 19.6.1998, Maintenance release to sync with SSLeay-0.9.0, --Sampo
10 * 24.6.1998, added write_partial to support ssl_write_all in more
11 * memory efficient way. --Sampo
12 * 8.7.1998, Added SSL_(CTX)?_set_options and associated constants.
13 * 31.3.1999, Tracking OpenSSL-0.9.2b changes, dropping support for
15 * 30.7.1999, Tracking OpenSSL-0.9.3a changes, --Sampo
16 * 7.4.2001, OpenSSL-0.9.6a update, --Sampo
17 * 18.4.2001, added TLSv1 support by Stephen C. Koehler
18 * <koehler@securecomputing.com>, version 1.07, --Sampo
19 * 25.4.2001, applied 64 bit fixes by Marko Asplund <aspa@kronodoc.fi> --Sampo
20 * 16.7.2001, applied Win filehandle patch from aspa, added
21 * SSL_*_methods --Sampo
22 * 25.9.2001, added a big pile of methods by automatically grepping and diffing
23 * openssl headers and my module --Sampo
24 * 17.4.2002, applied patch to fix CTX_set_default_passwd_cb() contributed
25 * by Timo Kujala <timo.kujala@@intellitel_.com>, --Sampo
26 * 17.5.2002, Added BIO_s_mem, BIO_new, BIO_free, BIO_write, BIO_read ,
27 * BIO_eof, BIO_pending, BIO_wpending, X509_NAME_get_text_by_NID,
28 * RSA_generate_key, BIO_new_file
29 * Fixed problem with return value from verify callback being
31 * Fixed a problem with CTX_set_tmp_rsa and CTX_set_tmp_dh
33 * --mikem@open.com_.au
34 * 10.8.2002, Added SSL_peek patch to ssl_read_until from
35 * Peter Behroozi <peter@@fhpwireless_.com> --Sampo
36 * 21.8.2002, Added SESSION_get_master_key, SSL_get_client_random, SSL_get_server_random
37 * --mikem@open.com_.au
38 * 2.9.2002, Added SSL_CTX_get_cert_store, X509_STORE_add_cert, X509_STORE_add_crl
39 * X509_STORE_set_flags, X509_load_cert_file, X509_load_crl_file
40 * X509_load_cert_crl_file, PEM_read_bio_X509_CRL
41 * constants for X509_V_FLAG_*
42 * --mikem@open.com_.au
43 * 6.9.2002, applied Mike's patch and fixed X509_STORE_* to X509_STORE_CTX_*
45 * 18.2.2003, RAND patch from Toni Andjelkovic <toni@soth._at>
46 * 13.6.2003, applied SSL_X509_LOOKUP patch by Marian Jancar <mjancar@suse._cz>
47 * 18.8.2003, fixed some const char pointer warnings --Sampo
48 * 01.12.2005 fixed a thread safety problem with SvSetSV that could cause crashes
49 * if SSL_CTX_set_default_passwd_cb and friends were called multiple
50 * times in different threads.
51 * Reintroduced X509_STORE_set_flags, also added
52 * X509_STORE_set_purpose and X509_STORE_set_trust
53 * Added X509_get_subjectAltNames and a number of other openssl
54 * X509 functions: X509_get_ext_by_NID X509_get_ext
56 * X509_verify_cert_error_string
57 * --mikem@open.com_.au
58 * 13.12.2005 Reinstated the thread safety fix from 01.12.2005 due memory leaks
59 * It is better to reset the callback with undef after use to prevent
60 * leaks and thread safety problems.
61 * 28.7.2006 Use New and Safefree insted of malloc/free. Use OPENSSL_free
62 * instead of free to release memory allocated by X509_NAME_oneline.
63 * These changes to deal with thread safety issues.
64 * 01.08.2006 set_*fd nw woork with filehandles as well as filenos on Windows
68 * The distribution and use of this module are subject to the conditions
69 * listed in LICENSE file at the root of OpenSSL-0.9.6b
70 * distribution (i.e. free, but mandatory attribution and NO WARRANTY).
73 /* Prevent warnings about strncpy from Windows compilers */
74 #define _CRT_SECURE_NO_DEPRECATE
87 /* OpenSSL-0.9.3a has some strange warning about this in
92 #include <openssl/err.h>
93 #include <openssl/lhash.h>
94 #include <openssl/rand.h>
95 #include <openssl/buffer.h>
96 #include <openssl/ssl.h>
97 #include <openssl/comp.h> /* openssl-0.9.6a forgets to include this */
98 #include <openssl/md2.h>
99 #include <openssl/md4.h>
100 #include <openssl/md5.h> /* openssl-SNAP-20020227 does not automatically include this */
101 #include <openssl/x509.h>
102 #include <openssl/x509v3.h>
103 #include <openssl/engine.h>
105 /* Debugging output */
108 #define PR(s) printf(s);
109 #define PRN(s,n) printf("'%s' (%d)\n",s,n);
117 #include "constants.c"
119 /* ============= typedefs to agument TYPEMAP ============== */
121 typedef void callback_no_ret(void);
122 typedef void cb_ssl_int_int_ret_void(const SSL *ssl,int,int);
123 typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
124 typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
126 typedef STACK_OF(X509_NAME) X509_NAME_STACK;
128 typedef int perl_filehandle_t;
130 /* ============= callback stuff ============== */
132 static HV* ssleay_ctx_verify_callbacks = (HV*)NULL;
135 ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store) {
144 ssl = X509_STORE_CTX_get_ex_data( x509_store, SSL_get_ex_data_X509_STORE_CTX_idx() );
145 key = sv_2mortal(newSViv( (IV)ssl ));
146 key_str = SvPV(key, key_len);
148 callback = hv_fetch( ssleay_ctx_verify_callbacks, key_str, key_len, 0 );
150 if (callback == NULL) {
151 SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
152 key = sv_2mortal(newSViv( (IV)ssl_ctx ));
153 key_str = SvPV(key, key_len);
155 callback = hv_fetch( ssleay_ctx_verify_callbacks, key_str, key_len, 0 );
157 if (callback == NULL) {
158 croak ("Net::SSLeay: verify_callback called, but not "
159 "set to point to any perl function.\n");
167 PRN("verify callback glue", ok);
171 PUSHs( sv_2mortal(newSViv(ok)) );
172 PUSHs( sv_2mortal(newSViv((unsigned long int)x509_store)) );
175 PR("About to call verify callback.\n");
176 count = call_sv(*callback, G_SCALAR);
177 PR("Returned from verify callback.\n");
182 croak ( "Net::SSLeay: verify_callback "
183 "perl function did not return a scalar.\n");
195 static HV* ssleay_ctx_passwd_cbs = (HV*)NULL;
197 struct _ssleay_cb_t {
201 typedef struct _ssleay_cb_t ssleay_ctx_passwd_cb_t;
202 typedef struct _ssleay_cb_t ssleay_ctx_cert_verify_cb_t;
203 typedef struct _ssleay_cb_t ssleay_session_secret_cb_t;
204 typedef struct _ssleay_cb_t ssleay_RSA_generate_key_cb_t;
206 ssleay_ctx_passwd_cb_t*
207 ssleay_ctx_passwd_cb_new(SSL_CTX* ctx) {
208 ssleay_ctx_passwd_cb_t* cb;
214 New(0, cb, 1, ssleay_ctx_passwd_cb_t);
219 croak( "Net::SSLeay: ctx == NULL in ssleay_ctx_passwd_cb_new" );
221 hash_value = sv_2mortal(newSViv( (IV)cb ));
223 key = sv_2mortal(newSViv( (IV)ctx ));
224 key_str = SvPV(key, key_len);
226 if (ssleay_ctx_passwd_cbs == (HV*)NULL)
227 ssleay_ctx_passwd_cbs = newHV();
229 SvREFCNT_inc(hash_value);
230 hv_store( ssleay_ctx_passwd_cbs, key_str, key_len, hash_value, 0 );
235 ssleay_ctx_passwd_cb_t*
236 ssleay_ctx_passwd_cb_get(SSL_CTX* ctx) {
241 ssleay_ctx_passwd_cb_t* cb;
243 key = sv_2mortal(newSViv( (IV)ctx ));
244 key_str = SvPV(key, key_len);
246 hash_value = hv_fetch( ssleay_ctx_passwd_cbs, key_str, key_len, 0 );
248 if (hash_value == NULL || *hash_value == NULL) {
249 cb = ssleay_ctx_passwd_cb_new(ctx);
251 cb = (ssleay_ctx_passwd_cb_t*)SvIV( *hash_value );
258 ssleay_ctx_passwd_cb_func_set(SSL_CTX* ctx, SV* func) {
259 ssleay_ctx_passwd_cb_t* cb;
261 cb = ssleay_ctx_passwd_cb_get(ctx);
264 SvREFCNT_dec(cb->func);
271 ssleay_ctx_passwd_cb_userdata_set(SSL_CTX* ctx, SV* data) {
272 ssleay_ctx_passwd_cb_t* cb;
274 cb = ssleay_ctx_passwd_cb_get(ctx);
277 SvREFCNT_dec(cb->data);
284 ssleay_ctx_passwd_cb_free_func(SSL_CTX* ctx) {
285 ssleay_ctx_passwd_cb_t* cb;
287 cb = ssleay_ctx_passwd_cb_get(ctx);
289 if (cb && cb->func) {
290 SvREFCNT_dec(cb->func);
296 ssleay_ctx_passwd_cb_free_userdata(SSL_CTX* ctx) {
297 ssleay_ctx_passwd_cb_t* cb;
299 cb = ssleay_ctx_passwd_cb_get(ctx);
301 if (cb && cb->data) {
302 SvREFCNT_dec(cb->data);
307 /* pem_password_cb function */
310 ssleay_ctx_passwd_cb_invoke(char *buf, int size, int rwflag, void *userdata) {
315 ssleay_ctx_passwd_cb_t* cb = (ssleay_ctx_passwd_cb_t*)userdata;
321 XPUSHs( sv_2mortal( newSViv(rwflag)) );
326 if (cb->func == NULL)
327 croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not "
328 "set to point to any perl function.\n");
330 count = call_sv( cb->func, G_SCALAR );
335 croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke "
336 "perl function did not return a scalar.\n");
343 strncpy(buf, res, size);
344 buf[size - 1] = '\0';
354 static HV* ssleay_ctx_cert_verify_cbs = (HV*)NULL;
356 ssleay_ctx_cert_verify_cb_t*
357 ssleay_ctx_cert_verify_cb_new(SSL_CTX* ctx, SV* func, SV* data) {
358 ssleay_ctx_cert_verify_cb_t* cb;
364 cb = New(0, cb, 1, ssleay_ctx_cert_verify_cb_t);
372 croak( "Net::SSLeay: ctx == NULL in ssleay_ctx_cert_verify_cb_new" );
375 hash_value = sv_2mortal(newSViv( (IV)cb ));
377 key = sv_2mortal(newSViv( (IV)ctx ));
378 key_str = SvPV(key, key_len);
380 if (ssleay_ctx_cert_verify_cbs == (HV*)NULL)
381 ssleay_ctx_cert_verify_cbs = newHV();
383 SvREFCNT_inc(hash_value);
384 hv_store( ssleay_ctx_cert_verify_cbs, key_str, key_len, hash_value, 0 );
389 ssleay_ctx_cert_verify_cb_t*
390 ssleay_ctx_cert_verify_cb_get(SSL_CTX* ctx) {
395 ssleay_ctx_cert_verify_cb_t* cb;
397 key = sv_2mortal(newSViv( (IV)ctx ));
398 key_str = SvPV(key, key_len);
400 hash_value = hv_fetch( ssleay_ctx_cert_verify_cbs, key_str, key_len, 0 );
402 if (hash_value == NULL || *hash_value == NULL) {
405 cb = (ssleay_ctx_cert_verify_cb_t*)SvIV( *hash_value );
412 ssleay_ctx_cert_verify_cb_free(SSL_CTX* ctx) {
413 ssleay_ctx_passwd_cb_t* cb;
415 cb = ssleay_ctx_cert_verify_cb_get(ctx);
419 SvREFCNT_dec(cb->func);
424 SvREFCNT_dec(cb->data);
433 ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data) {
438 ssleay_ctx_cert_verify_cb_t* cb = (ssleay_ctx_cert_verify_cb_t*)data;
444 XPUSHs(sv_2mortal(newSViv( (IV)x509_store_ctx )));
450 if (cb->func == NULL) {
451 croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not "
452 "set to point to any perl function.\n");
455 count = call_sv( cb->func, G_SCALAR );
460 croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke "
461 "perl function did not return a scalar.\n");
473 #ifdef SSL_F_SSL_SET_HELLO_EXTENSION
474 static HV* ssleay_session_secret_cbs = (HV*)NULL;
476 ssleay_session_secret_cb_t*
477 ssleay_session_secret_cb_new(SSL* s, SV* func, SV* data) {
478 ssleay_session_secret_cb_t* cb;
484 cb = New(0, cb, 1, ssleay_session_secret_cb_t);
492 croak( "Net::SSLeay: s == NULL in ssleay_session_secret_cb_new" );
495 hash_value = sv_2mortal(newSViv( (IV)cb ));
497 key = sv_2mortal(newSViv( (IV)s ));
498 key_str = SvPV(key, key_len);
500 if (ssleay_session_secret_cbs == (HV*)NULL)
501 ssleay_session_secret_cbs = newHV();
503 SvREFCNT_inc(hash_value);
504 hv_store( ssleay_session_secret_cbs, key_str, key_len, hash_value, 0 );
509 ssleay_session_secret_cb_t*
510 ssleay_session_secret_cb_get(SSL* s) {
515 ssleay_session_secret_cb_t* cb;
517 key = sv_2mortal(newSViv( (IV)s ));
518 key_str = SvPV(key, key_len);
520 hash_value = hv_fetch( ssleay_session_secret_cbs, key_str, key_len, 0 );
522 if (hash_value == NULL || *hash_value == NULL) {
525 cb = (ssleay_session_secret_cb_t*)SvIV( *hash_value );
532 ssleay_session_secret_cb_free(SSL* s) {
533 ssleay_session_secret_cb_t* cb;
535 cb = ssleay_session_secret_cb_get(s);
539 SvREFCNT_dec(cb->func);
544 SvREFCNT_dec(cb->data);
553 ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
554 STACK_OF(SSL_CIPHER) *peer_ciphers,
555 SSL_CIPHER **cipher, void *arg)
562 AV *ciphers = newAV();
563 SV *pref_cipher = sv_newmortal();
564 ssleay_session_secret_cb_t* cb = (ssleay_session_secret_cb_t*)arg;
570 XPUSHs( sv_2mortal( newSVpv(secret, *secret_len)) );
571 for (i=0; i<sk_SSL_CIPHER_num(peer_ciphers); i++)
573 SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
574 av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
576 XPUSHs(sv_2mortal(newRV((SV*)ciphers)));
577 XPUSHs(sv_2mortal(newRV(pref_cipher)));
583 if (cb->func == NULL) {
584 croak ("Net::SSLeay: ssleay_session_secret_cb_invoke called, but not "
585 "set to point to any perl function.\n");
588 count = call_sv( cb->func, G_SCALAR );
593 croak ("Net::SSLeay: ssleay_session_secret_cb_invoke "
594 "perl function did not return a scalar.\n");
600 /* See if there is a preferred cipher selected, if so
601 it is an index into the stack */
602 if (SvIOK(pref_cipher))
604 *cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
617 ssleay_RSA_generate_key_cb_t*
618 ssleay_RSA_generate_key_cb_new(SV* func, SV* data) {
619 ssleay_RSA_generate_key_cb_t* cb;
621 New(0, cb, 1, ssleay_RSA_generate_key_cb_t);
639 ssleay_RSA_generate_key_cb_free(ssleay_RSA_generate_key_cb_t* cb) {
642 SvREFCNT_dec(cb->func);
647 SvREFCNT_dec(cb->data);
656 ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data) {
659 ssleay_RSA_generate_key_cb_t* cb = (ssleay_RSA_generate_key_cb_t*)data;
669 XPUSHs(sv_2mortal( newSViv(i) ));
670 XPUSHs(sv_2mortal( newSViv(n) ));
677 count = call_sv( cb->func, G_VOID|G_DISCARD );
680 croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
681 "perl function did return something in void context.\n");
690 MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
701 PR("\tSSLeay Hello World!\n");
706 #define REM1 "============= SSL CONTEXT functions =============="
711 RETVAL = SSL_CTX_new (SSLv23_method());
718 RETVAL = SSL_CTX_new (SSLv2_method());
725 RETVAL = SSL_CTX_new (SSLv3_method());
732 RETVAL = SSL_CTX_new (SSLv23_method());
739 RETVAL = SSL_CTX_new (TLSv1_method());
744 SSL_CTX_new_with_method(meth)
746 RETVAL = SSL_CTX_new (SSLv23_method());
755 SSL_CTX_add_session(ctx,ses)
760 SSL_CTX_remove_session(ctx,ses)
765 SSL_CTX_flush_sessions(ctx,tm)
770 SSL_CTX_set_default_verify_paths(ctx)
774 SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
779 RETVAL = SSL_CTX_load_verify_locations (ctx,
780 CAfile?(*CAfile?CAfile:NULL):NULL,
781 CApath?(*CApath?CApath:NULL):NULL
787 SSL_CTX_set_verify(ctx,mode,callback=NULL)
797 if (ssleay_ctx_verify_callbacks == (HV*)NULL)
798 ssleay_ctx_verify_callbacks = newHV();
800 key = sv_2mortal(newSViv( (IV)ctx ));
801 key_str = SvPV(key, key_len);
803 /* Former versions of SSLeay checked if the callback was a true boolean value
804 * and didn't call it if it was false. Therefor some people set the callback
805 * to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
806 * we don't execute the callback if it's value isn't something true to retain
807 * backwards compatibility.
810 if (callback == NULL || !SvTRUE(callback)) {
811 hv_delete( ssleay_ctx_verify_callbacks, key_str, key_len, G_DISCARD );
812 SSL_CTX_set_verify( ctx, mode, NULL );
814 hv_store( ssleay_ctx_verify_callbacks, key_str, key_len, newSVsv(callback), 0 );
815 SSL_CTX_set_verify( ctx, mode, &ssleay_verify_callback_invoke );
823 #define REM10 "============= SSL functions =============="
833 #if 0 /* this seems to be gone in 0.9.0 */
860 RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
869 RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
878 RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
906 SSL_read(s,max=32768)
913 New(0, buf, max, char);
914 ST(0) = sv_newmortal(); /* Undefined to start with */
915 if ((got = SSL_read(s, buf, max)) >= 0)
916 sv_setpvn( ST(0), buf, got);
920 SSL_peek(s,max=32768)
927 New(0, buf, max, char);
928 ST(0) = sv_newmortal(); /* Undefined to start with */
929 if ((got = SSL_peek(s, buf, max)) >= 0)
930 sv_setpvn( ST(0), buf, got);
939 char * buf = SvPV( ST(1), len);
941 RETVAL = SSL_write (s, buf, (int)len);
946 SSL_write_partial(s,from,count,buf)
953 char * buf = SvPV( ST(3), len);
956 if (SvROK( ST(3) )) {
957 SV* t = SvRV( ST(3) );
960 buf = SvPV( ST(3), len);
962 PRN("write_partial from",from);
964 PRN("write_partial count",count);
967 croak("from beyound end of buffer");
970 RETVAL = SSL_write (s, &(buf[from]), ((STRLEN)count<=len)?count:len);
975 SSL_use_RSAPrivateKey(s,rsa)
980 SSL_use_RSAPrivateKey_ASN1(s,d,len)
986 SSL_use_RSAPrivateKey_file(s,file,type)
992 SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
998 SSL_use_PrivateKey(s,pkey)
1003 SSL_use_PrivateKey_ASN1(pk,s,d,len)
1010 SSL_use_PrivateKey_file(s,file,type)
1016 SSL_CTX_use_PrivateKey_file(ctx,file,type)
1022 SSL_use_certificate(s,x)
1027 SSL_use_certificate_ASN1(s,d,len)
1033 SSL_use_certificate_file(s,file,type)
1039 SSL_CTX_use_certificate_file(ctx,file,type)
1049 SSL_rstate_string(s)
1053 SSL_state_string_long(s)
1057 SSL_rstate_string_long(s)
1071 SSL_get_timeout(ses)
1075 SSL_set_timeout(ses,t)
1080 SSL_copy_session_id(to,from)
1085 SSL_set_read_ahead(s,yes=1)
1090 SSL_get_read_ahead(s)
1098 SSL_CTX_set_cipher_list(s,str)
1103 SSL_get_cipher_list(s,n)
1108 SSL_set_cipher_list(s,str)
1117 SSL_get_shared_ciphers(s,buf,len)
1123 SSL_get_peer_certificate(s)
1127 SSL_set_verify(s,mode,callback)
1137 if (ssleay_ctx_verify_callbacks == (HV*)NULL)
1138 ssleay_ctx_verify_callbacks = newHV();
1140 key = sv_2mortal(newSViv( (IV)s ));
1141 key_str = SvPV(key, key_len);
1143 if (callback == NULL) {
1144 hv_delete( ssleay_ctx_verify_callbacks, key_str, key_len, G_DISCARD );
1145 SSL_set_verify( s, mode, NULL );
1147 hv_store( ssleay_ctx_verify_callbacks, key_str, key_len, newSVsv(callback), 0 );
1148 SSL_set_verify( s, mode, &ssleay_verify_callback_invoke );
1152 SSL_set_bio(s,rbio,wbio)
1170 SSL_SESSION_print(fp,ses)
1175 SSL_SESSION_free(ses)
1179 i2d_SSL_SESSION(in,pp)
1184 SSL_set_session(to,ses)
1189 d2i_SSL_SESSION(a,pp,length)
1191 const unsigned char * &pp
1194 #define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
1200 SSL_get0_session = 1
1207 SSL_get_certificate(s)
1215 SSL_ctrl(ssl,cmd,larg,parg)
1222 SSL_CTX_ctrl(ctx,cmd,larg,parg)
1229 SSL_get_options(ssl)
1233 SSL_set_options(ssl,op)
1238 SSL_CTX_get_options(ctx)
1242 SSL_CTX_set_options(ctx,op)
1247 SSL_CTX_sessions(ctx)
1250 /* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
1251 if (ctx == NULL) croak("NULL SSL context passed as argument.");
1252 RETVAL = ctx -> sessions;
1257 SSL_CTX_sess_number(ctx)
1261 SSL_CTX_sess_connect(ctx)
1265 SSL_CTX_sess_connect_good(ctx)
1269 SSL_CTX_sess_connect_renegotiate(ctx)
1273 SSL_CTX_sess_accept(ctx)
1277 SSL_CTX_sess_accept_renegotiate(ctx)
1281 SSL_CTX_sess_accept_good(ctx)
1285 SSL_CTX_sess_hits(ctx)
1289 SSL_CTX_sess_cb_hits(ctx)
1293 SSL_CTX_sess_misses(ctx)
1297 SSL_CTX_sess_timeouts(ctx)
1301 SSL_CTX_sess_cache_full(ctx)
1305 SSL_CTX_sess_get_cache_size(ctx)
1309 SSL_CTX_sess_set_cache_size(ctx,size)
1334 ERR_put_error(lib,func,reason,file,line)
1345 ERR_error_string(error,buf=NULL)
1349 RETVAL = ERR_error_string(error,buf);
1354 SSL_load_error_strings()
1357 ERR_load_crypto_strings()
1362 SSLeay_add_ssl_algorithms = 1
1363 OpenSSL_add_ssl_algorithms = 2
1364 add_ssl_algorithms = 3
1367 ENGINE_load_builtin_engines()
1370 ENGINE_register_all_complete()
1377 ENGINE_set_default(e, flags)
1382 ERR_load_SSL_strings()
1385 ERR_load_RAND_strings()
1388 RAND_bytes(buf, num)
1393 unsigned char *random;
1395 New(0, random, num, unsigned char);
1396 rc = RAND_bytes(random, num);
1397 sv_setpvn(buf, (const char*)random, num);
1404 RAND_pseudo_bytes(buf, num)
1409 unsigned char *random;
1411 New(0, random, num, unsigned char);
1412 rc = RAND_pseudo_bytes(random, num);
1413 sv_setpvn(buf, (const char*)random, num);
1420 RAND_add(buf, num, entropy)
1427 RAND_add((const void *)SvPV(buf, len), num, entropy);
1436 RAND_egd_bytes(path, bytes)
1446 New(0, buf, num, char);
1447 if (!RAND_file_name(buf, num)) {
1451 RETVAL = newSVpv(buf, 0);
1461 char * buf = SvPV( ST(1), len);
1463 RAND_seed (buf, (int)len);
1469 RAND_load_file(file_name, how_much)
1474 RAND_write_file(file_name)
1481 #define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
1484 X509_get_issuer_name(cert)
1488 X509_get_subject_name(cert)
1492 X509_NAME_oneline(name)
1497 ST(0) = sv_newmortal(); /* Undefined to start with */
1498 if (buf = X509_NAME_oneline(name, NULL, 0))
1499 sv_setpvn( ST(0), buf, strlen(buf));
1500 OPENSSL_free(buf); /* mem was allocated by openssl */
1502 # WTF is the point of this function?
1503 # The NID_* constants aren't bound anyway and no one can remember
1504 # those undocumented numbers anyway.
1506 X509_NAME_get_text_by_NID(name,nid)
1513 ST(0) = sv_newmortal(); /* Undefined to start with */
1514 length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
1516 New(0, buf, length+1, char);
1517 if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1))
1518 sv_setpvn( ST(0), buf, length + 1);
1522 X509_STORE_CTX_get_current_cert(x509_store_ctx)
1523 X509_STORE_CTX * x509_store_ctx
1526 X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
1527 X509_STORE_CTX * x509_store_ctx
1531 X509_get_subjectAltNames(cert)
1534 int i, j, count = 0;
1535 X509_EXTENSION *subjAltNameExt = NULL;
1536 STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
1537 GENERAL_NAME *subjAltNameDN = NULL;
1539 if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
1540 && (subjAltNameExt = X509_get_ext(cert, i))
1541 && (subjAltNameDNs = X509V3_EXT_d2i(subjAltNameExt)))
1543 num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
1545 for (j = 0; j < num_gnames; j++)
1547 subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
1549 switch (subjAltNameDN->type)
1554 PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
1555 PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
1563 PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
1564 PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
1569 char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
1572 PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
1573 PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
1580 PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
1581 PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
1587 XSRETURN(count * 2);
1590 X509_get_ext_by_NID(x,nid,loc)
1605 X509_STORE_CTX_get_error(x509_store_ctx)
1606 X509_STORE_CTX * x509_store_ctx
1609 X509_STORE_CTX_get_error_depth(x509_store_ctx)
1610 X509_STORE_CTX * x509_store_ctx
1613 X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
1614 X509_STORE_CTX * x509_store_ctx
1619 X509_STORE_CTX_set_error(x509_store_ctx,s)
1620 X509_STORE_CTX * x509_store_ctx
1624 X509_STORE_CTX_set_cert(x509_store_ctx,x)
1625 X509_STORE_CTX * x509_store_ctx
1629 X509_STORE_add_cert(ctx, x)
1634 X509_STORE_add_crl(ctx, x)
1639 X509_STORE_CTX_set_flags(ctx, flags)
1643 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
1646 X509_STORE_set_flags(ctx, flags)
1651 X509_STORE_set_purpose(ctx, purpose)
1656 X509_STORE_set_trust(ctx, trust)
1663 X509_load_cert_file(ctx, file, type)
1669 X509_load_crl_file(ctx, file, type)
1675 X509_load_cert_crl_file(ctx, file, type)
1681 X509_verify_cert_error_string(n)
1686 X509_get_notBefore(cert)
1690 X509_get_notAfter(cert)
1694 P_ASN1_UTCTIME_put2string(tm)
1701 bp = BIO_new(BIO_s_mem());
1702 ASN1_UTCTIME_print(bp,tm);
1703 i = BIO_read(bp,buffer,255);
1705 ST(0) = sv_newmortal(); /* Undefined to start with */
1707 sv_setpvn( ST(0), buffer, i );
1711 EVP_PKEY_copy_parameters(to,from)
1716 PEM_get_string_X509(x509)
1723 bp = BIO_new(BIO_s_mem());
1724 PEM_write_bio_X509(bp,x509);
1725 i = BIO_read(bp,buffer,8195);
1727 ST(0) = sv_newmortal(); /* Undefined to start with */
1729 sv_setpvn( ST(0), buffer, i );
1736 unsigned char md[MD2_DIGEST_LENGTH];
1737 unsigned char * ret;
1739 unsigned char* data = (unsigned char *) SvPV( ST(0), len);
1741 ret = MD2(data,len,md);
1743 XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
1752 unsigned char md[MD4_DIGEST_LENGTH];
1753 unsigned char * ret;
1755 unsigned char* data = (unsigned char *) SvPV( ST(0), len );
1757 ret = MD4(data,len,md);
1759 XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
1768 unsigned char md[MD5_DIGEST_LENGTH];
1769 unsigned char * ret;
1771 unsigned char * data = (unsigned char *) SvPV( ST(0), len);
1773 ret = MD5(data,len,md);
1775 XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
1790 SSL_set_ssl_method(ssl, method)
1795 SSL_get_ssl_method(ssl)
1798 #define REM_AUTOMATICALLY_GENERATED_1_09
1801 BIO_new_buffer_ssl_connect(ctx)
1805 BIO_new_file(filename,mode)
1810 BIO_new_ssl(ctx,client)
1815 BIO_new_ssl_connect(ctx)
1827 BIO_read(s,max=32768)
1834 New(0, buf, max, char);
1835 ST(0) = sv_newmortal(); /* Undefined to start with */
1836 if ((got = BIO_read(s, buf, max)) >= 0)
1837 sv_setpvn( ST(0), buf, got);
1846 char * buf = SvPV( ST(1), len);
1848 RETVAL = BIO_write (s, buf, (int)len);
1865 BIO_ssl_copy_session_id(to,from)
1870 BIO_ssl_shutdown(ssl_bio)
1874 SSL_add_client_CA(ssl,x)
1879 SSL_alert_desc_string(value)
1883 SSL_alert_desc_string_long(value)
1887 SSL_alert_type_string(value)
1891 SSL_alert_type_string_long(value)
1895 SSL_callback_ctrl(ssl,i,fp)
1898 callback_no_ret * fp
1901 SSL_check_private_key(ctx)
1905 SSL_CIPHER_description(cipher,buf,size)
1911 SSL_CIPHER_get_bits(c,alg_bits)
1916 SSL_COMP_add_compression_method(id,cm)
1921 SSL_CTX_add_client_CA(ctx,x)
1926 SSL_CTX_callback_ctrl(ctx,i,fp)
1929 callback_no_ret * fp
1932 SSL_CTX_check_private_key(ctx)
1936 SSL_CTX_get_ex_data(ssl,idx)
1941 SSL_CTX_get_quiet_shutdown(ctx)
1945 SSL_CTX_get_timeout(ctx)
1949 SSL_CTX_get_verify_depth(ctx)
1953 SSL_CTX_get_verify_mode(ctx)
1957 SSL_CTX_set_cert_store(ctx,store)
1962 SSL_CTX_get_cert_store(ctx)
1966 SSL_CTX_set_cert_verify_callback(ctx,func,data=NULL)
1971 ssleay_ctx_cert_verify_cb_t* cb;
1973 if (func == NULL || func == &PL_sv_undef) {
1974 ssleay_ctx_cert_verify_cb_free(ctx);
1975 SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
1977 cb = ssleay_ctx_cert_verify_cb_new(ctx, func, data);
1978 SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, cb);
1982 SSL_CTX_set_client_CA_list(ctx,list)
1984 X509_NAME_STACK * list
1987 SSL_CTX_set_default_passwd_cb(ctx,func=NULL)
1991 ssleay_ctx_passwd_cb_t* cb;
1993 if (func == NULL || func == &PL_sv_undef) {
1994 ssleay_ctx_passwd_cb_free_func(ctx);
1995 SSL_CTX_set_default_passwd_cb(ctx, NULL);
1997 cb = ssleay_ctx_passwd_cb_get(ctx);
1998 ssleay_ctx_passwd_cb_func_set(ctx, func);
1999 SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
2000 SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)cb);
2004 SSL_CTX_set_default_passwd_cb_userdata(ctx,u=NULL)
2009 ssleay_ctx_passwd_cb_free_userdata(ctx);
2011 ssleay_ctx_passwd_cb_userdata_set(ctx, u);
2015 SSL_CTX_set_ex_data(ssl,idx,data)
2021 SSL_CTX_set_purpose(s,purpose)
2026 SSL_CTX_set_quiet_shutdown(ctx,mode)
2031 SSL_CTX_set_ssl_version(ctx,meth)
2036 SSL_CTX_set_timeout(ctx,t)
2041 SSL_CTX_set_trust(s,trust)
2046 SSL_CTX_set_verify_depth(ctx,depth)
2051 SSL_CTX_use_certificate(ctx,x)
2056 SSL_CTX_use_certificate_chain_file(ctx,file)
2061 SSL_CTX_use_PrivateKey(ctx,pkey)
2066 SSL_CTX_use_RSAPrivateKey(ctx,rsa)
2079 SSL_get_current_cipher(s)
2083 SSL_get_default_timeout(s)
2087 SSL_get_ex_data(ssl,idx)
2092 SSL_get_finished(s,buf,count)
2098 SSL_get_peer_finished(s,buf,count)
2104 SSL_get_quiet_shutdown(ssl)
2108 SSL_get_shutdown(ssl)
2112 SSL_get_verify_depth(s)
2116 SSL_get_verify_mode(s)
2120 SSL_get_verify_result(ssl)
2128 SSL_SESSION_cmp(a,b)
2133 SSL_SESSION_get_ex_data(ss,idx)
2138 SSL_SESSION_get_time(s)
2142 SSL_SESSION_get_timeout(s)
2146 SSL_SESSION_print_fp(fp,ses)
2151 SSL_SESSION_set_ex_data(ss,idx,data)
2157 SSL_SESSION_set_time(s,t)
2162 SSL_SESSION_set_timeout(s,t)
2167 SSL_set_accept_state(s)
2171 SSL_set_client_CA_list(s,list)
2173 X509_NAME_STACK * list
2176 SSL_set_connect_state(s)
2180 SSL_set_ex_data(ssl,idx,data)
2186 SSL_set_info_callback(ssl,cb)
2188 cb_ssl_int_int_ret_void * cb
2191 SSL_set_purpose(s,purpose)
2196 SSL_set_quiet_shutdown(ssl,mode)
2201 SSL_set_shutdown(ssl,mode)
2206 SSL_set_trust(s,trust)
2211 SSL_set_verify_depth(s,depth)
2216 SSL_set_verify_result(ssl,v)
2228 #define REM_MANUALLY_ADDED_1_09
2231 SSL_load_client_CA_file(file)
2235 SSL_add_file_cert_subjects_to_stack(stackCAs,file)
2236 X509_NAME_STACK * stackCAs
2241 #ifndef MAC_OS_pre_X
2244 SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
2245 X509_NAME_STACK * stackCAs
2253 SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
2256 CRYPTO_EX_new * new_func
2257 CRYPTO_EX_dup * dup_func
2258 CRYPTO_EX_free * free_func
2261 SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
2263 const unsigned char * sid_ctx
2264 unsigned int sid_ctx_len
2267 SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
2269 const unsigned char * sid_ctx
2270 unsigned int sid_ctx_len
2273 SSL_CTX_set_tmp_rsa_callback(ctx, cb)
2275 cb_ssl_int_int_ret_RSA * cb
2278 SSL_set_tmp_rsa_callback(ssl, cb)
2280 cb_ssl_int_int_ret_RSA * cb
2283 SSL_CTX_set_tmp_dh_callback(ctx, dh)
2285 cb_ssl_int_int_ret_DH * dh
2288 SSL_set_tmp_dh_callback(ssl,dh)
2290 cb_ssl_int_int_ret_DH * dh
2293 SSL_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
2296 CRYPTO_EX_new * new_func
2297 CRYPTO_EX_dup * dup_func
2298 CRYPTO_EX_free * free_func
2301 SSL_SESSION_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
2304 CRYPTO_EX_new * new_func
2305 CRYPTO_EX_dup * dup_func
2306 CRYPTO_EX_free * free_func
2308 #define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
2311 SSL_clear_num_renegotiations(ssl)
2314 RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
2319 SSL_CTX_add_extra_chain_cert(ctx,x509)
2323 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
2328 SSL_CTX_get_app_data(ctx)
2331 RETVAL = SSL_CTX_get_ex_data(ctx,0);
2336 SSL_CTX_get_mode(ctx)
2339 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
2344 SSL_CTX_get_read_ahead(ctx)
2347 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
2352 SSL_CTX_get_session_cache_mode(ctx)
2355 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
2360 SSL_CTX_need_tmp_RSA(ctx)
2363 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
2368 SSL_CTX_set_app_data(ctx,arg)
2372 RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
2377 SSL_CTX_set_mode(ctx,op)
2381 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
2386 SSL_CTX_set_read_ahead(ctx,m)
2390 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
2395 SSL_CTX_set_session_cache_mode(ctx,m)
2399 RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
2404 SSL_CTX_set_tmp_dh(ctx,dh)
2409 SSL_CTX_set_tmp_rsa(ctx,rsa)
2417 RETVAL = SSL_get_ex_data(s,0);
2422 SSL_get_cipher_bits(s,np)
2426 RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
2434 RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
2442 RETVAL = SSL_state(ssl);
2447 SSL_need_tmp_RSA(ssl)
2450 RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
2455 SSL_num_renegotiations(ssl)
2458 RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
2463 SSL_SESSION_get_app_data(ses)
2466 RETVAL = SSL_SESSION_get_ex_data(ses,0);
2471 SSL_session_reused(ssl)
2474 RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_SESSION_REUSED,0,NULL);
2479 SSL_SESSION_set_app_data(s,a)
2483 RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
2488 SSL_set_app_data(s,arg)
2492 RETVAL = SSL_set_ex_data(s,0,(char *)arg);
2497 SSL_set_mode(ssl,op)
2501 RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
2506 SSL_set_pref_cipher(s,n)
2510 RETVAL = SSL_set_cipher_list(s,n);
2515 SSL_set_tmp_dh(ssl,dh)
2520 SSL_set_tmp_rsa(ssl,rsa)
2524 RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
2529 RSA_generate_key(bits,e,perl_cb=NULL,perl_cb_arg=NULL)
2535 ssleay_RSA_generate_key_cb_t* cb = NULL;
2537 cb = ssleay_RSA_generate_key_cb_new(perl_cb, perl_cb_arg);
2538 RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
2539 ssleay_RSA_generate_key_cb_free(cb);
2552 PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
2555 pem_password_cb * cb
2559 PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
2562 pem_password_cb * cb
2570 SSL_total_renegotiations(ssl)
2573 RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
2578 SSL_SESSION_get_master_key(s)
2581 ST(0) = sv_newmortal(); /* Undefined to start with */
2582 sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
2585 SSL_SESSION_set_master_key(s,key)
2590 char * key = SvPV(ST(1), len);
2592 memcpy(s->master_key, key, len);
2593 s->master_key_length = len;
2596 SSL_get_client_random(s)
2599 ST(0) = sv_newmortal(); /* Undefined to start with */
2600 sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
2603 SSL_get_server_random(s)
2606 ST(0) = sv_newmortal(); /* Undefined to start with */
2607 sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
2610 SSL_get_keyblock_size(s)
2614 s->enc_read_ctx == NULL ||
2615 s->enc_read_ctx->cipher == NULL ||
2616 s->read_hash == NULL)
2622 const EVP_CIPHER *c;
2624 c = s->enc_read_ctx->cipher;
2625 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
2626 h = EVP_MD_CTX_md(s->read_hash);
2631 RETVAL = 2 * (EVP_CIPHER_key_length(c) +
2633 EVP_CIPHER_iv_length(c));
2640 #ifdef SSL_F_SSL_SET_HELLO_EXTENSION
2642 SSL_set_hello_extension(s, type, data)
2648 char * data = SvPV( ST(2), len);
2650 RETVAL = SSL_set_hello_extension(s, type, data, len);
2655 SSL_set_session_secret_cb(s,func,data=NULL)
2660 ssleay_session_secret_cb_t* cb;
2662 if (func == NULL || func == &PL_sv_undef) {
2663 ssleay_session_secret_cb_free(s);
2664 SSL_set_session_secret_cb(s, NULL, NULL);
2666 cb = ssleay_session_secret_cb_new(s, func, data);
2667 SSL_set_session_secret_cb(s, (int (*)(SSL *s, void *secret, int *secret_len,
2668 STACK_OF(SSL_CIPHER) *peer_ciphers,
2669 SSL_CIPHER **cipher, void *arg))&ssleay_session_secret_cb_invoke, cb);
2674 #define REM_EOF "/* EOF - SSLeay.xs */"