1 (This quick reference list was contributed by anton@genua.de. Thanks, --Sampo)
3 Net::SSLeay - useful function prototypes
6 #----------------------------------
7 # Import frequently used functions
8 #----------------------------------
10 use Net::SSLeay qw(die_now die_if_ssl_error);
12 $errs = die_if_ssl_error($msg);
13 Program dies with $msg if print_errs() was able to find and print
15 $errs is 0 if no error occurred.
18 Program dies unconditionally! print_errs($msg) is used to print out
22 #--------------------------
24 #--------------------------
26 $count = Net::SSLeay::print_errs($msg);
27 Prints SSLeay-error stack with included $msg via 'warn'. Number of
28 printed errors is returned (->$count).
30 void Net::SSLeay::randomize($seed_file,$seed_string);
31 void Net::SSLeay::randomize();
32 Load random bytes from $seed_file and from string $seed_string.
33 Also uses $Net::SSLeay::random_device and $Net::SSLeay::how_random
34 (Bits!) if used without parameters.
36 void Net::SSLeay::RAND_seed($seed_string);
37 Seeds randomgenerator with $seed_string.
39 $bytes_read = Net::SSLeay::RAND_load_file($file_name, $how_much);
40 Loads $how_much bytes randomness from file $file_name.
42 $bytes_written = Net::SSLeay::RAND_write_file($file_name);
43 Writes randomness to $file_name.
45 void Net::SSLeay::load_error_strings();
46 Load SSL error messages to make error output more informative.
48 void Net::SSLeay::ERR_load_crypto_strings();
49 Load crypto-API related error messages.
51 void Net::SSLeay::SSLeay_add_ssl_algorithms();
52 Add support for supported ciphers.
54 void Net::SSLeay::ENGINE_load_builtin_engines
55 Load any built-in SSL engines suported by the underlybing OpenSSL
57 void Net::SSLeay::ENGINE_register_all_complete
58 Register any built-in SSL engines
60 $ctx = Net::SSLeay::CTX_new();
63 int Net::SSLeay::CTX_set_default_verify_paths($ctx);
64 Load default location where to find certificates to verify
65 remote certificates. This value is precompiled in SSLeay-Toolkit.
67 int Net::SSLeay::CTX_load_verify_locations($ctx, $cert_file, $cert_dir);
68 Set verify location. File with certificates or hashed directory.
70 void Net::SSLeay::CTX_set_verify($ctx, $mode , \&verify_cb);
71 Set mode and callback what to do with remote certificates.
73 &Net::SSLeay::VERIFY_NONE
74 &Net::SSLeay::VERIFY_PEER
75 &Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT
76 &Net::SSLeay::VERIFY_CLIENT_ONCE
78 $ok = verify_cb($ok,$x509_store_ctx);
79 Callback gets info if SSL-toolkit verified certificate ($ok)
80 and certificate store location.
82 void Net::SSLeay::CTX_set_default_passwd_cb($ctx,\&passwd_cb);
83 If our RSA private key is passphrase protected and this callback is
84 defined, then do not ask on the terminal but call the function.
86 $passwd = verify_cb($verify);
87 If $verify is true, then the callback is supposed to make sure
88 the returned password has been verified.
90 $bool = Net::SSLeay::CTX_use_certificate_file($ctx,$cert,$type);
91 $bool = Net::SSLeay::CTX_use_PrivateKey_file($ctx,$key,$type);
92 Functions to load cert/key from filename ($cert/$key) with filetype
93 $type into SSL-context.
95 &Net::SSLeay::FILETYPE_PEM
97 $ssl = Net::SSLeay::new($ctx)
98 Creates a SSL-session in context $ctx. Returns 0 on failure.
100 $bool = Net::SSLeay::use_certificate_file($ssl,$cert,$type);
101 $bool = Net::SSLeay::use_RSAPrivateKey_file($ssl,$key,$type);
102 Functions to load cert/key from filename ($cert/$key) with filetype
103 $type into SSL-session.
105 &Net::SSLeay::FILETYPE_PEM
107 $bool = Net::SSLeay::set_fd($ssl, fileno(S));
108 Connect SSL-Toolkit with TCP-connection.
111 $bool 0-failure 1-success
113 $bool = Net::SSLeay::accept($ssl);
114 Make SSL-handshake on hot connection. I am server!
116 $bool 0-failure 1-success
118 $bool = Net::SSLeay::connect($ssl);
119 Make SSL-handshake on hot connection. I am client!
121 $bool 0-failure 1-success
123 $x509 = Net::SSLeay::get_peer_certificate($ssl);
124 Get X509 certificate from SSL_session.
126 $x509 = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx)
127 Extract current certificate from cert-store. Cert-store is
130 $asn1_utctime = Net::SSLeay::X509_get_notBefore($x509);
131 $asn1_utctime = Net::SSLeay::X509_get_notAfter($x509);
132 $x509_name = Net::SSLeay::X509_get_subject_name($x509);
133 $x509_name = Net::SSLeay::X509_get_issuer_name($x509);
134 ($type1, $subject1, $type2, $subject2, ...) = Net::SSLeay::X509_get_subjectAltNames($x509)
135 subjectAltName types as per x509v3.h GEN_* for example:
138 Return information from a certificate.
140 $string = Net::SSLeay::P_ASN1_UTCTIME_put2string($asn1_utctime);
141 Convert a asn1_utctime structure to a printable string.
143 $string = Net::SSLeay::X509_NAME_oneline($x509_name);
144 Convert a x509_name structure to a printable string.
146 $string = Net::SSLeay::get_cipher($ssl)
147 Return the active cipher from SSL-session $ssl.
149 $string = Net::SSLeay::dump_peer_certificate($ssl)
150 Return Subject/Issuer from peer-certificate in printable string.
152 $string = Net::SSLeay::PEM_get_string_X509($x509);
153 Returns a printable string containing the X509 certificate PEM encoded
156 $mode = Net::SSLeay::CTX_get_verify_mode($ctx)
157 Return verify-mode previously set with CTX_set_verify in SSL-context.
159 $mode = Net::SSLeay::get_verify_mode($ssl)
160 Return verify-mode in SSL-session.
162 $written_bytes = Net::SSLeay::ssl_write_all($ssl,$string);
163 Write $string to SSL-session. This call returns undef if write failed.
164 The whole string gets written!
166 $written_bytes = $Net::SSLeay::write($ssl,$string);
167 Write $string to SSL-session. This call returns immediately. SSL maybe
168 wrote the string not completely - check yourself or use ssl_write_all!
170 $string = Net::SSLeay::ssl_read_all($ssl,$how_much);
171 Read everything available from the SSL-session and return it. Read a
172 maximum of $how_much Bytes (default: 2000000000).
174 $string = Net::SSLeay::read($ssl);
175 Read one bunch of data from the SSL-session and return.
177 void Net::SSLeay::free ($ssl);
178 Free ressources from the SSL-session.
180 void Net::SSLeay::CTX_free ($ctx);
181 Free ressources from the SSL-context.
184 #----------------------
186 #----------------------
188 $hash = Net::SSLeay:MD5($data);
189 Computes md5 hash over $data. $hash is a binary string! Convert it to
190 a printable with $string = unpack("H32",Net::SSLeay::MD5($data));
193 #----------------------
194 # TCP-Connection hints
195 #----------------------
197 # Make socket unbuffered after connect succeeded.
199 select(S); $| = 1; select(STDOUT);
201 # Close connection by half... from client to server. This signals EOF to
202 # server. (Clear some buffers, too...??)
203 # Use this if finished with sending data to remote side.
206 # Finally close connection. Do this after reading everything availlable!
218 my ($remote,$port, $iaddr, $paddr, $proto, $line);
220 $remote = shift || 'localhost';
221 $port = shift || 3000; # random port
222 if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
223 die "No port" unless $port;
224 $iaddr = inet_aton($remote) || die "no host: $remote";
225 $paddr = sockaddr_in($port, $iaddr);
227 $proto = getprotobyname('tcp');
228 socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";
229 connect(SOCK, $paddr) || die "connect: $!";
230 while (defined($line = <SOCK>)) {
234 close (SOCK) || die "close: $!";
238 #--------------------
240 #--------------------
242 # #!/usr/bin/perl -Tw
244 BEGIN { $ENV{PATH} = '/usr/ucb:/bin' }
248 sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" }
250 my $EOL = "\015\012";
252 my $port = shift || 3000;
253 my $proto = getprotobyname('tcp');
254 $port = $1 if $port =~ /(\d+)/; # untaint port number
256 socket(Server, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";
257 setsockopt(Server, SOL_SOCKET, SO_REUSEADDR,
258 pack("l", 1)) || die "setsockopt: $!";
260 bind(Server, sockaddr_in($port, INADDR_ANY)) || die "bind: $!";
261 listen(Server,SOMAXCONN) || die "listen: $!";
263 logmsg "server started on port $port";
267 for ( ; $paddr = accept(Client,Server); close Client) {
268 my($port,$iaddr) = sockaddr_in($paddr);
269 my $name = gethostbyaddr($iaddr,AF_INET);
271 logmsg "connection from $name [",
272 inet_ntoa($iaddr), "]
275 print Client "Hello there, $name, it's now ",
276 scalar localtime, $EOL;