ne_ssl_context_create, ne_ssl_context_trustcert, ne_ssl_context_trustdefca, ne_ssl_context_keypair, ne_ssl_context_set_clicert, ne_ssl_context_set_ccprovide, ne_ssl_context_set_versions, ne_ssl_context_set_verify, ne_ssl_context_set_flag, ne_ssl_context_get_flag, ne_ssl_context_destroy — SSL context management functions
#include <ne_ssl.h>
ne_ssl_context *ne_ssl_context_create(int mode);void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert);void ne_ssl_context_trustdefca(ne_ssl_context *ctx);int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert, const char *key);void ne_ssl_context_set_clicert(ne_ssl_context *ctx, const ne_ssl_client_cert *cc);void ne_ssl_context_set_ccprovide(ne_ssl_context *ctx, ne_ssl_ccprovide_fn provider, void *userdata);int ne_ssl_context_set_versions(ne_ssl_context *ctx, enum ne_ssl_protocol min, enum ne_ssl_protocol max);int ne_ssl_context_set_verify(ne_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas);void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value);int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag);void ne_ssl_context_destroy(ne_ssl_context *ctx);The ne_ssl_context_create function creates
an SSL context object. The mode parameter should
be NE_SSL_CTX_CLIENT for a client context,
NE_SSL_CTX_SERVER for a server context.
For a client context, the ne_ssl_context_trustcert
function configures the context to trust the certificate
cert. The ne_ssl_context_trustdefca
function configures the context to trust the default system certificate
authorities.
For a server context, the ne_ssl_context_keypair
function configures the server certificate and private key. The
cert and key parameters are
filenames to PEM-encoded certificates.
The ne_ssl_context_set_clicert function
configures a client certificate for a client context. The client
certificate cc must be in the decrypted state. The
certificate object is duplicated internally and may be destroyed by the
caller after the function returns.
The ne_ssl_context_set_ccprovide function
registers a callback to provide a client certificate on demand if
requested by the server. The provider callback
is passed the userdata pointer, an array of
acceptable CA distinguished names, and the count of names in the
array.
The ne_ssl_context_set_versions function
sets the minimum and maximum SSL/TLS protocol versions allowed for
the connection. This must be called before initiating the SSL handshake.
For a server context, the ne_ssl_context_set_verify
function configures client certificate verification. If
required is non-zero, a client certificate is
required. If ca_names is non-NULL, it specifies
a filename containing PEM certificates from which CA names are sent in
the client certificate request. The verify_cas
parameter specifies CAs used for verification.
The ne_ssl_context_set_flag function
sets a flag for the SSL context. The
ne_ssl_context_get_flag function retrieves
the current value of a flag. No flags are currently
defined.
The ne_ssl_context_destroy function destroys
an SSL context object and frees all associated resources.
ne_ssl_context_create returns an SSL context
object, or NULL on error.
ne_ssl_context_keypair,
ne_ssl_context_set_versions, and
ne_ssl_context_set_verify return zero on success,
or non-zero on error.
ne_ssl_context_get_flag returns the flag
value.