tls_connection_set_log_cb() function

tls_connection_established - Has the TLS connection been completed? @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: 1 if TLS connection has been completed, 0 if not.

tls_connection_deinit - Free TLS connection data @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Release all resources allocated for TLS connection.

tls_connection_resumed - Was session resumption used @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: 1 if current session used session resumption, 0 if not

tls_get_cipher - Get current cipher name @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @buf: Buffer for the cipher name @buflen: buf size Returns: 0 on success, -1 on failure Get the name of the currently used cipher.

tls_connection_client_hello_ext - Set TLS extension for ClientHello @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @ext_type: Extension type @data: Extension payload (%NULL to remove extension) @data_len: Extension payload length Returns: 0 on success, -1 on failure

tls_connection_get_failed - Get connection failure status @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns >0 if connection has failed, 0 if not.

tls_connection_shutdown - Shutdown TLS connection @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: 0 on success, -1 on failure Shutdown current TLS connection without releasing all resources. New connection can be started by using the same conn without having to call tls_connection_init() or setting certificates etc. again. The new connection should try to use session resumption.

tls_connection_set_params - Set TLS connection parameters @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @params: Connection parameters Returns: 0 on success, -1 on failure, TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine failure, or TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the PKCS#11 engine private key, or TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine failure.

tls_connection_get_random - Get random data from TLS connection @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @data: Structure of client/server random data (filled on success) Returns: 0 on success, -1 on failure

tls_connection_export_key - Derive keying material from a TLS connection @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @label: Label (e.g., description of the key) for PRF @context: Optional extra upper-layer context (max len 2^16) @context_len: The length of the context value @out: Buffer for output data from TLS-PRF @out_len: Length of the output buffer Returns: 0 on success, -1 on failure Exports keying material using the mechanism described in RFC 5705. If context is %NULL, context is not provided; otherwise, context is provided (including the case of empty context with context_len == 0).

tls_connection_get_eap_fast_key - Derive key material for EAP-FAST @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @out: Buffer for output data from TLS-PRF @out_len: Length of the output buffer Returns: 0 on success, -1 on failure Exports key material after the normal TLS key block for use with EAP-FAST. Most callers will want tls_connection_export_key(), but EAP-FAST uses a different legacy mechanism.

tls_connection_handshake - Process TLS handshake (client side) @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Input data from TLS server @appl_data: Pointer to application data pointer, or %NULL if dropped Returns: Output data, %NULL on failure The caller is responsible for freeing the returned output data. If the final handshake message includes application data, this is decrypted and appl_data (if not %NULL) is set to point this data. The caller is responsible for freeing appl_data. This function is used during TLS handshake. The first call is done with in_data == %NULL and the library is expected to return ClientHello packet. This packet is then send to the server and a response from server is given to TLS library by calling this function again with in_data pointing to the TLS message from the server. If the TLS handshake fails, this function may return %NULL. However, if the TLS library has a TLS alert to send out, that should be returned as the output data. In this case, tls_connection_get_failed() must return failure (> 0). tls_connection_established() should return 1 once the TLS handshake has been completed successfully.

tls_connection_encrypt - Encrypt data into TLS tunnel @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Plaintext data to be encrypted Returns: Encrypted TLS data or %NULL on failure This function is used after TLS handshake has been completed successfully to send data in the encrypted tunnel. The caller is responsible for freeing the returned output data.

tls_connection_decrypt - Decrypt data from TLS tunnel @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Encrypted TLS data Returns: Decrypted TLS data or %NULL on failure This function is used after TLS handshake has been completed successfully to receive data from the encrypted tunnel. The caller is responsible for freeing the returned output data.

tls_connection_set_cipher_list - Configure acceptable cipher suites @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers (TLS_CIPHER_*). Returns: 0 on success, -1 on failure

tls_get_version - Get the current TLS version number @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @buf: Buffer for returning the TLS version number @buflen: buf size Returns: 0 on success, -1 on failure Get the currently used TLS version number.

tls_connection_enable_workaround - Enable TLS workaround options @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: 0 on success, -1 on failure This function is used to enable connection-specific workaround options for buffer SSL/TLS implementations.

tls_connection_set_verify - Set certificate verification options @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @verify_peer: 0 = do not verify peer certificate, 1 = verify peer certificate (require it to be provided), 2 = verify peer certificate if provided @flags: Connection flags (TLS_CONN_*) @session_ctx: Session caching context or %NULL to use default @session_ctx_len: Length of @session_ctx in bytes. Returns: 0 on success, -1 on failure

tls_connection_server_handshake - Process TLS handshake (server side) @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() @in_data: Input data from TLS peer @appl_data: Pointer to application data pointer, or %NULL if dropped Returns: Output data, %NULL on failure The caller is responsible for freeing the returned output data.

tls_connection_get_read_alerts - Get connection read alert status @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: Number of times a fatal read (remote end reported error) has happened during this connection.

tls_connection_get_write_alerts - Get connection write alert status @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: Number of times a fatal write (locally detected error) has happened during this connection.

tls_connection_peer_serial_num - Fetch peer certificate serial number @tls_ctx: TLS context data from tls_init() @conn: Connection context data from tls_connection_init() Returns: Allocated string buffer containing the peer certificate serial number or %NULL on error. The caller is responsible for freeing the returned buffer with os_free().

tls_get_tls_unique - Fetch "tls-unique" for channel binding @conn: Connection context data from tls_connection_init() @buf: Buffer for returning the value @max_len: Maximum length of the buffer in bytes Returns: Number of bytes written to buf or -1 on error This function can be used to fetch "tls-unique" (RFC 5929, Section 3) which is the first TLS Finished message sent in the most recent TLS handshake of the TLS connection.

tls_connection_get_cipher_suite - Get current TLS cipher suite @conn: Connection context data from tls_connection_init() Returns: TLS cipher suite of the current connection or 0 on error

tls_connection_get_peer_subject - Get peer subject @conn: Connection context data from tls_connection_init() Returns: Peer subject or %NULL if not authenticated or not available

tls_connection_get_own_cert_used - Was own certificate used @conn: Connection context data from tls_connection_init() Returns: true if own certificate was used during authentication