NetBSD/lib/libcrypto/man/SSL_CTX_new.3

224 lines
7.8 KiB
Groff
Raw Normal View History

2002-02-07 10:00:09 +03:00
.\" $NetBSD: SSL_CTX_new.3,v 1.2 2002/02/07 07:00:40 ross Exp $
.\"
.\" Automatically generated by Pod::Man version 1.02
.\" Thu Apr 12 19:27:18 2001
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` `
. ds C' '
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
. .
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "SSL_CTX_new 3"
.TH SSL_CTX_new 3 "0.9.6a" "2001-04-12" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
.SH "LIBRARY"
libcrypto, -lcrypto
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
2002-02-07 10:00:09 +03:00
\& #include \*[Lt]openssl/ssl.h\*[Gt]
.Ve
.Vb 1
\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish
\&\s-1TLS/SSL\s0 enabled connections.
.SH "NOTES"
.IX Header "NOTES"
The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist
in a generic type (for client and server use), a server only type, and a
client only type. \fBmethod\fR can be of the following types:
.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4
.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)"
A \s-1TLS/SSL\s0 connection established with these methods will only understand
the SSLv2 protocol. A client will send out SSLv2 client hello messages
and will also indicate that it only understand SSLv2. A server will only
understand SSLv2 client hello messages.
.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4
.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
SSLv3 protocol. A client will send out SSLv3 client hello messages
and will indicate that it only understands SSLv3. A server will only understand
SSLv3 client hello messages. This especially means, that it will
not understand SSLv2 client hello messages which are widely used for
compatibility reasons, see SSLv23_*\fI_method()\fR.
.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4
.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
TLSv1 protocol. A client will send out TLSv1 client hello messages
and will indicate that it only understands TLSv1. A server will only understand
TLSv1 client hello messages. This especially means, that it will
not understand SSLv2 client hello messages which are widely used for
compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
SSLv3 client hello messages.
.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
and will indicate that it also understands SSLv3 and TLSv1. A server will
understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
choice when compatibility is a concern.
.PP
If a generic method is used, it is necessary to explicitly set client or
server mode with SSL_set_connect_state(3)
or \fISSL_set_accept_state()\fR.
.PP
The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or
\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose
e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
clients, but to only allow newer protocols like SSLv3 or TLSv1.
.PP
\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
the callbacks, the keys and certificates, and the options to its default
values.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following return values can occur:
.Ip "\s-1NULL\s0" 4
.IX Item "NULL"
The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to
find out the reason.
.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4
.IX Item "Pointer to an SSL_CTX object"
The return value points to an allocated \s-1SSL_CTX\s0 object.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
SSL_CTX_free(3), SSL_accept(3),
ssl(3), SSL_set_connect_state(3)