xref: /freebsd-src/crypto/openssl/doc/man3/SSL_CTX_use_serverinfo.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5e71b7053SJung-uk KimSSL_CTX_use_serverinfo_ex,
6e71b7053SJung-uk KimSSL_CTX_use_serverinfo,
7e71b7053SJung-uk KimSSL_CTX_use_serverinfo_file
8e71b7053SJung-uk Kim- use serverinfo extension
9e71b7053SJung-uk Kim
10e71b7053SJung-uk Kim=head1 SYNOPSIS
11e71b7053SJung-uk Kim
12e71b7053SJung-uk Kim #include <openssl/ssl.h>
13e71b7053SJung-uk Kim
14e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
15e71b7053SJung-uk Kim                               const unsigned char *serverinfo,
16e71b7053SJung-uk Kim                               size_t serverinfo_length);
17e71b7053SJung-uk Kim
18e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
19e71b7053SJung-uk Kim                            size_t serverinfo_length);
20e71b7053SJung-uk Kim
21e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
22e71b7053SJung-uk Kim
23e71b7053SJung-uk Kim=head1 DESCRIPTION
24e71b7053SJung-uk Kim
25e71b7053SJung-uk KimThese functions load "serverinfo" TLS extensions into the SSL_CTX. A
26e71b7053SJung-uk Kim"serverinfo" extension is returned in response to an empty ClientHello
27e71b7053SJung-uk KimExtension.
28e71b7053SJung-uk Kim
29e71b7053SJung-uk KimSSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from
30e71b7053SJung-uk Kima byte array into B<ctx>. The B<version> parameter specifies the format of the
31e71b7053SJung-uk Kimbyte array provided in B<*serverinfo> which is of length B<serverinfo_length>.
32e71b7053SJung-uk Kim
33e71b7053SJung-uk KimIf B<version> is B<SSL_SERVERINFOV2> then the extensions in the array must
34e71b7053SJung-uk Kimconsist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then
35e71b7053SJung-uk Kimlength bytes of extension_data. The context and type values have the same
36e71b7053SJung-uk Kimmeaning as for L<SSL_CTX_add_custom_ext(3)>. If serverinfo is being loaded for
37e71b7053SJung-uk Kimextensions to be added to a Certificate message, then the extension will only
38e71b7053SJung-uk Kimbe added for the first certificate in the message (which is always the
39e71b7053SJung-uk Kimend-entity certificate).
40e71b7053SJung-uk Kim
41e71b7053SJung-uk KimIf B<version> is B<SSL_SERVERINFOV1> then the extensions in the array must
42e71b7053SJung-uk Kimconsist of a 2-byte Extension Type, a 2-byte length, and then length bytes of
43e71b7053SJung-uk Kimextension_data. The type value has the same meaning as for
44e71b7053SJung-uk KimL<SSL_CTX_add_custom_ext(3)>. The following default context value will be used
45e71b7053SJung-uk Kimin this case:
46e71b7053SJung-uk Kim
47e71b7053SJung-uk Kim SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
48e71b7053SJung-uk Kim | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
49e71b7053SJung-uk Kim
50e71b7053SJung-uk KimSSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex()
51e71b7053SJung-uk Kimexcept that there is no B<version> parameter so a default version of
52e71b7053SJung-uk KimSSL_SERVERINFOV1 is used instead.
53e71b7053SJung-uk Kim
54e71b7053SJung-uk KimSSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
55e71b7053SJung-uk KimB<file> into B<ctx>.  The extensions must be in PEM format.  Each extension
56e71b7053SJung-uk Kimmust be in a format as described above for SSL_CTX_use_serverinfo_ex().  Each
57e71b7053SJung-uk KimPEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for
58e71b7053SJung-uk KimSSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data.
59e71b7053SJung-uk Kim
60e71b7053SJung-uk KimIf more than one certificate (RSA/DSA) is installed using
61e71b7053SJung-uk KimSSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
62*b077aed3SPierre Proncherylast certificate installed.  If e.g. the last item was an RSA certificate, the
63e71b7053SJung-uk Kimloaded serverinfo extension data will be loaded for that certificate.  To
64e71b7053SJung-uk Kimuse the serverinfo extension for multiple certificates,
65e71b7053SJung-uk KimSSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
66e71b7053SJung-uk Kimeach time a certificate is loaded via a call to SSL_CTX_use_certificate().
67e71b7053SJung-uk Kim
68e71b7053SJung-uk Kim=head1 RETURN VALUES
69e71b7053SJung-uk Kim
70e71b7053SJung-uk KimOn success, the functions return 1.
71e71b7053SJung-uk KimOn failure, the functions return 0.  Check out the error stack to find out
72e71b7053SJung-uk Kimthe reason.
73e71b7053SJung-uk Kim
74*b077aed3SPierre Pronchery=head1 SEE ALSO
75*b077aed3SPierre Pronchery
76*b077aed3SPierre ProncheryL<ssl(7)>
77*b077aed3SPierre Pronchery
78e71b7053SJung-uk Kim=head1 COPYRIGHT
79e71b7053SJung-uk Kim
80e71b7053SJung-uk KimCopyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
81e71b7053SJung-uk Kim
82*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
83e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
84e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
85e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
86e71b7053SJung-uk Kim
87e71b7053SJung-uk Kim=cut
88