1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=head1 NAME 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimSSL_CTX_use_serverinfo_ex, 6*e71b7053SJung-uk KimSSL_CTX_use_serverinfo, 7*e71b7053SJung-uk KimSSL_CTX_use_serverinfo_file 8*e71b7053SJung-uk Kim- use serverinfo extension 9*e71b7053SJung-uk Kim 10*e71b7053SJung-uk Kim=head1 SYNOPSIS 11*e71b7053SJung-uk Kim 12*e71b7053SJung-uk Kim #include <openssl/ssl.h> 13*e71b7053SJung-uk Kim 14*e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, 15*e71b7053SJung-uk Kim const unsigned char *serverinfo, 16*e71b7053SJung-uk Kim size_t serverinfo_length); 17*e71b7053SJung-uk Kim 18*e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, 19*e71b7053SJung-uk Kim size_t serverinfo_length); 20*e71b7053SJung-uk Kim 21*e71b7053SJung-uk Kim int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); 22*e71b7053SJung-uk Kim 23*e71b7053SJung-uk Kim=head1 DESCRIPTION 24*e71b7053SJung-uk Kim 25*e71b7053SJung-uk KimThese functions load "serverinfo" TLS extensions into the SSL_CTX. A 26*e71b7053SJung-uk Kim"serverinfo" extension is returned in response to an empty ClientHello 27*e71b7053SJung-uk KimExtension. 28*e71b7053SJung-uk Kim 29*e71b7053SJung-uk KimSSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from 30*e71b7053SJung-uk Kima byte array into B<ctx>. The B<version> parameter specifies the format of the 31*e71b7053SJung-uk Kimbyte array provided in B<*serverinfo> which is of length B<serverinfo_length>. 32*e71b7053SJung-uk Kim 33*e71b7053SJung-uk KimIf B<version> is B<SSL_SERVERINFOV2> then the extensions in the array must 34*e71b7053SJung-uk Kimconsist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then 35*e71b7053SJung-uk Kimlength bytes of extension_data. The context and type values have the same 36*e71b7053SJung-uk Kimmeaning as for L<SSL_CTX_add_custom_ext(3)>. If serverinfo is being loaded for 37*e71b7053SJung-uk Kimextensions to be added to a Certificate message, then the extension will only 38*e71b7053SJung-uk Kimbe added for the first certificate in the message (which is always the 39*e71b7053SJung-uk Kimend-entity certificate). 40*e71b7053SJung-uk Kim 41*e71b7053SJung-uk KimIf B<version> is B<SSL_SERVERINFOV1> then the extensions in the array must 42*e71b7053SJung-uk Kimconsist of a 2-byte Extension Type, a 2-byte length, and then length bytes of 43*e71b7053SJung-uk Kimextension_data. The type value has the same meaning as for 44*e71b7053SJung-uk KimL<SSL_CTX_add_custom_ext(3)>. The following default context value will be used 45*e71b7053SJung-uk Kimin this case: 46*e71b7053SJung-uk Kim 47*e71b7053SJung-uk Kim SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO 48*e71b7053SJung-uk Kim | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION 49*e71b7053SJung-uk Kim 50*e71b7053SJung-uk KimSSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() 51*e71b7053SJung-uk Kimexcept that there is no B<version> parameter so a default version of 52*e71b7053SJung-uk KimSSL_SERVERINFOV1 is used instead. 53*e71b7053SJung-uk Kim 54*e71b7053SJung-uk KimSSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from 55*e71b7053SJung-uk KimB<file> into B<ctx>. The extensions must be in PEM format. Each extension 56*e71b7053SJung-uk Kimmust be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each 57*e71b7053SJung-uk KimPEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for 58*e71b7053SJung-uk KimSSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data. 59*e71b7053SJung-uk Kim 60*e71b7053SJung-uk KimIf more than one certificate (RSA/DSA) is installed using 61*e71b7053SJung-uk KimSSL_CTX_use_certificate(), the serverinfo extension will be loaded into the 62*e71b7053SJung-uk Kimlast certificate installed. If e.g. the last item was a RSA certificate, the 63*e71b7053SJung-uk Kimloaded serverinfo extension data will be loaded for that certificate. To 64*e71b7053SJung-uk Kimuse the serverinfo extension for multiple certificates, 65*e71b7053SJung-uk KimSSL_CTX_use_serverinfo() needs to be called multiple times, once B<after> 66*e71b7053SJung-uk Kimeach time a certificate is loaded via a call to SSL_CTX_use_certificate(). 67*e71b7053SJung-uk Kim 68*e71b7053SJung-uk Kim=head1 RETURN VALUES 69*e71b7053SJung-uk Kim 70*e71b7053SJung-uk KimOn success, the functions return 1. 71*e71b7053SJung-uk KimOn failure, the functions return 0. Check out the error stack to find out 72*e71b7053SJung-uk Kimthe reason. 73*e71b7053SJung-uk Kim 74*e71b7053SJung-uk Kim=head1 COPYRIGHT 75*e71b7053SJung-uk Kim 76*e71b7053SJung-uk KimCopyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. 77*e71b7053SJung-uk Kim 78*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 79*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 80*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 81*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 82*e71b7053SJung-uk Kim 83*e71b7053SJung-uk Kim=cut 84