%PDF- %PDF-
Direktori : /proc/thread-self/root/proc/self/root/opt/cpanel/ea-openssl/etc/pki/tls/man/man3/ |
Current File : //proc/thread-self/root/proc/self/root/opt/cpanel/ea-openssl/etc/pki/tls/man/man3/SSL_get1_curves.3 |
.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_set1_curves 3" .TH SSL_CTX_set1_curves 3 "2019-12-20" "1.0.2u" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \- EC supported curve functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); \& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); \& \& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); \& int SSL_set1_curves_list(SSL *ssl, char *list); \& \& int SSL_get1_curves(SSL *ssl, int *curves); \& int SSL_get_shared_curve(SSL *s, int n); \& \& int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); \& int SSL_set_ecdh_auto(SSL *s, int onoff); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR curves in the array \fBclist\fR. The array consist of all NIDs of curves in preference order. For a \s-1TLS\s0 client the curves are used directly in the supported curves extension. For a \s-1TLS\s0 server the curves are used to determine the set of shared curves. .PP \&\fBSSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of curve NIDs or names, for example \*(L"P\-521:P\-384:P\-256\*(R". .PP \&\fBSSL_set1_curves()\fR and \fBSSL_set1_curves_list()\fR are similar except they set supported curves for the \s-1SSL\s0 structure \fBssl\fR. .PP \&\fBSSL_get1_curves()\fR returns the set of supported curves sent by a client in the supported curves extension. It returns the total number of supported curves. The \fBcurves\fR parameter can be \fB\s-1NULL\s0\fR to simply return the number of curves for memory allocation purposes. The \&\fBcurves\fR array is in the form of a set of curve NIDs in preference order. It can return zero if the client did not send a supported curves extension. .PP \&\fBSSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side \&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, NID_undef is returned. .PP \&\fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR set automatic curve selection for server \fBctx\fR or \fBssl\fR to \fBonoff\fR. If \fBonoff\fR is 1 then the highest preference curve is automatically used for \s-1ECDH\s0 temporary keys used during key exchange. .PP All these functions are implemented as macros. .SH "NOTES" .IX Header "NOTES" If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. .PP The functions \fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR can be used to make a server always choose the most appropriate curve for a client. If set it will override any temporary \s-1ECDH\s0 parameters set by a server. Previous versions of OpenSSL could effectively only use a single \s-1ECDH\s0 curve set using a function such as \fBSSL_CTX_set_ecdh_tmp()\fR. Newer applications should just call: .PP .Vb 1 \& SSL_CTX_set_ecdh_auto(ctx, 1); .Ve .PP and they will automatically support \s-1ECDH\s0 using the most appropriate shared curve. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set1_curves()\fR, \fBSSL_CTX_set1_curves_list()\fR, \fBSSL_set1_curves()\fR, \&\fBSSL_set1_curves_list()\fR, \fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR return 1 for success and 0 for failure. .PP \&\fBSSL_get1_curves()\fR returns the number of curves, which may be zero. .PP \&\fBSSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there is no shared curve \fBn\fR; or the total number of shared curves if \fBn\fR is \-1. .PP When called on a client \fBssl\fR, \fBSSL_get_shared_curve()\fR has no meaning and returns \-1. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2.