--- /dev/null
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto
+- handle ECDH keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+#include <openssl/ssl.h>
+
+long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh);
+long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh);
+
+long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);
+long SSL_set_ecdh_auto(SSL *ssl, int state);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B<ecdh>.
+The key is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_set_tmp_ecdh() sets the parameters only for B<ssl>.
+
+SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and
+have no effect.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0
+on failure.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_CTX_set1_curves(3)>, L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_options(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<ciphers(1)>, L<ecparam(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+=item long B<SSL_CTX_set_tmp_ecdh>(SSL_CTX* ctx, const EC_KEY *ecdh);
+
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
=item void B<SSL_set_timeout>(SSL *ssl, long t);
+=item long B<SSL_set_tmp_dh>(SSL *ssl, DH *dh);
+
+=item long B<SSL_set_tmp_dh_callback>(SSL *ssl, DH *(*cb)(void));
+
+=item long B<SSL_set_tmp_ecdh>(SSL *ssl, const EC_KEY *ecdh);
+
=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
L<SSL_CTX_set_ssl_version(3)>,
L<SSL_CTX_set_timeout(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_ecdh(3)>,
L<SSL_CTX_set_verify(3)>,
L<SSL_CTX_use_certificate(3)>,
L<SSL_alert_type_string(3)>,
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return ret;
+ return 0;
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
- return ret;
+ return 0;
}
EVP_PKEY_free(s->cert->dh_tmp);
s->cert->dh_tmp = pkdh;
- ret = 1;
+ return 1;
}
break;
case SSL_CTRL_SET_TMP_DH_CB:
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
- return 1;
+ return 0;
}
EVP_PKEY_free(ctx->cert->dh_tmp);
ctx->cert->dh_tmp = pkdh;
SSL_CTX_set1_sigalgs_list define
SSL_CTX_set1_verify_cert_store define
SSL_CTX_set_current_cert define
+SSL_CTX_set_ecdh_auto define
SSL_CTX_set_max_cert_list define
SSL_CTX_set_max_pipelines define
SSL_CTX_set_max_proto_version define
SSL_CTX_set_tlsext_status_type define
SSL_CTX_set_tlsext_ticket_key_cb define
SSL_CTX_set_tmp_dh define
+SSL_CTX_set_tmp_ecdh define
SSL_add0_chain_cert define
SSL_add1_chain_cert define
SSL_build_cert_chain define
SSL_set1_sigalgs_list define
SSL_set1_verify_cert_store define
SSL_set_current_cert define
+SSL_set_ecdh_auto define
SSL_set_max_cert_list define
SSL_set_max_pipelines define
SSL_set_max_proto_version define
SSL_set_tlsext_status_ocsp_resp define
SSL_set_tlsext_status_type define
SSL_set_tmp_dh define
+SSL_set_tmp_ecdh define
SSL_want_async define
SSL_want_async_job define
SSL_want_client_hello_cb define
projects / openssl.git / commitdiff