FORGOT YOUR DETAILS?

CREATE ACCOUNT

 

UNISON Help

Unison Help

  1. Unison Kernel
    1. Pthreads
      1. pthread_create()
      2. pthread_exit()
      3. pthread_self()
      4. pthread_equal()
      5. pthread_join()
      6. pthread_detach()
      7. pthread_setschedparam()
      8. pthread_getschedparam()
      9. pthread_attr_init()
      10. pthread_attr_destroy()
      11. pthread_attr_setstackaddr()
      12. pthread_attr_getstackaddr()
      13. pthread_attr_setstacksize()
      14. pthread_attr_getstacksize()
      15. pthread_attr_setschedparam()
      16. pthread_attr_getschedparam()
      17. pthread_attr_setdetachstate()
      18. pthread_attr_getdetachstate()
      19. pthread_stackinfo()
      20. pthread_setprio()
      21. pthread_getprio()
      22. sched_get_priority_max()
      23. sched_get_priority_min()
      24. sched_yield()
    2. Pthread Cancellation
      1. pthread_cleanup_pop()
      2. pthread_cleanup_push()
      3. pthread_cancel()
      4. pthread_setcanceltype()
      5. pthread_setcancelstate()
      6. pthread_testcancel()
    3. Mutex
      1. pthread_mutex_init()
      2. pthread_mutex_destroy()
      3. pthread_mutex_lock()
      4. pthread_mutex_trylock()
      5. pthread_mutex_unlock()
    4. Semaphores
      1. sem_open()
      2. sem_close()
      3. sem_unlink()
      4. sem_init()
      5. sem_destroy()
      6. sem_wait()
      7. sem_trywait()
      8. sem_timedwait()
      9. sem_post()
      10. sem_getvalue()
    5. Message Queues
      1. mq_open()
      2. mq_close()
      3. mq_unlink()
      4. mq_send()
      5. mq_receive()
      6. mq_notify()
      7. mq_setattr()
      8. mq_getattr()
      9. mq_timedreceive()
      10. mq_timedsend()
    6. Conditional Variables
      1. pthread_cond_init()
      2. pthread_cond_destroy()
      3. pthread_cond_wait()
      4. pthread_cond_timedwait()
      5. pthread_cond_signal()
      6. pthread_cond_broadcast()
      7. pthread_condattr_init()
      8. pthread_condattr_destroy()
    7. Barriers
      1. pthread_barrier_init()
      2. pthread_barrier_destroy()
      3. pthread_barrier_wait()
    8. Timers
      1. timer_create()
      2. timer_delete()
      3. timer_settime()
      4. timer_gettime()
      5. timer_getoverrun()
      6. timer_tick()
      7. nanosleep()
    9. Clocks
      1. time()
      2. uptime()
      3. sleep()
      4. clock_settime()
      5. clock_gettime()
      6. clock_getres()
      7. clock_init()
    10. Memory Allocation
      1. POSIX.1
        1. malloc()
        2. free()
      2. Variable Length (Pools)
        1. pool_create()
        2. pool_destroy()
        3. pool_alloc()
        4. pool_free()
      3. Fixed Length (Partitions)
        1. pt_create()
        2. pt_destroy()
        3. pt_getblock()
        4. pt_freeblock()
    11. Rendezvous
      1. mr_init()
      2. mr_send()
      3. mr_receive()
      4. mr_reply()
      5. mr_sigrecv()
      6. mr_sigpost()
    12. Interrupts
      1. interrupts
      2. i_disable()
      3. i_restore()
    13. Directory Services
      1. dir_register()
      2. dir_deregister()
      3. dir_lookup()
      4. dir_lookup_string()
    14. Miscellaneous
      1. checkIstack()
      2. NanoStart() or DSPexec_Start()
      3. _isrStackFill
      4. Kernel Scaling
      5. kfatal()
      6. kalloc()
      7. kfree()
      8. mpu or mmu
      9. pthreadStackFill
      10. thread_numb()
      11. thread_utilization_start()
      12. thread_utilization_stop()
      13. xprintf()
      14. xputs()
      15. xputchar()
  2. Unison I/O Library
    1. accept()
    2. bind()
    3. chmod()
    4. close()
    5. connect()
    6. creat()
    7. fstat()
    8. getpeername()
    9. getsockname()
    10. getsockopt()
    11. ioctl()
    12. link()
    13. listen()
    14. lseek()
    15. mkdir()
    16. mkfs()
    17. mount()
    18. open()
    19. read()
    20. recv()
    21. recvfrom()
    22. rename()
    23. renameat()
    24. rmdir()
    25. select()
    26. send()
    27. sendto()
    28. setsockopt()
    29. shutdown()
    30. socket()
    31. stat()
    32. sync()
    33. umount()
    34. unlink()
    35. write()
  3. Unison STDIO Library
    1. STDIO Library Calls
      1. clearerr()
      2. dprintf()
      3. fclose()
      4. fdopen()
      5. feof()
      6. ferror()
      7. fileno()
      8. fflush()
      9. fgetc()
      10. fgetpos()
      11. fgets()
      12. fopen()
      13. fprintf()
      14. fputc()
      15. fputs()
      16. fread()
      17. freopen()
      18. fscanf()
      19. fseek()
      20. fseeko()
      21. fsetpos()
      22. ftell()
      23. ftello()
      24. fwrite()
      25. getc()
      26. getc_unlocked()
      27. getchar()
      28. getchar_unlocked()
      29. getdelim()
      30. getline()
      31. gets()
      32. get_stderr_ptr()
      33. get_stdin_ptr()
      34. get_stdout_ptr()
      35. noperprintf()
      36. perprintf()
      37. perror()
      38. posix_compat()
      39. printf()
      40. putc()
      41. putc_unlocked()
      42. putchar()
      43. putchar_unlocked()
      44. puts()
      45. remove()
      46. rewind()
      47. scanf()
      48. setbuf()
      49. setvbuf()
      50. snprintf()
      51. sprintf()
      52. sscanf()
      53. stderr_init()
      54. stderr_close()
      55. stdin_init()
      56. stdin_close()
      57. stdout_init()
      58. stdout_close()
      59. vdprintf()
      60. vscanf()
      61. vsscanf()
      62. vfscanf()
      63. vprintf()
      64. vsnprintf()
      65. vsprintf()
      66. vfprintf()
      67. ungetc()
    2. Do-nothing Stubs
      1. ctermid()
      2. flockfile()
      3. fmemopen()
      4. ftrylockfile()
      5. open_memstream()
      6. pclose()
      7. popen()
      8. tempnam()
      9. tmpfile()
      10. tmpnam()
  4. Unison LIBC Library
    1. LIBC Library Calls
      1. assert()
      2. realloc()
      3. strcasecmp()
      4. strdup()
      5. strncasecmp()
      6. strftime()
    2. Do-nothing Stubs
      1. abort()
      2. execve()
      3. exit()
      4. _Exit()
      5. fork()
      6. getpid()
      7. isatty()
      8. kill()
      9. sbrk()
      10. times()
      11. wait()
    3. Do-nothing Wide-character Stubs
      1. <wchar.h>
      2. <wctype.h>
  5. Unison I/O Servers
    1. File Servers
      1. Multimedia File Server - fsys
      2. FAT File System - fatfs
      3. NAND File Server - nandfsys
      4. NOR File Server - norfsys
      5. Network File Server - nfs
  6. Graphics, Camera, Video, Audio
    1. Vendor Graphics
    2. Prism++ Graphics
    3. ADPCM Services - adpcmd
    4. Camera
  7. Network Protocols
    1. TCP and UDP Server - tcpd
      1. IPv4 only server
      2. IPv4/IPv6 server
    2. DHCP Client Service - dhcp client
    3. DHCP Server - dhcpd
    4. Telnet Server - telnetd
    5. Tiny FTP Server - tftpd
    6. Point to Point - pppd
    7. Network Translation - NAT with PAT
    8. Firewall
      1. Packet filter: pf
      2. Packet filter control: pfctl
      3. Fitler rules: pf.filtering
      4. Translation rules: pf.nat
    9. Tiny HTTP Server - thttpd
    10. Tiny HTTP Server with TLS
    11. POP3 Server
    12. Simple Mail Transfer Protocol Services (SMTP)
    13. Bootp Protocol
    14. File Transfer Protocol Server (FTP)
    15. File Transfer Client Services
    16. RPC / XDR
    17. DNS Client
    18. HTTP/HTTPS Client
    19. REST Client
    20. AutoIP Service - autoip client
    21. mDNS server - mdnsd
    22. SNTP Client
    23. SNMP Agent - Snmpd server
    24. SSL/TLS library
    25. SSH server
    26. IP security
      1. IPsec description
      2. IPsec administration: ipsecadm
      3. Virtual Private Network: VPN
    27. Power Control
      1. Motor and Motion Control Servers
      2. PWM, Encoders
    28. Serial I/O
      1. Asynchronous Serial I/O Server - ttyserver
      2. CAN Server - cand
      3. I2C Server - i2cd
      4. I2S Server - i2sd
    29. System Services
      1. Power Management Servers
      2. Login Service - login_services
      3. XML
      4. POSIX Shell and Login Service - posh
    30. Universal Serial Bus (USB)
      1. USB Server
      2. USB Device Server
      3. USB Embedded Host Server
    31. Wireless
      1. Wireless Servers and Drivers
      2. 802.15.4 Radio Servers
      3. TCP/v6 with 6loWPAN
      4. ZigBee
      5. BlueTooth Server
      6. 802.11 Wi-Fi
      7. GPRS, UHF and GPS Radio Servers
    32. Remedy Tools for Unison
      1. Remedy Data Logging and Event Display Tools
      2. Remedy Diagnostics
      3. Remedy Flash Downloader/Bootloader
      4. Remedy Power On Self Test - POST
      5. Remedy OS Object Viewer
      6. Remedy Remote Control Tools

7.24. SSL/TLS library #

NAME

SSL/TLS security library

SYNOPSIS

#include <ssl/ssltls.h>

 

DESCRIPTION

The SSL/TLS library implements the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. Current library version supports only TLS protocols v1.0 and v1.1.

For more portability library ssltls has API functions based on the OpenSSL API functions. But for more usability ssltls has several self-format API functions (non OpenSSL). All API are documented here.


Algorithms

ssltls supports a number of the most commonly used cryptographic algorithms:

Ciphers
AES128, AES256, RC4

Cryptographic hash functions
SHA, MD5

Key cryptography
RSA


API functions

SSL/TLS library initial functions

int SSL_library_init(void);
int OpenSSL_add_ssl_algorithms(void);

Description
Registers the available SSL/TLS ciphers and digests.
Return values
Always returns “1” – indicates that the function was successful.
NOTE! These functions are empty – only for OpenSSL more portability!

void SSL_load_error_strings(void);

Description
Registers the error strings for all ssltls functions.
Return values
None.
NOTE! This function is empty – only for OpenSSL more portability!

Key and certificate functions

void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

Description
Sets the password that is used to access data in a private key file that is in PEM format.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*u – a pointer to the password. The maximum length is 255 characters.
Return values
None.

int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);

Description
Loads the RSA private key for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*file – a pointer to the name of the file that contains the RSA private key.
type – the file type, which is one of the following:
SSL_FILETYPE_ASN1 – the file is in ASN.1 format
SSL_FILETYPE_PEM – the file is in PEM format
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);

Description
Loads the RSA private key stored in memory for use with a SSL session using a specific context CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*d – a pointer to the memory location that contains the RSA private key.
len – RSA private key length.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);

Description
Loads the certificate for use with SSL sessions using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*file – a pointer to the name of the file that contains the certificate.
type – the file type, which is one of the following:
SSL_FILETYPE_ASN1 – the file is in ASN.1 format
SSL_FILETYPE_PEM – the file is in PEM format
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);

Description
Loads the certificate stored in memory for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
len – certificate length.
*d – a pointer to the memory location that contains the certificate.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);

Description
Loads the certificate of the CA that is trusted by this application and that will be used to verify certificates that are received from remote applications.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*CAfile – a pointer to the name of the file that contain the certificate of the trusted CA. The file must be in PEM format.
*CApath – a pointer to the name of the directory that contains the certificates of the trusted CAs. This parameter must be NULL.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_load_verify_ASN1(SSL_CTX *ctx, unsigned char *d, long len);

Description
Loads the certificate stored in memory of the CA that is trusted by this application and that will be used to verify certificates that are received from remote applications.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*d – a pointer to the memory location that contains the certificate.
len – CA certificate length.
Return values
Return code “1” indicates that the function was successful.

Peer verification functions

void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *));
void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *));

Description
Indicates whether to verify the identity of the remote peer or not when the SSL session is started.
Parameters
*ctx / *s – a pointer to a token returned on the SSL_CTX_new() / SSL_new() call.
mode – one of the following verify options:
SSL_VERIFY_NONE – use this option if you do not want to verify the identity of the remote peer. Consider the following when using this option:

  • If the application is a server, the application will not request the certificate for the remote client.
  • If the application is a client, the certificate for the remote server application will be validated; however, the SSL session will be started regardless of whether or not the certificate for the remote server application is valid.

SSL_VERIFY_PEER – use this option to verify the identify of the remote peer when the SSL session is started. Consider the following when using this option:

  • If the application is a server, the application will request and verify the certificate for the remote client application. If the remote client application provides a certificate that is not valid, the SSL session fails.
  • If the application is a client, the certificate for the remote server application will be validated. If the certificate for the remote server application is not valid, the SSL session fails.

*verify_callback – callback function. This parameter must be NULL.
Return values
None.

int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
int SSL_get_verify_mode(const SSL *ssl);

Description
Returns the verification mode currently set in CTX structure or SSL session.
Parameters
*ctx / *s – a pointer to a token returned on the SSL_CTX_new() / SSL_new() call.
Return values
Returns current verify mode for CTX structure or SSL session. See description for functions SSL_CTX_set_verify() and SSL_set_verify().

long SSL_get_verify_result(const SSL *ssl);

Description
Returns the result of the remote peer certificate validation.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
See “X.509 verify errors” section in file “ssltls.h”.

void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_set_verify_depth(SSL *s, int depth);

Description
Sets the maximum depth for the certificate chain verification.
Parameters
*ctx / *s – a pointer to a token returned on the SSL_CTX_new() / SSL_new() call.
depth – verification depth.
Return values
None.
NOTE! These functions are empty – only for OpenSSL more portability!

int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
int SSL_get_verify_depth(const SSL *ssl);

Description
Returns current maximum depth for the certificate chain verification.
Parameters
*ctx / *s – a pointer to a token returned on the SSL_CTX_new() / SSL_new() call.
Return values
Always returns (-1) – no limit depth.
NOTE! These functions are empty – only for OpenSSL more portability!

Methods functions

const SSL_METHOD *TLSv1_server_method(void);

Description
Function indicates that the application is a server and supports TLSv1.0.
Return values
A pointer to the appropriate connection method.

const SSL_METHOD *TLSv1_client_method(void);

Description
Function indicates that the application is a client and supports TLSv1.0.
Return values
A pointer to the appropriate connection method.

const SSL_METHOD *TLSv1_1_server_method(void);

Description
Function indicates that the application is a server and supports TLSv1.1.
Return values
A pointer to the appropriate connection method.

const SSL_METHOD *TLSv1_1_client_method(void);

Description
Function indicates that the application is a client and supports TLSv1.1.
Return values
A pointer to the appropriate connection method.

Context create and delete functions

SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

Description
Creates a new context structure.
Parameters
*method – a pointer to the connection method that indicates which SSL/TLS versions are supported and whether the new CTX structure is for a client application or a server application.
Return values
Pointer to an SSL_CTX object. A NULL pointer indicates an error.

void SSL_CTX_free(SSL_CTX *ctx);

Description
Free an allocated context object.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
Return values
None.

long SSL_CTX_get_timeout(const SSL_CTX *ctx);

Description
Returns the timeout value for context object. Whenever a new SSL session is created, it is assigned a maximum lifetime – expiration time.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
Return values
Timeout value.

SSL session functions

SSL *SSL_new(SSL_CTX *ctx);

Description
Creates a new structure for use with an SSL session.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
Return values
Pointer to an SSL structure. A NULL pointer indicates an error.

void SSL_free(SSL *ssl);

Description
Free an allocated session object.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
None.

int SSL_set_fd(SSL *ssl, int fd);

Description
Assigns a socket to a SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
fd – the file descriptor of the socket.
Return values
Always return “1” – the function was successful.

int SSL_shutdown(SSL *ssl);

Description
Shuts down data flow for a SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Always return “1” – the function was successful.
NOTE! This function is empty – only for OpenSSL more portability!

int SSL_state(SSL *ssl);

Description
Returns state code for a SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Always returns 0x03 – OK state.
NOTE! This function is empty – only for OpenSSL more portability!

int SSL_connect(SSL *ssl);

Description
Starts a SSL session with a remote server application.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Return code “1” indicates that the function was successful.

int SSL_accept(SSL *ssl);

Description
Accepts a SSL session connection request from a remote client application.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Return code “1” indicates that the function was successful.

int SSL_read(SSL *ssl, void *buf, int num);

Description
Reads application data from a SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
*buf – a pointer to the buffer into which to read the data.
num – the maximum number of bytes of data that the application can read.
Return values
Returns the number of bytes of data that are read. A return code equal to 0 or a negative number indicates an error.

int SSL_write(SSL *ssl, const void *buf, int num);

Description
Writes application data across a SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
*buf – a pointer to the data to send.
num – the number of bytes of data to send.
Return values
Returns the number of bytes of data sent. A return code equal to 0 or a negative number indicates an error.

int SSL_get_error(const SSL *ssl, int ret);

Description
Returns information about why the previous SSL API call resulted in an error return code.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
ret – the return code from the previous SSL API call.
Return values
Returns one of the following values:

  • SSL_ERROR_NONE – No error to report. This is set when the value of the ret parameter is greater than 0.
  • SSL_ERROR_SYSCALL – An I/O error occurred.
  • SSL_ERROR_ZERO_RETURN – The remote application shut down the SSL connection normally.

const char *SSL_get_version(const SSL *ssl);

Description
Returns the protocol version of the current SSL connection.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Returns a character pointer to the name of the protocol version in use. Possible values are:

  • TLSv1.0 – The connection uses the TLS v1.0 protocol.
  • TLSv1.1 – The connection uses the TLS v1.1 protocol.
  • unknown – This indicates that no version has been set (no connection established).

const char *SSL_get_cipher(const SSL *ssl);
const char *SSL_get_cipher_name(const SSL *ssl);

Description
Returns the name of the cipher associated with a specific SSL session.
Parameters
*ssl – a pointer to a token returned on the SSL_new() call.
Return values
Returns a pointer to the cipher name. Possible values are:

  • AES128-SHA – AES128 (128-bit key) for data encryption; SHA for message integrity.
  • AES256-SHA – AES256 (256-bit key) for data encryption; SHA for message integrity.
  • RC4-SHA – RC4 (128-bit key) for data encryption; SHA for message integrity.
  • RC4-MD5 – RC4 (128-bit key) for data encryption; MD5 for message integrity.
  • unknown – This indicates error.

Non OpenSSL functions

void SSL_CTX_debug(SSL_CTX *ctx, int debug);

Description
Set debug output parameters.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
debug – one or more of the following verify options:

  • DBG_DISPLAY_STATES – display the state changes during the handshake.
  • DBG_DISPLAY_BYTES – display the byte sequences during the handshake.
  • DBG_DISPLAY_CERTS – display the certificates that are passed during a handshake.
  • DBG_DISPLAY_RSA – display the RSA key details that are passed during a handshake.

Return values
None.

int SSL_CTX_use_PKCS8_file(SSL_CTX *ctx, const char *file, char *password);

Description
Loads encrypted key in PKCS#8 format from file for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*file – a pointer to the name of the file that contains the key.
*password – a pointer to the password. The maximum length is 255 characters.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_PKCS8_memory(SSL_CTX *ctx, unsigned char *d, long len, char *password);

Description
Loads encrypted key in PKCS#8 format stored in memory for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*d – a pointer to the memory location that contains the key.
len – key length.
*password – a pointer to the password. The maximum length is 255 characters.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_PKCS12_file(SSL_CTX *ctx, const char *file, char *password);

Description
Loads encrypted key and certificate in PKCS#12 format from file for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*file – a pointer to the name of the file that contains the key and certificate.
*password – a pointer to the password. The maximum length is 255 characters.
Return values
Return code “1” indicates that the function was successful.

int SSL_CTX_use_PKCS12_memory(SSL_CTX *ctx, unsigned char *d, long len, char *password);

Description
Loads encrypted key and certificate in PKCS#12 format stored in memory for use with a SSL session using a specific CTX structure.
Parameters
*ctx – a pointer to a token returned on the SSL_CTX_new() call.
*d – a pointer to the memory location that contains the key and certificate.
len – key and certificate length.
*password – a pointer to the password. The maximum length is 255 characters.
Return values
Return code “1” indicates that the function was successful.


Library options

Library ssltls has a number of compilation options. These options allow switch-off some features, change some behaviour and debug messages control. All options are in the file “ssltls_config.h” in the library directory.

SSL_CLIENT_SUPPORT – control client functions
0 – library not contains SSL/TLS client capability
1 – library contains SSL/TLS client capability
Default value:
#define SSL_CLIENT_SUPPORT 1

SSL_SERVER_SUPPORT – control server functions
0 – library not contains SSL/TLS server capability
1 – library contains SSL/TLS server capability
Default value:
#define SSL_SERVER_SUPPORT 1

SSL_CERT_VERIFICATION – control certificate verification
0 – library not contains SSL/TLS certificate verification capability
1 – library contaisn SSL/TLS certificate verification capability
NOTE! This parameter can’t be disabled if client features are using!
Default value:
#define SSL_CERT_VERIFICATION 1

CONFIG_SSL_PROT_LOW – cipher order: RC4-SHA, AES128-SHA, AES256-SHA, RC4-MD5
CONFIG_SSL_PROT_MEDIUM – cipher order: AES128-SHA, AES256-SHA, RC4-SHA, RC4-MD5
CONFIG_SSL_PROT_HIGH – cipher order: AES256-SHA, AES128-SHA, RC4-SHA, RC4-MD5
These options allow to set cipher protocol preference. Selected order using during peers negotiate about work cipher algorithms.
Preference description:
LOW – the fastest cipher(s) but at the expense of security
MEDIUM – balance between speed and security
HIGH – the strongest cipher(s) at the cost of speed
NOTE! You have to select only one preference!
Default value:
//#define CONFIG_SSL_PROT_LOW
#define CONFIG_SSL_PROT_MEDIUM
//#define CONFIG_SSL_PROT_HIGH

DEBUG_DISPLAY – debug flags control
0 – disable debug flags control
1 – enable debug flags control
This parameter allow to control debug messages with help of function SSL_CTX_debug()
Default value:
#define DEBUG_DISPLAY 1

DEBUG_MSG – misc warnings and notifies
0 – disable misc warnings and notifies
1 – enable misc warnings and notifies
This parameter add output extra warnings and notifies.
Default value:
#define DEBUG_MSG 0

DEBUG_BIGINT – big integer debug
0 – disable big integer debug
1 – enable big integer debug
This parameter add output extra messages for big integer debug.
Default value:
#define DEBUG_BIGINT 0

 

NOTES

There are a SSL/TLS demo projects available for the Unison and DSPnano which is found in installdir/demo.

 

SEE ALSO

tcpd

« SNMP Agent - Snmpd server SSH server »
Suggest Edit

CONTACT US

TO GET YOUR PROJECT STARTED

TOP