Package org.apache.tomcat.jni
Class SSL
java.lang.Object
org.apache.tomcat.jni.SSL
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final long
static final long
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic int
doHandshake
(long ssl) SSL_do_handshakestatic int
Get the status of FIPS Mode.static int
fipsModeSet
(int mode) Enable/Disable FIPS Mode.static void
freeBIO
(long bio) BIO_freestatic void
freeSSL
(long ssl) SSL_freestatic String
getAlpnSelected
(long ssl) SSL_get0_alpn_selectedstatic String
getCipherForSSL
(long ssl) SSL_get_cipher.static String[]
getCiphers
(long ssl) Returns all cipher suites that are enabled for negotiation in an SSL handshake.static String
getErrorString
(long errorNumber) Get the error number representing for the givenerrorNumber
.static int
getHandshakeCount
(long ssl) Return the handshake completed count.static int
Get the error number representing the last error OpenSSL encountered on this thread.static int
getOptions
(long ssl) Get OpenSSL Option.static byte[][]
getPeerCertChain
(long ssl) Get the peer certificate chain ornull
if non was send.static byte[]
getPeerCertificate
(long ssl) Get the peer certificate ornull
if non was send.static int
getPostHandshakeAuthInProgress
(long ssl) Is post handshake authentication in progress on this connection?static byte[]
getSessionId
(long ssl) Returns the ID of the session as byte array representation.static int
getShutdown
(long ssl) SSL_get_shutdownstatic long
getTime
(long ssl) SSL_get_timestatic String
getVersion
(long ssl) SSL_get_versionstatic int
initialize
(String engine) Initialize OpenSSL support.static int
isInInit
(long ssl) SSL_in_init.static long
makeNetworkBIO
(long ssl) Wire up internal and network BIOs for the given SSL instance.static long
newSSL
(long ctx, boolean server) SSL_newstatic int
pendingReadableBytesInSSL
(long ssl) SSL_pending.static int
pendingWrittenBytesInBIO
(long bio) BIO_ctrl_pending.static void
Sets global random filename.static int
readFromBIO
(long bio, long rbuf, int rlen) BIO_read.static int
readFromSSL
(long ssl, long rbuf, int rlen) SSL_readstatic int
renegotiate
(long ssl) SSL_renegotiatestatic int
renegotiatePending
(long ssl) SSL_renegotiate_pendingstatic boolean
setCipherSuites
(long ssl, String ciphers) Returns the cipher suites available for negotiation in SSL handshake.static void
setOptions
(long ssl, int options) Set OpenSSL Option.static void
setVerify
(long ssl, int level, int depth) Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.static int
shutdownSSL
(long ssl) SSL_shutdownstatic int
verifyClientPostHandshake
(long ssl) SSL_verify_client_post_handshakestatic int
version()
static String
static int
writeToBIO
(long bio, long wbuf, int wlen) BIO_write.static int
writeToSSL
(long ssl, long wbuf, int wlen) SSL_write.
-
Field Details
-
UNSET
public static final int UNSET- See Also:
-
SSL_ALGO_UNKNOWN
public static final int SSL_ALGO_UNKNOWN- See Also:
-
SSL_ALGO_RSA
public static final int SSL_ALGO_RSA- See Also:
-
SSL_ALGO_DSA
public static final int SSL_ALGO_DSA- See Also:
-
SSL_ALGO_ALL
public static final int SSL_ALGO_ALL- See Also:
-
SSL_AIDX_RSA
public static final int SSL_AIDX_RSA- See Also:
-
SSL_AIDX_DSA
public static final int SSL_AIDX_DSA- See Also:
-
SSL_AIDX_ECC
public static final int SSL_AIDX_ECC- See Also:
-
SSL_AIDX_MAX
public static final int SSL_AIDX_MAX- See Also:
-
SSL_TMP_KEY_RSA_512
public static final int SSL_TMP_KEY_RSA_512- See Also:
-
SSL_TMP_KEY_RSA_1024
public static final int SSL_TMP_KEY_RSA_1024- See Also:
-
SSL_TMP_KEY_RSA_2048
public static final int SSL_TMP_KEY_RSA_2048- See Also:
-
SSL_TMP_KEY_RSA_4096
public static final int SSL_TMP_KEY_RSA_4096- See Also:
-
SSL_TMP_KEY_DH_512
public static final int SSL_TMP_KEY_DH_512- See Also:
-
SSL_TMP_KEY_DH_1024
public static final int SSL_TMP_KEY_DH_1024- See Also:
-
SSL_TMP_KEY_DH_2048
public static final int SSL_TMP_KEY_DH_2048- See Also:
-
SSL_TMP_KEY_DH_4096
public static final int SSL_TMP_KEY_DH_4096- See Also:
-
SSL_TMP_KEY_MAX
public static final int SSL_TMP_KEY_MAX- See Also:
-
SSL_OPT_NONE
public static final int SSL_OPT_NONE- See Also:
-
SSL_OPT_RELSET
public static final int SSL_OPT_RELSET- See Also:
-
SSL_OPT_STDENVVARS
public static final int SSL_OPT_STDENVVARS- See Also:
-
SSL_OPT_EXPORTCERTDATA
public static final int SSL_OPT_EXPORTCERTDATA- See Also:
-
SSL_OPT_FAKEBASICAUTH
public static final int SSL_OPT_FAKEBASICAUTH- See Also:
-
SSL_OPT_STRICTREQUIRE
public static final int SSL_OPT_STRICTREQUIRE- See Also:
-
SSL_OPT_OPTRENEGOTIATE
public static final int SSL_OPT_OPTRENEGOTIATE- See Also:
-
SSL_OPT_ALL
public static final int SSL_OPT_ALL- See Also:
-
SSL_PROTOCOL_NONE
public static final int SSL_PROTOCOL_NONE- See Also:
-
SSL_PROTOCOL_SSLV2
public static final int SSL_PROTOCOL_SSLV2- See Also:
-
SSL_PROTOCOL_SSLV3
public static final int SSL_PROTOCOL_SSLV3- See Also:
-
SSL_PROTOCOL_TLSV1
public static final int SSL_PROTOCOL_TLSV1- See Also:
-
SSL_PROTOCOL_TLSV1_1
public static final int SSL_PROTOCOL_TLSV1_1- See Also:
-
SSL_PROTOCOL_TLSV1_2
public static final int SSL_PROTOCOL_TLSV1_2- See Also:
-
SSL_PROTOCOL_TLSV1_3
public static final int SSL_PROTOCOL_TLSV1_3- See Also:
-
SSL_PROTOCOL_ALL
public static final int SSL_PROTOCOL_ALL- See Also:
-
SSL_CVERIFY_UNSET
public static final int SSL_CVERIFY_UNSET- See Also:
-
SSL_CVERIFY_NONE
public static final int SSL_CVERIFY_NONE- See Also:
-
SSL_CVERIFY_OPTIONAL
public static final int SSL_CVERIFY_OPTIONAL- See Also:
-
SSL_CVERIFY_REQUIRE
public static final int SSL_CVERIFY_REQUIRE- See Also:
-
SSL_CVERIFY_OPTIONAL_NO_CA
public static final int SSL_CVERIFY_OPTIONAL_NO_CA- See Also:
-
SSL_VERIFY_NONE
public static final int SSL_VERIFY_NONE- See Also:
-
SSL_VERIFY_PEER
public static final int SSL_VERIFY_PEER- See Also:
-
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT- See Also:
-
SSL_VERIFY_CLIENT_ONCE
public static final int SSL_VERIFY_CLIENT_ONCE- See Also:
-
SSL_VERIFY_PEER_STRICT
public static final int SSL_VERIFY_PEER_STRICT- See Also:
-
SSL_OP_MICROSOFT_SESS_ID_BUG
public static final int SSL_OP_MICROSOFT_SESS_ID_BUG- See Also:
-
SSL_OP_NETSCAPE_CHALLENGE_BUG
public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG- See Also:
-
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG- See Also:
-
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG- See Also:
-
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER- See Also:
-
SSL_OP_MSIE_SSLV2_RSA_PADDING
public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING- See Also:
-
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG- See Also:
-
SSL_OP_TLS_D5_BUG
public static final int SSL_OP_TLS_D5_BUG- See Also:
-
SSL_OP_TLS_BLOCK_PADDING_BUG
public static final int SSL_OP_TLS_BLOCK_PADDING_BUG- See Also:
-
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS- See Also:
-
SSL_OP_ALL
public static final int SSL_OP_ALL- See Also:
-
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION- See Also:
-
SSL_OP_NO_COMPRESSION
public static final int SSL_OP_NO_COMPRESSION- See Also:
-
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION- See Also:
-
SSL_OP_SINGLE_ECDH_USE
public static final int SSL_OP_SINGLE_ECDH_USE- See Also:
-
SSL_OP_SINGLE_DH_USE
public static final int SSL_OP_SINGLE_DH_USE- See Also:
-
SSL_OP_EPHEMERAL_RSA
public static final int SSL_OP_EPHEMERAL_RSA- See Also:
-
SSL_OP_CIPHER_SERVER_PREFERENCE
public static final int SSL_OP_CIPHER_SERVER_PREFERENCE- See Also:
-
SSL_OP_TLS_ROLLBACK_BUG
public static final int SSL_OP_TLS_ROLLBACK_BUG- See Also:
-
SSL_OP_NO_SSLv2
public static final int SSL_OP_NO_SSLv2- See Also:
-
SSL_OP_NO_SSLv3
public static final int SSL_OP_NO_SSLv3- See Also:
-
SSL_OP_NO_TLSv1
public static final int SSL_OP_NO_TLSv1- See Also:
-
SSL_OP_NO_TLSv1_2
public static final int SSL_OP_NO_TLSv1_2- See Also:
-
SSL_OP_NO_TLSv1_1
public static final int SSL_OP_NO_TLSv1_1- See Also:
-
SSL_OP_NO_TICKET
public static final int SSL_OP_NO_TICKET- See Also:
-
SSL_OP_NETSCAPE_CA_DN_BUG
public static final int SSL_OP_NETSCAPE_CA_DN_BUG- See Also:
-
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG- See Also:
-
SSL_CRT_FORMAT_UNDEF
public static final int SSL_CRT_FORMAT_UNDEF- See Also:
-
SSL_CRT_FORMAT_ASN1
public static final int SSL_CRT_FORMAT_ASN1- See Also:
-
SSL_CRT_FORMAT_TEXT
public static final int SSL_CRT_FORMAT_TEXT- See Also:
-
SSL_CRT_FORMAT_PEM
public static final int SSL_CRT_FORMAT_PEM- See Also:
-
SSL_CRT_FORMAT_NETSCAPE
public static final int SSL_CRT_FORMAT_NETSCAPE- See Also:
-
SSL_CRT_FORMAT_PKCS12
public static final int SSL_CRT_FORMAT_PKCS12- See Also:
-
SSL_CRT_FORMAT_SMIME
public static final int SSL_CRT_FORMAT_SMIME- See Also:
-
SSL_CRT_FORMAT_ENGINE
public static final int SSL_CRT_FORMAT_ENGINE- See Also:
-
SSL_MODE_CLIENT
public static final int SSL_MODE_CLIENT- See Also:
-
SSL_MODE_SERVER
public static final int SSL_MODE_SERVER- See Also:
-
SSL_MODE_COMBINED
public static final int SSL_MODE_COMBINED- See Also:
-
SSL_CONF_FLAG_CMDLINE
public static final int SSL_CONF_FLAG_CMDLINE- See Also:
-
SSL_CONF_FLAG_FILE
public static final int SSL_CONF_FLAG_FILE- See Also:
-
SSL_CONF_FLAG_CLIENT
public static final int SSL_CONF_FLAG_CLIENT- See Also:
-
SSL_CONF_FLAG_SERVER
public static final int SSL_CONF_FLAG_SERVER- See Also:
-
SSL_CONF_FLAG_SHOW_ERRORS
public static final int SSL_CONF_FLAG_SHOW_ERRORS- See Also:
-
SSL_CONF_FLAG_CERTIFICATE
public static final int SSL_CONF_FLAG_CERTIFICATE- See Also:
-
SSL_CONF_TYPE_UNKNOWN
public static final int SSL_CONF_TYPE_UNKNOWN- See Also:
-
SSL_CONF_TYPE_STRING
public static final int SSL_CONF_TYPE_STRING- See Also:
-
SSL_CONF_TYPE_FILE
public static final int SSL_CONF_TYPE_FILE- See Also:
-
SSL_CONF_TYPE_DIR
public static final int SSL_CONF_TYPE_DIR- See Also:
-
SSL_SHUTDOWN_TYPE_UNSET
public static final int SSL_SHUTDOWN_TYPE_UNSET- See Also:
-
SSL_SHUTDOWN_TYPE_STANDARD
public static final int SSL_SHUTDOWN_TYPE_STANDARD- See Also:
-
SSL_SHUTDOWN_TYPE_UNCLEAN
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN- See Also:
-
SSL_SHUTDOWN_TYPE_ACCURATE
public static final int SSL_SHUTDOWN_TYPE_ACCURATE- See Also:
-
SSL_INFO_SESSION_ID
public static final int SSL_INFO_SESSION_ID- See Also:
-
SSL_INFO_CIPHER
public static final int SSL_INFO_CIPHER- See Also:
-
SSL_INFO_CIPHER_USEKEYSIZE
public static final int SSL_INFO_CIPHER_USEKEYSIZE- See Also:
-
SSL_INFO_CIPHER_ALGKEYSIZE
public static final int SSL_INFO_CIPHER_ALGKEYSIZE- See Also:
-
SSL_INFO_CIPHER_VERSION
public static final int SSL_INFO_CIPHER_VERSION- See Also:
-
SSL_INFO_CIPHER_DESCRIPTION
public static final int SSL_INFO_CIPHER_DESCRIPTION- See Also:
-
SSL_INFO_PROTOCOL
public static final int SSL_INFO_PROTOCOL- See Also:
-
SSL_INFO_CLIENT_S_DN
public static final int SSL_INFO_CLIENT_S_DN- See Also:
-
SSL_INFO_CLIENT_I_DN
public static final int SSL_INFO_CLIENT_I_DN- See Also:
-
SSL_INFO_SERVER_S_DN
public static final int SSL_INFO_SERVER_S_DN- See Also:
-
SSL_INFO_SERVER_I_DN
public static final int SSL_INFO_SERVER_I_DN- See Also:
-
SSL_INFO_DN_COUNTRYNAME
public static final int SSL_INFO_DN_COUNTRYNAME- See Also:
-
SSL_INFO_DN_STATEORPROVINCENAME
public static final int SSL_INFO_DN_STATEORPROVINCENAME- See Also:
-
SSL_INFO_DN_LOCALITYNAME
public static final int SSL_INFO_DN_LOCALITYNAME- See Also:
-
SSL_INFO_DN_ORGANIZATIONNAME
public static final int SSL_INFO_DN_ORGANIZATIONNAME- See Also:
-
SSL_INFO_DN_ORGANIZATIONALUNITNAME
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME- See Also:
-
SSL_INFO_DN_COMMONNAME
public static final int SSL_INFO_DN_COMMONNAME- See Also:
-
SSL_INFO_DN_TITLE
public static final int SSL_INFO_DN_TITLE- See Also:
-
SSL_INFO_DN_INITIALS
public static final int SSL_INFO_DN_INITIALS- See Also:
-
SSL_INFO_DN_GIVENNAME
public static final int SSL_INFO_DN_GIVENNAME- See Also:
-
SSL_INFO_DN_SURNAME
public static final int SSL_INFO_DN_SURNAME- See Also:
-
SSL_INFO_DN_DESCRIPTION
public static final int SSL_INFO_DN_DESCRIPTION- See Also:
-
SSL_INFO_DN_UNIQUEIDENTIFIER
public static final int SSL_INFO_DN_UNIQUEIDENTIFIER- See Also:
-
SSL_INFO_DN_EMAILADDRESS
public static final int SSL_INFO_DN_EMAILADDRESS- See Also:
-
SSL_INFO_CLIENT_M_VERSION
public static final int SSL_INFO_CLIENT_M_VERSION- See Also:
-
SSL_INFO_CLIENT_M_SERIAL
public static final int SSL_INFO_CLIENT_M_SERIAL- See Also:
-
SSL_INFO_CLIENT_V_START
public static final int SSL_INFO_CLIENT_V_START- See Also:
-
SSL_INFO_CLIENT_V_END
public static final int SSL_INFO_CLIENT_V_END- See Also:
-
SSL_INFO_CLIENT_A_SIG
public static final int SSL_INFO_CLIENT_A_SIG- See Also:
-
SSL_INFO_CLIENT_A_KEY
public static final int SSL_INFO_CLIENT_A_KEY- See Also:
-
SSL_INFO_CLIENT_CERT
public static final int SSL_INFO_CLIENT_CERT- See Also:
-
SSL_INFO_CLIENT_V_REMAIN
public static final int SSL_INFO_CLIENT_V_REMAIN- See Also:
-
SSL_INFO_SERVER_M_VERSION
public static final int SSL_INFO_SERVER_M_VERSION- See Also:
-
SSL_INFO_SERVER_M_SERIAL
public static final int SSL_INFO_SERVER_M_SERIAL- See Also:
-
SSL_INFO_SERVER_V_START
public static final int SSL_INFO_SERVER_V_START- See Also:
-
SSL_INFO_SERVER_V_END
public static final int SSL_INFO_SERVER_V_END- See Also:
-
SSL_INFO_SERVER_A_SIG
public static final int SSL_INFO_SERVER_A_SIG- See Also:
-
SSL_INFO_SERVER_A_KEY
public static final int SSL_INFO_SERVER_A_KEY- See Also:
-
SSL_INFO_SERVER_CERT
public static final int SSL_INFO_SERVER_CERT- See Also:
-
SSL_INFO_CLIENT_CERT_CHAIN
public static final int SSL_INFO_CLIENT_CERT_CHAIN- See Also:
-
SSL_SESS_CACHE_OFF
public static final long SSL_SESS_CACHE_OFF- See Also:
-
SSL_SESS_CACHE_SERVER
public static final long SSL_SESS_CACHE_SERVER- See Also:
-
SSL_SELECTOR_FAILURE_NO_ADVERTISE
public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE- See Also:
-
SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL- See Also:
-
SSL_SENT_SHUTDOWN
public static final int SSL_SENT_SHUTDOWN- See Also:
-
SSL_RECEIVED_SHUTDOWN
public static final int SSL_RECEIVED_SHUTDOWN- See Also:
-
SSL_ERROR_NONE
public static final int SSL_ERROR_NONE- See Also:
-
SSL_ERROR_SSL
public static final int SSL_ERROR_SSL- See Also:
-
SSL_ERROR_WANT_READ
public static final int SSL_ERROR_WANT_READ- See Also:
-
SSL_ERROR_WANT_WRITE
public static final int SSL_ERROR_WANT_WRITE- See Also:
-
SSL_ERROR_WANT_X509_LOOKUP
public static final int SSL_ERROR_WANT_X509_LOOKUP- See Also:
-
SSL_ERROR_SYSCALL
public static final int SSL_ERROR_SYSCALL- See Also:
-
SSL_ERROR_ZERO_RETURN
public static final int SSL_ERROR_ZERO_RETURN- See Also:
-
SSL_ERROR_WANT_CONNECT
public static final int SSL_ERROR_WANT_CONNECT- See Also:
-
SSL_ERROR_WANT_ACCEPT
public static final int SSL_ERROR_WANT_ACCEPT- See Also:
-
-
Constructor Details
-
SSL
public SSL()
-
-
Method Details
-
version
public static int version() -
versionString
-
initialize
Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to be called before.- Parameters:
engine
- Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto operations.- Returns:
- APR status code
-
fipsModeGet
-
fipsModeSet
-
randSet
Sets global random filename.- Parameters:
filename
- Filename to use. If set it will be used for SSL initialization and all contexts where explicitly not set.
-
getHandshakeCount
public static int getHandshakeCount(long ssl) Return the handshake completed count.- Parameters:
ssl
- SSL pointer- Returns:
- the count
-
newSSL
public static long newSSL(long ctx, boolean server) SSL_new- Parameters:
ctx
- Server or Client context to use.server
- if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines- Returns:
- pointer to SSL instance (SSL *)
-
pendingWrittenBytesInBIO
public static int pendingWrittenBytesInBIO(long bio) BIO_ctrl_pending.- Parameters:
bio
- BIO pointer (BIO *)- Returns:
- the pending bytes count
-
pendingReadableBytesInSSL
public static int pendingReadableBytesInSSL(long ssl) SSL_pending.- Parameters:
ssl
- SSL pointer (SSL *)- Returns:
- the pending bytes count
-
writeToBIO
public static int writeToBIO(long bio, long wbuf, int wlen) BIO_write.- Parameters:
bio
- BIO pointerwbuf
- Buffer pointerwlen
- Write length- Returns:
- the bytes count written
-
readFromBIO
public static int readFromBIO(long bio, long rbuf, int rlen) BIO_read.- Parameters:
bio
- BIO pointerrbuf
- Buffer pointerrlen
- Read length- Returns:
- the bytes count read
-
writeToSSL
public static int writeToSSL(long ssl, long wbuf, int wlen) SSL_write.- Parameters:
ssl
- the SSL instance (SSL *)wbuf
- Buffer pointerwlen
- Write length- Returns:
- the bytes count written
-
readFromSSL
public static int readFromSSL(long ssl, long rbuf, int rlen) SSL_read- Parameters:
ssl
- the SSL instance (SSL *)rbuf
- Buffer pointerrlen
- Read length- Returns:
- the bytes count read
-
getShutdown
public static int getShutdown(long ssl) SSL_get_shutdown- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
freeSSL
public static void freeSSL(long ssl) SSL_free- Parameters:
ssl
- the SSL instance (SSL *)
-
makeNetworkBIO
public static long makeNetworkBIO(long ssl) Wire up internal and network BIOs for the given SSL instance. Warning: you must explicitly free this resource by calling freeBIO While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- pointer to the Network BIO (BIO *)
-
freeBIO
public static void freeBIO(long bio) BIO_free- Parameters:
bio
- BIO pointer
-
shutdownSSL
public static int shutdownSSL(long ssl) SSL_shutdown- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
getLastErrorNumber
public static int getLastErrorNumber()Get the error number representing the last error OpenSSL encountered on this thread.- Returns:
- the last error number
-
getCipherForSSL
SSL_get_cipher.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the cipher name
-
getVersion
SSL_get_version- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the SSL version in use
-
doHandshake
public static int doHandshake(long ssl) SSL_do_handshake- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the handshake status
-
renegotiate
public static int renegotiate(long ssl) SSL_renegotiate- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
renegotiatePending
public static int renegotiatePending(long ssl) SSL_renegotiate_pending- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
verifyClientPostHandshake
public static int verifyClientPostHandshake(long ssl) SSL_verify_client_post_handshake- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
getPostHandshakeAuthInProgress
public static int getPostHandshakeAuthInProgress(long ssl) Is post handshake authentication in progress on this connection?- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the operation status
-
isInInit
public static int isInInit(long ssl) SSL_in_init.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the status
-
getAlpnSelected
SSL_get0_alpn_selected- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the ALPN protocol negotiated
-
getPeerCertChain
public static byte[][] getPeerCertChain(long ssl) Get the peer certificate chain ornull
if non was send.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the certificate chain bytes
-
getPeerCertificate
public static byte[] getPeerCertificate(long ssl) Get the peer certificate ornull
if non was send.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the certificate bytes
-
getErrorString
Get the error number representing for the givenerrorNumber
.- Parameters:
errorNumber
- The error code- Returns:
- an error message
-
getTime
public static long getTime(long ssl) SSL_get_time- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- returns the time at which the session ssl was established. The time is given in seconds since the Epoch
-
setVerify
public static void setVerify(long ssl, int level, int depth) Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
The following levels are available for level:SSL_CVERIFY_NONE - No client Certificate is required at all SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate but it need not to be (successfully) verifiable
The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is undersetCACertificatePath
, etc.- Parameters:
ssl
- the SSL instance (SSL *)level
- Type of Client Certificate verification.depth
- Maximum depth of CA Certificates in Client Certificate verification.
-
setOptions
public static void setOptions(long ssl, int options) Set OpenSSL Option.- Parameters:
ssl
- the SSL instance (SSL *)options
- See SSL.SSL_OP_* for option flags.
-
getOptions
public static int getOptions(long ssl) Get OpenSSL Option.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- options See SSL.SSL_OP_* for option flags.
-
getCiphers
Returns all cipher suites that are enabled for negotiation in an SSL handshake.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- ciphers
-
setCipherSuites
Returns the cipher suites available for negotiation in SSL handshake.
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.- Parameters:
ssl
- the SSL instance (SSL *)ciphers
- an SSL cipher specification- Returns:
true
if the operation was successful- Throws:
Exception
- An error occurred
-
getSessionId
public static byte[] getSessionId(long ssl) Returns the ID of the session as byte array representation.- Parameters:
ssl
- the SSL instance (SSL *)- Returns:
- the session as byte array representation obtained via SSL_SESSION_get_id.
-