107 lines
3.6 KiB
Plaintext
107 lines
3.6 KiB
Plaintext
|
=pod
|
||
|
|
||
|
=begin comment
|
||
|
|
||
|
Copyright 2005 Nokia. All rights reserved.
|
||
|
|
||
|
The portions of the attached software ("Contribution") is developed by
|
||
|
Nokia Corporation and is licensed pursuant to the OpenSSL open source
|
||
|
license.
|
||
|
|
||
|
The Contribution, originally written by Mika Kousa and Pasi Eronen of
|
||
|
Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
|
||
|
support (see RFC 4279) to OpenSSL.
|
||
|
|
||
|
No patent licenses or other rights except those expressly stated in
|
||
|
the OpenSSL open source license shall be deemed granted or received
|
||
|
expressly, by implication, estoppel, or otherwise.
|
||
|
|
||
|
No assurances are provided by Nokia that the Contribution does not
|
||
|
infringe the patent or other intellectual property rights of any third
|
||
|
party or that the license provides you with all the necessary rights
|
||
|
to make use of the Contribution.
|
||
|
|
||
|
THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
|
||
|
ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
|
||
|
SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
|
||
|
OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
||
|
OTHERWISE.
|
||
|
|
||
|
=end comment
|
||
|
|
||
|
=head1 NAME
|
||
|
|
||
|
SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint,
|
||
|
SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK
|
||
|
identity hint to use
|
||
|
|
||
|
|
||
|
=head1 SYNOPSIS
|
||
|
|
||
|
#include <openssl/ssl.h>
|
||
|
|
||
|
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
|
||
|
int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
|
||
|
|
||
|
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
|
||
|
unsigned int (*callback)(SSL *ssl, const char *identity,
|
||
|
unsigned char *psk, int max_psk_len));
|
||
|
void SSL_set_psk_server_callback(SSL *ssl,
|
||
|
unsigned int (*callback)(SSL *ssl, const char *identity,
|
||
|
unsigned char *psk, int max_psk_len));
|
||
|
|
||
|
|
||
|
=head1 DESCRIPTION
|
||
|
|
||
|
SSL_CTX_use_psk_identity_hint() sets the given B<NULL>-terminated PSK
|
||
|
identity hint B<hint> to SSL context object
|
||
|
B<ctx>. SSL_use_psk_identity_hint() sets the given B<NULL>-terminated
|
||
|
PSK identity hint B<hint> to SSL connection object B<ssl>. If B<hint>
|
||
|
is B<NULL> the current hint from B<ctx> or B<ssl> is deleted.
|
||
|
|
||
|
In the case where PSK identity hint is B<NULL>, the server
|
||
|
does not send the ServerKeyExchange message to the client.
|
||
|
|
||
|
A server application must provide a callback function which is called
|
||
|
when the server receives the ClientKeyExchange message from the
|
||
|
client. The purpose of the callback function is to validate the
|
||
|
received PSK identity and to fetch the pre-shared key used during the
|
||
|
connection setup phase. The callback is set using functions
|
||
|
SSL_CTX_set_psk_server_callback() or
|
||
|
SSL_set_psk_server_callback(). The callback function is given the
|
||
|
connection in parameter B<ssl>, B<NULL>-terminated PSK identity sent
|
||
|
by the client in parameter B<identity>, and a buffer B<psk> of length
|
||
|
B<max_psk_len> bytes where the pre-shared key is to be stored.
|
||
|
|
||
|
|
||
|
=head1 RETURN VALUES
|
||
|
|
||
|
SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
|
||
|
1 on success, 0 otherwise.
|
||
|
|
||
|
Return values from the server callback are interpreted as follows:
|
||
|
|
||
|
=over 4
|
||
|
|
||
|
=item Z<>0
|
||
|
|
||
|
PSK identity was not found. An "unknown_psk_identity" alert message
|
||
|
will be sent and the connection setup fails.
|
||
|
|
||
|
=item E<gt>0
|
||
|
|
||
|
PSK identity was found and the server callback has provided the PSK
|
||
|
successfully in parameter B<psk>. Return value is the length of
|
||
|
B<psk> in bytes. It is an error to return a value greater than
|
||
|
B<max_psk_len>.
|
||
|
|
||
|
If the PSK identity was not found but the callback instructs the
|
||
|
protocol to continue anyway, the callback must provide some random
|
||
|
data to B<psk> and return the length of the random data, so the
|
||
|
connection will fail with decryption_error before it will be finished
|
||
|
completely.
|
||
|
|
||
|
=back
|
||
|
|
||
|
=cut
|