26#ifndef WOLFSSL_USER_SETTINGS
27#define WOLFSSL_USER_SETTINGS
30#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
31#include <crypto/wolfssl/ssl.h>
34#ifdef NB_SSL_SUPPORTED
35#include <crypto/wolfssl/error-ssl.h>
61#define SSL_ERROR_FAILED_NEGOTIATION (-256)
62#define SSL_ERROR_CERTIFICATE_UNKNOWN (-258)
63#define SSL_ERROR_CERTIFICATE_NAME_FAILED (-260)
64#define SSL_ERROR_CERTIFICATE_VERIFY_FAILED (-261)
65#define SSL_ERROR_NO_BUFFER (-262)
66#define SSL_ERROR_HANDSHAKE_INCOMPLETE (-265)
67#define SSL_ERROR_NO_SERVER_CERTIFICATE (-257)
68#define SSL_ERROR_NO_SERVER_KEY (-258)
69#define SSL_ERROR_UNABLE_TO_LOAD_CIPHERS (-259)
70#define SSL_ERROR_CERTIFICATE_CHECK (-260)
73#ifndef SSL_LIB_REPLACEMENT
75extern BOOL bPrintNamesTested;
116 bool waitForNegotiation =
true,
117 bool verifyPeer =
false,
118 const unsigned char *certBuff =
nullptr,
119 uint32_t certBuffSize = 0,
120 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
121 const char *commonName =
nullptr);
284#ifdef NB_SSL_SUPPORTED
395 const char *commonName,
396 bool verifyPeer =
false,
397 bool waitForNegotiation =
true,
398 const unsigned char *certBuff =
nullptr,
399 uint32_t certBuffSize = 0,
400 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
435 const char *commonName,
436 bool verifyPeer =
false,
437 bool waitForNegotiation =
true,
438 const unsigned char *certBuff =
nullptr,
439 uint32_t certBuffSize = 0,
440 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
472 const char *commonName,
473 bool verifyPeer =
false,
474 bool waitForNegotiation =
true,
475 const unsigned char *certBuff =
nullptr,
476 uint32_t certBuffSize = 0,
477 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
478 bool bIsClient =
true,
507 const char *common_name,
508 bool reuseSessionPort =
true,
509 bool verifyPeer =
false,
510 const unsigned char *certBuff =
nullptr,
511 uint32_t certBuffSize = 0,
512 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
513 bool bIsClient =
true);
577 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
590 uint32_t certBuffSize = 0,
591 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
604 uint32_t certBuffSize = 0,
605 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
665void SSL_ClientReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
674void SSL_ServerReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
678#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
718 unsigned char *issBuf,
720 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
736 unsigned char *subNamBuf,
738 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
754 unsigned char *altNamBuf,
756 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
772 unsigned char *expBuf,
774 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
787bool SSL_GetTimeToExpire(
unsigned char *certBuff,
int certLen, uint16_t certBuffFormat, time_t &timeToExp);
803 unsigned char *comNamBuf,
805 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
Used to hold and manipulate IPv4 and IPv6 addresses in dual stack mode.
Definition ipv6_addr.h:41
#define WAIT_FOREVER
Parameter macro used for timeout parameters that have a 0 value and wait forever.
Definition nbrtos.h:86
int SSL_accept(int fdListen, IPADDR *address, uint16_t *port, uint16_t timeout, bool waitForNegotiation=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, const char *commonName=nullptr)
This call is a mirror of the TCP::accept() call.
int FreeSSLSockets()
Returns the number of currently free SSL sockets.
bool IsSSL_CertNKeyValid(const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Validate candidate certificate and private key.
uint16_t SSLGetTxBufferAvailSpace(int fd)
Returns the amount of data buffered to be read from the socket.
int SSL_getsocketerror(int fd)
Returns the socket error state for the specified SSL socket.
void SslSetVerifyPeerClient(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL client context.
bool SSL_AddCertToClientCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
bool SSL_AddCertToServerCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
int(* SSL_setsockoption)(int fd, int option)
Set SSL TCP socket options.
bool SSL_GetIssuerFromCert(unsigned char *certBuff, int certLen, unsigned char *issBuf, int issBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the issuer from a certificate blob in the PEM format.
uint32_t SSL_TcpGetLastRxInterval(int fd)
SSL mirror of TcpGetLastRxInterval().
Definition ssl.h:318
int GetPrivateKeyLen()
Function that the length of the compiled in server key.
Definition dual_mode_file_key.cpp:160
bool SSL_GetTimeToExpire(unsigned char *certBuff, int certLen, uint16_t certBuffFormat, time_t &timeToExp)
Returns whether the given certificate has expired or not.
void SslSetVerifyPeerServer(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL server context.
bool SSL_IsCertAddedToServerCaList()
Checks to see if any certificates have been added to the global SSL server context.
uint16_t SSL_GetTcpRtxCount(int fd)
Returns the number of re-transmits that have occurred on the specified SSL connection.
Definition ssl.h:294
bool SSL_IsCertAddedToClientCaList()
Checks to see if any certificates have been added to the global SSL client context.
int(* SSL_getsockoption)(int fd)
Returns the options for the specified SSL TCP socket.
IPADDR SSL_GetSocketRemoteAddr(int fd)
Returns the remote address of this connected socket.
Definition ssl.h:166
uint32_t SetMaxSessionReuseTime(uint32_t newLifetimeTicks)
Allows one to specify at runtime what the longest duration that an established session can be used fo...
void SslInit()
This function initializes the SSL library.
int SSL_makeSecure(int tcpFd, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true, uint32_t timeout=WAIT_FOREVER)
SSL mirror of the TCP::connect() call, but uses an existing TCP file descriptor.
int(* SSL_clrsockoption)(int fd, int option)
Clear SSL TCP socket options.
int SSL_connect(IPADDR ip, uint16_t remotePort, uint32_t timeout, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, int intf=-1)
SSL mirror of the TCP::connect() call.
void SSL_ServerReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the server.
int SSL_negotiate(int tcpFd, const char *common_name, bool reuseSessionPort=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true)
Executes the TLS negotiation over a given socket, to establish a secure communication channel through...
ExpireRetCodes
Return values for SSL_IsCertExpired().
Definition ssl.h:683
int(* SSL_GetRawSocket)(int sslSocketFd)
Returns the TCP file descriptor associated with an SSL socket file descriptor.
ExpireRetCodes SSL_IsCertExpired(unsigned char *certBuff, int certLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns whether the given certificate has expired or not.
uint16_t SSL_GetSocketRemotePort(int fd)
Returns the remote port of this connected socket.
Definition ssl.h:184
IPADDR SSL_GetSocketLocalAddr(int fd)
Returns the local address of this connected socket.
Definition ssl.h:202
uint16_t SSLGetRxBufferSpaceUsed(int fd)
Returns the amount of data buffered to be read from the socket.
bool SSL_GetExpirationDate(unsigned char *certBuff, int certLen, unsigned char *expBuf, int expBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the expiration data of the certificate in question.
void SSL_TcpSendKeepAlive(int fd)
SSL mirror of TcpSendKeepAlive().
Definition ssl.h:328
BOOL(* IsSSLfd)(int fd)
Returns whether or not a file descriptor is an SSL file descriptor.
void SSL_DumpSSLSockets()
Prints the current state of all used sockets to stdio.
int GetCertificateLen()
Function that returns the length of the compiled in server certificate.
Definition dual_mode_file_key.cpp:186
bool SSL_ClearServerCaList()
Clears certs that have been added to the server's Certificate Authority list.
uint16_t SSL_GetSocketLocalPort(int fd)
Returns the local port of this connected socket.
Definition ssl.h:221
bool SSL_ClearClientCaList()
Clears certs that have been added to the client's Certificate Authority list.
void SSL_ClientReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the client.
bool SSLSocketsAvail()
Returns whether or not there are any sockets available.
const char * GetPrivateKeyPEM()
Function that returns a pointer to the compiled in server key.
Definition SSH/SecureSerToEthFactoryApp/src/ssluser.cpp:101
bool SSL_GetAltNameFromCert(unsigned char *certBuff, int certLen, unsigned char *altNamBuf, int altNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns an alternate name from a certificate blob in the PEM format.
int SSL_GetSocketInterface(int fd)
Return the network interface associated with an SSL TCP socket.
Definition ssl.h:232
const char * GetCertificatePEM()
Function that returns a pointer to the compiled in server certificate.
Definition SSH/SecureSerToEthFactoryApp/src/ssluser.cpp:117
int SSLReadWithTimeout(int fd, char *cp, int size, uint32_t timeout)
SSL mirror of the ReadWithTiemout() function.
uint32_t SSL_TcpGetLastRxTime(int fd)
SSL mirror of TcpGetLastRxTime().
Definition ssl.h:306
bool SSL_GetSubjectNameFromCert(unsigned char *certBuff, int certLen, unsigned char *subNamBuf, int subNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the subject name from a certificate blob in the PEM format.
bool SSL_GetCnFromCert(unsigned char *certBuff, int certLen, unsigned char *comNamBuf, int comNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the common name from a certificate blob in the PEM format.
@ E_BAD_EXPIRATION_VALUE
Unable to read the expiration information from the certificate.
@ E_CERT_EXPIRED
Certificate expired.
@ E_CERT_VALID
Certificate not expired.
@ E_NO_SYSTEM_TIME
The system time has not been set.
uint16_t GetSocketLocalPort(int fd)
Returns the local port number associated with the connection.
int TcpGetSocketInterface(int fd)
Return the network interface associated with a TCP socket.
IPADDR GetSocketLocalAddr(int fd)
Returns the IP address of the local interface associated with the connection.
Definition tcp.h:659
uint16_t GetSocketRemotePort(int fd)
Returns the port number of the remote host associated with the connection.
int GetTcpRtxCount(int fd)
Returns the number of re-transmits that have occurred on the specified connection.
void TcpSendKeepAlive(int fd)
Send a TCP keep alive packet to a remote host.
IPADDR GetSocketRemoteAddr(int fd)
Returns the IP address of the remote host associated with the specified file descriptor.
Definition tcp.h:645
uint32_t TcpGetLastRxTime(int fd)
Returns the value of system Time Ticks when the last packet was received. Used for the TCP Keep Alive...
uint32_t TcpGetLastRxInterval(int fd)
Returns the number of system Time Ticks since the last packet was received. This is the difference be...
uint8_t TcpGetSocketState(int fd)
Return the current state of a TCP socket.
NetBurner Real-Time Operating System (NBRTOS) API.
NetBurner IPADDR4 Class. See the IPADDR4 Class page for complete documentation.
