26#ifndef WOLFSSL_USER_SETTINGS
27#define WOLFSSL_USER_SETTINGS
30#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
31#include <crypto/wolfssl/ssl.h>
34#ifdef NB_SSL_SUPPORTED
35#include <crypto/wolfssl/error-ssl.h>
61#define SSL_ERROR_FAILED_NEGOTIATION (-256)
62#define SSL_ERROR_CERTIFICATE_UNKNOWN (-258)
63#define SSL_ERROR_CERTIFICATE_NAME_FAILED (-260)
64#define SSL_ERROR_CERTIFICATE_VERIFY_FAILED (-261)
65#define SSL_ERROR_NO_BUFFER (-262)
66#define SSL_ERROR_HANDSHAKE_INCOMPLETE (-265)
67#define SSL_ERROR_NO_SERVER_CERTIFICATE (-257)
68#define SSL_ERROR_NO_SERVER_KEY (-258)
69#define SSL_ERROR_UNABLE_TO_LOAD_CIPHERS (-259)
70#define SSL_ERROR_CERTIFICATE_CHECK (-260)
73#ifndef SSL_LIB_REPLACEMENT
75extern BOOL bPrintNamesTested;
116 bool waitForNegotiation =
true,
117 bool verifyPeer =
false,
118 const unsigned char *certBuff =
nullptr,
119 uint32_t certBuffSize = 0,
120 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
121 const char *commonName =
nullptr);
284#ifdef NB_SSL_SUPPORTED
395 const char *commonName,
396 bool verifyPeer =
false,
397 bool waitForNegotiation =
true,
398 const unsigned char *certBuff =
nullptr,
399 uint32_t certBuffSize = 0,
400 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
435 const char *commonName,
436 bool verifyPeer =
false,
437 bool waitForNegotiation =
true,
438 const unsigned char *certBuff =
nullptr,
439 uint32_t certBuffSize = 0,
440 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
472 const char *commonName,
473 bool verifyPeer =
false,
474 bool waitForNegotiation =
true,
475 const unsigned char *certBuff =
nullptr,
476 uint32_t certBuffSize = 0,
477 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
478 bool bIsClient =
true,
507 const char *common_name,
508 bool reuseSessionPort =
true,
509 bool verifyPeer =
false,
510 const unsigned char *certBuff =
nullptr,
511 uint32_t certBuffSize = 0,
512 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
513 bool bIsClient =
true);
577 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
590 uint32_t certBuffSize = 0,
591 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
604 uint32_t certBuffSize = 0,
605 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
665void SSL_ClientReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
674void SSL_ServerReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
678#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
718 unsigned char *issBuf,
720 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
736 unsigned char *subNamBuf,
738 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
754 unsigned char *altNamBuf,
756 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
772 unsigned char *expBuf,
774 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
787bool SSL_GetTimeToExpire(
unsigned char *certBuff,
int certLen, uint16_t certBuffFormat, time_t &timeToExp);
803 unsigned char *comNamBuf,
805 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
821 unsigned char *serialBuf,
823 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
Used to hold and manipulate IPv4 and IPv6 addresses in dual stack mode.
Definition ipv6_addr.h:41
#define WAIT_FOREVER
Parameter macro used for timeout parameters that have a 0 value and wait forever.
Definition nbrtos.h:81
int SSL_accept(int fdListen, IPADDR *address, uint16_t *port, uint16_t timeout, bool waitForNegotiation=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, const char *commonName=nullptr)
This call is a mirror of the TCP::accept() call.
int FreeSSLSockets()
Returns the number of currently free SSL sockets.
bool IsSSL_CertNKeyValid(const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Validate candidate certificate and private key.
uint16_t SSLGetTxBufferAvailSpace(int fd)
Returns the amount of data buffered to be read from the socket.
int SSL_getsocketerror(int fd)
Returns the socket error state for the specified SSL socket.
bool SSL_GetSerialFromCert(unsigned char *certBuff, int certLen, unsigned char *serialBuf, int *serialBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the serial number from a certificate blob.
void SslSetVerifyPeerClient(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL client context.
bool SSL_AddCertToClientCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
bool SSL_AddCertToServerCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
int(* SSL_setsockoption)(int fd, int option)
Set SSL TCP socket options.
bool SSL_GetIssuerFromCert(unsigned char *certBuff, int certLen, unsigned char *issBuf, int issBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the issuer from a certificate blob in the PEM format.
uint32_t SSL_TcpGetLastRxInterval(int fd)
SSL mirror of TcpGetLastRxInterval().
Definition ssl.h:318
int GetPrivateKeyLen()
Function that the length of the compiled in server key.
Definition PlatformSpecific/NTP1061/src/ssluser.cpp:186
bool SSL_GetTimeToExpire(unsigned char *certBuff, int certLen, uint16_t certBuffFormat, time_t &timeToExp)
Returns whether the given certificate has expired or not.
void SslSetVerifyPeerServer(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL server context.
bool SSL_IsCertAddedToServerCaList()
Checks to see if any certificates have been added to the global SSL server context.
uint16_t SSL_GetTcpRtxCount(int fd)
Returns the number of re-transmits that have occurred on the specified SSL connection.
Definition ssl.h:294
bool SSL_IsCertAddedToClientCaList()
Checks to see if any certificates have been added to the global SSL client context.
int(* SSL_getsockoption)(int fd)
Returns the options for the specified SSL TCP socket.
IPADDR SSL_GetSocketRemoteAddr(int fd)
Returns the remote address of this connected socket.
Definition ssl.h:166
uint32_t SetMaxSessionReuseTime(uint32_t newLifetimeTicks)
Allows one to specify at runtime what the longest duration that an established session can be used fo...
void SslInit()
This function initializes the SSL library.
int SSL_makeSecure(int tcpFd, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true, uint32_t timeout=WAIT_FOREVER)
SSL mirror of the TCP::connect() call, but uses an existing TCP file descriptor.
int(* SSL_clrsockoption)(int fd, int option)
Clear SSL TCP socket options.
int SSL_connect(IPADDR ip, uint16_t remotePort, uint32_t timeout, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, int intf=-1)
SSL mirror of the TCP::connect() call.
void SSL_ServerReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the server.
int SSL_negotiate(int tcpFd, const char *common_name, bool reuseSessionPort=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true)
Executes the TLS negotiation over a given socket, to establish a secure communication channel through...
ExpireRetCodes
Return values for SSL_IsCertExpired().
Definition ssl.h:683
int(* SSL_GetRawSocket)(int sslSocketFd)
Returns the TCP file descriptor associated with an SSL socket file descriptor.
ExpireRetCodes SSL_IsCertExpired(unsigned char *certBuff, int certLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns whether the given certificate has expired or not.
uint16_t SSL_GetSocketRemotePort(int fd)
Returns the remote port of this connected socket.
Definition ssl.h:184
IPADDR SSL_GetSocketLocalAddr(int fd)
Returns the local address of this connected socket.
Definition ssl.h:202
uint16_t SSLGetRxBufferSpaceUsed(int fd)
Returns the amount of data buffered to be read from the socket.
bool SSL_GetExpirationDate(unsigned char *certBuff, int certLen, unsigned char *expBuf, int expBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the expiration data of the certificate in question.
void SSL_TcpSendKeepAlive(int fd)
SSL mirror of TcpSendKeepAlive().
Definition ssl.h:328
BOOL(* IsSSLfd)(int fd)
Returns whether or not a file descriptor is an SSL file descriptor.
void SSL_DumpSSLSockets()
Prints the current state of all used sockets to stdio.
int GetCertificateLen()
Function that returns the length of the compiled in server certificate.
Definition PlatformSpecific/NTP1061/src/ssluser.cpp:176
bool SSL_ClearServerCaList()
Clears certs that have been added to the server's Certificate Authority list.
uint16_t SSL_GetSocketLocalPort(int fd)
Returns the local port of this connected socket.
Definition ssl.h:221
bool SSL_ClearClientCaList()
Clears certs that have been added to the client's Certificate Authority list.
void SSL_ClientReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the client.
bool SSLSocketsAvail()
Returns whether or not there are any sockets available.
const char * GetPrivateKeyPEM()
Function that returns a pointer to the compiled in server key.
Definition PlatformSpecific/NTP1061/src/ssluser.cpp:127
bool SSL_GetAltNameFromCert(unsigned char *certBuff, int certLen, unsigned char *altNamBuf, int altNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns an alternate name from a certificate blob in the PEM format.
int SSL_GetSocketInterface(int fd)
Return the network interface associated with an SSL TCP socket.
Definition ssl.h:232
const char * GetCertificatePEM()
Function that returns a pointer to the compiled in server certificate.
Definition PlatformSpecific/NTP1061/src/ssluser.cpp:151
int SSLReadWithTimeout(int fd, char *cp, int size, uint32_t timeout)
SSL mirror of the ReadWithTiemout() function.
uint32_t SSL_TcpGetLastRxTime(int fd)
SSL mirror of TcpGetLastRxTime().
Definition ssl.h:306
bool SSL_GetSubjectNameFromCert(unsigned char *certBuff, int certLen, unsigned char *subNamBuf, int subNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the subject name from a certificate blob in the PEM format.
bool SSL_GetCnFromCert(unsigned char *certBuff, int certLen, unsigned char *comNamBuf, int comNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the common name from a certificate blob in the PEM format.
@ E_BAD_EXPIRATION_VALUE
Unable to read the expiration information from the certificate.
@ E_CERT_EXPIRED
Certificate expired.
@ E_CERT_VALID
Certificate not expired.
@ E_NO_SYSTEM_TIME
The system time has not been set.
uint16_t GetSocketLocalPort(int fd)
Get the local port number for a socket connection.
int TcpGetSocketInterface(int fd)
Get the network interface number associated with a TCP socket.
IPADDR GetSocketLocalAddr(int fd)
Get the local interface IP address for a socket connection.
Definition tcp.h:9470
uint16_t GetSocketRemotePort(int fd)
Get the remote host port number for a socket connection.
int GetTcpRtxCount(int fd)
Get the number of TCP retransmissions on a socket.
void TcpSendKeepAlive(int fd)
Send a TCP keepalive probe packet.
IPADDR GetSocketRemoteAddr(int fd)
Get the remote host IP address for a socket connection.
Definition tcp.h:9393
uint32_t TcpGetLastRxTime(int fd)
Get the system tick count when the last packet was received.
uint32_t TcpGetLastRxInterval(int fd)
Get the time elapsed since the last received packet.
uint8_t TcpGetSocketState(int fd)
Get the current TCP state of a socket.
