26#ifndef WOLFSSL_USER_SETTINGS
27#define WOLFSSL_USER_SETTINGS
30#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
31#include <crypto/wolfssl/ssl.h>
34#ifdef NB_SSL_SUPPORTED
35#include <crypto/wolfssl/error-ssl.h>
61#define SSL_ERROR_FAILED_NEGOTIATION (-256)
62#define SSL_ERROR_CERTIFICATE_UNKNOWN (-258)
63#define SSL_ERROR_CERTIFICATE_NAME_FAILED (-260)
64#define SSL_ERROR_CERTIFICATE_VERIFY_FAILED (-261)
65#define SSL_ERROR_NO_BUFFER (-262)
66#define SSL_ERROR_HANDSHAKE_INCOMPLETE (-265)
67#define SSL_ERROR_NO_SERVER_CERTIFICATE (-257)
68#define SSL_ERROR_NO_SERVER_KEY (-258)
69#define SSL_ERROR_UNABLE_TO_LOAD_CIPHERS (-259)
70#define SSL_ERROR_CERTIFICATE_CHECK (-260)
73#ifndef SSL_LIB_REPLACEMENT
75extern BOOL bPrintNamesTested;
116 bool waitForNegotiation =
true,
117 bool verifyPeer =
false,
118 const unsigned char *certBuff =
nullptr,
119 uint32_t certBuffSize = 0,
120 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
121 const char *commonName =
nullptr);
294#ifdef NB_SSL_SUPPORTED
405 const char *commonName,
406 bool verifyPeer =
false,
407 bool waitForNegotiation =
true,
408 const unsigned char *certBuff =
nullptr,
409 uint32_t certBuffSize = 0,
410 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
445 const char *commonName,
446 bool verifyPeer =
false,
447 bool waitForNegotiation =
true,
448 const unsigned char *certBuff =
nullptr,
449 uint32_t certBuffSize = 0,
450 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
482 const char *commonName,
483 bool verifyPeer =
false,
484 bool waitForNegotiation =
true,
485 const unsigned char *certBuff =
nullptr,
486 uint32_t certBuffSize = 0,
487 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
488 bool bIsClient =
true,
517 const char *common_name,
518 bool reuseSessionPort =
true,
519 bool verifyPeer =
false,
520 const unsigned char *certBuff =
nullptr,
521 uint32_t certBuffSize = 0,
522 uint16_t certBuffFormat = SSL_FILETYPE_PEM,
523 bool bIsClient =
true);
587 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
600 uint32_t certBuffSize = 0,
601 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
614 uint32_t certBuffSize = 0,
615 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
675void SSL_ClientReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
684void SSL_ServerReadyCert(
const unsigned char *cert,
const unsigned char *key, uint16_t certBuffFormat = SSL_FILETYPE_PEM);
688#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
728 unsigned char *issBuf,
730 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
746 unsigned char *subNamBuf,
748 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
764 unsigned char *altNamBuf,
766 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
782 unsigned char *expBuf,
784 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
797bool SSL_GetTimeToExpire(
unsigned char *certBuff,
int certLen, uint16_t certBuffFormat, time_t &timeToExp);
813 unsigned char *comNamBuf,
815 uint16_t certBuffFormat = SSL_FILETYPE_PEM);
Used to hold and manipulate IPv4 and IPv6 addresses in dual stack mode.
Definition ipv6_addr.h:41
#define WAIT_FOREVER
Parameter macro used for timeout parameters that have a 0 value and wait forever.
Definition nbrtos.h:75
int SSL_accept(int fdListen, IPADDR *address, uint16_t *port, uint16_t timeout, bool waitForNegotiation=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, const char *commonName=nullptr)
This call is a mirror of the TCP::accept() call.
int FreeSSLSockets()
Returns the number of currently free SSL sockets.
bool IsSSL_CertNKeyValid(const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Validate candidate certificate and private key.
uint16_t SSLGetTxBufferAvailSpace(int fd)
Returns the amount of data buffered to be read from the socket.
int SSL_getsocketerror(int fd)
Returns the socket error state for the specified SSL socket.
void SslSetVerifyPeerClient(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL client context.
bool SSL_AddCertToClientCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
bool SSL_AddCertToServerCaList(const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Attempts to add a cert to the Certificate Authority List to the client SSL context.
int(* SSL_setsockoption)(int fd, int option)
Set SSL TCP socket options.
bool SSL_GetIssuerFromCert(unsigned char *certBuff, int certLen, unsigned char *issBuf, int issBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the issuer from a certificate blob in the PEM format.
uint32_t SSL_TcpGetLastRxInterval(int fd)
SSL mirror of TcpGetLastRxInterval().
Definition ssl.h:328
int GetPrivateKeyLen()
Function that the length of the compiled in server key.
Definition dual_mode_file_key.cpp:160
bool SSL_GetTimeToExpire(unsigned char *certBuff, int certLen, uint16_t certBuffFormat, time_t &timeToExp)
Returns whether the given certificate has expired or not.
void SslSetVerifyPeerServer(bool verifyPeer)
Sets whether or not verify peer should be enabled on the global SSL server context.
bool SSL_IsCertAddedToServerCaList()
Checks to see if any certificates have been added to the global SSL server context.
uint16_t SSL_GetTcpRtxCount(int fd)
Return the current state of a SSL TCP socket.
Definition ssl.h:304
bool SSL_IsCertAddedToClientCaList()
Checks to see if any certificates have been added to the global SSL client context.
int(* SSL_getsockoption)(int fd)
Returns the options for the specified SSL TCP socket.
IPADDR SSL_GetSocketRemoteAddr(int fd)
Returns the remote address of this connected socket.
Definition ssl.h:166
uint32_t SetMaxSessionReuseTime(uint32_t newLifetimeTicks)
Allows one to specify at runtime what the longest duration that an established session can be used fo...
void SslInit()
This function initializes the SSL library.
int SSL_makeSecure(int tcpFd, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true, uint32_t timeout=WAIT_FOREVER)
SSL mirror of the TCP::connect() call, but uses an existing TCP file descriptor.
int(* SSL_clrsockoption)(int fd, int option)
Clear SSL TCP socket options.
int SSL_connect(IPADDR ip, uint16_t remotePort, uint32_t timeout, const char *commonName, bool verifyPeer=false, bool waitForNegotiation=true, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, int intf=-1)
SSL mirror of the TCP::connect() call.
void SSL_ServerReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the server.
int SSL_negotiate(int tcpFd, const char *common_name, bool reuseSessionPort=true, bool verifyPeer=false, const unsigned char *certBuff=nullptr, uint32_t certBuffSize=0, uint16_t certBuffFormat=SSL_FILETYPE_PEM, bool bIsClient=true)
Executes the TLS negotiation over a given socket, to establish a secure communication channel through...
ExpireRetCodes
Return values for SSL_IsCertExpired().
Definition ssl.h:693
int(* SSL_GetRawSocket)(int sslSocketFd)
Returns the TCP file descriptor associated with an SSL socket file descriptor.
ExpireRetCodes SSL_IsCertExpired(unsigned char *certBuff, int certLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns whether the given certificate has expired or not.
uint16_t SSL_GetSocketRemotePort(int fd)
Returns the remote port of this connected socket.
Definition ssl.h:184
IPADDR SSL_GetSocketLocalAddr(int fd)
Returns the local address of this connected socket.
Definition ssl.h:202
uint16_t SSLGetRxBufferSpaceUsed(int fd)
Returns the amount of data buffered to be read from the socket.
bool SSL_GetExpirationDate(unsigned char *certBuff, int certLen, unsigned char *expBuf, int expBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the expiration data of the certificate in question.
void SSL_TcpSendKeepAlive(int fd)
SSL mirror of TcpSendKeepAlive().
Definition ssl.h:338
BOOL(* IsSSLfd)(int fd)
Returns whether or not a file descriptor is an SSL file descriptor.
void SSL_DumpSSLSockets()
Prints the current state of all used sockets to stdio.
int GetCertificateLen()
Function that returns the length of the compiled in server certificate.
Definition dual_mode_file_key.cpp:186
bool SSL_ClearServerCaList()
Clears certs that have been added to the server's Certificate Authority list.
uint16_t SSL_GetSocketLocalPort(int fd)
Returns the local port of this connected socket.
Definition ssl.h:221
bool SSL_ClearClientCaList()
Clears certs that have been added to the client's Certificate Authority list.
void SSL_ClientReadyCert(const unsigned char *cert, const unsigned char *key, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Add a key and certificate to the client.
bool SSLSocketsAvail()
Returns whether or not there are any sockets available.
const char * GetPrivateKeyPEM()
Function that returns a pointer to the compiled in server key.
Definition SSH/SecureSerToEthFactoryApp/src/ssluser.cpp:130
bool SSL_GetAltNameFromCert(unsigned char *certBuff, int certLen, unsigned char *altNamBuf, int altNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns an alternate name from a certificate blob in the PEM format.
int SSL_GetSocketInterface(int fd)
Return the network interface associated with an SSL TCP socket.
Definition ssl.h:232
const char * GetCertificatePEM()
Function that returns a pointer to the compiled in server certificate.
Definition SSH/SecureSerToEthFactoryApp/src/ssluser.cpp:146
int SSLReadWithTimeout(int fd, char *cp, int size, uint32_t timeout)
SSL mirror of the ReadWithTiemout() function.
uint32_t SSL_TcpGetLastRxTime(int fd)
SSL mirror of TcpGetLastRxTime().
Definition ssl.h:316
bool SSL_GetSubjectNameFromCert(unsigned char *certBuff, int certLen, unsigned char *subNamBuf, int subNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the subject name from a certificate blob in the PEM format.
bool SSL_GetCnFromCert(unsigned char *certBuff, int certLen, unsigned char *comNamBuf, int comNamBufLen, uint16_t certBuffFormat=SSL_FILETYPE_PEM)
Returns the common name from a certificate blob in the PEM format.
@ E_BAD_EXPIRATION_VALUE
Unable to read the expiration information from the certificate.
@ E_CERT_EXPIRED
Certificate expired.
@ E_CERT_VALID
Certificate not expired.
@ E_NO_SYSTEM_TIME
The system time has not been set.
uint16_t GetSocketLocalPort(int fd)
Returns the local port number associated with the connection.
int TcpGetSocketInterface(int fd)
Return the network interface associated with a TCP socket.
IPADDR GetSocketLocalAddr(int fd)
Returns the IP address of the local interface associated with the connection.
Definition tcp.h:652
uint16_t GetSocketRemotePort(int fd)
Returns the port number of the remote host associated with the connection.
int GetTcpRtxCount(int fd)
Returns the number of re-transmits that have occurred on the specified connection.
void TcpSendKeepAlive(int fd)
Send a TCP keep alive packet to a remote host.
IPADDR GetSocketRemoteAddr(int fd)
Returns the IP address of the remote host associated with the specified file descriptor.
Definition tcp.h:638
uint32_t TcpGetLastRxTime(int fd)
Returns the value of system Time Ticks when the last packet was received. Used for the TCP Keep Alive...
uint32_t TcpGetLastRxInterval(int fd)
Returns the number of system Time Ticks since the last packet was received. This is the difference be...
uint8_t TcpGetSocketState(int fd)
Return the current state of a TCP socket.
NetBurner Real-Time Operating System (NBRTOS) API.
NetBurner IPADDR4 Class. See the IPADDR4 Class page for complete documentation.