Package org.apache.tomcat.jni
Class SSL
- java.lang.Object
-
- org.apache.tomcat.jni.SSL
-
public final class SSL extends java.lang.ObjectJNI bindings for OpenSSL SSL functionality.
-
-
Field Summary
Fields Modifier and Type Field Description static intSSL_AIDX_DSADSA algorithm index.static intSSL_AIDX_ECCECC algorithm index.static intSSL_AIDX_MAXMaximum algorithm index.static intSSL_AIDX_RSARSA algorithm index.static intSSL_ALGO_ALLAll algorithm types.static intSSL_ALGO_DSADSA algorithm type.static intSSL_ALGO_RSARSA algorithm type.static intSSL_ALGO_UNKNOWNUnknown algorithm type.static intSSL_CONF_FLAG_CERTIFICATEConfiguration flag for certificate context.static intSSL_CONF_FLAG_CLIENTConfiguration flag for client.static intSSL_CONF_FLAG_CMDLINEConfiguration flag for command line.static intSSL_CONF_FLAG_FILEConfiguration flag for file.static intSSL_CONF_FLAG_SERVERConfiguration flag for server.static intSSL_CONF_FLAG_SHOW_ERRORSConfiguration flag to show errors.static intSSL_CONF_TYPE_DIRDirectory configuration type.static intSSL_CONF_TYPE_FILEFile configuration type.static intSSL_CONF_TYPE_STRINGString configuration type.static intSSL_CONF_TYPE_UNKNOWNUnknown configuration type.static intSSL_CRT_FORMAT_ASN1ASN.1 certificate format.static intSSL_CRT_FORMAT_ENGINEEngine certificate format.static intSSL_CRT_FORMAT_NETSCAPENetscape certificate format.static intSSL_CRT_FORMAT_PEMPEM certificate format.static intSSL_CRT_FORMAT_PKCS12PKCS12 certificate format.static intSSL_CRT_FORMAT_SMIMES/MIME certificate format.static intSSL_CRT_FORMAT_TEXTText certificate format.static intSSL_CRT_FORMAT_UNDEFUndefined certificate format.static intSSL_CVERIFY_NONENo client certificate verification.static intSSL_CVERIFY_OPTIONALOptional client certificate verification.static intSSL_CVERIFY_OPTIONAL_NO_CAOptional client certificate verification without CA requirement.static intSSL_CVERIFY_REQUIRERequired client certificate verification.static intSSL_CVERIFY_UNSETClient verification unset.static intSSL_ERROR_NONENo SSL error.static intSSL_ERROR_SSLSSL library error.static intSSL_ERROR_SYSCALLSSL syscall error.static intSSL_ERROR_WANT_ACCEPTSSL operation wants accept.static intSSL_ERROR_WANT_CONNECTSSL operation wants connect.static intSSL_ERROR_WANT_READSSL operation would block reading.static intSSL_ERROR_WANT_WRITESSL operation would block writing.static intSSL_ERROR_WANT_X509_LOOKUPSSL operation wants X.509 lookup.static intSSL_ERROR_ZERO_RETURNSSL connection closed cleanly (zero return).static intSSL_INFO_CIPHERInfo flag for cipher name.static intSSL_INFO_CIPHER_ALGKEYSIZEInfo flag for cipher algorithm key size.static intSSL_INFO_CIPHER_DESCRIPTIONInfo flag for cipher description.static intSSL_INFO_CIPHER_USEKEYSIZEInfo flag for cipher effective key size.static intSSL_INFO_CIPHER_VERSIONInfo flag for cipher version.static intSSL_INFO_CLIENT_A_KEYInfo flag for client certificate public key algorithm.static intSSL_INFO_CLIENT_A_SIGInfo flag for client certificate signature algorithm.static intSSL_INFO_CLIENT_CERTInfo flag for client certificate data.static intSSL_INFO_CLIENT_CERT_CHAINInfo flag for client certificate chain.static intSSL_INFO_CLIENT_I_DNInfo flag for client issuer distinguished name.static intSSL_INFO_CLIENT_M_SERIALInfo flag for client certificate serial number.static intSSL_INFO_CLIENT_M_VERSIONInfo flag for client certificate version.static intSSL_INFO_CLIENT_S_DNInfo flag for client subject distinguished name.static intSSL_INFO_CLIENT_V_ENDInfo flag for client certificate validity end.static intSSL_INFO_CLIENT_V_REMAINInfo flag for client certificate validity remaining.static intSSL_INFO_CLIENT_V_STARTInfo flag for client certificate validity start.static intSSL_INFO_DN_COMMONNAMEDN field for common name.static intSSL_INFO_DN_COUNTRYNAMEDN field for country name.static intSSL_INFO_DN_DESCRIPTIONDN field for description.static intSSL_INFO_DN_EMAILADDRESSDN field for email address.static intSSL_INFO_DN_GIVENNAMEDN field for given name.static intSSL_INFO_DN_INITIALSDN field for initials.static intSSL_INFO_DN_LOCALITYNAMEDN field for locality name.static intSSL_INFO_DN_ORGANIZATIONALUNITNAMEDN field for organizational unit name.static intSSL_INFO_DN_ORGANIZATIONNAMEDN field for organization name.static intSSL_INFO_DN_STATEORPROVINCENAMEDN field for state or province name.static intSSL_INFO_DN_SURNAMEDN field for surname.static intSSL_INFO_DN_TITLEDN field for title.static intSSL_INFO_DN_UNIQUEIDENTIFIERDN field for unique identifier.static intSSL_INFO_PROTOCOLInfo flag for protocol version.static intSSL_INFO_SERVER_A_KEYInfo flag for server certificate public key algorithm.static intSSL_INFO_SERVER_A_SIGInfo flag for server certificate signature algorithm.static intSSL_INFO_SERVER_CERTInfo flag for server certificate data.static intSSL_INFO_SERVER_I_DNInfo flag for server issuer distinguished name.static intSSL_INFO_SERVER_M_SERIALInfo flag for server certificate serial number.static intSSL_INFO_SERVER_M_VERSIONInfo flag for server certificate version.static intSSL_INFO_SERVER_S_DNInfo flag for server subject distinguished name.static intSSL_INFO_SERVER_V_ENDInfo flag for server certificate validity end.static intSSL_INFO_SERVER_V_STARTInfo flag for server certificate validity start.static intSSL_INFO_SESSION_IDInfo flag for session ID.static intSSL_MODE_CLIENTClient SSL mode.static intSSL_MODE_COMBINEDCombined client and server SSL mode.static intSSL_MODE_SERVERServer SSL mode.static intSSL_OP_ALLAll bug workaround options combined.static intSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATIONAllow unsafe legacy renegotiation.static intSSL_OP_CIPHER_SERVER_PREFERENCEServer prefers its own cipher order.static intSSL_OP_DONT_INSERT_EMPTY_FRAGMENTSDisable empty fragment insertion for CBC vulnerability workaround.static intSSL_OP_EPHEMERAL_RSAAlways use ephemeral RSA key for RSA operations.static intSSL_OP_MICROSOFT_BIG_SSLV3_BUFFERWorkaround for Microsoft SSLv3 buffer bug.static intSSL_OP_MICROSOFT_SESS_ID_BUGWorkaround for Microsoft session ID bug.static intSSL_OP_MSIE_SSLV2_RSA_PADDINGWorkaround for MSIE SSLv2 RSA padding bug.static intSSL_OP_NETSCAPE_CA_DN_BUGWorkaround for Netscape CA DN bug.static intSSL_OP_NETSCAPE_CHALLENGE_BUGWorkaround for Netscape challenge bug.static intSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGWorkaround for Netscape demo cipher change bug.static intSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGWorkaround for Netscape cipher change bug.static intSSL_OP_NO_COMPRESSIONDisable compression.static intSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATIONDisallow session resumption on renegotiation.static intSSL_OP_NO_SSLv2Disable SSLv2 protocol.static intSSL_OP_NO_SSLv3Disable SSLv3 protocol.static intSSL_OP_NO_TICKETDisable TLS session tickets.static intSSL_OP_NO_TLSv1Disable TLSv1.0 protocol.static intSSL_OP_NO_TLSv1_1Disable TLSv1.1 protocol.static intSSL_OP_NO_TLSv1_2Disable TLSv1.2 protocol.static intSSL_OP_SINGLE_DH_USEAlways create a new key when using DH parameters.static intSSL_OP_SINGLE_ECDH_USEAlways create a new key when using ECDH parameters.static intSSL_OP_SSLEAY_080_CLIENT_DH_BUGWorkaround for SSLeay 0.8.0 client DH bug.static intSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUGWorkaround for SSLREF2 certificate type reuse bug.static intSSL_OP_TLS_BLOCK_PADDING_BUGWorkaround for TLS block padding bug.static intSSL_OP_TLS_D5_BUGWorkaround for TLS D5 bug.static intSSL_OP_TLS_ROLLBACK_BUGAllow TLS rollback bug workaround.static intSSL_OPT_ALLAll SSL options combined.static intSSL_OPT_EXPORTCERTDATASSL option for exporting certificate data.static intSSL_OPT_FAKEBASICAUTHSSL option for fake basic authentication.static intSSL_OPT_NONENo SSL options.static intSSL_OPT_OPTRENEGOTIATESSL option for optional renegotiation.static intSSL_OPT_RELSETSSL option for relative settings.static intSSL_OPT_STDENVVARSSSL option for standard environment variables.static intSSL_OPT_STRICTREQUIRESSL option for strict require.static intSSL_PROTOCOL_ALLstatic intSSL_PROTOCOL_NONENo protocol options.static intSSL_PROTOCOL_SSLV2SSLv2 protocol.static intSSL_PROTOCOL_SSLV3SSLv3 protocol.static intSSL_PROTOCOL_TLSV1TLSv1.0 protocol.static intSSL_PROTOCOL_TLSV1_1TLSv1.1 protocol.static intSSL_PROTOCOL_TLSV1_2TLSv1.2 protocol.static intSSL_PROTOCOL_TLSV1_3TLSv1.3 protocol.static intSSL_RECEIVED_SHUTDOWNShutdown has been received.static intSSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOLChoose last protocol on selector failure.static intSSL_SELECTOR_FAILURE_NO_ADVERTISEDo not advertise protocol on selector failure.static intSSL_SENT_SHUTDOWNShutdown has been sent.static longSSL_SESS_CACHE_OFFSession cache disabled.static longSSL_SESS_CACHE_SERVERSession cache enabled for server.static intSSL_SHUTDOWN_TYPE_ACCURATEAccurate shutdown type.static intSSL_SHUTDOWN_TYPE_STANDARDStandard shutdown type.static intSSL_SHUTDOWN_TYPE_UNCLEANUnclean shutdown type.static intSSL_SHUTDOWN_TYPE_UNSETShutdown type unset.static intSSL_TMP_KEY_DH_10241024-bit temporary DH key.static intSSL_TMP_KEY_DH_20482048-bit temporary DH key.static intSSL_TMP_KEY_DH_40964096-bit temporary DH key.static intSSL_TMP_KEY_DH_512512-bit temporary DH key.static intSSL_TMP_KEY_MAXMaximum temporary key ID.static intSSL_TMP_KEY_RSA_10241024-bit temporary RSA key.static intSSL_TMP_KEY_RSA_20482048-bit temporary RSA key.static intSSL_TMP_KEY_RSA_40964096-bit temporary RSA key.static intSSL_TMP_KEY_RSA_512512-bit temporary RSA key.static intSSL_VERIFY_CLIENT_ONCEOnly verify client certificate once per session.static intSSL_VERIFY_FAIL_IF_NO_PEER_CERTFail if no peer certificate is presented.static intSSL_VERIFY_NONENo peer verification.static intSSL_VERIFY_PEERVerify peer certificate.static intSSL_VERIFY_PEER_STRICTStrict peer verification including certificate requirement.static intUNSETUnset value.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static intdoHandshake(long ssl)SSL_do_handshakestatic intfipsModeGet()Get the status of FIPS Mode.static intfipsModeSet(int mode)Enable/Disable FIPS Mode.static voidfreeBIO(long bio)BIO_freestatic voidfreeSSL(long ssl)SSL_freestatic java.lang.StringgetAlpnSelected(long ssl)SSL_get0_alpn_selectedstatic java.lang.StringgetCipherForSSL(long ssl)SSL_get_cipher.static java.lang.String[]getCiphers(long ssl)Returns all cipher suites that are enabled for negotiation in an SSL handshake.static java.lang.StringgetErrorString(long errorNumber)Get the error number representing for the givenerrorNumber.static intgetHandshakeCount(long ssl)Return the handshake completed count.static intgetLastErrorNumber()Get the error number representing the last error OpenSSL encountered on this thread.static intgetOptions(long ssl)Get OpenSSL Option.static byte[][]getPeerCertChain(long ssl)Get the peer certificate chain ornullif none was sent.static byte[]getPeerCertificate(long ssl)Get the peer certificate ornullif none was sent.static intgetPostHandshakeAuthInProgress(long ssl)Is post handshake authentication in progress on this connection?static byte[]getSessionId(long ssl)Returns the ID of the session as byte array representation.static intgetShutdown(long ssl)SSL_get_shutdownstatic longgetTime(long ssl)SSL_get_timestatic java.lang.StringgetVersion(long ssl)SSL_get_versionstatic intinitialize(java.lang.String engine)Initialize OpenSSL support.static intisInInit(long ssl)SSL_in_init.static longmakeNetworkBIO(long ssl)Wire up internal and network BIOs for the given SSL instance.static voidmarkPostHandshakeAuthComplete(long ssl)Marks post handshake authentication complete for the connection.static longnewSSL(long ctx, boolean server)SSL_newstatic intpendingReadableBytesInSSL(long ssl)SSL_pending.static intpendingWrittenBytesInBIO(long bio)BIO_ctrl_pending.static voidrandSet(java.lang.String filename)Sets global random filename.static intreadFromBIO(long bio, long rbuf, int rlen)BIO_read.static intreadFromSSL(long ssl, long rbuf, int rlen)SSL_readstatic intrenegotiate(long ssl)SSL_renegotiatestatic intrenegotiatePending(long ssl)SSL_renegotiate_pendingstatic booleansetCipherSuites(long ssl, java.lang.String cipherList)Set the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.static booleansetCipherSuitesEx(long ssl, java.lang.String cipherSuites)Set the TLSv1.3 cipher suites available for negotiation the in TLS handshake.static voidsetOptions(long ssl, int options)Set OpenSSL Option.static voidsetVerify(long ssl, int level, int depth)Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.static intshutdownSSL(long ssl)SSL_shutdownstatic intverifyClientPostHandshake(long ssl)SSL_verify_client_post_handshakestatic intversion()Return OpenSSL version number (run time version).static java.lang.StringversionString()Return OpenSSL version string (run time version).static intwriteToBIO(long bio, long wbuf, int wlen)BIO_write.static intwriteToSSL(long ssl, long wbuf, int wlen)SSL_write.
-
-
-
Field Detail
-
UNSET
public static final int UNSET
Unset value.- See Also:
- Constant Field Values
-
SSL_ALGO_UNKNOWN
public static final int SSL_ALGO_UNKNOWN
Unknown algorithm type.- See Also:
- Constant Field Values
-
SSL_ALGO_RSA
public static final int SSL_ALGO_RSA
RSA algorithm type.- See Also:
- Constant Field Values
-
SSL_ALGO_DSA
public static final int SSL_ALGO_DSA
DSA algorithm type.- See Also:
- Constant Field Values
-
SSL_ALGO_ALL
public static final int SSL_ALGO_ALL
All algorithm types.- See Also:
- Constant Field Values
-
SSL_AIDX_RSA
public static final int SSL_AIDX_RSA
RSA algorithm index.- See Also:
- Constant Field Values
-
SSL_AIDX_DSA
public static final int SSL_AIDX_DSA
DSA algorithm index.- See Also:
- Constant Field Values
-
SSL_AIDX_ECC
public static final int SSL_AIDX_ECC
ECC algorithm index.- See Also:
- Constant Field Values
-
SSL_AIDX_MAX
public static final int SSL_AIDX_MAX
Maximum algorithm index.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_RSA_512
public static final int SSL_TMP_KEY_RSA_512
512-bit temporary RSA key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_RSA_1024
public static final int SSL_TMP_KEY_RSA_1024
1024-bit temporary RSA key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_RSA_2048
public static final int SSL_TMP_KEY_RSA_2048
2048-bit temporary RSA key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_RSA_4096
public static final int SSL_TMP_KEY_RSA_4096
4096-bit temporary RSA key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_DH_512
public static final int SSL_TMP_KEY_DH_512
512-bit temporary DH key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_DH_1024
public static final int SSL_TMP_KEY_DH_1024
1024-bit temporary DH key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_DH_2048
public static final int SSL_TMP_KEY_DH_2048
2048-bit temporary DH key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_DH_4096
public static final int SSL_TMP_KEY_DH_4096
4096-bit temporary DH key.- See Also:
- Constant Field Values
-
SSL_TMP_KEY_MAX
public static final int SSL_TMP_KEY_MAX
Maximum temporary key ID.- See Also:
- Constant Field Values
-
SSL_OPT_NONE
public static final int SSL_OPT_NONE
No SSL options.- See Also:
- Constant Field Values
-
SSL_OPT_RELSET
public static final int SSL_OPT_RELSET
SSL option for relative settings.- See Also:
- Constant Field Values
-
SSL_OPT_STDENVVARS
public static final int SSL_OPT_STDENVVARS
SSL option for standard environment variables.- See Also:
- Constant Field Values
-
SSL_OPT_EXPORTCERTDATA
public static final int SSL_OPT_EXPORTCERTDATA
SSL option for exporting certificate data.- See Also:
- Constant Field Values
-
SSL_OPT_FAKEBASICAUTH
public static final int SSL_OPT_FAKEBASICAUTH
SSL option for fake basic authentication.- See Also:
- Constant Field Values
-
SSL_OPT_STRICTREQUIRE
public static final int SSL_OPT_STRICTREQUIRE
SSL option for strict require.- See Also:
- Constant Field Values
-
SSL_OPT_OPTRENEGOTIATE
public static final int SSL_OPT_OPTRENEGOTIATE
SSL option for optional renegotiation.- See Also:
- Constant Field Values
-
SSL_OPT_ALL
public static final int SSL_OPT_ALL
All SSL options combined.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_NONE
public static final int SSL_PROTOCOL_NONE
No protocol options.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_SSLV2
public static final int SSL_PROTOCOL_SSLV2
SSLv2 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_SSLV3
public static final int SSL_PROTOCOL_SSLV3
SSLv3 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_TLSV1
public static final int SSL_PROTOCOL_TLSV1
TLSv1.0 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_TLSV1_1
public static final int SSL_PROTOCOL_TLSV1_1
TLSv1.1 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_TLSV1_2
public static final int SSL_PROTOCOL_TLSV1_2
TLSv1.2 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_TLSV1_3
public static final int SSL_PROTOCOL_TLSV1_3
TLSv1.3 protocol.- See Also:
- Constant Field Values
-
SSL_PROTOCOL_ALL
public static final int SSL_PROTOCOL_ALL
-
SSL_CVERIFY_UNSET
public static final int SSL_CVERIFY_UNSET
Client verification unset.- See Also:
- Constant Field Values
-
SSL_CVERIFY_NONE
public static final int SSL_CVERIFY_NONE
No client certificate verification.- See Also:
- Constant Field Values
-
SSL_CVERIFY_OPTIONAL
public static final int SSL_CVERIFY_OPTIONAL
Optional client certificate verification.- See Also:
- Constant Field Values
-
SSL_CVERIFY_REQUIRE
public static final int SSL_CVERIFY_REQUIRE
Required client certificate verification.- See Also:
- Constant Field Values
-
SSL_CVERIFY_OPTIONAL_NO_CA
public static final int SSL_CVERIFY_OPTIONAL_NO_CA
Optional client certificate verification without CA requirement.- See Also:
- Constant Field Values
-
SSL_VERIFY_NONE
public static final int SSL_VERIFY_NONE
No peer verification.- See Also:
- Constant Field Values
-
SSL_VERIFY_PEER
public static final int SSL_VERIFY_PEER
Verify peer certificate.- See Also:
- Constant Field Values
-
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Fail if no peer certificate is presented.- See Also:
- Constant Field Values
-
SSL_VERIFY_CLIENT_ONCE
public static final int SSL_VERIFY_CLIENT_ONCE
Only verify client certificate once per session.- See Also:
- Constant Field Values
-
SSL_VERIFY_PEER_STRICT
public static final int SSL_VERIFY_PEER_STRICT
Strict peer verification including certificate requirement.- See Also:
- Constant Field Values
-
SSL_OP_MICROSOFT_SESS_ID_BUG
public static final int SSL_OP_MICROSOFT_SESS_ID_BUG
Workaround for Microsoft session ID bug.- See Also:
- Constant Field Values
-
SSL_OP_NETSCAPE_CHALLENGE_BUG
public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG
Workaround for Netscape challenge bug.- See Also:
- Constant Field Values
-
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
Workaround for Netscape cipher change bug.- See Also:
- Constant Field Values
-
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
Workaround for SSLREF2 certificate type reuse bug.- See Also:
- Constant Field Values
-
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
Workaround for Microsoft SSLv3 buffer bug.- See Also:
- Constant Field Values
-
SSL_OP_MSIE_SSLV2_RSA_PADDING
public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING
Workaround for MSIE SSLv2 RSA padding bug.- See Also:
- Constant Field Values
-
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG
Workaround for SSLeay 0.8.0 client DH bug.- See Also:
- Constant Field Values
-
SSL_OP_TLS_D5_BUG
public static final int SSL_OP_TLS_D5_BUG
Workaround for TLS D5 bug.- See Also:
- Constant Field Values
-
SSL_OP_TLS_BLOCK_PADDING_BUG
public static final int SSL_OP_TLS_BLOCK_PADDING_BUG
Workaround for TLS block padding bug.- See Also:
- Constant Field Values
-
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Disable empty fragment insertion for CBC vulnerability workaround.- See Also:
- Constant Field Values
-
SSL_OP_ALL
public static final int SSL_OP_ALL
All bug workaround options combined.- See Also:
- Constant Field Values
-
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
Disallow session resumption on renegotiation.- See Also:
- Constant Field Values
-
SSL_OP_NO_COMPRESSION
public static final int SSL_OP_NO_COMPRESSION
Disable compression.- See Also:
- Constant Field Values
-
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
Allow unsafe legacy renegotiation.- See Also:
- Constant Field Values
-
SSL_OP_SINGLE_ECDH_USE
public static final int SSL_OP_SINGLE_ECDH_USE
Always create a new key when using ECDH parameters.- See Also:
- Constant Field Values
-
SSL_OP_SINGLE_DH_USE
public static final int SSL_OP_SINGLE_DH_USE
Always create a new key when using DH parameters.- See Also:
- Constant Field Values
-
SSL_OP_EPHEMERAL_RSA
public static final int SSL_OP_EPHEMERAL_RSA
Always use ephemeral RSA key for RSA operations.- See Also:
- Constant Field Values
-
SSL_OP_CIPHER_SERVER_PREFERENCE
public static final int SSL_OP_CIPHER_SERVER_PREFERENCE
Server prefers its own cipher order.- See Also:
- Constant Field Values
-
SSL_OP_TLS_ROLLBACK_BUG
public static final int SSL_OP_TLS_ROLLBACK_BUG
Allow TLS rollback bug workaround.- See Also:
- Constant Field Values
-
SSL_OP_NO_SSLv2
public static final int SSL_OP_NO_SSLv2
Disable SSLv2 protocol.- See Also:
- Constant Field Values
-
SSL_OP_NO_SSLv3
public static final int SSL_OP_NO_SSLv3
Disable SSLv3 protocol.- See Also:
- Constant Field Values
-
SSL_OP_NO_TLSv1
public static final int SSL_OP_NO_TLSv1
Disable TLSv1.0 protocol.- See Also:
- Constant Field Values
-
SSL_OP_NO_TLSv1_2
public static final int SSL_OP_NO_TLSv1_2
Disable TLSv1.2 protocol.- See Also:
- Constant Field Values
-
SSL_OP_NO_TLSv1_1
public static final int SSL_OP_NO_TLSv1_1
Disable TLSv1.1 protocol.- See Also:
- Constant Field Values
-
SSL_OP_NO_TICKET
public static final int SSL_OP_NO_TICKET
Disable TLS session tickets.- See Also:
- Constant Field Values
-
SSL_OP_NETSCAPE_CA_DN_BUG
public static final int SSL_OP_NETSCAPE_CA_DN_BUG
Workaround for Netscape CA DN bug.- See Also:
- Constant Field Values
-
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
Workaround for Netscape demo cipher change bug.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_UNDEF
public static final int SSL_CRT_FORMAT_UNDEF
Undefined certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_ASN1
public static final int SSL_CRT_FORMAT_ASN1
ASN.1 certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_TEXT
public static final int SSL_CRT_FORMAT_TEXT
Text certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_PEM
public static final int SSL_CRT_FORMAT_PEM
PEM certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_NETSCAPE
public static final int SSL_CRT_FORMAT_NETSCAPE
Netscape certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_PKCS12
public static final int SSL_CRT_FORMAT_PKCS12
PKCS12 certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_SMIME
public static final int SSL_CRT_FORMAT_SMIME
S/MIME certificate format.- See Also:
- Constant Field Values
-
SSL_CRT_FORMAT_ENGINE
public static final int SSL_CRT_FORMAT_ENGINE
Engine certificate format.- See Also:
- Constant Field Values
-
SSL_MODE_CLIENT
public static final int SSL_MODE_CLIENT
Client SSL mode.- See Also:
- Constant Field Values
-
SSL_MODE_SERVER
public static final int SSL_MODE_SERVER
Server SSL mode.- See Also:
- Constant Field Values
-
SSL_MODE_COMBINED
public static final int SSL_MODE_COMBINED
Combined client and server SSL mode.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_CMDLINE
public static final int SSL_CONF_FLAG_CMDLINE
Configuration flag for command line.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_FILE
public static final int SSL_CONF_FLAG_FILE
Configuration flag for file.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_CLIENT
public static final int SSL_CONF_FLAG_CLIENT
Configuration flag for client.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_SERVER
public static final int SSL_CONF_FLAG_SERVER
Configuration flag for server.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_SHOW_ERRORS
public static final int SSL_CONF_FLAG_SHOW_ERRORS
Configuration flag to show errors.- See Also:
- Constant Field Values
-
SSL_CONF_FLAG_CERTIFICATE
public static final int SSL_CONF_FLAG_CERTIFICATE
Configuration flag for certificate context.- See Also:
- Constant Field Values
-
SSL_CONF_TYPE_UNKNOWN
public static final int SSL_CONF_TYPE_UNKNOWN
Unknown configuration type.- See Also:
- Constant Field Values
-
SSL_CONF_TYPE_STRING
public static final int SSL_CONF_TYPE_STRING
String configuration type.- See Also:
- Constant Field Values
-
SSL_CONF_TYPE_FILE
public static final int SSL_CONF_TYPE_FILE
File configuration type.- See Also:
- Constant Field Values
-
SSL_CONF_TYPE_DIR
public static final int SSL_CONF_TYPE_DIR
Directory configuration type.- See Also:
- Constant Field Values
-
SSL_SHUTDOWN_TYPE_UNSET
public static final int SSL_SHUTDOWN_TYPE_UNSET
Shutdown type unset.- See Also:
- Constant Field Values
-
SSL_SHUTDOWN_TYPE_STANDARD
public static final int SSL_SHUTDOWN_TYPE_STANDARD
Standard shutdown type.- See Also:
- Constant Field Values
-
SSL_SHUTDOWN_TYPE_UNCLEAN
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN
Unclean shutdown type.- See Also:
- Constant Field Values
-
SSL_SHUTDOWN_TYPE_ACCURATE
public static final int SSL_SHUTDOWN_TYPE_ACCURATE
Accurate shutdown type.- See Also:
- Constant Field Values
-
SSL_INFO_SESSION_ID
public static final int SSL_INFO_SESSION_ID
Info flag for session ID.- See Also:
- Constant Field Values
-
SSL_INFO_CIPHER
public static final int SSL_INFO_CIPHER
Info flag for cipher name.- See Also:
- Constant Field Values
-
SSL_INFO_CIPHER_USEKEYSIZE
public static final int SSL_INFO_CIPHER_USEKEYSIZE
Info flag for cipher effective key size.- See Also:
- Constant Field Values
-
SSL_INFO_CIPHER_ALGKEYSIZE
public static final int SSL_INFO_CIPHER_ALGKEYSIZE
Info flag for cipher algorithm key size.- See Also:
- Constant Field Values
-
SSL_INFO_CIPHER_VERSION
public static final int SSL_INFO_CIPHER_VERSION
Info flag for cipher version.- See Also:
- Constant Field Values
-
SSL_INFO_CIPHER_DESCRIPTION
public static final int SSL_INFO_CIPHER_DESCRIPTION
Info flag for cipher description.- See Also:
- Constant Field Values
-
SSL_INFO_PROTOCOL
public static final int SSL_INFO_PROTOCOL
Info flag for protocol version.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_S_DN
public static final int SSL_INFO_CLIENT_S_DN
Info flag for client subject distinguished name.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_I_DN
public static final int SSL_INFO_CLIENT_I_DN
Info flag for client issuer distinguished name.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_S_DN
public static final int SSL_INFO_SERVER_S_DN
Info flag for server subject distinguished name.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_I_DN
public static final int SSL_INFO_SERVER_I_DN
Info flag for server issuer distinguished name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_COUNTRYNAME
public static final int SSL_INFO_DN_COUNTRYNAME
DN field for country name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_STATEORPROVINCENAME
public static final int SSL_INFO_DN_STATEORPROVINCENAME
DN field for state or province name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_LOCALITYNAME
public static final int SSL_INFO_DN_LOCALITYNAME
DN field for locality name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_ORGANIZATIONNAME
public static final int SSL_INFO_DN_ORGANIZATIONNAME
DN field for organization name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_ORGANIZATIONALUNITNAME
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME
DN field for organizational unit name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_COMMONNAME
public static final int SSL_INFO_DN_COMMONNAME
DN field for common name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_TITLE
public static final int SSL_INFO_DN_TITLE
DN field for title.- See Also:
- Constant Field Values
-
SSL_INFO_DN_INITIALS
public static final int SSL_INFO_DN_INITIALS
DN field for initials.- See Also:
- Constant Field Values
-
SSL_INFO_DN_GIVENNAME
public static final int SSL_INFO_DN_GIVENNAME
DN field for given name.- See Also:
- Constant Field Values
-
SSL_INFO_DN_SURNAME
public static final int SSL_INFO_DN_SURNAME
DN field for surname.- See Also:
- Constant Field Values
-
SSL_INFO_DN_DESCRIPTION
public static final int SSL_INFO_DN_DESCRIPTION
DN field for description.- See Also:
- Constant Field Values
-
SSL_INFO_DN_UNIQUEIDENTIFIER
public static final int SSL_INFO_DN_UNIQUEIDENTIFIER
DN field for unique identifier.- See Also:
- Constant Field Values
-
SSL_INFO_DN_EMAILADDRESS
public static final int SSL_INFO_DN_EMAILADDRESS
DN field for email address.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_M_VERSION
public static final int SSL_INFO_CLIENT_M_VERSION
Info flag for client certificate version.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_M_SERIAL
public static final int SSL_INFO_CLIENT_M_SERIAL
Info flag for client certificate serial number.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_V_START
public static final int SSL_INFO_CLIENT_V_START
Info flag for client certificate validity start.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_V_END
public static final int SSL_INFO_CLIENT_V_END
Info flag for client certificate validity end.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_A_SIG
public static final int SSL_INFO_CLIENT_A_SIG
Info flag for client certificate signature algorithm.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_A_KEY
public static final int SSL_INFO_CLIENT_A_KEY
Info flag for client certificate public key algorithm.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_CERT
public static final int SSL_INFO_CLIENT_CERT
Info flag for client certificate data.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_V_REMAIN
public static final int SSL_INFO_CLIENT_V_REMAIN
Info flag for client certificate validity remaining.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_M_VERSION
public static final int SSL_INFO_SERVER_M_VERSION
Info flag for server certificate version.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_M_SERIAL
public static final int SSL_INFO_SERVER_M_SERIAL
Info flag for server certificate serial number.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_V_START
public static final int SSL_INFO_SERVER_V_START
Info flag for server certificate validity start.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_V_END
public static final int SSL_INFO_SERVER_V_END
Info flag for server certificate validity end.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_A_SIG
public static final int SSL_INFO_SERVER_A_SIG
Info flag for server certificate signature algorithm.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_A_KEY
public static final int SSL_INFO_SERVER_A_KEY
Info flag for server certificate public key algorithm.- See Also:
- Constant Field Values
-
SSL_INFO_SERVER_CERT
public static final int SSL_INFO_SERVER_CERT
Info flag for server certificate data.- See Also:
- Constant Field Values
-
SSL_INFO_CLIENT_CERT_CHAIN
public static final int SSL_INFO_CLIENT_CERT_CHAIN
Info flag for client certificate chain.- See Also:
- Constant Field Values
-
SSL_SESS_CACHE_OFF
public static final long SSL_SESS_CACHE_OFF
Session cache disabled.- See Also:
- Constant Field Values
-
SSL_SESS_CACHE_SERVER
public static final long SSL_SESS_CACHE_SERVER
Session cache enabled for server.- See Also:
- Constant Field Values
-
SSL_SELECTOR_FAILURE_NO_ADVERTISE
public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE
Do not advertise protocol on selector failure.- See Also:
- Constant Field Values
-
SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
Choose last protocol on selector failure.- See Also:
- Constant Field Values
-
SSL_SENT_SHUTDOWN
public static final int SSL_SENT_SHUTDOWN
Shutdown has been sent.- See Also:
- Constant Field Values
-
SSL_RECEIVED_SHUTDOWN
public static final int SSL_RECEIVED_SHUTDOWN
Shutdown has been received.- See Also:
- Constant Field Values
-
SSL_ERROR_NONE
public static final int SSL_ERROR_NONE
No SSL error.- See Also:
- Constant Field Values
-
SSL_ERROR_SSL
public static final int SSL_ERROR_SSL
SSL library error.- See Also:
- Constant Field Values
-
SSL_ERROR_WANT_READ
public static final int SSL_ERROR_WANT_READ
SSL operation would block reading.- See Also:
- Constant Field Values
-
SSL_ERROR_WANT_WRITE
public static final int SSL_ERROR_WANT_WRITE
SSL operation would block writing.- See Also:
- Constant Field Values
-
SSL_ERROR_WANT_X509_LOOKUP
public static final int SSL_ERROR_WANT_X509_LOOKUP
SSL operation wants X.509 lookup.- See Also:
- Constant Field Values
-
SSL_ERROR_SYSCALL
public static final int SSL_ERROR_SYSCALL
SSL syscall error.- See Also:
- Constant Field Values
-
SSL_ERROR_ZERO_RETURN
public static final int SSL_ERROR_ZERO_RETURN
SSL connection closed cleanly (zero return).- See Also:
- Constant Field Values
-
SSL_ERROR_WANT_CONNECT
public static final int SSL_ERROR_WANT_CONNECT
SSL operation wants connect.- See Also:
- Constant Field Values
-
SSL_ERROR_WANT_ACCEPT
public static final int SSL_ERROR_WANT_ACCEPT
SSL operation wants accept.- See Also:
- Constant Field Values
-
-
Method Detail
-
version
public static int version()
Return OpenSSL version number (run time version).- Returns:
- OpenSSL version number
-
versionString
public static java.lang.String versionString()
Return OpenSSL version string (run time version).- Returns:
- OpenSSL version string
-
initialize
public static int initialize(java.lang.String engine)
Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to be called before.- Parameters:
engine- Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto operations.- Returns:
- APR status code
-
fipsModeGet
public static int fipsModeGet() throws java.lang.ExceptionGet the status of FIPS Mode.- Returns:
- FIPS_mode return code. It is
0if OpenSSL is not in FIPS mode,1if OpenSSL is in FIPS Mode. - Throws:
java.lang.Exception- If tcnative was not compiled with FIPS Mode available.- See Also:
- OpenSSL method FIPS_mode()
-
fipsModeSet
public static int fipsModeSet(int mode) throws java.lang.ExceptionEnable/Disable FIPS Mode.- Parameters:
mode- 1 - enable, 0 - disable- Returns:
- FIPS_mode_set return code
- Throws:
java.lang.Exception- If tcnative was not compiled with FIPS Mode available, or ifFIPS_mode_set()call returned an error value.- See Also:
- OpenSSL method FIPS_mode_set()
-
randSet
public static void randSet(java.lang.String filename)
Sets global random filename.- Parameters:
filename- Filename to use. If set it will be used for SSL initialization and all contexts where explicitly not set.
-
getHandshakeCount
public static int getHandshakeCount(long ssl)
Return the handshake completed count.- Parameters:
ssl- SSL pointer- Returns:
- the count
-
newSSL
public static long newSSL(long ctx, boolean server)SSL_new- Parameters:
ctx- Server or Client context to use.server- if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines- Returns:
- pointer to SSL instance (SSL *)
-
pendingWrittenBytesInBIO
public static int pendingWrittenBytesInBIO(long bio)
BIO_ctrl_pending.- Parameters:
bio- BIO pointer (BIO *)- Returns:
- the pending bytes count
-
pendingReadableBytesInSSL
public static int pendingReadableBytesInSSL(long ssl)
SSL_pending.- Parameters:
ssl- SSL pointer (SSL *)- Returns:
- the pending bytes count
-
writeToBIO
public static int writeToBIO(long bio, long wbuf, int wlen)BIO_write.- Parameters:
bio- BIO pointerwbuf- Buffer pointerwlen- Write length- Returns:
- the bytes count written
-
readFromBIO
public static int readFromBIO(long bio, long rbuf, int rlen)BIO_read.- Parameters:
bio- BIO pointerrbuf- Buffer pointerrlen- Read length- Returns:
- the bytes count read
-
writeToSSL
public static int writeToSSL(long ssl, long wbuf, int wlen)SSL_write.- Parameters:
ssl- the SSL instance (SSL *)wbuf- Buffer pointerwlen- Write length- Returns:
- the bytes count written
-
readFromSSL
public static int readFromSSL(long ssl, long rbuf, int rlen)SSL_read- Parameters:
ssl- the SSL instance (SSL *)rbuf- Buffer pointerrlen- Read length- Returns:
- the bytes count read
-
getShutdown
public static int getShutdown(long ssl)
SSL_get_shutdown- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
freeSSL
public static void freeSSL(long ssl)
SSL_free- Parameters:
ssl- the SSL instance (SSL *)
-
makeNetworkBIO
public static long makeNetworkBIO(long ssl)
Wire up internal and network BIOs for the given SSL instance.Warning: you must explicitly free this resource by calling freeBIO
While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.
- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- pointer to the Network BIO (BIO *)
-
freeBIO
public static void freeBIO(long bio)
BIO_free- Parameters:
bio- BIO pointer
-
shutdownSSL
public static int shutdownSSL(long ssl)
SSL_shutdown- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
getLastErrorNumber
public static int getLastErrorNumber()
Get the error number representing the last error OpenSSL encountered on this thread.- Returns:
- the last error number
-
getCipherForSSL
public static java.lang.String getCipherForSSL(long ssl)
SSL_get_cipher.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the cipher name
-
getVersion
public static java.lang.String getVersion(long ssl)
SSL_get_version- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the SSL version in use
-
doHandshake
public static int doHandshake(long ssl)
SSL_do_handshake- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the handshake status
-
renegotiate
public static int renegotiate(long ssl)
SSL_renegotiate- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
renegotiatePending
public static int renegotiatePending(long ssl)
SSL_renegotiate_pending- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
verifyClientPostHandshake
public static int verifyClientPostHandshake(long ssl)
SSL_verify_client_post_handshake- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
getPostHandshakeAuthInProgress
public static int getPostHandshakeAuthInProgress(long ssl)
Is post handshake authentication in progress on this connection?- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the operation status
-
markPostHandshakeAuthComplete
public static void markPostHandshakeAuthComplete(long ssl)
Marks post handshake authentication complete for the connection. Used when JSSE is performing certificate verification for OpenSSL.- Parameters:
ssl- the SSL instance (SSL *)
-
isInInit
public static int isInInit(long ssl)
SSL_in_init.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the status
-
getAlpnSelected
public static java.lang.String getAlpnSelected(long ssl)
SSL_get0_alpn_selected- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the ALPN protocol negotiated
-
getPeerCertChain
public static byte[][] getPeerCertChain(long ssl)
Get the peer certificate chain ornullif none was sent.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the certificate chain bytes
-
getPeerCertificate
public static byte[] getPeerCertificate(long ssl)
Get the peer certificate ornullif none was sent.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the certificate bytes
-
getErrorString
public static java.lang.String getErrorString(long errorNumber)
Get the error number representing for the givenerrorNumber.- Parameters:
errorNumber- The error code- Returns:
- an error message
-
getTime
public static long getTime(long ssl)
SSL_get_time- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- returns the time at which the session ssl was established. The time is given in seconds since the Epoch
-
setVerify
public static void setVerify(long ssl, int level, int depth)Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
The following levels are available for level:SSL_CVERIFY_NONE - No client Certificate is required at all SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate but it need not to be (successfully) verifiable
The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is undersetCACertificatePath, etc).- Parameters:
ssl- the SSL instance (SSL *)level- Type of Client Certificate verification.depth- Maximum depth of CA Certificates in Client Certificate verification.
-
setOptions
public static void setOptions(long ssl, int options)Set OpenSSL Option.- Parameters:
ssl- the SSL instance (SSL *)options- See SSL.SSL_OP_* for option flags.
-
getOptions
public static int getOptions(long ssl)
Get OpenSSL Option.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- options See SSL.SSL_OP_* for option flags.
-
getCiphers
public static java.lang.String[] getCiphers(long ssl)
Returns all cipher suites that are enabled for negotiation in an SSL handshake.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- ciphers
-
setCipherSuites
public static boolean setCipherSuites(long ssl, java.lang.String cipherList) throws java.lang.ExceptionSet the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the ciphers the client is permitted to negotiate in the TLS handshake phase.
- Parameters:
ssl- The SSL instance (SSL *)cipherList- An OpenSSL cipher specification.- Returns:
trueif the operation was successful- Throws:
java.lang.Exception- An error occurred
-
setCipherSuitesEx
public static boolean setCipherSuitesEx(long ssl, java.lang.String cipherSuites) throws java.lang.ExceptionSet the TLSv1.3 cipher suites available for negotiation the in TLS handshake.This uses a colon-separated list of TLSv1.3 cipher suite names in preference order.
- Parameters:
ssl- The SSL instance (SSL *)cipherSuites- An OpenSSL cipher suite list.- Returns:
trueif the operation was successful- Throws:
java.lang.Exception- An error occurred
-
getSessionId
public static byte[] getSessionId(long ssl)
Returns the ID of the session as byte array representation.- Parameters:
ssl- the SSL instance (SSL *)- Returns:
- the session as byte array representation obtained via SSL_SESSION_get_id.
-
-