wolfSSL Manual

Docs -> wolfSSL Manual

Chapter 17: wolfSSL API Reference


17.2  Certificates and Keys


The functions in this section have to do with loading certificates and keys into wolfSSL.






CyaSSL_CTX_load_verify_buffer


Synopsis:

int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,                                                                   long sz, int format);


Description:

This function loads a CA certificate buffer into the CYASSL Context.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.  More than one CA certificate may be loaded per buffer as long as the format is in PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.


Parameters:


ctx - pointer to the SSL context, created with CyaSSL_CTX_new().


in - pointer to the CA certificate buffer


sz - size of the input CA certificate buffer, in.


format - format of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int ret = 0;

int sz = 0;

CYASSL_CTX* ctx;

byte certBuff[...];


...


ret = CyaSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// error loading CA certs from buffer

}


...


See Also:

CyaSSL_CTX_load_verify_locations

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_CTX_load_verify_locations


Synopsis:

int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,

                                                                       const char* path);


Description:

This function loads PEM-formatted CA certificate files into the SSL context (CYASSL_CTX).  These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake.  


The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates.  If multiple CA certs are included in the same file, CyaSSL will load them in the same order they are presented in the file.  The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed.  If path is specified and NO_CYASSL_DIR was not defined when building the library, CyaSSL will load all CA certificates located in the given directory.  


Please see the examples for proper usage.


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_FAILURE will be returned if ctx is NULL, or if both file and path are NULL.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.


BAD_PATH_ERROR will be returned if opendir() fails when trying to open path.


Parameters:


ctx - pointer to the SSL context, created with CyaSSL_CTX_new().


file - pointer to name of the file containing PEM-formatted CA certificates


path - pointer to the name of a directory to load PEM-formatted certificates from.


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_load_verify_locations(ctx, “./ca-cert.pem”, 0);

if (ret != SSL_SUCCESS) {

// error loading CA certs

}


...


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_file

CyaSSL_CTX_use_PrivateKey_file

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_file

CyaSSL_use_certificate_file

CyaSSL_use_PrivateKey_file

CyaSSL_use_certificate_chain_file






CyaSSL_CTX_use_PrivateKey_buffer


Synopsis:

int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx, const unsigned char* in,                                                    long sz, int format);


Description:

This function loads a private key buffer into the SSL Context.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


NO_PASSWORD will be returned if the key file is encrypted but no password is provided.


Parameters:


ctx - pointer to the SSL context, created with CyaSSL_CTX_new().


in - the input buffer containing the private key to be loaded.


sz - the size of the input buffer.


format - the format of the private key located in the input buffer (in).  Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int ret = 0;

int sz = 0;

CYASSL_CTX* ctx;

byte keyBuff[...];


...


ret = CyaSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// error loading private key from buffer

}


...


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_CTX_use_PrivateKey_file


Synopsis:

int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file, int format);


Description:

This function loads a private key file into the SSL context (CYASSL_CTX).  The file is provided by the file argument.  The format argument specifies the format type of the file - SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS, otherwise SSL_FAILURE will be returned.  If the function call fails, possible causes might include:


- The file is in the wrong format, or the wrong format has been given using the “format” argument

- The file doesn’t exist, can’t be read, or is corrupted

- An out of memory condition occurs

- Base16 decoding fails on the file

- The key file is encrypted but no password is provided


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pem”,

                                    SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// error loading key file

}


...


See Also:

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_use_PrivateKey_file

CyaSSL_use_PrivateKey_buffer






CyaSSL_CTX_use_certificate_buffer


Synopsis:

int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx, const unsigned char* in,                                                                          long sz, int format);


Description:

This function loads a certificate buffer into the CYASSL Context.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


Parameters:


ctx - pointer to the SSL context, created with CyaSSL_CTX_new().


in - the input buffer containing the certificate to be loaded.


sz - the size of the input buffer.


format - the format of the certificate located in the input buffer (in).  Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int ret = 0;

int sz = 0;

CYASSL_CTX* ctx;

byte certBuff[...];


...


ret = CyaSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// error loading certificate from buffer

}


...


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_CTX_use_certificate_chain_buffer


Synopsis:

int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,

const unsigned char* in,

long sz);


Description:

This function loads a certificate chain buffer into the CYASSL Context.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.


Parameters:


ctx - pointer to the SSL context, created with CyaSSL_CTX_new().


in - the input buffer containing the PEM-formatted certificate chain to be loaded.


sz - the size of the input buffer.


Example:


int ret = 0;

int sz = 0;

CYASSL_CTX* ctx;

byte certChainBuff[...];


...


ret = CyaSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);

if (ret != SSL_SUCCESS) {

// error loading certificate chain from buffer

}


...


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_CTX_use_certificate_chain_file


Synopsis:

int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file);


Description:

This function loads a chain of certificates into the SSL context (CYASSL_CTX).  The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates.  This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert.


Return Values:

If successful the call will return SSL_SUCCESS, otherwise SSL_FAILURE will be returned.  If the function call fails, possible causes might include:


- The file is in the wrong format, or the wrong format has been given using the “format” argument

- file doesn’t exist, can’t be read, or is corrupted

- an out of memory condition occurs


Parameters:


ctx - a pointer to a CYASSL_CTX structure, created using CyaSSL_CTX_new()


file - a pointer to the name of the file containing the chain of certificates to be loaded into the CyaSSL SSL context.  Certificates must be in PEM format.


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pem”);

if (ret != SSL_SUCCESS) {

// error loading cert file

}


...


See Also:

CyaSSL_CTX_use_certificate_file

CyaSSL_CTX_use_certificate_buffer

CyaSSL_use_certificate_file

CyaSSL_use_certificate_buffer






CyaSSL_CTX_use_certificate_file


Synopsis:

int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file, int format);


Description:

This function loads a certificate file into the SSL context (CYASSL_CTX).  The file is provided by the file argument.  The format argument specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.  Please see the examples for proper usage.


Return Values:

If successful the call will return SSL_SUCCESS, otherwise SSL_FAILURE will be returned.  If the function call fails, possible causes might include:


- The file is in the wrong format, or the wrong format has been given using the “format” argument

- file doesn’t exist, can’t be read, or is corrupted

- an out of memory condition occurs

- Base16 decoding fails on the file


Parameters:


ctx - a pointer to a CYASSL_CTX structure, created using CyaSSL_CTX_new()


file - a pointer to the name of the file containing the certificate to be loaded into the CyaSSL SSL context.


format - format of the certificates pointed to by file.  Possible options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_use_certificate_file(ctx, “./client-cert.pem”,

                                     SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// error loading cert file

}


...


See Also:

CyaSSL_CTX_use_certificate_buffer

CyaSSL_use_certificate_file

CyaSSL_use_certificate_buffer






CyaSSL_SetTmpDH


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_SetTmpDH(CYASSL* ssl, unsigned char* p, int pSz, unsigned char* g,

       int gSz);


Description:

Server Diffie-Hellman Ephemeral parameters setting.  This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE.  


Return Values:

If successful the call will return SSL_SUCCESS.


MEMORY_ERROR will be returned if a memory error was encountered.


SIDE_ERROR will be returned if this function is called on an SSL client instead of an SSL server.


Parameters:


ssl - a pointer to a CYASSL structure, created using CyaSSL_new().


p - Diffie-Hellman prime number parameter.


pSz - size of p.


g - Diffie-Hellman “generator” parameter.


gSz - size of g.


Example:


CYASSL* ssl;

static unsigned char p[] = {...};

static unsigned char g[] = {...};

...

CyaSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));


See Also:

SSL_accept






CyaSSL_use_PrivateKey_buffer


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl, const unsigned char* in,                                                                  long sz, int format);


Description:

This function loads a private key buffer into the CYASSL object.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


NO_PASSWORD will be returned if the key file is encrypted but no password is provided.


Parameters:


ssl - pointer to the SSL session, created with CyaSSL_new().


in - buffer containing private key to load.


sz - size of the private key located in buffer.


format - format of the private key to be loaded.  Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int buffSz;

int ret;

byte keyBuff[...];

CYASSL* ssl = 0;

...


ret = CyaSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// failed to load private key from buffer

}


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_use_certificate_buffer


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_use_certificate_buffer(CYASSL* ssl, const unsigned char* in,                                                               long sz, int format);


Description:

This function loads a certificate buffer into the CYASSL object.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


Parameters:


ssl - pointer to the SSL session, created with CyaSSL_new().


in - buffer containing certificate to load.


sz - size of the certificate located in buffer.


format - format of the certificate to be loaded.  Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.


Example:


int buffSz;

int ret;

byte certBuff[...];

CYASSL* ssl = 0;

...


ret = CyaSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);

if (ret != SSL_SUCCESS) {

// failed to load certificate from buffer

}


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_use_certificate_chain_buffer


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl, const unsigned char* in,                                                                           long sz);


Description:

This function loads a certificate chain buffer into the CYASSL object.  It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.  The buffer is provided by the in argument of size sz.  The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILETYPE will be returned if the file is the wrong format.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.


Parameters:


ssl - pointer to the SSL session, created with CyaSSL_new().


in - buffer containing certificate to load.


sz - size of the certificate located in buffer.


Example:


int buffSz;

int ret;

byte certChainBuff[...];

CYASSL* ssl = 0;

...


ret = CyaSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);

if (ret != SSL_SUCCESS) {

// failed to load certificate chain from buffer

}


See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_NTRUPrivateKey_file

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer






CyaSSL_CTX_der_load_verify_locations


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,

                                                                                int format);


Description:

This function is similar to CyaSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (CYASSL_CTX).  It may still be used to load PEM-formatted CA files as well.  These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake.


The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates.  If multiple CA certs are included in the same file, CyaSSL will load them in the same order they are presented in the file.  The format argument specifies the format which the certificates are in - either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER).  Unlike CyaSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path.


Note that this function is only available when the CyaSSL library was compiled with CYASSL_DER_LOAD defined.


Return Values:

If successful the call will return SSL_SUCCESS, otherwise SSL_FAILURE will be returned upon failure.


Parameters:


ctx - a pointer to a CYASSL_CTX structure, created using CyaSSL_CTX_new()


file - a pointer to the name of the file containing the CA certificates to be loaded into the CyaSSL SSL context, with format as specified by format.


format - the encoding type of the certificates specified by file.  Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.der”,

                                          SSL_FILETYPE_ASN1);

if (ret != SSL_SUCCESS) {

// error loading CA certs

}


...


See Also:

CyaSSL_CTX_load_verify_locations

CyaSSL_CTX_load_verify_buffer






CyaSSL_CTX_use_NTRUPrivateKey_file


Synopsis:

#include <cyassl/ssl.h>


int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file);


Description:

This function loads an NTRU private key file into the CYASSL Context.  It behaves like the normal version, only differing in its ability to accept an NTRU raw key file.   This function is needed since the format of the file is different than the normal key file (buffer) functions.  Please see the examples for proper usage.   


Return Values:

If successful the call will return SSL_SUCCESS.


SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.


MEMORY_E will be returned if an out of memory condition occurs.


ASN_INPUT_E will be returned if Base16 decoding fails on the file.


BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.


NO_PASSWORD will be returned if the key file is encrypted but no password is provided.


Parameters:


ctx - a pointer to a CYASSL_CTX structure, created using CyaSSL_CTX_new()


file - a pointer to the name of the file containing the NTRU private key to be loaded into the CyaSSL SSL context.


Example:


int ret = 0;

CYASSL_CTX* ctx;


...


ret = CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, “./ntru-key.raw”);

if (ret != SSL_SUCCESS) {

// error loading NTRU private key

}


...



See Also:

CyaSSL_CTX_load_verify_buffer

CyaSSL_CTX_use_certificate_buffer

CyaSSL_CTX_use_PrivateKey_buffer

CyaSSL_CTX_use_certificate_chain_buffer

CyaSSL_use_certificate_buffer

CyaSSL_use_PrivateKey_buffer

CyaSSL_use_certificate_chain_buffer






CyaSSL_KeepArrays


Synopsis:

#include <cyassl/ssl.h>


void CyaSSL_KeepArrays(CYASSL* ssl);


Description:

Normally, at the end of the SSL handshake, CyaSSL frees temporary arrays.  Calling this function before the handshake begins will prevent CyaSSL from freeing temporary arrays.  Temporary arrays may be needed for things such as CyaSSL_get_keys() or PSK hints.


When the user is done with temporary arrays, either CyaSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed.


Return Values:

This function has no return value.


Parameters:


ssl - a pointer to a CYASSL structure, created using CyaSSL_new().


Example:


CYASSL* ssl;

...

CyaSSL_KeepArrays(ssl);


See Also:

CyaSSL_FreeArrays






CyaSSL_FreeArrays


Synopsis:

#include <cyassl/ssl.h>


void CyaSSL_FreeArrays(CYASSL* ssl);


Description:

Normally, at the end of the SSL handshake, CyaSSL frees temporary arrays.  If CyaSSL_KeepArrays() has been called before the handshake, CyaSSL will not free temporary arrays.  This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources.


Return Values:

This function has no return value.


Parameters:


ssl - a pointer to a CYASSL structure, created using CyaSSL_new().


Example:


CYASSL* ssl;

...

CyaSSL_FreeArrays(ssl);


See Also:

CyaSSL_KeepArrays




 

Questions? +1 (425) 245-8247