Crypt-MatrixSSL3
view release on metacpan or search on metacpan
\&certValidator, $expectedName,
$extensions, \&extensionCback,
);
matrixSslNewClientSession( $ssl,
$keys, $sessID, \@cipherSuites,
\&certValidator, $expectedName,
$extensions, \&extensionCback,
)
Return new object $ssl. Throw exception if matrixSslNewClientSession()
doesn't return MATRIXSSL_REQUEST_SEND. When this object will be
destroyed will call:
matrixSslDeleteSession( $ssl )
More information about callbacks "certValidator" and "extensionCback"
in the "CALLBACKS" section.
Crypt::MatrixSSL3::Server
new
$ssl = Crypt::MatrixSSL3::Server->new( $keys, \&certValidator );
matrixSslNewServerSession( $ssl, $keys, \&certValidator )
Return new object $ssl. Throw exception if matrixSslNewServerSession()
doesn't return PS_SUCCESS. When this object will be destroyed will
call:
matrixSslDeleteSession( $ssl )
More information about callback "certValidator" in the "CALLBACKS"
section.
init_SNI
$ssl->init_SNI( $sserver_index, $sni_params );
This function should be called only once when the server is
initialized.
Parameters:
$server_index
Server structure index returned by create_SSL_server()
$sni_params [{...},...] or undef
This is a reference to an array that contains one or more array
references:
$sni_params = [ # virtual hosts support - when a client sends a TLS SNI extension, the settings below will apply
# based on the requested hostname
# virtual host 0 (also referred in the code as SNI entry 0)
{
'hostname' => 'hostname', # regular expression for matching the hostname
'cert' => '/path/to/certificate;/path/to/CA-chain', # KEY - certificate (the CA-chain is optional)
'key' => '/path/to/private_key', # KEY - private key
'DH_param' => /path/to/DH_params', # KEY - file containing the DH parameter used with DH ciphers
'session_ticket_keys' => { # session tickets setup
'id' => '1234567890123456', # KEY - TLS session tickets - 16 bytes unique identifier
'encrypt_key' => '12345678901234567890123456789012', # KEY - TLS session tickets - 128/256 bit encryption key
'hash_key' => '12345678901234567890123456789012', # KEY - TLS session tickets - 256 bit hash key
},
'OCSP_staple' => '/path/to/OCSP_staple.der', # SESSION - file containing a OCSP staple that gets sent when a client
# send a TLS status request extension
'SCT_params' => [ # SESSION - Certificate Transparency SCT files used to build the
# 'signed_certificate_timestamp' TLS extension data buffer
'/path/to/SCT1.sct',
'/path/to/SCT2.sct',
...
],
# instead of the Certificate Transparency SCT files you can specify a scalar with a single file that contains multiple SCT files
# note that this file is not just a concatenation of the SCT files, but a ready-to-use 'signed_certificate_timestamp' TLS extension data buffer
# see ct-submit.pl for more info
#'SCT_params' => '/path/to/CT_extension_data_buffer',
'ALPN' => ['protocol1', 'protocol2'] # SESSION - server supported protocols
},
# virtual host 1
...
]
set_server_params
$ssl->set_server_params( $server_index, $sv_params );
Used to set the server supported protocols used when a client send a
TLS ALPN extension.
Note that this function call only affects the default server. Virtual
hosts are managed by using the $ssl->init_SNI(...).
See $ssl->init_SNI(...) for usage.
Parameters:
$server_index
Server structure index returned by create_SSL_server()
$sv_params {...} or undef
This is a reference to a hash with the following structure (all keys
are optional):
$sv_params = {
'ALPN' => ['protocol1', 'protocol2']
}
If you specify the 'ALPN' parameter, you should also provide an ALPN
callback. More information about callback "ALPNCallback" in the
"CALLBACKS" section.
set_callbacks
$ssl->set_callbacks( $server_index, $ssl_id );
Parameters:
( run in 2.020 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )