Crypt-MatrixSSL3
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Crypt/MatrixSSL3.pm view on Meta::CPAN
$extensions, \&extensionCback,
);
matrixSslNewClientSession( $ssl,
$keys, $sessID, \@cipherSuites,
\&certValidator, $expectedName,
$extensions, \&extensionCback,
)
Return new object $ssl.
Throw exception if matrixSslNewClientSession() doesn't return
MATRIXSSL_REQUEST_SEND.
When this object will be destroyed will call:
matrixSslDeleteSession( $ssl )
More information about callbacks L</certValidator> and L</extensionCback>
in the L</CALLBACKS> section.
=head2 Crypt::MatrixSSL3::Server
=head3 new
$ssl = Crypt::MatrixSSL3::Server->new( $keys, \&certValidator );
matrixSslNewServerSession( $ssl, $keys, \&certValidator )
Return new object $ssl.
Throw exception if matrixSslNewServerSession() doesn't return PS_SUCCESS.
When this object will be destroyed will call:
matrixSslDeleteSession( $ssl )
More information about callback L</certValidator> in the L</CALLBACKS> section.
=head3 init_SNI
$ssl->init_SNI( $sserver_index, $sni_params );
This function should be called only once when the server is initialized.
Parameters:
=over
=item $server_index
Server structure index returned by C<create_SSL_server()>
=item $sni_params [{...},...] or undef
This is a reference to an array that contains one or more array references:
$sni_params = [ # virtual hosts support - when a client sends a TLS SNI extension, the settings below will apply
# based on the requested hostname
# virtual host 0 (also referred in the code as SNI entry 0)
{
'hostname' => 'hostname', # regular expression for matching the hostname
'cert' => '/path/to/certificate;/path/to/CA-chain', # KEY - certificate (the CA-chain is optional)
'key' => '/path/to/private_key', # KEY - private key
'DH_param' => /path/to/DH_params', # KEY - file containing the DH parameter used with DH ciphers
'session_ticket_keys' => { # session tickets setup
'id' => '1234567890123456', # KEY - TLS session tickets - 16 bytes unique identifier
'encrypt_key' => '12345678901234567890123456789012', # KEY - TLS session tickets - 128/256 bit encryption key
'hash_key' => '12345678901234567890123456789012', # KEY - TLS session tickets - 256 bit hash key
},
'OCSP_staple' => '/path/to/OCSP_staple.der', # SESSION - file containing a OCSP staple that gets sent when a client
# send a TLS status request extension
'SCT_params' => [ # SESSION - Certificate Transparency SCT files used to build the
# 'signed_certificate_timestamp' TLS extension data buffer
'/path/to/SCT1.sct',
'/path/to/SCT2.sct',
...
],
# instead of the Certificate Transparency SCT files you can specify a scalar with a single file that contains multiple SCT files
# note that this file is not just a concatenation of the SCT files, but a ready-to-use 'signed_certificate_timestamp' TLS extension data buffer
# see ct-submit.pl for more info
#'SCT_params' => '/path/to/CT_extension_data_buffer',
'ALPN' => ['protocol1', 'protocol2'] # SESSION - server supported protocols
},
# virtual host 1
...
]
=back
=head3 set_server_params
$ssl->set_server_params( $server_index, $sv_params );
Used to set the server supported protocols used when a client send a TLS
ALPN extension.
Note that this function call only affects the B<default server>. Virtual
hosts are managed by using the $ssl->init_SNI(...).
See $ssl->init_SNI(...) for usage.
Parameters:
=over
=item $server_index
Server structure index returned by C<create_SSL_server()>
=item $sv_params {...} or undef
This is a reference to a hash with the following structure (all keys are optional):
$sv_params = {
'ALPN' => ['protocol1', 'protocol2']
}
If you specify the 'ALPN' parameter, you should also provide
an ALPN callback. More information about callback L</ALPNCallback>
in the L</CALLBACKS> section.
=back
view release on metacpan - search on metacpan
( run in 1.218 second using v1.00-cache-2.02-grep-82fe00e-cpan-2cc899e4a130 )