1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
|
# Net::SSLeay.pm - Perl module for using Eric Young's implementation of SSL
#
# Copyright (c) 1996-2003 Sampo Kellomäki <sampo@iki.fi>
# Copyright (c) 2005-2010 Florian Ragwitz <rafl@debian.org>
# Copyright (c) 2005-2018 Mike McCauley <mikem@airspayce.com>
# Copyright (c) 2018- Chris Novakovic <chris@chrisn.me.uk>
# Copyright (c) 2018- Tuure Vartiainen <vartiait@radiatorsoftware.com>
# Copyright (c) 2018- Heikki Vatiainen <hvn@radiatorsoftware.com>
#
# All rights reserved.
#
# This module is released under the terms of the Artistic License 2.0. For
# details, see the LICENSE file distributed with Net-SSLeay's source code.
package Net::SSLeay;
use 5.8.1;
use strict;
use Carp;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $AUTOLOAD $CRLF);
use Socket;
use Errno;
require Exporter;
use AutoLoader;
# 0=no warns, 1=only errors, 2=ciphers, 3=progress, 4=dump data
$Net::SSLeay::trace = 0; # Do not change here, use
# $Net::SSLeay::trace = [1-4] in caller
# 2 = insist on v2 SSL protocol
# 3 = insist on v3 SSL
# 10 = insist on TLSv1
# 11 = insist on TLSv1.1
# 12 = insist on TLSv1.2
# 13 = insist on TLSv1.3
# 0 or undef = guess (v23)
#
$Net::SSLeay::ssl_version = 0; # don't change here, use
# Net::SSLeay::version=[2,3,0] in caller
#define to enable the "cat /proc/$$/stat" stuff
$Net::SSLeay::linux_debug = 0;
# Number of seconds to sleep after sending message and before half
# closing connection. Useful with antiquated broken servers.
$Net::SSLeay::slowly = 0;
# RANDOM NUMBER INITIALIZATION
#
# Edit to your taste. Using /dev/random would be more secure, but may
# block if randomness is not available, thus the default is
# /dev/urandom. $how_random determines how many bits of randomness to take
# from the device. You should take enough (read SSLeay/doc/rand), but
# beware that randomness is limited resource so you should not waste
# it either or you may end up with randomness depletion (situation where
# /dev/random would block and /dev/urandom starts to return predictable
# numbers).
#
# N.B. /dev/urandom does not exist on all systems, such as Solaris 2.6. In that
# case you should get a third party package that emulates /dev/urandom
# (e.g. via named pipe) or supply a random number file. Some such
# packages are documented in Caveat section of the POD documentation.
$Net::SSLeay::random_device = '/dev/urandom';
$Net::SSLeay::how_random = 512;
# When updating this, also update $VERSION in the following files:
# inc/Test/Net/SSLeay.pm
# inc/Test/Net/SSLeay/Socket.pm
# lib/Net/SSLeay/Handle.pm
$VERSION = '1.93_02';
@ISA = qw(Exporter);
# This array is automatically generated - do not manually modify it.
# To add or remove a constant, edit helper_script/constants.txt, then run
# helper_script/update-exported-constants.
my @constants = qw(
AD_ACCESS_DENIED
AD_BAD_CERTIFICATE
AD_BAD_CERTIFICATE_HASH_VALUE
AD_BAD_CERTIFICATE_STATUS_RESPONSE
AD_BAD_RECORD_MAC
AD_CERTIFICATE_EXPIRED
AD_CERTIFICATE_REQUIRED
AD_CERTIFICATE_REVOKED
AD_CERTIFICATE_UNKNOWN
AD_CERTIFICATE_UNOBTAINABLE
AD_CLOSE_NOTIFY
AD_DECODE_ERROR
AD_DECOMPRESSION_FAILURE
AD_DECRYPTION_FAILED
AD_DECRYPT_ERROR
AD_EXPORT_RESTRICTION
AD_HANDSHAKE_FAILURE
AD_ILLEGAL_PARAMETER
AD_INAPPROPRIATE_FALLBACK
AD_INSUFFICIENT_SECURITY
AD_INTERNAL_ERROR
AD_MISSING_EXTENSION
AD_NO_APPLICATION_PROTOCOL
AD_NO_CERTIFICATE
AD_NO_RENEGOTIATION
AD_PROTOCOL_VERSION
AD_RECORD_OVERFLOW
AD_UNEXPECTED_MESSAGE
AD_UNKNOWN_CA
AD_UNKNOWN_PSK_IDENTITY
AD_UNRECOGNIZED_NAME
AD_UNSUPPORTED_CERTIFICATE
AD_UNSUPPORTED_EXTENSION
AD_USER_CANCELLED
ASN1_STRFLGS_ESC_CTRL
ASN1_STRFLGS_ESC_MSB
ASN1_STRFLGS_ESC_QUOTE
ASN1_STRFLGS_RFC2253
ASYNC_NO_JOBS
ASYNC_PAUSED
CB_ACCEPT_EXIT
CB_ACCEPT_LOOP
CB_ALERT
CB_CONNECT_EXIT
CB_CONNECT_LOOP
CB_EXIT
CB_HANDSHAKE_DONE
CB_HANDSHAKE_START
CB_LOOP
CB_READ
CB_READ_ALERT
CB_WRITE
CB_WRITE_ALERT
CLIENT_HELLO_CB
CLIENT_HELLO_ERROR
CLIENT_HELLO_RETRY
CLIENT_HELLO_SUCCESS
CONF_MFLAGS_DEFAULT_SECTION
CONF_MFLAGS_IGNORE_ERRORS
CONF_MFLAGS_IGNORE_MISSING_FILE
CONF_MFLAGS_IGNORE_RETURN_CODES
CONF_MFLAGS_NO_DSO
CONF_MFLAGS_SILENT
ERROR_NONE
ERROR_SSL
ERROR_SYSCALL
ERROR_WANT_ACCEPT
ERROR_WANT_ASYNC
ERROR_WANT_ASYNC_JOB
ERROR_WANT_CLIENT_HELLO_CB
ERROR_WANT_CONNECT
ERROR_WANT_READ
ERROR_WANT_RETRY_VERIFY
ERROR_WANT_WRITE
ERROR_WANT_X509_LOOKUP
ERROR_ZERO_RETURN
EVP_PKS_DSA
EVP_PKS_EC
EVP_PKS_RSA
EVP_PKT_ENC
EVP_PKT_EXCH
EVP_PKT_EXP
EVP_PKT_SIGN
EVP_PK_DH
EVP_PK_DSA
EVP_PK_EC
EVP_PK_RSA
FILETYPE_ASN1
FILETYPE_PEM
F_CLIENT_CERTIFICATE
F_CLIENT_HELLO
F_CLIENT_MASTER_KEY
F_D2I_SSL_SESSION
F_GET_CLIENT_FINISHED
F_GET_CLIENT_HELLO
F_GET_CLIENT_MASTER_KEY
F_GET_SERVER_FINISHED
F_GET_SERVER_HELLO
F_GET_SERVER_VERIFY
F_I2D_SSL_SESSION
F_READ_N
F_REQUEST_CERTIFICATE
F_SERVER_HELLO
F_SSL_CERT_NEW
F_SSL_GET_NEW_SESSION
F_SSL_NEW
F_SSL_READ
F_SSL_RSA_PRIVATE_DECRYPT
F_SSL_RSA_PUBLIC_ENCRYPT
F_SSL_SESSION_NEW
F_SSL_SESSION_PRINT_FP
F_SSL_SET_FD
F_SSL_SET_RFD
F_SSL_SET_WFD
F_SSL_USE_CERTIFICATE
F_SSL_USE_CERTIFICATE_ASN1
F_SSL_USE_CERTIFICATE_FILE
F_SSL_USE_PRIVATEKEY
F_SSL_USE_PRIVATEKEY_ASN1
F_SSL_USE_PRIVATEKEY_FILE
F_SSL_USE_RSAPRIVATEKEY
F_SSL_USE_RSAPRIVATEKEY_ASN1
F_SSL_USE_RSAPRIVATEKEY_FILE
F_WRITE_PENDING
GEN_DIRNAME
GEN_DNS
GEN_EDIPARTY
GEN_EMAIL
GEN_IPADD
GEN_OTHERNAME
GEN_RID
GEN_URI
GEN_X400
LIBRESSL_VERSION_NUMBER
MBSTRING_ASC
MBSTRING_BMP
MBSTRING_FLAG
MBSTRING_UNIV
MBSTRING_UTF8
MIN_RSA_MODULUS_LENGTH_IN_BYTES
MODE_ACCEPT_MOVING_WRITE_BUFFER
MODE_ASYNC
MODE_AUTO_RETRY
MODE_ENABLE_PARTIAL_WRITE
MODE_NO_AUTO_CHAIN
MODE_RELEASE_BUFFERS
NID_OCSP_sign
NID_SMIMECapabilities
NID_X500
NID_X509
NID_ad_OCSP
NID_ad_ca_issuers
NID_algorithm
NID_authority_key_identifier
NID_basic_constraints
NID_bf_cbc
NID_bf_cfb64
NID_bf_ecb
NID_bf_ofb64
NID_cast5_cbc
NID_cast5_cfb64
NID_cast5_ecb
NID_cast5_ofb64
NID_certBag
NID_certificate_policies
NID_client_auth
NID_code_sign
NID_commonName
NID_countryName
NID_crlBag
NID_crl_distribution_points
NID_crl_number
NID_crl_reason
NID_delta_crl
NID_des_cbc
NID_des_cfb64
NID_des_ecb
NID_des_ede
NID_des_ede3
NID_des_ede3_cbc
NID_des_ede3_cfb64
NID_des_ede3_ofb64
NID_des_ede_cbc
NID_des_ede_cfb64
NID_des_ede_ofb64
NID_des_ofb64
NID_description
NID_desx_cbc
NID_dhKeyAgreement
NID_dnQualifier
NID_dsa
NID_dsaWithSHA
NID_dsaWithSHA1
NID_dsaWithSHA1_2
NID_dsa_2
NID_email_protect
NID_ext_key_usage
NID_ext_req
NID_friendlyName
NID_givenName
NID_hmacWithSHA1
NID_id_ad
NID_id_ce
NID_id_kp
NID_id_pbkdf2
NID_id_pe
NID_id_pkix
NID_id_qt_cps
NID_id_qt_unotice
NID_idea_cbc
NID_idea_cfb64
NID_idea_ecb
NID_idea_ofb64
NID_info_access
NID_initials
NID_invalidity_date
NID_issuer_alt_name
NID_keyBag
NID_key_usage
NID_localKeyID
NID_localityName
NID_md2
NID_md2WithRSAEncryption
NID_md5
NID_md5WithRSA
NID_md5WithRSAEncryption
NID_md5_sha1
NID_mdc2
NID_mdc2WithRSA
NID_ms_code_com
NID_ms_code_ind
NID_ms_ctl_sign
NID_ms_efs
NID_ms_ext_req
NID_ms_sgc
NID_name
NID_netscape
NID_netscape_base_url
NID_netscape_ca_policy_url
NID_netscape_ca_revocation_url
NID_netscape_cert_extension
NID_netscape_cert_sequence
NID_netscape_cert_type
NID_netscape_comment
NID_netscape_data_type
NID_netscape_renewal_url
NID_netscape_revocation_url
NID_netscape_ssl_server_name
NID_ns_sgc
NID_organizationName
NID_organizationalUnitName
NID_pbeWithMD2AndDES_CBC
NID_pbeWithMD2AndRC2_CBC
NID_pbeWithMD5AndCast5_CBC
NID_pbeWithMD5AndDES_CBC
NID_pbeWithMD5AndRC2_CBC
NID_pbeWithSHA1AndDES_CBC
NID_pbeWithSHA1AndRC2_CBC
NID_pbe_WithSHA1And128BitRC2_CBC
NID_pbe_WithSHA1And128BitRC4
NID_pbe_WithSHA1And2_Key_TripleDES_CBC
NID_pbe_WithSHA1And3_Key_TripleDES_CBC
NID_pbe_WithSHA1And40BitRC2_CBC
NID_pbe_WithSHA1And40BitRC4
NID_pbes2
NID_pbmac1
NID_pkcs
NID_pkcs3
NID_pkcs7
NID_pkcs7_data
NID_pkcs7_digest
NID_pkcs7_encrypted
NID_pkcs7_enveloped
NID_pkcs7_signed
NID_pkcs7_signedAndEnveloped
NID_pkcs8ShroudedKeyBag
NID_pkcs9
NID_pkcs9_challengePassword
NID_pkcs9_contentType
NID_pkcs9_countersignature
NID_pkcs9_emailAddress
NID_pkcs9_extCertAttributes
NID_pkcs9_messageDigest
NID_pkcs9_signingTime
NID_pkcs9_unstructuredAddress
NID_pkcs9_unstructuredName
NID_private_key_usage_period
NID_rc2_40_cbc
NID_rc2_64_cbc
NID_rc2_cbc
NID_rc2_cfb64
NID_rc2_ecb
NID_rc2_ofb64
NID_rc4
NID_rc4_40
NID_rc5_cbc
NID_rc5_cfb64
NID_rc5_ecb
NID_rc5_ofb64
NID_ripemd160
NID_ripemd160WithRSA
NID_rle_compression
NID_rsa
NID_rsaEncryption
NID_rsadsi
NID_safeContentsBag
NID_sdsiCertificate
NID_secretBag
NID_serialNumber
NID_server_auth
NID_sha
NID_sha1
NID_sha1WithRSA
NID_sha1WithRSAEncryption
NID_sha224
NID_sha224WithRSAEncryption
NID_sha256
NID_sha256WithRSAEncryption
NID_sha384
NID_sha384WithRSAEncryption
NID_sha3_224
NID_sha3_256
NID_sha3_384
NID_sha3_512
NID_sha512
NID_sha512WithRSAEncryption
NID_sha512_224
NID_sha512_224WithRSAEncryption
NID_sha512_256
NID_sha512_256WithRSAEncryption
NID_shaWithRSAEncryption
NID_shake128
NID_shake256
NID_stateOrProvinceName
NID_subject_alt_name
NID_subject_key_identifier
NID_surname
NID_sxnet
NID_time_stamp
NID_title
NID_undef
NID_uniqueIdentifier
NID_x509Certificate
NID_x509Crl
NID_zlib_compression
NOTHING
OCSP_RESPONSE_STATUS_INTERNALERROR
OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
OCSP_RESPONSE_STATUS_SIGREQUIRED
OCSP_RESPONSE_STATUS_SUCCESSFUL
OCSP_RESPONSE_STATUS_TRYLATER
OCSP_RESPONSE_STATUS_UNAUTHORIZED
OPENSSL_BUILT_ON
OPENSSL_CFLAGS
OPENSSL_CPU_INFO
OPENSSL_DIR
OPENSSL_ENGINES_DIR
OPENSSL_FULL_VERSION_STRING
OPENSSL_INFO_CONFIG_DIR
OPENSSL_INFO_CPU_SETTINGS
OPENSSL_INFO_DIR_FILENAME_SEPARATOR
OPENSSL_INFO_DSO_EXTENSION
OPENSSL_INFO_ENGINES_DIR
OPENSSL_INFO_LIST_SEPARATOR
OPENSSL_INFO_MODULES_DIR
OPENSSL_INFO_SEED_SOURCE
OPENSSL_INIT_ADD_ALL_CIPHERS
OPENSSL_INIT_ADD_ALL_DIGESTS
OPENSSL_INIT_ASYNC
OPENSSL_INIT_ATFORK
OPENSSL_INIT_ENGINE_AFALG
OPENSSL_INIT_ENGINE_CAPI
OPENSSL_INIT_ENGINE_CRYPTODEV
OPENSSL_INIT_ENGINE_DYNAMIC
OPENSSL_INIT_ENGINE_OPENSSL
OPENSSL_INIT_ENGINE_PADLOCK
OPENSSL_INIT_ENGINE_RDRAND
OPENSSL_INIT_LOAD_CONFIG
OPENSSL_INIT_LOAD_CRYPTO_STRINGS
OPENSSL_INIT_LOAD_SSL_STRINGS
OPENSSL_INIT_NO_ADD_ALL_CIPHERS
OPENSSL_INIT_NO_ADD_ALL_DIGESTS
OPENSSL_INIT_NO_ATEXIT
OPENSSL_INIT_NO_LOAD_CONFIG
OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
OPENSSL_INIT_NO_LOAD_SSL_STRINGS
OPENSSL_MODULES_DIR
OPENSSL_PLATFORM
OPENSSL_VERSION
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_PATCH
OPENSSL_VERSION_STRING
OP_ALL
OP_ALLOW_CLIENT_RENEGOTIATION
OP_ALLOW_NO_DHE_KEX
OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
OP_CIPHER_SERVER_PREFERENCE
OP_CISCO_ANYCONNECT
OP_CLEANSE_PLAINTEXT
OP_COOKIE_EXCHANGE
OP_CRYPTOPRO_TLSEXT_BUG
OP_DISABLE_TLSEXT_CA_NAMES
OP_DONT_INSERT_EMPTY_FRAGMENTS
OP_ENABLE_KTLS
OP_ENABLE_MIDDLEBOX_COMPAT
OP_EPHEMERAL_RSA
OP_IGNORE_UNEXPECTED_EOF
OP_LEGACY_SERVER_CONNECT
OP_MICROSOFT_BIG_SSLV3_BUFFER
OP_MICROSOFT_SESS_ID_BUG
OP_MSIE_SSLV2_RSA_PADDING
OP_NETSCAPE_CA_DN_BUG
OP_NETSCAPE_CHALLENGE_BUG
OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
OP_NON_EXPORT_FIRST
OP_NO_ANTI_REPLAY
OP_NO_CLIENT_RENEGOTIATION
OP_NO_COMPRESSION
OP_NO_ENCRYPT_THEN_MAC
OP_NO_EXTENDED_MASTER_SECRET
OP_NO_QUERY_MTU
OP_NO_RENEGOTIATION
OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
OP_NO_SSL_MASK
OP_NO_SSLv2
OP_NO_SSLv3
OP_NO_TICKET
OP_NO_TLSv1
OP_NO_TLSv1_1
OP_NO_TLSv1_2
OP_NO_TLSv1_3
OP_PKCS1_CHECK_1
OP_PKCS1_CHECK_2
OP_PRIORITIZE_CHACHA
OP_SAFARI_ECDHE_ECDSA_BUG
OP_SINGLE_DH_USE
OP_SINGLE_ECDH_USE
OP_SSLEAY_080_CLIENT_DH_BUG
OP_SSLREF2_REUSE_CERT_TYPE_BUG
OP_TLSEXT_PADDING
OP_TLS_BLOCK_PADDING_BUG
OP_TLS_D5_BUG
OP_TLS_ROLLBACK_BUG
READING
RECEIVED_SHUTDOWN
RETRY_VERIFY
RSA_3
RSA_F4
R_BAD_AUTHENTICATION_TYPE
R_BAD_CHECKSUM
R_BAD_MAC_DECODE
R_BAD_RESPONSE_ARGUMENT
R_BAD_SSL_FILETYPE
R_BAD_SSL_SESSION_ID_LENGTH
R_BAD_STATE
R_BAD_WRITE_RETRY
R_CHALLENGE_IS_DIFFERENT
R_CIPHER_TABLE_SRC_ERROR
R_INVALID_CHALLENGE_LENGTH
R_NO_CERTIFICATE_SET
R_NO_CERTIFICATE_SPECIFIED
R_NO_CIPHER_LIST
R_NO_CIPHER_MATCH
R_NO_PRIVATEKEY
R_NO_PUBLICKEY
R_NULL_SSL_CTX
R_PEER_DID_NOT_RETURN_A_CERTIFICATE
R_PEER_ERROR
R_PEER_ERROR_CERTIFICATE
R_PEER_ERROR_NO_CIPHER
R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
R_PUBLIC_KEY_ENCRYPT_ERROR
R_PUBLIC_KEY_IS_NOT_RSA
R_READ_WRONG_PACKET_TYPE
R_SHORT_READ
R_SSL_SESSION_ID_IS_DIFFERENT
R_UNABLE_TO_EXTRACT_PUBLIC_KEY
R_UNKNOWN_REMOTE_ERROR_TYPE
R_UNKNOWN_STATE
R_X509_LIB
SENT_SHUTDOWN
SESSION_ASN1_VERSION
SESS_CACHE_BOTH
SESS_CACHE_CLIENT
SESS_CACHE_NO_AUTO_CLEAR
SESS_CACHE_NO_INTERNAL
SESS_CACHE_NO_INTERNAL_LOOKUP
SESS_CACHE_NO_INTERNAL_STORE
SESS_CACHE_OFF
SESS_CACHE_SERVER
SESS_CACHE_UPDATE_TIME
SSL2_MT_CLIENT_CERTIFICATE
SSL2_MT_CLIENT_FINISHED
SSL2_MT_CLIENT_HELLO
SSL2_MT_CLIENT_MASTER_KEY
SSL2_MT_ERROR
SSL2_MT_REQUEST_CERTIFICATE
SSL2_MT_SERVER_FINISHED
SSL2_MT_SERVER_HELLO
SSL2_MT_SERVER_VERIFY
SSL2_VERSION
SSL3_MT_CCS
SSL3_MT_CERTIFICATE
SSL3_MT_CERTIFICATE_REQUEST
SSL3_MT_CERTIFICATE_STATUS
SSL3_MT_CERTIFICATE_URL
SSL3_MT_CERTIFICATE_VERIFY
SSL3_MT_CHANGE_CIPHER_SPEC
SSL3_MT_CLIENT_HELLO
SSL3_MT_CLIENT_KEY_EXCHANGE
SSL3_MT_ENCRYPTED_EXTENSIONS
SSL3_MT_END_OF_EARLY_DATA
SSL3_MT_FINISHED
SSL3_MT_HELLO_REQUEST
SSL3_MT_KEY_UPDATE
SSL3_MT_MESSAGE_HASH
SSL3_MT_NEWSESSION_TICKET
SSL3_MT_NEXT_PROTO
SSL3_MT_SERVER_DONE
SSL3_MT_SERVER_HELLO
SSL3_MT_SERVER_KEY_EXCHANGE
SSL3_MT_SUPPLEMENTAL_DATA
SSL3_RT_ALERT
SSL3_RT_APPLICATION_DATA
SSL3_RT_CHANGE_CIPHER_SPEC
SSL3_RT_HANDSHAKE
SSL3_RT_HEADER
SSL3_RT_INNER_CONTENT_TYPE
SSL3_VERSION
SSLEAY_BUILT_ON
SSLEAY_CFLAGS
SSLEAY_DIR
SSLEAY_PLATFORM
SSLEAY_VERSION
ST_ACCEPT
ST_BEFORE
ST_CONNECT
ST_INIT
ST_OK
ST_READ_BODY
ST_READ_HEADER
TLS1_1_VERSION
TLS1_2_VERSION
TLS1_3_VERSION
TLS1_VERSION
TLSEXT_STATUSTYPE_ocsp
TLSEXT_TYPE_application_layer_protocol_negotiation
TLSEXT_TYPE_cert_type
TLSEXT_TYPE_certificate_authorities
TLSEXT_TYPE_client_authz
TLSEXT_TYPE_client_cert_type
TLSEXT_TYPE_client_certificate_url
TLSEXT_TYPE_compress_certificate
TLSEXT_TYPE_cookie
TLSEXT_TYPE_early_data
TLSEXT_TYPE_ec_point_formats
TLSEXT_TYPE_elliptic_curves
TLSEXT_TYPE_encrypt_then_mac
TLSEXT_TYPE_extended_master_secret
TLSEXT_TYPE_key_share
TLSEXT_TYPE_max_fragment_length
TLSEXT_TYPE_next_proto_neg
TLSEXT_TYPE_padding
TLSEXT_TYPE_post_handshake_auth
TLSEXT_TYPE_psk
TLSEXT_TYPE_psk_kex_modes
TLSEXT_TYPE_quic_transport_parameters
TLSEXT_TYPE_renegotiate
TLSEXT_TYPE_server_authz
TLSEXT_TYPE_server_cert_type
TLSEXT_TYPE_server_name
TLSEXT_TYPE_session_ticket
TLSEXT_TYPE_signature_algorithms
TLSEXT_TYPE_signature_algorithms_cert
TLSEXT_TYPE_signed_certificate_timestamp
TLSEXT_TYPE_srp
TLSEXT_TYPE_status_request
TLSEXT_TYPE_supported_groups
TLSEXT_TYPE_supported_versions
TLSEXT_TYPE_truncated_hmac
TLSEXT_TYPE_trusted_ca_keys
TLSEXT_TYPE_use_srtp
TLSEXT_TYPE_user_mapping
VERIFY_CLIENT_ONCE
VERIFY_FAIL_IF_NO_PEER_CERT
VERIFY_NONE
VERIFY_PEER
VERIFY_POST_HANDSHAKE
V_OCSP_CERTSTATUS_GOOD
V_OCSP_CERTSTATUS_REVOKED
V_OCSP_CERTSTATUS_UNKNOWN
WRITING
X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
X509_CHECK_FLAG_NO_WILDCARDS
X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
X509_CRL_VERSION_1
X509_CRL_VERSION_2
X509_FILETYPE_ASN1
X509_FILETYPE_DEFAULT
X509_FILETYPE_PEM
X509_LOOKUP
X509_PURPOSE_ANY
X509_PURPOSE_CRL_SIGN
X509_PURPOSE_NS_SSL_SERVER
X509_PURPOSE_OCSP_HELPER
X509_PURPOSE_SMIME_ENCRYPT
X509_PURPOSE_SMIME_SIGN
X509_PURPOSE_SSL_CLIENT
X509_PURPOSE_SSL_SERVER
X509_PURPOSE_TIMESTAMP_SIGN
X509_REQ_VERSION_1
X509_REQ_VERSION_2
X509_REQ_VERSION_3
X509_TRUST_COMPAT
X509_TRUST_DEFAULT
X509_TRUST_EMAIL
X509_TRUST_OBJECT_SIGN
X509_TRUST_OCSP_REQUEST
X509_TRUST_OCSP_SIGN
X509_TRUST_SSL_CLIENT
X509_TRUST_SSL_SERVER
X509_TRUST_TSA
X509_VERSION_1
X509_VERSION_2
X509_VERSION_3
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
X509_V_ERR_AKID_SKID_MISMATCH
X509_V_ERR_APPLICATION_VERIFICATION
X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL
X509_V_ERR_CA_BCONS_NOT_CRITICAL
X509_V_ERR_CA_CERT_MISSING_KEY_USAGE
X509_V_ERR_CA_KEY_TOO_SMALL
X509_V_ERR_CA_MD_TOO_WEAK
X509_V_ERR_CERT_CHAIN_TOO_LONG
X509_V_ERR_CERT_HAS_EXPIRED
X509_V_ERR_CERT_NOT_YET_VALID
X509_V_ERR_CERT_REJECTED
X509_V_ERR_CERT_REVOKED
X509_V_ERR_CERT_SIGNATURE_FAILURE
X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_CRL_HAS_EXPIRED
X509_V_ERR_CRL_NOT_YET_VALID
X509_V_ERR_CRL_PATH_VALIDATION_ERROR
X509_V_ERR_CRL_SIGNATURE_FAILURE
X509_V_ERR_DANE_NO_MATCH
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
X509_V_ERR_DIFFERENT_CRL_SCOPE
X509_V_ERR_EC_KEY_EXPLICIT_PARAMS
X509_V_ERR_EE_KEY_TOO_SMALL
X509_V_ERR_EMAIL_MISMATCH
X509_V_ERR_EMPTY_SUBJECT_ALT_NAME
X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
X509_V_ERR_EXCLUDED_VIOLATION
X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3
X509_V_ERR_HOSTNAME_MISMATCH
X509_V_ERR_INVALID_CA
X509_V_ERR_INVALID_CALL
X509_V_ERR_INVALID_EXTENSION
X509_V_ERR_INVALID_NON_CA
X509_V_ERR_INVALID_POLICY_EXTENSION
X509_V_ERR_INVALID_PURPOSE
X509_V_ERR_IP_ADDRESS_MISMATCH
X509_V_ERR_ISSUER_NAME_EMPTY
X509_V_ERR_KEYUSAGE_NO_CERTSIGN
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA
X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER
X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER
X509_V_ERR_NO_EXPLICIT_POLICY
X509_V_ERR_NO_ISSUER_PUBLIC_KEY
X509_V_ERR_NO_VALID_SCTS
X509_V_ERR_OCSP_CERT_UNKNOWN
X509_V_ERR_OCSP_VERIFY_FAILED
X509_V_ERR_OCSP_VERIFY_NEEDED
X509_V_ERR_OUT_OF_MEM
X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN
X509_V_ERR_PATH_LENGTH_EXCEEDED
X509_V_ERR_PATH_LOOP
X509_V_ERR_PERMITTED_VIOLATION
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY
X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH
X509_V_ERR_STORE_LOOKUP
X509_V_ERR_SUBJECT_ISSUER_MISMATCH
X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL
X509_V_ERR_SUBJECT_NAME_EMPTY
X509_V_ERR_SUBTREE_MINMAX
X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
X509_V_ERR_SUITE_B_INVALID_ALGORITHM
X509_V_ERR_SUITE_B_INVALID_CURVE
X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
X509_V_ERR_SUITE_B_INVALID_VERSION
X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
X509_V_ERR_UNABLE_TO_GET_CRL
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
X509_V_ERR_UNNESTED_RESOURCE
X509_V_ERR_UNSPECIFIED
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM
X509_V_FLAG_ALLOW_PROXY_CERTS
X509_V_FLAG_CB_ISSUER_CHECK
X509_V_FLAG_CHECK_SS_SIGNATURE
X509_V_FLAG_CRL_CHECK
X509_V_FLAG_CRL_CHECK_ALL
X509_V_FLAG_EXPLICIT_POLICY
X509_V_FLAG_EXTENDED_CRL_SUPPORT
X509_V_FLAG_IGNORE_CRITICAL
X509_V_FLAG_INHIBIT_ANY
X509_V_FLAG_INHIBIT_MAP
X509_V_FLAG_LEGACY_VERIFY
X509_V_FLAG_NOTIFY_POLICY
X509_V_FLAG_NO_ALT_CHAINS
X509_V_FLAG_NO_CHECK_TIME
X509_V_FLAG_PARTIAL_CHAIN
X509_V_FLAG_POLICY_CHECK
X509_V_FLAG_POLICY_MASK
X509_V_FLAG_SUITEB_128_LOS
X509_V_FLAG_SUITEB_128_LOS_ONLY
X509_V_FLAG_SUITEB_192_LOS
X509_V_FLAG_TRUSTED_FIRST
X509_V_FLAG_USE_CHECK_TIME
X509_V_FLAG_USE_DELTAS
X509_V_FLAG_X509_STRICT
X509_V_OK
XN_FLAG_COMPAT
XN_FLAG_DN_REV
XN_FLAG_DUMP_UNKNOWN_FIELDS
XN_FLAG_FN_ALIGN
XN_FLAG_FN_LN
XN_FLAG_FN_MASK
XN_FLAG_FN_NONE
XN_FLAG_FN_OID
XN_FLAG_FN_SN
XN_FLAG_MULTILINE
XN_FLAG_ONELINE
XN_FLAG_RFC2253
XN_FLAG_SEP_COMMA_PLUS
XN_FLAG_SEP_CPLUS_SPC
XN_FLAG_SEP_MASK
XN_FLAG_SEP_MULTILINE
XN_FLAG_SEP_SPLUS_SPC
XN_FLAG_SPC_EQ
);
my @functions = qw(
BIO_eof
BIO_f_ssl
BIO_free
BIO_new
BIO_new_file
BIO_pending
BIO_read
BIO_s_mem
BIO_wpending
BIO_write
CTX_free
CTX_get_cert_store
CTX_new
CTX_use_RSAPrivateKey_file
CTX_use_certificate_file
CTX_v23_new
CTX_v2_new
CTX_v3_new
ERR_error_string
ERR_get_error
ERR_load_RAND_strings
ERR_load_SSL_strings
PEM_read_bio_X509_CRL
RSA_free
RSA_generate_key
SESSION_free
SESSION_get_master_key
SESSION_new
SESSION_print
X509_NAME_get_text_by_NID
X509_NAME_oneline
X509_STORE_add_cert
X509_STORE_add_crl
X509_check_email
X509_check_host
X509_check_ip
X509_check_ip_asc
X509_free
X509_get_issuer_name
X509_get_subject_name
X509_load_cert_crl_file
X509_load_cert_file
X509_load_crl_file
accept
clear
connect
copy_session_id
d2i_SSL_SESSION
die_if_ssl_error
die_now
do_https
dump_peer_certificate
free
get_cipher
get_cipher_list
get_client_random
get_fd
get_http
get_http4
get_https
get_https3
get_https4
get_httpx
get_httpx4
get_peer_certificate
get_peer_cert_chain
get_rbio
get_read_ahead
get_server_random
get_shared_ciphers
get_time
get_timeout
get_wbio
i2d_SSL_SESSION
load_error_strings
make_form
make_headers
new
peek
pending
post_http
post_http4
post_https
post_https3
post_https4
post_httpx
post_httpx4
print_errs
read
rstate_string
rstate_string_long
set_bio
set_cert_and_key
set_cipher_list
set_fd
set_read_ahead
set_rfd
set_server_cert_and_key
set_session
set_time
set_timeout
set_verify
set_wfd
ssl_read_CRLF
ssl_read_all
ssl_read_until
ssl_write_CRLF
ssl_write_all
sslcat
state_string
state_string_long
tcp_read_CRLF
tcp_read_all
tcp_read_until
tcp_write_CRLF
tcp_write_all
tcpcat
tcpxcat
use_PrivateKey
use_PrivateKey_ASN1
use_PrivateKey_file
use_RSAPrivateKey
use_RSAPrivateKey_ASN1
use_RSAPrivateKey_file
use_certificate
use_certificate_ASN1
use_certificate_file
write
d2i_OCSP_RESPONSE
i2d_OCSP_RESPONSE
OCSP_RESPONSE_free
d2i_OCSP_REQUEST
i2d_OCSP_REQUEST
OCSP_REQUEST_free
OCSP_cert2ids
OCSP_ids2req
OCSP_response_status
OCSP_response_status_str
OCSP_response_verify
OCSP_response_results
);
@EXPORT_OK = ( @constants, @functions );
sub AUTOLOAD {
# This AUTOLOAD is used to 'autoload' constants from the constant()
# XS function. If a constant is not found then control is passed
# to the AUTOLOAD in AutoLoader.
my $constname;
($constname = $AUTOLOAD) =~ s/.*:://;
my $val = constant($constname);
if ($! != 0) {
if ($! =~ /((Invalid)|(not valid))/i || $!{EINVAL}) {
$AutoLoader::AUTOLOAD = $AUTOLOAD;
goto &AutoLoader::AUTOLOAD;
}
else {
croak "Your vendor has not defined SSLeay macro $constname";
}
}
eval "sub $AUTOLOAD { $val }";
goto &$AUTOLOAD;
}
eval {
require XSLoader;
XSLoader::load('Net::SSLeay', $VERSION);
1;
} or do {
require DynaLoader;
push @ISA, 'DynaLoader';
bootstrap Net::SSLeay $VERSION;
};
# Preloaded methods go here.
$CRLF = "\x0d\x0a"; # because \r\n is not fully portable
### Print SSLeay error stack
sub print_errs {
my ($msg) = @_;
my ($count, $err, $errs, $e) = (0,0,'');
while ($err = ERR_get_error()) {
$count ++;
$e = "$msg $$: $count - " . ERR_error_string($err) . "\n";
$errs .= $e;
warn $e if $Net::SSLeay::trace;
}
return $errs;
}
# Death is conditional to SSLeay errors existing, i.e. this function checks
# for errors and only dies in affirmative.
# usage: Net::SSLeay::write($ssl, "foo") or die_if_ssl_error("SSL write ($!)");
sub die_if_ssl_error {
my ($msg) = @_;
die "$$: $msg\n" if print_errs($msg);
}
# Unconditional death. Used to print SSLeay errors before dying.
# usage: Net::SSLeay::connect($ssl) or die_now("Failed SSL connect ($!)");
sub die_now {
my ($msg) = @_;
print_errs($msg);
die "$$: $msg\n";
}
# Perl 5.6.* unicode support causes that length() no longer reliably
# reflects the byte length of a string. This eval is to fix that.
# Thanks to Sean Burke for the snippet.
BEGIN{
eval 'use bytes; sub blength ($) { defined $_[0] ? length $_[0] : 0 }';
$@ and eval ' sub blength ($) { defined $_[0] ? length $_[0] : 0 }' ;
}
# Autoload methods go after __END__, and are processed by the autosplit program.
1;
__END__
### Some methods that are macros in C
sub want_nothing { want(shift) == 1 }
sub want_read { want(shift) == 2 }
sub want_write { want(shift) == 3 }
sub want_X509_lookup { want(shift) == 4 }
###
### Open TCP stream to given host and port, looking up the details
### from system databases or DNS.
###
sub open_tcp_connection {
my ($dest_serv, $port) = @_;
my ($errs);
$port = getservbyname($port, 'tcp') unless $port =~ /^\d+$/;
my $dest_serv_ip = gethostbyname($dest_serv);
unless (defined($dest_serv_ip)) {
$errs = "$0 $$: open_tcp_connection: destination host not found:"
. " `$dest_serv' (port $port) ($!)\n";
warn $errs if $trace;
return wantarray ? (0, $errs) : 0;
}
my $sin = sockaddr_in($port, $dest_serv_ip);
warn "Opening connection to $dest_serv:$port (" .
inet_ntoa($dest_serv_ip) . ")" if $trace>2;
my $proto = &Socket::IPPROTO_TCP; # getprotobyname('tcp') not available on android
if (socket (SSLCAT_S, &PF_INET(), &SOCK_STREAM(), $proto)) {
warn "next connect" if $trace>3;
if (CORE::connect (SSLCAT_S, $sin)) {
my $old_out = select (SSLCAT_S); $| = 1; select ($old_out);
warn "connected to $dest_serv, $port" if $trace>3;
return wantarray ? (1, undef) : 1; # Success
}
}
$errs = "$0 $$: open_tcp_connection: failed `$dest_serv', $port ($!)\n";
warn $errs if $trace;
close SSLCAT_S;
return wantarray ? (0, $errs) : 0; # Fail
}
### Open connection via standard web proxy, if one was defined
### using set_proxy().
sub open_proxy_tcp_connection {
my ($dest_serv, $port) = @_;
return open_tcp_connection($dest_serv, $port) if !$proxyhost;
warn "Connect via proxy: $proxyhost:$proxyport" if $trace>2;
my ($ret, $errs) = open_tcp_connection($proxyhost, $proxyport);
return wantarray ? (0, $errs) : 0 if !$ret; # Connection fail
warn "Asking proxy to connect to $dest_serv:$port" if $trace>2;
#print SSLCAT_S "CONNECT $dest_serv:$port HTTP/1.0$proxyauth$CRLF$CRLF";
#my $line = <SSLCAT_S>; # *** bug? Mixing stdio with syscall read?
($ret, $errs) =
tcp_write_all("CONNECT $dest_serv:$port HTTP/1.0$proxyauth$CRLF$CRLF");
return wantarray ? (0,$errs) : 0 if $errs;
($line, $errs) = tcp_read_until($CRLF . $CRLF, 1024);
warn "Proxy response: $line" if $trace>2;
return wantarray ? (0,$errs) : 0 if $errs;
return wantarray ? (1,'') : 1; # Success
}
###
### read and write helpers that block
###
sub debug_read {
my ($replyr, $gotr) = @_;
my $vm = $trace>2 && $linux_debug ?
(split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown';
warn " got " . blength($$gotr) . ':'
. blength($$replyr) . " bytes (VM=$vm).\n" if $trace == 3;
warn " got `$$gotr' (" . blength($$gotr) . ':'
. blength($$replyr) . " bytes, VM=$vm)\n" if $trace>3;
}
sub ssl_read_all {
my ($ssl,$how_much) = @_;
$how_much = 2000000000 unless $how_much;
my ($got, $rv, $errs);
my $reply = '';
while ($how_much > 0) {
($got, $rv) = Net::SSLeay::read($ssl,
($how_much > 32768) ? 32768 : $how_much
);
if (! defined $got) {
my $err = Net::SSLeay::get_error($ssl, $rv);
if ($err != Net::SSLeay::ERROR_WANT_READ() and
$err != Net::SSLeay::ERROR_WANT_WRITE()) {
$errs = print_errs('SSL_read');
last;
}
next;
}
$how_much -= blength($got);
debug_read(\$reply, \$got) if $trace>1;
last if $got eq ''; # EOF
$reply .= $got;
}
return wantarray ? ($reply, $errs) : $reply;
}
sub tcp_read_all {
my ($how_much) = @_;
$how_much = 2000000000 unless $how_much;
my ($n, $got, $errs);
my $reply = '';
my $bsize = 0x10000;
while ($how_much > 0) {
$n = sysread(SSLCAT_S,$got, (($bsize < $how_much) ? $bsize : $how_much));
warn "Read error: $! ($n,$how_much)" unless defined $n;
last if !$n; # EOF
$how_much -= $n;
debug_read(\$reply, \$got) if $trace>1;
$reply .= $got;
}
return wantarray ? ($reply, $errs) : $reply;
}
sub ssl_write_all {
my $ssl = $_[0];
my ($data_ref, $errs);
if (ref $_[1]) {
$data_ref = $_[1];
} else {
$data_ref = \$_[1];
}
my ($wrote, $written, $to_write) = (0,0, blength($$data_ref));
my $vm = $trace>2 && $linux_debug ?
(split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown';
warn " write_all VM at entry=$vm\n" if $trace>2;
while ($to_write) {
#sleep 1; # *** DEBUG
warn "partial `$$data_ref'\n" if $trace>3;
$wrote = write_partial($ssl, $written, $to_write, $$data_ref);
if (defined $wrote && ($wrote > 0)) { # write_partial can return -1
$written += $wrote;
$to_write -= $wrote;
} else {
if (defined $wrote) {
# check error conditions via SSL_get_error per man page
if ( my $sslerr = get_error($ssl, $wrote) ) {
my $errstr = ERR_error_string($sslerr);
my $errname = '';
SWITCH: {
$sslerr == constant("ERROR_NONE") && do {
# according to map page SSL_get_error(3ssl):
# The TLS/SSL I/O operation completed.
# This result code is returned if and only if ret > 0
# so if we received it here complain...
warn "ERROR_NONE unexpected with invalid return value!"
if $trace;
$errname = "SSL_ERROR_NONE";
};
$sslerr == constant("ERROR_WANT_READ") && do {
# operation did not complete, call again later, so do not
# set errname and empty err_que since this is a known
# error that is expected but, we should continue to try
# writing the rest of our data with same io call and params.
warn "ERROR_WANT_READ (TLS/SSL Handshake, will continue)\n"
if $trace;
print_errs('SSL_write(want read)');
last SWITCH;
};
$sslerr == constant("ERROR_WANT_WRITE") && do {
# operation did not complete, call again later, so do not
# set errname and empty err_que since this is a known
# error that is expected but, we should continue to try
# writing the rest of our data with same io call and params.
warn "ERROR_WANT_WRITE (TLS/SSL Handshake, will continue)\n"
if $trace;
print_errs('SSL_write(want write)');
last SWITCH;
};
$sslerr == constant("ERROR_ZERO_RETURN") && do {
# valid protocol closure from other side, no longer able to
# write, since there is no longer a session...
warn "ERROR_ZERO_RETURN($wrote): TLS/SSLv3 Closure alert\n"
if $trace;
$errname = "SSL_ERROR_ZERO_RETURN";
last SWITCH;
};
$sslerr == constant("ERROR_SSL") && do {
# library/protocol error
warn "ERROR_SSL($wrote): Library/Protocol error occured\n"
if $trace;
$errname = "SSL_ERROR_SSL";
last SWITCH;
};
$sslerr == constant("ERROR_WANT_CONNECT") && do {
# according to man page, should never happen on call to
# SSL_write, so complain, but handle as known error type
warn "ERROR_WANT_CONNECT: Unexpected error for SSL_write\n"
if $trace;
$errname = "SSL_ERROR_WANT_CONNECT";
last SWITCH;
};
$sslerr == constant("ERROR_WANT_ACCEPT") && do {
# according to man page, should never happen on call to
# SSL_write, so complain, but handle as known error type
warn "ERROR_WANT_ACCEPT: Unexpected error for SSL_write\n"
if $trace;
$errname = "SSL_ERROR_WANT_ACCEPT";
last SWITCH;
};
$sslerr == constant("ERROR_WANT_X509_LOOKUP") && do {
# operation did not complete: waiting on call back,
# call again later, so do not set errname and empty err_que
# since this is a known error that is expected but, we should
# continue to try writing the rest of our data with same io
# call parameter.
warn "ERROR_WANT_X509_LOOKUP: (Cert Callback asked for in ".
"SSL_write will contine)\n" if $trace;
print_errs('SSL_write(want x509');
last SWITCH;
};
$sslerr == constant("ERROR_SYSCALL") && do {
# some IO error occured. According to man page:
# Check retval, ERR, fallback to errno
if ($wrote==0) { # EOF
warn "ERROR_SYSCALL($wrote): EOF violates protocol.\n"
if $trace;
$errname = "SSL_ERROR_SYSCALL(EOF)";
} else { # -1 underlying BIO error reported.
# check error que for details, don't set errname since we
# are directly appending to errs
my $chkerrs = print_errs('SSL_write (syscall)');
if ($chkerrs) {
warn "ERROR_SYSCALL($wrote): Have errors\n" if $trace;
$errs .= "ssl_write_all $$: 1 - ERROR_SYSCALL($wrote,".
"$sslerr,$errstr,$!)\n$chkerrs";
} else { # que was empty, use errno
warn "ERROR_SYSCALL($wrote): errno($!)\n" if $trace;
$errs .= "ssl_write_all $$: 1 - ERROR_SYSCALL($wrote,".
"$sslerr) : $!\n";
}
}
last SWITCH;
};
warn "Unhandled val $sslerr from SSL_get_error(SSL,$wrote)\n"
if $trace;
$errname = "SSL_ERROR_?($sslerr)";
} # end of SWITCH block
if ($errname) { # if we had an errname set add the error
$errs .= "ssl_write_all $$: 1 - $errname($wrote,$sslerr,".
"$errstr,$!)\n";
}
} # endif on have SSL_get_error val
} # endif on $wrote defined
} # endelse on $wrote > 0
$vm = $trace>2 && $linux_debug ?
(split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown';
warn " written so far $wrote:$written bytes (VM=$vm)\n" if $trace>2;
# append remaining errors in que and report if errs exist
$errs .= print_errs('SSL_write');
return (wantarray ? (undef, $errs) : undef) if $errs;
}
return wantarray ? ($written, $errs) : $written;
}
sub tcp_write_all {
my ($data_ref, $errs);
if (ref $_[0]) {
$data_ref = $_[0];
} else {
$data_ref = \$_[0];
}
my ($wrote, $written, $to_write) = (0,0, blength($$data_ref));
my $vm = $trace>2 && $linux_debug ?
(split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown';
warn " write_all VM at entry=$vm to_write=$to_write\n" if $trace>2;
while ($to_write) {
warn "partial `$$data_ref'\n" if $trace>3;
$wrote = syswrite(SSLCAT_S, $$data_ref, $to_write, $written);
if (defined $wrote && ($wrote > 0)) { # write_partial can return -1
$written += $wrote;
$to_write -= $wrote;
} elsif (!defined($wrote)) {
warn "tcp_write_all: $!";
return (wantarray ? (undef, "$!") : undef);
}
$vm = $trace>2 && $linux_debug ?
(split ' ', `cat /proc/$$/stat`)[22] : 'vm_unknown';
warn " written so far $wrote:$written bytes (VM=$vm)\n" if $trace>2;
}
return wantarray ? ($written, '') : $written;
}
### from patch by Clinton Wong <clintdw@netcom.com>
# ssl_read_until($ssl [, $delimit [, $max_length]])
# if $delimit missing, use $/ if it exists, otherwise use \n
# read until delimiter reached, up to $max_length chars if defined
sub ssl_read_until ($;$$) {
my ($ssl,$delim, $max_length) = @_;
# guess the delim string if missing
if ( ! defined $delim ) {
if ( defined $/ && length $/ ) { $delim = $/ }
else { $delim = "\n" } # Note: \n,$/ value depends on the platform
}
my $len_delim = length $delim;
my ($got);
my $reply = '';
# If we have OpenSSL 0.9.6a or later, we can use SSL_peek to
# speed things up.
# N.B. 0.9.6a has security problems, so the support for
# anything earlier than 0.9.6e will be dropped soon.
if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x0090601f) {
$max_length = 2000000000 unless (defined $max_length);
my ($pending, $peek_length, $found, $done);
while (blength($reply) < $max_length and !$done) {
#Block if necessary until we get some data
$got = Net::SSLeay::peek($ssl,1);
last if print_errs('SSL_peek');
$pending = Net::SSLeay::pending($ssl) + blength($reply);
$peek_length = ($pending > $max_length) ? $max_length : $pending;
$peek_length -= blength($reply);
$got = Net::SSLeay::peek($ssl, $peek_length);
last if print_errs('SSL_peek');
$peek_length = blength($got);
#$found = index($got, $delim); # Old and broken
# the delimiter may be split across two gets, so we prepend
# a little from the last get onto this one before we check
# for a match
my $match;
if(blength($reply) >= blength($delim) - 1) {
#if what we've read so far is greater or equal
#in length of what we need to prepatch
$match = substr $reply, blength($reply) - blength($delim) + 1;
} else {
$match = $reply;
}
$match .= $got;
$found = index($match, $delim);
if ($found > -1) {
#$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim);
#read up to the end of the delimiter
$got = Net::SSLeay::ssl_read_all($ssl,
$found + $len_delim
- ((blength($match)) - (blength($got))));
$done = 1;
} else {
$got = Net::SSLeay::ssl_read_all($ssl, $peek_length);
$done = 1 if ($peek_length == $max_length - blength($reply));
}
last if print_errs('SSL_read');
debug_read(\$reply, \$got) if $trace>1;
last if $got eq '';
$reply .= $got;
}
} else {
while (!defined $max_length || length $reply < $max_length) {
$got = Net::SSLeay::ssl_read_all($ssl,1); # one by one
last if print_errs('SSL_read');
debug_read(\$reply, \$got) if $trace>1;
last if $got eq '';
$reply .= $got;
last if $len_delim
&& substr($reply, blength($reply)-$len_delim) eq $delim;
}
}
return $reply;
}
sub tcp_read_until {
my ($delim, $max_length) = @_;
# guess the delim string if missing
if ( ! defined $delim ) {
if ( defined $/ && length $/ ) { $delim = $/ }
else { $delim = "\n" } # Note: \n,$/ value depends on the platform
}
my $len_delim = length $delim;
my ($n,$got);
my $reply = '';
while (!defined $max_length || length $reply < $max_length) {
$n = sysread(SSLCAT_S, $got, 1); # one by one
warn "tcp_read_until: $!" if !defined $n;
debug_read(\$reply, \$got) if $trace>1;
last if !$n; # EOF
$reply .= $got;
last if $len_delim
&& substr($reply, blength($reply)-$len_delim) eq $delim;
}
return $reply;
}
# ssl_read_CRLF($ssl [, $max_length])
sub ssl_read_CRLF ($;$) { ssl_read_until($_[0], $CRLF, $_[1]) }
sub tcp_read_CRLF { tcp_read_until($CRLF, $_[0]) }
# ssl_write_CRLF($ssl, $message) writes $message and appends CRLF
sub ssl_write_CRLF ($$) {
# the next line uses less memory but might use more network packets
return ssl_write_all($_[0], $_[1]) + ssl_write_all($_[0], $CRLF);
# the next few lines do the same thing at the expense of memory, with
# the chance that it will use less packets, since CRLF is in the original
# message and won't be sent separately.
#my $data_ref;
#if (ref $_[1]) { $data_ref = $_[1] }
# else { $data_ref = \$_[1] }
#my $message = $$data_ref . $CRLF;
#return ssl_write_all($_[0], \$message);
}
sub tcp_write_CRLF {
# the next line uses less memory but might use more network packets
return tcp_write_all($_[0]) + tcp_write_all($CRLF);
# the next few lines do the same thing at the expense of memory, with
# the chance that it will use less packets, since CRLF is in the original
# message and won't be sent separately.
#my $data_ref;
#if (ref $_[1]) { $data_ref = $_[1] }
# else { $data_ref = \$_[1] }
#my $message = $$data_ref . $CRLF;
#return tcp_write_all($_[0], \$message);
}
### Quickly print out with whom we're talking
sub dump_peer_certificate ($) {
my ($ssl) = @_;
my $cert = get_peer_certificate($ssl);
return if print_errs('get_peer_certificate');
print "no cert defined\n" if !defined($cert);
# Cipher=NONE with empty cert fix
if (!defined($cert) || ($cert == 0)) {
warn "cert = `$cert'\n" if $trace;
return "Subject Name: undefined\nIssuer Name: undefined\n";
} else {
my $x = 'Subject Name: '
. X509_NAME_oneline(X509_get_subject_name($cert)) . "\n"
. 'Issuer Name: '
. X509_NAME_oneline(X509_get_issuer_name($cert)) . "\n";
Net::SSLeay::X509_free($cert);
return $x;
}
}
### Arrange some randomness for eay PRNG
sub randomize (;$$$) {
my ($rn_seed_file, $seed, $egd_path) = @_;
my $rnsf = defined($rn_seed_file) && -r $rn_seed_file;
$egd_path = '';
$egd_path = $ENV{'EGD_PATH'} if $ENV{'EGD_PATH'};
RAND_seed(rand() + $$); # Stir it with time and pid
unless ($rnsf || -r $Net::SSLeay::random_device || $seed || -S $egd_path) {
my $poll_retval = Net::SSLeay::RAND_poll();
warn "Random number generator not seeded!!!" if $trace && !$poll_retval;
}
RAND_load_file($rn_seed_file, -s _) if $rnsf;
RAND_seed($seed) if $seed;
RAND_seed($ENV{RND_SEED}) if $ENV{RND_SEED};
RAND_load_file($Net::SSLeay::random_device, $Net::SSLeay::how_random/8)
if -r $Net::SSLeay::random_device;
}
sub new_x_ctx {
if ( $ssl_version == 2 ) {
unless ( exists &Net::SSLeay::CTX_v2_new ) {
warn "ssl_version has been set to 2, but this version of libssl has been compiled without SSLv2 support";
return undef;
}
$ctx = CTX_v2_new();
}
elsif ( $ssl_version == 3 ) {
unless ( exists &Net::SSLeay::CTX_v3_new ) {
warn 'ssl_version has been set to 3, but this version of libssl has been compiled without SSLv3 support';
return undef;
}
$ctx = CTX_v3_new();
}
elsif ( $ssl_version == 10 ) {
unless ( exists &Net::SSLeay::CTX_tlsv1_new ) {
warn 'ssl_version has been set to 10, but this version of libssl has been compiled without TLSv1 support';
return undef;
}
$ctx = CTX_tlsv1_new();
}
elsif ( $ssl_version == 11 ) {
unless ( exists &Net::SSLeay::CTX_tlsv1_1_new ) {
warn 'ssl_version has been set to 11, but this version of libssl has been compiled without TLSv1.1 support';
return undef;
}
$ctx = CTX_tlsv1_1_new();
}
elsif ( $ssl_version == 12 ) {
unless ( exists &Net::SSLeay::CTX_tlsv1_2_new ) {
warn 'ssl_version has been set to 12, but this version of libssl has been compiled without TLSv1.2 support';
return undef;
}
$ctx = CTX_tlsv1_2_new();
}
elsif ( $ssl_version == 13 ) {
unless ( eval { Net::SSLeay::TLS1_3_VERSION() } ) {
warn 'ssl_version has been set to 13, but this version of libssl has been compiled without TLSv1.3 support';
return undef;
}
$ctx = CTX_new();
unless ( Net::SSLeay::CTX_set_min_proto_version( $ctx, Net::SSLeay::TLS1_3_VERSION() ) ) {
warn 'CTX_set_min_proto failed for TLSv1.3';
return undef;
}
unless ( Net::SSLeay::CTX_set_max_proto_version( $ctx, Net::SSLeay::TLS1_3_VERSION() ) ) {
warn 'CTX_set_max_proto failed for TLSv1.3';
return undef;
}
}
else {
$ctx = CTX_new();
}
return $ctx;
}
###
### Standard initialisation. Initialise the ssl library in the usual way
### at most once. Override this if you need differnet initialisation
### SSLeay_add_ssl_algorithms is also protected against multiple runs in SSLeay.xs
### and is also mutex protected in threading perls
###
my $library_initialised;
sub initialize
{
if (!$library_initialised)
{
load_error_strings(); # Some bloat, but I'm after ease of use
SSLeay_add_ssl_algorithms(); # and debuggability.
randomize();
$library_initialised++;
}
}
###
### Basic request - response primitive (don't use for https)
###
sub sslcat { # address, port, message, $crt, $key --> reply / (reply,errs,cert)
my ($dest_serv, $port, $out_message, $crt_path, $key_path) = @_;
my ($ctx, $ssl, $got, $errs, $written);
($got, $errs) = open_proxy_tcp_connection($dest_serv, $port);
return (wantarray ? (undef, $errs) : undef) unless $got;
### Do SSL negotiation stuff
warn "Creating SSL $ssl_version context...\n" if $trace>2;
initialize(); # Will init at most once
$ctx = new_x_ctx();
goto cleanup2 if $errs = print_errs('CTX_new') or !$ctx;
CTX_set_options($ctx, &OP_ALL);
goto cleanup2 if $errs = print_errs('CTX_set_options');
warn "Cert `$crt_path' given without key" if $crt_path && !$key_path;
set_cert_and_key($ctx, $crt_path, $key_path) if $crt_path;
warn "Creating SSL connection (context was '$ctx')...\n" if $trace>2;
$ssl = new($ctx);
goto cleanup if $errs = print_errs('SSL_new') or !$ssl;
warn "Setting fd (ctx $ctx, con $ssl)...\n" if $trace>2;
set_fd($ssl, fileno(SSLCAT_S));
goto cleanup if $errs = print_errs('set_fd');
warn "Entering SSL negotiation phase...\n" if $trace>2;
if ($trace>2) {
my $i = 0;
my $p = '';
my $cipher_list = 'Cipher list: ';
$p=Net::SSLeay::get_cipher_list($ssl,$i);
$cipher_list .= $p if $p;
do {
$i++;
$cipher_list .= ', ' . $p if $p;
$p=Net::SSLeay::get_cipher_list($ssl,$i);
} while $p;
$cipher_list .= '\n';
warn $cipher_list;
}
$got = Net::SSLeay::connect($ssl);
warn "SSLeay connect returned $got\n" if $trace>2;
goto cleanup if $errs = print_errs('SSL_connect');
my $server_cert = get_peer_certificate($ssl);
print_errs('get_peer_certificate');
if ($trace>1) {
warn "Cipher `" . get_cipher($ssl) . "'\n";
print_errs('get_ciper');
warn dump_peer_certificate($ssl);
}
### Connected. Exchange some data (doing repeated tries if necessary).
warn "sslcat $$: sending " . blength($out_message) . " bytes...\n"
if $trace==3;
warn "sslcat $$: sending `$out_message' (" . blength($out_message)
. " bytes)...\n" if $trace>3;
($written, $errs) = ssl_write_all($ssl, $out_message);
goto cleanup unless $written;
sleep $slowly if $slowly; # Closing too soon can abort broken servers
Net::SSLeay::shutdown($ssl); # Useful starting with OpenSSL 1.1.1e
CORE::shutdown SSLCAT_S, 1; # Half close --> No more output, send EOF to server
warn "waiting for reply...\n" if $trace>2;
($got, $errs) = ssl_read_all($ssl);
warn "Got " . blength($got) . " bytes.\n" if $trace==3;
warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3;
cleanup:
free ($ssl);
$errs .= print_errs('SSL_free');
cleanup2:
CTX_free ($ctx);
$errs .= print_errs('CTX_free');
close SSLCAT_S;
return wantarray ? ($got, $errs, $server_cert) : $got;
}
sub tcpcat { # address, port, message, $crt, $key --> reply / (reply,errs,cert)
my ($dest_serv, $port, $out_message) = @_;
my ($got, $errs, $written);
($got, $errs) = open_proxy_tcp_connection($dest_serv, $port);
return (wantarray ? (undef, $errs) : undef) unless $got;
### Connected. Exchange some data (doing repeated tries if necessary).
warn "tcpcat $$: sending " . blength($out_message) . " bytes...\n"
if $trace==3;
warn "tcpcat $$: sending `$out_message' (" . blength($out_message)
. " bytes)...\n" if $trace>3;
($written, $errs) = tcp_write_all($out_message);
goto cleanup unless $written;
sleep $slowly if $slowly; # Closing too soon can abort broken servers
CORE::shutdown SSLCAT_S, 1; # Half close --> No more output, send EOF to server
warn "waiting for reply...\n" if $trace>2;
($got, $errs) = tcp_read_all();
warn "Got " . blength($got) . " bytes.\n" if $trace==3;
warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3;
cleanup:
close SSLCAT_S;
return wantarray ? ($got, $errs) : $got;
}
sub tcpxcat {
my ($usessl, $site, $port, $req, $crt_path, $key_path) = @_;
if ($usessl) {
return sslcat($site, $port, $req, $crt_path, $key_path);
} else {
return tcpcat($site, $port, $req);
}
}
###
### Basic request - response primitive, this is different from sslcat
### because this does not shutdown the connection.
###
sub https_cat { # address, port, message --> returns reply / (reply,errs,cert)
my ($dest_serv, $port, $out_message, $crt_path, $key_path) = @_;
my ($ctx, $ssl, $got, $errs, $written);
($got, $errs) = open_proxy_tcp_connection($dest_serv, $port);
return (wantarray ? (undef, $errs) : undef) unless $got;
### Do SSL negotiation stuff
warn "Creating SSL $ssl_version context...\n" if $trace>2;
initialize();
$ctx = new_x_ctx();
goto cleanup2 if $errs = print_errs('CTX_new') or !$ctx;
CTX_set_options($ctx, &OP_ALL);
goto cleanup2 if $errs = print_errs('CTX_set_options');
warn "Cert `$crt_path' given without key" if $crt_path && !$key_path;
set_cert_and_key($ctx, $crt_path, $key_path) if $crt_path;
warn "Creating SSL connection (context was '$ctx')...\n" if $trace>2;
$ssl = new($ctx);
goto cleanup if $errs = print_errs('SSL_new') or !$ssl;
warn "Setting fd (ctx $ctx, con $ssl)...\n" if $trace>2;
set_fd($ssl, fileno(SSLCAT_S));
goto cleanup if $errs = print_errs('set_fd');
warn "Entering SSL negotiation phase...\n" if $trace>2;
if ($trace>2) {
my $i = 0;
my $p = '';
my $cipher_list = 'Cipher list: ';
$p=Net::SSLeay::get_cipher_list($ssl,$i);
$cipher_list .= $p if $p;
do {
$i++;
$cipher_list .= ', ' . $p if $p;
$p=Net::SSLeay::get_cipher_list($ssl,$i);
} while $p;
$cipher_list .= '\n';
warn $cipher_list;
}
$got = Net::SSLeay::connect($ssl);
warn "SSLeay connect failed" if $trace>2 && $got==0;
goto cleanup if $errs = print_errs('SSL_connect');
my $server_cert = get_peer_certificate($ssl);
print_errs('get_peer_certificate');
if ($trace>1) {
warn "Cipher `" . get_cipher($ssl) . "'\n";
print_errs('get_ciper');
warn dump_peer_certificate($ssl);
}
### Connected. Exchange some data (doing repeated tries if necessary).
warn "https_cat $$: sending " . blength($out_message) . " bytes...\n"
if $trace==3;
warn "https_cat $$: sending `$out_message' (" . blength($out_message)
. " bytes)...\n" if $trace>3;
($written, $errs) = ssl_write_all($ssl, $out_message);
goto cleanup unless $written;
warn "waiting for reply...\n" if $trace>2;
($got, $errs) = ssl_read_all($ssl);
warn "Got " . blength($got) . " bytes.\n" if $trace==3;
warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3;
cleanup:
free ($ssl);
$errs .= print_errs('SSL_free');
cleanup2:
CTX_free ($ctx);
$errs .= print_errs('CTX_free');
close SSLCAT_S;
return wantarray ? ($got, $errs, $server_cert) : $got;
}
sub http_cat { # address, port, message --> returns reply / (reply,errs,cert)
my ($dest_serv, $port, $out_message) = @_;
my ($got, $errs, $written);
($got, $errs) = open_proxy_tcp_connection($dest_serv, $port);
return (wantarray ? (undef, $errs) : undef) unless $got;
### Connected. Exchange some data (doing repeated tries if necessary).
warn "http_cat $$: sending " . blength($out_message) . " bytes...\n"
if $trace==3;
warn "http_cat $$: sending `$out_message' (" . blength($out_message)
. " bytes)...\n" if $trace>3;
($written, $errs) = tcp_write_all($out_message);
goto cleanup unless $written;
warn "waiting for reply...\n" if $trace>2;
($got, $errs) = tcp_read_all();
warn "Got " . blength($got) . " bytes.\n" if $trace==3;
warn "Got `$got' (" . blength($got) . " bytes)\n" if $trace>3;
cleanup:
close SSLCAT_S;
return wantarray ? ($got, $errs) : $got;
}
sub httpx_cat {
my ($usessl, $site, $port, $req, $crt_path, $key_path) = @_;
warn "httpx_cat: usessl=$usessl ($site:$port)" if $trace;
if ($usessl) {
return https_cat($site, $port, $req, $crt_path, $key_path);
} else {
return http_cat($site, $port, $req);
}
}
###
### Easy set up of private key and certificate
###
sub set_cert_and_key ($$$) {
my ($ctx, $cert_path, $key_path) = @_;
my $errs = '';
# Following will ask password unless private key is not encrypted
CTX_use_PrivateKey_file( $ctx, $key_path, &FILETYPE_PEM ) == 1
or $errs .= print_errs("private key `$key_path' ($!)");
CTX_use_certificate_file ($ctx, $cert_path, &FILETYPE_PEM) == 1
or $errs .= print_errs("certificate `$cert_path' ($!)");
return wantarray ? (undef, $errs) : ($errs eq '');
}
### Old deprecated API
sub set_server_cert_and_key ($$$) { &set_cert_and_key }
### Set up to use web proxy
sub set_proxy ($$;**) {
($proxyhost, $proxyport, $proxyuser, $proxypass) = @_;
require MIME::Base64 if $proxyuser;
$proxyauth = $proxyuser
? $CRLF . 'Proxy-authorization: Basic '
. MIME::Base64::encode("$proxyuser:$proxypass", '')
: '';
}
###
### Easy https manipulation routines
###
sub make_form {
my (@fields) = @_;
my $form;
while (@fields) {
my ($name, $data) = (shift(@fields), shift(@fields));
$data =~ s/([^\w\-.\@\$ ])/sprintf("%%%2.2x",ord($1))/gse;
$data =~ tr[ ][+];
$form .= "$name=$data&";
}
chop $form;
return $form;
}
sub make_headers {
my (@headers) = @_;
my $headers;
while (@headers) {
my $header = shift(@headers);
my $value = shift(@headers);
$header =~ s/:$//;
$value =~ s/\x0d?\x0a$//; # because we add it soon, see below
$headers .= "$header: $value$CRLF";
}
return $headers;
}
sub do_httpx3 {
my ($method, $usessl, $site, $port, $path, $headers,
$content, $mime_type, $crt_path, $key_path) = @_;
my ($response, $page, $h,$v);
my $len = blength($content);
if ($len) {
$mime_type = "application/x-www-form-urlencoded" unless $mime_type;
$content = "Content-Type: $mime_type$CRLF"
. "Content-Length: $len$CRLF$CRLF$content";
} else {
$content = "$CRLF$CRLF";
}
my $req = "$method $path HTTP/1.0$CRLF";
unless (defined $headers && $headers =~ /^Host:/m) {
$req .= "Host: $site";
unless (($port == 80 && !$usessl) || ($port == 443 && $usessl)) {
$req .= ":$port";
}
$req .= $CRLF;
}
$req .= (defined $headers ? $headers : '') . "Accept: */*$CRLF$content";
warn "do_httpx3($method,$usessl,$site:$port)" if $trace;
my ($http, $errs, $server_cert)
= httpx_cat($usessl, $site, $port, $req, $crt_path, $key_path);
return (undef, "HTTP/1.0 900 NET OR SSL ERROR$CRLF$CRLF$errs") if $errs;
$http = '' if !defined $http;
($headers, $page) = split /\s?\n\s?\n/, $http, 2;
warn "headers >$headers< page >>$page<< http >>>$http<<<" if $trace>1;
($response, $headers) = split /\s?\n/, $headers, 2;
return ($page, $response, $headers, $server_cert);
}
sub do_https3 { splice(@_,1,0) = 1; do_httpx3; } # Legacy undocumented
### do_https2() is a legacy version in the sense that it is unable
### to return all instances of duplicate headers.
sub do_httpx2 {
my ($page, $response, $headers, $server_cert) = &do_httpx3;
X509_free($server_cert) if defined $server_cert;
return ($page, $response, defined $headers ?
map( { ($h,$v)=/^(\S+)\:\s*(.*)$/; (uc($h),$v); }
split(/\s?\n/, $headers)
) : ()
);
}
sub do_https2 { splice(@_,1,0) = 1; do_httpx2; } # Legacy undocumented
### Returns headers as a hash where multiple instances of same header
### are handled correctly.
sub do_httpx4 {
my ($page, $response, $headers, $server_cert) = &do_httpx3;
my %hr = ();
for my $hh (split /\s?\n/, $headers) {
my ($h,$v) = ($hh =~ /^(\S+)\:\s*(.*)$/);
push @{$hr{uc($h)}}, $v;
}
return ($page, $response, \%hr, $server_cert);
}
sub do_https4 { splice(@_,1,0) = 1; do_httpx4; } # Legacy undocumented
# https
sub get_https { do_httpx2(GET => 1, @_) }
sub post_https { do_httpx2(POST => 1, @_) }
sub put_https { do_httpx2(PUT => 1, @_) }
sub head_https { do_httpx2(HEAD => 1, @_) }
sub get_https3 { do_httpx3(GET => 1, @_) }
sub post_https3 { do_httpx3(POST => 1, @_) }
sub put_https3 { do_httpx3(PUT => 1, @_) }
sub head_https3 { do_httpx3(HEAD => 1, @_) }
sub get_https4 { do_httpx4(GET => 1, @_) }
sub post_https4 { do_httpx4(POST => 1, @_) }
sub put_https4 { do_httpx4(PUT => 1, @_) }
sub head_https4 { do_httpx4(HEAD => 1, @_) }
# http
sub get_http { do_httpx2(GET => 0, @_) }
sub post_http { do_httpx2(POST => 0, @_) }
sub put_http { do_httpx2(PUT => 0, @_) }
sub head_http { do_httpx2(HEAD => 0, @_) }
sub get_http3 { do_httpx3(GET => 0, @_) }
sub post_http3 { do_httpx3(POST => 0, @_) }
sub put_http3 { do_httpx3(PUT => 0, @_) }
sub head_http3 { do_httpx3(HEAD => 0, @_) }
sub get_http4 { do_httpx4(GET => 0, @_) }
sub post_http4 { do_httpx4(POST => 0, @_) }
sub put_http4 { do_httpx4(PUT => 0, @_) }
sub head_http4 { do_httpx4(HEAD => 0, @_) }
# Either https or http
sub get_httpx { do_httpx2(GET => @_) }
sub post_httpx { do_httpx2(POST => @_) }
sub put_httpx { do_httpx2(PUT => @_) }
sub head_httpx { do_httpx2(HEAD => @_) }
sub get_httpx3 { do_httpx3(GET => @_) }
sub post_httpx3 { do_httpx3(POST => @_) }
sub put_httpx3 { do_httpx3(PUT => @_) }
sub head_httpx3 { do_httpx3(HEAD => @_) }
sub get_httpx4 { do_httpx4(GET => @_) }
sub post_httpx4 { do_httpx4(POST => @_) }
sub put_httpx4 { do_httpx4(PUT => @_) }
sub head_httpx4 { do_httpx4(HEAD => @_) }
### Legacy, don't use
# ($page, $respone_or_err, %headers) = do_https(...);
sub do_https {
my ($site, $port, $path, $method, $headers,
$content, $mime_type, $crt_path, $key_path) = @_;
do_https2($method, $site, $port, $path, $headers,
$content, $mime_type, $crt_path, $key_path);
}
1;
__END__
|
