Upgrade to OpenSSL 0.9.8h.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_new.3
CommitLineData
aac4ff6f 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
e056f0e0 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
e056f0e0 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
e056f0e0 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
e056f0e0
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
aac4ff6f
PA
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr
e056f0e0 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
e056f0e0
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
e056f0e0
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
e056f0e0
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
e056f0e0
JR
59. nr % 0
60. rr F
984263bc 61.\}
e056f0e0 62.\"
aac4ff6f
PA
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
66.if n .na
67.\"
e056f0e0
JR
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
e056f0e0
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
e056f0e0
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
e056f0e0 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
e056f0e0
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
e056f0e0
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
e056f0e0 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
e056f0e0
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
e056f0e0
JR
129.\" ========================================================================
130.\"
131.IX Title "SSL_CTX_new 3"
aac4ff6f 132.TH SSL_CTX_new 3 "2008-09-06" "0.9.8h" "OpenSSL"
984263bc 133.SH "NAME"
a7d27d5a 134SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions
984263bc 135.SH "SYNOPSIS"
e056f0e0 136.IX Header "SYNOPSIS"
984263bc
MD
137.Vb 1
138\& #include <openssl/ssl.h>
aac4ff6f
PA
139.Ve
140.PP
141.Vb 1
984263bc
MD
142\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
143.Ve
144.SH "DESCRIPTION"
e056f0e0
JR
145.IX Header "DESCRIPTION"
146\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish
147\&\s-1TLS/SSL\s0 enabled connections.
984263bc 148.SH "NOTES"
e056f0e0
JR
149.IX Header "NOTES"
150The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist
984263bc
MD
151in a generic type (for client and server use), a server only type, and a
152client only type. \fBmethod\fR can be of the following types:
e056f0e0
JR
153.IP "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4
154.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)"
984263bc
MD
155A \s-1TLS/SSL\s0 connection established with these methods will only understand
156the SSLv2 protocol. A client will send out SSLv2 client hello messages
157and will also indicate that it only understand SSLv2. A server will only
158understand SSLv2 client hello messages.
e056f0e0
JR
159.IP "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4
160.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)"
984263bc
MD
161A \s-1TLS/SSL\s0 connection established with these methods will only understand the
162SSLv3 protocol. A client will send out SSLv3 client hello messages
163and will indicate that it only understands SSLv3. A server will only understand
164SSLv3 client hello messages. This especially means, that it will
165not understand SSLv2 client hello messages which are widely used for
166compatibility reasons, see SSLv23_*\fI_method()\fR.
e056f0e0
JR
167.IP "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4
168.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)"
984263bc
MD
169A \s-1TLS/SSL\s0 connection established with these methods will only understand the
170TLSv1 protocol. A client will send out TLSv1 client hello messages
171and will indicate that it only understands TLSv1. A server will only understand
172TLSv1 client hello messages. This especially means, that it will
173not understand SSLv2 client hello messages which are widely used for
174compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
175SSLv3 client hello messages.
e056f0e0
JR
176.IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
177.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
984263bc
MD
178A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
179SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
180and will indicate that it also understands SSLv3 and TLSv1. A server will
181understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
182choice when compatibility is a concern.
183.PP
184The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
e056f0e0
JR
185SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or
186\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose
984263bc
MD
187e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
188clients, but to only allow newer protocols like SSLv3 or TLSv1.
189.PP
e056f0e0 190\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
984263bc
MD
191the callbacks, the keys and certificates, and the options to its default
192values.
193.SH "RETURN VALUES"
e056f0e0 194.IX Header "RETURN VALUES"
984263bc 195The following return values can occur:
e056f0e0
JR
196.IP "\s-1NULL\s0" 4
197.IX Item "NULL"
984263bc
MD
198The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to
199find out the reason.
e056f0e0
JR
200.IP "Pointer to an \s-1SSL_CTX\s0 object" 4
201.IX Item "Pointer to an SSL_CTX object"
984263bc
MD
202The return value points to an allocated \s-1SSL_CTX\s0 object.
203.SH "SEE ALSO"
a7d27d5a 204.IX Header "SEE ALSO"
e056f0e0
JR
205\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3),
206\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3)