Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_new.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
e056f0e0 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
e056f0e0 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
e056f0e0 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
e056f0e0
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
e056f0e0 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
e056f0e0
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
e056f0e0
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
e056f0e0 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
e056f0e0 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
e056f0e0
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
e056f0e0
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
e056f0e0
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
e056f0e0
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
e056f0e0
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
e056f0e0
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
e056f0e0 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
e056f0e0
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
e056f0e0
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
e056f0e0 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
e056f0e0
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
e056f0e0
JR
124.\" ========================================================================
125.\"
126.IX Title "SSL_CTX_new 3"
e3261593 127.TH SSL_CTX_new 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc 132.SH "NAME"
a7d27d5a 133SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions
984263bc 134.SH "SYNOPSIS"
e056f0e0 135.IX Header "SYNOPSIS"
984263bc
MD
136.Vb 1
137\& #include <openssl/ssl.h>
e257b235 138\&
01185282 139\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
984263bc
MD
140.Ve
141.SH "DESCRIPTION"
e056f0e0
JR
142.IX Header "DESCRIPTION"
143\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish
144\&\s-1TLS/SSL\s0 enabled connections.
984263bc 145.SH "NOTES"
e056f0e0
JR
146.IX Header "NOTES"
147The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist
984263bc
MD
148in a generic type (for client and server use), a server only type, and a
149client only type. \fBmethod\fR can be of the following types:
e056f0e0
JR
150.IP "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4
151.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)"
984263bc
MD
152A \s-1TLS/SSL\s0 connection established with these methods will only understand
153the SSLv2 protocol. A client will send out SSLv2 client hello messages
154and will also indicate that it only understand SSLv2. A server will only
155understand SSLv2 client hello messages.
e056f0e0
JR
156.IP "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4
157.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)"
984263bc
MD
158A \s-1TLS/SSL\s0 connection established with these methods will only understand the
159SSLv3 protocol. A client will send out SSLv3 client hello messages
160and will indicate that it only understands SSLv3. A server will only understand
161SSLv3 client hello messages. This especially means, that it will
162not understand SSLv2 client hello messages which are widely used for
163compatibility reasons, see SSLv23_*\fI_method()\fR.
e056f0e0
JR
164.IP "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4
165.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)"
984263bc
MD
166A \s-1TLS/SSL\s0 connection established with these methods will only understand the
167TLSv1 protocol. A client will send out TLSv1 client hello messages
168and will indicate that it only understands TLSv1. A server will only understand
169TLSv1 client hello messages. This especially means, that it will
170not understand SSLv2 client hello messages which are widely used for
171compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
172SSLv3 client hello messages.
e056f0e0
JR
173.IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
174.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
984263bc
MD
175A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
176SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
177and will indicate that it also understands SSLv3 and TLSv1. A server will
178understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
179choice when compatibility is a concern.
180.PP
181The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
e056f0e0
JR
182SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or
183\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose
984263bc
MD
184e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
185clients, but to only allow newer protocols like SSLv3 or TLSv1.
186.PP
e056f0e0 187\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
984263bc
MD
188the callbacks, the keys and certificates, and the options to its default
189values.
190.SH "RETURN VALUES"
e056f0e0 191.IX Header "RETURN VALUES"
984263bc 192The following return values can occur:
e056f0e0
JR
193.IP "\s-1NULL\s0" 4
194.IX Item "NULL"
984263bc
MD
195The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to
196find out the reason.
e056f0e0
JR
197.IP "Pointer to an \s-1SSL_CTX\s0 object" 4
198.IX Item "Pointer to an SSL_CTX object"
984263bc
MD
199The return value points to an allocated \s-1SSL_CTX\s0 object.
200.SH "SEE ALSO"
a7d27d5a 201.IX Header "SEE ALSO"
e056f0e0
JR
202\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3),
203\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3)