{
    "content": [
        {
            "type": "text",
            "text": "# Net::SSLeay (perldoc)\n\n**Summary:** Net::SSLeay - Perl bindings for OpenSSL and LibreSSL\n\n**Synopsis:** use Net::SSLeay qw(gethttps posthttps sslcat makeheaders makeform);\n($page) = gethttps('www.bacus.pt', 443, '/');                 # Case 1\n($page, $response, %replyheaders)\n= gethttps('www.bacus.pt', 443, '/',                   # Case 2\nmakeheaders(User-Agent => 'Cryptozilla/5.0b1',\nReferer    => 'https://www.bacus.pt'\n));\n($page, $result, %headers) =                                   # Case 2b\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi', '',       # Case 3\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n$reply = sslcat($host, $port, $request);                       # Case 4\n($reply, $err, $servercert) = sslcat($host, $port, $request); # Case 5\n$Net::SSLeay::trace = 2;  # 0=no debugging, 1=ciphers, 2=trace, 3=dump data\nNet::SSLeay::initialize(); # Initialize ssl library once\n\n## Examples\n\n- `One very good example to look at is the implementation of \"sslcat()\" in the \"SSLeay.pm\" file.`\n- `The following is a simple SSLeay client (with too little error checking :-(`\n- `#!/usr/bin/perl`\n- `use Socket;`\n- `use Net::SSLeay qw(dienow dieifsslerror) ;`\n- `Net::SSLeay::loaderrorstrings();`\n- `Net::SSLeay::SSLeayaddsslalgorithms();`\n- `Net::SSLeay::randomize();`\n- `($destserv, $port, $msg) = @ARGV;      # Read command line`\n- `$port = getservbyname ($port, 'tcp') unless $port =~ /^\\d+$/;`\n- `$destip = gethostbyname ($destserv);`\n- `$destservparams  = sockaddrin($port, $destip);`\n- `socket  (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";`\n- `connect (S, $destservparams)          or die \"connect: $!\";`\n- `select  (S); $| = 1; select (STDOUT);   # Eliminate STDIO buffering`\n- `# The network connection is now open, lets fire up SSL`\n- `$ctx = Net::SSLeay::CTXnew() or dienow(\"Failed to create SSLCTX $!\");`\n- `Net::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)`\n- `or dieifsslerror(\"ssl ctx set options\");`\n- `$ssl = Net::SSLeay::new($ctx) or dienow(\"Failed to create SSL $!\");`\n- `Net::SSLeay::setfd($ssl, fileno(S));   # Must use fileno`\n- `$res = Net::SSLeay::connect($ssl) and dieifsslerror(\"ssl connect\");`\n- `print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";`\n- `# Exchange data`\n- `$res = Net::SSLeay::write($ssl, $msg);  # Perl knows how long $msg is`\n- `dieifsslerror(\"ssl write\");`\n- `CORE::shutdown S, 1;  # Half close --> No more output, sends EOF to server`\n- `$got = Net::SSLeay::read($ssl);         # Perl returns undef on failure`\n- `dieifsslerror(\"ssl read\");`\n- `print $got;`\n- `Net::SSLeay::free ($ssl);               # Tear down connection`\n- `Net::SSLeay::CTXfree ($ctx);`\n- `close S;`\n- `The following is a simple SSLeay echo server (non forking):`\n- `#!/usr/bin/perl -w`\n- `use Socket;`\n- `use Net::SSLeay qw(dienow dieifsslerror);`\n- `Net::SSLeay::loaderrorstrings();`\n- `Net::SSLeay::SSLeayaddsslalgorithms();`\n- `Net::SSLeay::randomize();`\n- `$ourip = \"\\0\\0\\0\\0\"; # Bind to all interfaces`\n- `$port = 1235;`\n- `$sockaddrtemplate = 'S n a4 x8';`\n- `$ourservparams = pack ($sockaddrtemplate, &AFINET, $port, $ourip);`\n- `socket (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";`\n- `bind (S, $ourservparams)             or die \"bind:   $!\";`\n- `listen (S, 5)                          or die \"listen: $!\";`\n- `$ctx = Net::SSLeay::CTXnew ()         or dienow(\"CTXnew ($ctx): $!\");`\n- `Net::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)`\n- `or dieifsslerror(\"ssl ctx set options\");`\n- `# Following will ask password unless private key is not encrypted`\n- `Net::SSLeay::CTXuseRSAPrivateKeyfile ($ctx, 'plain-rsa.pem',`\n- `&Net::SSLeay::FILETYPEPEM);`\n- `dieifsslerror(\"private key\");`\n- `Net::SSLeay::CTXusecertificatefile ($ctx, 'plain-cert.pem',`\n- `&Net::SSLeay::FILETYPEPEM);`\n- `dieifsslerror(\"certificate\");`\n- `while (1) {`\n- `print \"Accepting connections...\\n\";`\n- `($addr = accept (NS, S))           or die \"accept: $!\";`\n- `select (NS); $| = 1; select (STDOUT);  # Piping hot!`\n- `($af,$clientport,$clientip) = unpack($sockaddrtemplate,$addr);`\n- `@inetaddr = unpack('C4',$clientip);`\n- `print \"$af connection from \" .`\n- `join ('.', @inetaddr) . \":$clientport\\n\";`\n- `# We now have a network connection, lets fire up SSLeay...`\n- `$ssl = Net::SSLeay::new($ctx)      or dienow(\"SSLnew ($ssl): $!\");`\n- `Net::SSLeay::setfd($ssl, fileno(NS));`\n- `$err = Net::SSLeay::accept($ssl) and dieifsslerror('ssl accept');`\n- `print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";`\n- `# Connected. Exchange some data.`\n- `$got = Net::SSLeay::read($ssl);     # Returns undef on fail`\n- `dieifsslerror(\"ssl read\");`\n- `print \"Got `$got' (\" . length ($got) . \" chars)\\n\";`\n- `Net::SSLeay::write ($ssl, uc ($got)) or die \"write: $!\";`\n- `dieifsslerror(\"ssl write\");`\n- `Net::SSLeay::free ($ssl);           # Tear down connection`\n- `close NS;`\n- `Yet another echo server. This one runs from \"/etc/inetd.conf\" so it avoids all the socket code`\n- `overhead. Only caveat is opening an rsa key file - it had better be without any encryption or`\n- `else it will not know where to ask for the password. Note how \"STDIN\" and \"STDOUT\" are wired to`\n- `SSL.`\n- `#!/usr/bin/perl`\n- `# /etc/inetd.conf`\n- `#    ssltst stream tcp nowait root /path/to/server.pl server.pl`\n- `# /etc/services`\n- `#    ssltst         1234/tcp`\n- `use Net::SSLeay qw(dienow dieifsslerror);`\n- `Net::SSLeay::loaderrorstrings();`\n- `Net::SSLeay::SSLeayaddsslalgorithms();`\n- `Net::SSLeay::randomize();`\n- `chdir '/key/dir' or die \"chdir: $!\";`\n- `$| = 1;  # Piping hot!`\n- `open LOG, \">>/dev/console\" or die \"Can't open log file $!\";`\n- `select LOG; print \"server.pl started\\n\";`\n- `$ctx = Net::SSLeay::CTXnew()     or dienow \"CTXnew ($ctx) ($!)\";`\n- `$ssl = Net::SSLeay::new($ctx)     or dienow \"new ($ssl) ($!)\";`\n- `Net::SSLeay::setoptions($ssl, &Net::SSLeay::OPALL)`\n- `and dieifsslerror(\"ssl set options\");`\n- `# We get already open network connection from inetd, now we just`\n- `# need to attach SSLeay to STDIN and STDOUT`\n- `Net::SSLeay::setrfd($ssl, fileno(STDIN));`\n- `Net::SSLeay::setwfd($ssl, fileno(STDOUT));`\n- `Net::SSLeay::useRSAPrivateKeyfile ($ssl, 'plain-rsa.pem',`\n- `Net::SSLeay::FILETYPEPEM);`\n- `dieifsslerror(\"private key\");`\n- `Net::SSLeay::usecertificatefile ($ssl, 'plain-cert.pem',`\n- `Net::SSLeay::FILETYPEPEM);`\n- `dieifsslerror(\"certificate\");`\n- `Net::SSLeay::accept($ssl) and dieifsslerr(\"ssl accept: $!\");`\n- `print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";`\n- `$got = Net::SSLeay::read($ssl);`\n- `dieifsslerror(\"ssl read\");`\n- `print \"Got `$got' (\" . length ($got) . \" chars)\\n\";`\n- `Net::SSLeay::write ($ssl, uc($got)) or die \"write: $!\";`\n- `dieifsslerror(\"ssl write\");`\n- `Net::SSLeay::free ($ssl);         # Tear down the connection`\n- `Net::SSLeay::CTXfree ($ctx);`\n- `close LOG;`\n- `There are also a number of example/test programs in the examples directory:`\n- `sslecho.pl   -  A simple server, not unlike the one above`\n- `minicli.pl   -  Implements a client using low level SSLeay routines`\n- `sslcat.pl    -  Demonstrates using high level sslcat utility function`\n- `getpage.pl  -  Is a utility for getting html pages from secure servers`\n- `callback.pl  -  Demonstrates certificate verification and callback usage`\n- `stdiobulk.pl       - Does SSL over Unix pipes`\n- `ssl-inetd-serv.pl   - SSL server that can be invoked from inetd.conf`\n- `httpd-proxy-snif.pl - Utility that allows you to see how a browser`\n- `sends https request to given server and what reply`\n- `it gets back (very educative :-)`\n- `makecert.pl  -  Creates a self signed cert (does not use this module)`\n\n## See Also\n\n- perl(1)\n- perlref(1)\n- perllol(1)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (30 lines)\n- **DESCRIPTION** (3 lines)\n- **COMPATIBILITY** (34 lines)\n- **OVERVIEW** (11 lines) — 9 subsections\n  - High level functions for accessing web servers (459 lines)\n  - Using Net::SSLeay in multi-threaded applications (135 lines)\n  - Convenience routines (59 lines)\n  - Initialization (9 lines)\n  - Error handling functions (22 lines)\n  - Sockets (14 lines)\n  - Callbacks (45 lines)\n  - Low level API (8558 lines)\n  - Constants (338 lines)\n- **EXAMPLES** (169 lines)\n- **INSTALLATION** (3 lines)\n- **LIMITATIONS** (25 lines)\n- **KNOWN BUGS AND CAVEATS** (113 lines)\n- **DIAGNOSTICS** (28 lines)\n- **SECURITY** (24 lines) — 2 subsections\n  - Session Resumption (11 lines)\n  - Secure Renegotiation and DoS Attack (13 lines)\n- **BUGS** (12 lines)\n- **AUTHOR** (8 lines)\n- **COPYRIGHT** (14 lines)\n- **LICENSE** (3 lines)\n- **SEE ALSO** (15 lines)\n\n## Full Content\n\n### NAME\n\nNet::SSLeay - Perl bindings for OpenSSL and LibreSSL\n\n### SYNOPSIS\n\nuse Net::SSLeay qw(gethttps posthttps sslcat makeheaders makeform);\n\n($page) = gethttps('www.bacus.pt', 443, '/');                 # Case 1\n\n($page, $response, %replyheaders)\n= gethttps('www.bacus.pt', 443, '/',                   # Case 2\nmakeheaders(User-Agent => 'Cryptozilla/5.0b1',\nReferer    => 'https://www.bacus.pt'\n));\n\n($page, $result, %headers) =                                   # Case 2b\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi', '',       # Case 3\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n\n$reply = sslcat($host, $port, $request);                       # Case 4\n\n($reply, $err, $servercert) = sslcat($host, $port, $request); # Case 5\n\n$Net::SSLeay::trace = 2;  # 0=no debugging, 1=ciphers, 2=trace, 3=dump data\n\nNet::SSLeay::initialize(); # Initialize ssl library once\n\n### DESCRIPTION\n\nThis module provides Perl bindings for libssl (an SSL/TLS API) and libcrypto (a cryptography\nAPI).\n\n### COMPATIBILITY\n\nNet::SSLeay supports the following libssl implementations:\n\n*   Any stable release of OpenSSL <https://www.openssl.org> in the 0.9.8 - 3.0 branches, except\nfor OpenSSL 0.9.8 - 0.9.8b.\n\n*   Any stable release of LibreSSL <https://www.libressl.org> in the 2.0 - 3.4 series, except\nfor LibreSSL 3.2.2 and 3.2.3.\n\nNet::SSLeay may not function as expected with releases other than the ones listed above due to\nlibssl API incompatibilities, or, in the case of LibreSSL, because of deviations from the libssl\nAPI.\n\nNet::SSLeay is only as secure as the underlying libssl implementation you use. Although\nNet::SSLeay maintains compatibility with old versions of OpenSSL and LibreSSL, it is strongly\nrecommended that you use a version of OpenSSL or LibreSSL that is supported by the\nOpenSSL/LibreSSL developers and/or your operating system vendor. Many unsupported versions of\nOpenSSL and LibreSSL are known to contain severe security vulnerabilities. Refer to the OpenSSL\nRelease Strategy <https://www.openssl.org/policies/releasestrat.html> and LibreSSL Support\nSchedule <https://www.libressl.org/releases.html> for information on which versions are\ncurrently supported.\n\nThe libssl API has changed significantly since OpenSSL 0.9.8: hundreds of functions have been\nadded, deprecated or removed in the intervening versions. Although this documentation lists all\nof the functions and constants that Net::SSLeay may expose, they will not be available for use\nif they are missing from the underlying libssl implementation. Refer to the compatibility notes\nin this documentation, as well as the OpenSSL/LibreSSL manual pages, for information on which\nOpenSSL/LibreSSL versions support each function or constant. At run-time, you can check whether\na function or constant is exposed before calling it using the following convention:\n\nif ( defined &Net::SSLeay::libsslfunction ) {\n# libsslfunction() (or SSLlibsslfunction()) is available\nNet::SSLeay::libsslfunction(...);\n}\n\n### OVERVIEW\n\nNet::SSLeay module basically comprise of:\n\n*   High level functions for accessing web servers (by using HTTP/HTTPS)\n\n*   Low level API (mostly mapped 1:1 to openssl's C functions)\n\n*   Convenience functions (related to low level API but with more perl friendly interface)\n\nThere is also a related module called Net::SSLeay::Handle included in this distribution that you\nmight want to use instead. It has its own pod documentation.\n\n#### High level functions for accessing web servers\n\nThis module offers some high level convenience functions for accessing web pages on SSL servers\n(for symmetry, the same API is offered for accessing http servers, too), an \"sslcat()\" function\nfor writing your own clients, and finally access to the SSL api of the SSLeay/OpenSSL package so\nyou can write servers or clients for more complicated applications.\n\nFor high level functions it is most convenient to import them into your main namespace as\nindicated in the synopsis.\n\nBasic set of functions\n*   gethttps\n\n*   posthttps\n\n*   puthttps\n\n*   headhttps\n\n*   dohttps\n\n*   sslcat\n\n*   httpscat\n\n*   makeform\n\n*   makeheaders\n\nCase 1 (in SYNOPSIS) demonstrates the typical invocation of gethttps() to fetch an HTML page\nfrom secure server. The first argument provides the hostname or IP in dotted decimal notation of\nthe remote server to contact. The second argument is the TCP port at the remote end (your own\nport is picked arbitrarily from high numbered ports as usual for TCP). The third argument is the\nURL of the page without the host name part. If in doubt consult the HTTP specifications at\n<http://www.w3c.org>.\n\nCase 2 (in SYNOPSIS) demonstrates full fledged use of \"gethttps()\". As can be seen,\n\"gethttps()\" parses the response and response headers and returns them as a list, which can be\ncaptured in a hash for later reference. Also a fourth argument to \"gethttps()\" is used to\ninsert some additional headers in the request. \"makeheaders()\" is a function that will convert\na list or hash to such headers. By default \"gethttps()\" supplies \"Host\" (to make virtual\nhosting easy) and \"Accept\" (reportedly needed by IIS) headers.\n\nCase 2b (in SYNOPSIS) demonstrates how to get a password protected page. Refer to the HTTP\nprotocol specifications for further details (e.g. RFC-2617).\n\nCase 3 (in SYNOPSIS) invokes \"posthttps()\" to submit a HTML/CGI form to a secure server. The\nfirst four arguments are equal to \"gethttps()\" (note that the empty string ('') is passed as\nheader argument). The fifth argument is the contents of the form formatted according to CGI\nspecification. Do not post UTF-8 data as content: use utf8::downgrade first. In this case the\nhelper function \"makehttps()\" is used to do the formatting, but you could pass any string.\n\"posthttps()\" automatically adds \"Content-Type\" and \"Content-Length\" headers to the request.\n\nCase 4 (in SYNOPSIS) shows the fundamental \"sslcat()\" function (inspired in spirit by the\n\"netcat\" utility :-). It's your swiss army knife that allows you to easily contact servers, send\nsome data, and then get the response. You are responsible for formatting the data and parsing\nthe response - \"sslcat()\" is just a transport.\n\nCase 5 (in SYNOPSIS) is a full invocation of \"sslcat()\" which allows the return of errors as\nwell as the server (peer) certificate.\n\nThe $trace global variable can be used to control the verbosity of the high level functions.\nLevel 0 guarantees silence, level 1 (the default) only emits error messages.\n\nAlternate versions of high-level API\n*   gethttps3\n\n*   posthttps3\n\n*   puthttps3\n\n*   gethttps4\n\n*   posthttps4\n\n*   puthttps4\n\nThe above mentioned functions actually return the response headers as a list, which only gets\nconverted to hash upon assignment (this assignment looses information if the same header occurs\ntwice, as may be the case with cookies). There are also other variants of the functions that\nreturn unprocessed headers and that return a reference to a hash.\n\n($page, $response, @headers) = gethttps('www.bacus.pt', 443, '/');\nfor ($i = 0; $i < $#headers; $i+=2) {\nprint \"$headers[$i] = \" . $headers[$i+1] . \"\\n\";\n}\n\n($page, $response, $headers, $servercert)\n= gethttps3('www.bacus.pt', 443, '/');\nprint \"$headers\\n\";\n\n($page, $response, $headersref)\n= gethttps4('www.bacus.pt', 443, '/');\nfor $k (sort keys %{$headersref}) {\nfor $v (@{$$headersref{$k}}) {\nprint \"$k = $v\\n\";\n}\n}\n\nAll of the above code fragments accomplish the same thing: display all values of all headers.\nThe API functions ending in \"3\" return the headers simply as a scalar string and it is up to the\napplication to split them up. The functions ending in \"4\" return a reference to a hash of arrays\n(see perlref and perllol if you are not familiar with complex perl data structures). To access a\nsingle value of such a header hash you would do something like\n\nprint $$headersref{COOKIE}[0];\n\nVariants 3 and 4 also allow you to discover the server certificate in case you would like to\nstore or display it, e.g.\n\n($p, $resp, $hdrs, $servercert) = gethttps3('www.bacus.pt', 443, '/');\nif (!defined($servercert) || ($servercert == 0)) {\nwarn \"Subject Name: undefined, Issuer  Name: undefined\";\n} else {\nwarn 'Subject Name: '\n. Net::SSLeay::X509NAMEoneline(\nNet::SSLeay::X509getsubjectname($servercert))\n. 'Issuer  Name: '\n. Net::SSLeay::X509NAMEoneline(\nNet::SSLeay::X509getissuername($servercert));\n}\n\nBeware that this method only allows after the fact verification of the certificate: by the time\n\"gethttps3()\" has returned the https request has already been sent to the server, whether you\ndecide to trust it or not. To do the verification correctly you must either employ the OpenSSL\ncertificate verification framework or use the lower level API to first connect and verify the\ncertificate and only then send the http data. See the implementation of \"dshttps3()\" for\nguidance on how to do this.\n\nUsing client certificates\nSecure web communications are encrypted using symmetric crypto keys exchanged using encryption\nbased on the certificate of the server. Therefore in all SSL connections the server must have a\ncertificate. This serves both to authenticate the server to the clients and to perform the key\nexchange.\n\nSometimes it is necessary to authenticate the client as well. Two options are available: HTTP\nbasic authentication and a client side certificate. The basic authentication over HTTPS is\nactually quite safe because HTTPS guarantees that the password will not travel in the clear.\nNever-the-less, problems like easily guessable passwords remain. The client certificate method\ninvolves authentication of the client at the SSL level using a certificate. For this to work,\nboth the client and the server have certificates (which typically are different) and private\nkeys.\n\nThe API functions outlined above accept additional arguments that allow one to supply the client\nside certificate and key files. The format of these files is the same as used for server\ncertificates and the caveat about encrypting private keys applies.\n\n($page, $result, %headers) =                                   # 2c\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",'')),\n'', $mimetype6, $pathtocrt7, $pathtokey8);\n\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi',           # 3b\nmakeheaders('Authorization' =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",'')),\nmakeform(OK   => '1', name => 'Sampo'),\n$mimetype6, $pathtocrt7, $pathtokey8);\n\nCase 2c (in SYNOPSIS) demonstrates getting a password protected page that also requires a client\ncertificate, i.e. it is possible to use both authentication methods simultaneously.\n\nCase 3b (in SYNOPSIS) is a full blown POST to a secure server that requires both password\nauthentication and a client certificate, just like in case 2c.\n\nNote: The client will not send a certificate unless the server requests one. This is typically\nachieved by setting the verify mode to \"VERIFYPEER\" on the server:\n\nNet::SSLeay::setverify(ssl, Net::SSLeay::VERIFYPEER, 0);\n\nSee \"perldoc ~openssl/doc/ssl/SSLCTXsetverify.pod\" for a full description.\n\nWorking through a web proxy\n*   setproxy\n\n\"Net::SSLeay\" can use a web proxy to make its connections. You need to first set the proxy host\nand port using \"setproxy()\" and then just use the normal API functions, e.g:\n\nNet::SSLeay::setproxy('gateway.myorg.com', 8080);\n($page) = gethttps('www.bacus.pt', 443, '/');\n\nIf your proxy requires authentication, you can supply a username and password as well\n\nNet::SSLeay::setproxy('gateway.myorg.com', 8080, 'joe', 'salainen');\n($page, $result, %headers) =\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"susie:pass\",''))\n);\n\nThis example demonstrates the case where we authenticate to the proxy as \"joe\" and to the final\nweb server as \"susie\". Proxy authentication requires the \"MIME::Base64\" module to work.\n\nHTTP (without S) API\n*   gethttp\n\n*   posthttp\n\n*   tcpcat\n\n*   gethttpx\n\n*   posthttpx\n\n*   tcpxcat\n\nOver the years it has become clear that it would be convenient to use the light-weight flavour\nAPI of \"Net::SSLeay\" for normal HTTP as well (see \"LWP\" for the heavy-weight object-oriented\napproach). In fact it would be nice to be able to flip https on and off on the fly. Thus regular\nHTTP support was evolved.\n\nuse Net::SSLeay qw(gethttp posthttp tcpcat\ngethttpx posthttpx tcpxcat\nmakeheaders makeform);\n\n($page, $result, %headers)\n= gethttp('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttp('www.bacus.pt', 443, '/foo.cgi', '',\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n\n($reply, $err) = tcpcat($host, $port, $request);\n\n($page, $result, %headers)\n= gethttpx($usessl, 'www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttpx($usessl, 'www.bacus.pt', 443, '/foo.cgi', '',\nmakeform(OK   => '1',  name => 'Sampo' ));\n\n($reply, $err, $servercert) = tcpxcat($usessl, $host, $port, $request);\n\nAs can be seen, the \"x\" family of APIs takes as the first argument a flag which indicates\nwhether SSL is used or not.\n\nCertificate verification and Certificate Revocation Lists (CRLs)\nOpenSSL supports the ability to verify peer certificates. It can also optionally check the peer\ncertificate against a Certificate Revocation List (CRL) from the certificates issuer. A CRL is a\nfile, created by the certificate issuer that lists all the certificates that it previously\nsigned, but which it now revokes. CRLs are in PEM format.\n\nYou can enable \"Net::SSLeay CRL\" checking like this:\n\n&Net::SSLeay::X509STOREsetflags\n(&Net::SSLeay::CTXgetcertstore($ssl),\n&Net::SSLeay::X509VFLAGCRLCHECK);\n\nAfter setting this flag, if OpenSSL checks a peer's certificate, then it will attempt to find a\nCRL for the issuer. It does this by looking for a specially named file in the search directory\nspecified by CTXloadverifylocations. CRL files are named with the hash of the issuer's\nsubject name, followed by \".r0\", \".r1\" etc. For example \"ab1331b2.r0\", \"ab1331b2.r1\". It will\nread all the .r files for the issuer, and then check for a revocation of the peer certificate in\nall of them. (You can also force it to look in a specific named CRL file., see below). You can\nfind out the hash of the issuer subject name in a CRL with\n\nopenssl crl -in crl.pem -hash -noout\n\nIf the peer certificate does not pass the revocation list, or if no CRL is found, then the\nhandshaking fails with an error.\n\nYou can also force OpenSSL to look for CRLs in one or more arbitrarily named files.\n\nmy $bio = Net::SSLeay::BIOnewfile($crlfilename, 'r');\nmy $crl = Net::SSLeay::PEMreadbioX509CRL($bio);\nif ($crl) {\nNet::SSLeay::X509STOREaddcrl(\nNet::SSLeay::CTXgetcertstore($ssl, $crl)\n);\n} else {\nerror reading CRL....\n}\n\nUsually the URLs where you can download the CRLs is contained in the certificate itself and you\ncan extract them with\n\nmy @url = Net::SSLeay::PX509getcrldistributionpoints($cert)\n\nBut there is no automatic downloading of the CRLs and often these CRLs are too huge to just\ndownload them to verify a single certificate. Also, these CRLs are often in DER format which you\nneed to convert to PEM before you can use it:\n\nopenssl crl -in crl.der -inform der -out crl.pem\n\nSo as an alternative for faster and timely revocation checks you better use the Online Status\nRevocation Protocol (OCSP).\n\nCertificate verification and Online Status Revocation Protocol (OCSP)\nWhile checking for revoked certificates is possible and fast with Certificate Revocation Lists,\nyou need to download the complete and often huge list before you can verify a single\ncertificate.\n\nA faster way is to ask the CA to check the revocation of just a single or a few certificates\nusing OCSP. Basically you generate for each certificate an OCSPCERTID based on the certificate\nitself and its issuer, put the ids togetether into an OCSPREQUEST and send the request to the\nURL given in the certificate.\n\nAs a result you get back an OCSPRESPONSE and need to check the status of the response, check\nthat it is valid (e.g. signed by the CA) and finally extract the information about each\nOCSPCERTID to find out if the certificate is still valid or got revoked.\n\nWith Net::SSLeay this can be done like this:\n\n# get id(s) for given certs, like from getpeercertificate\n# or getpeercertchain. This will croak if\n# - one tries to make an OCSPCERTID for a self-signed certificate\n# - the issuer of the certificate cannot be found in the SSL objects\n#   store, nor in the current certificate chain\nmy $cert = Net::SSLeay::getpeercertificate($ssl);\nmy $id = eval { Net::SSLeay::OCSPcert2ids($ssl,$cert) };\ndie \"failed to make OCSPCERTID: $@\" if $@;\n\n# create OCSPREQUEST from id(s)\n# Multiple can be put into the same request, if the same OCSP responder\n# is responsible for them.\nmy $req = Net::SSLeay::OCSPids2req($id);\n\n# determine URI of OCSP responder\nmy $uri = Net::SSLeay::PX509getocspuri($cert);\n\n# Send stringified OCSPREQUEST with POST to $uri.\n# We can ignore certificate verification for https, because the OCSP\n# response itself is signed.\nmy $ua = HTTP::Tiny->new(verifySSL => 0);\nmy $res = $ua->request( 'POST',$uri, {\nheaders => { 'Content-type' => 'application/ocsp-request' },\ncontent => Net::SSLeay::i2dOCSPREQUEST($req)\n});\nmy $content = $res && $res->{success} && $res->{content}\nor die \"query failed\";\n\n# Extract OCSPRESPONSE.\n# this will croak if the string is not an OCSPRESPONSE\nmy $resp = eval { Net::SSLeay::d2iOCSPRESPONSE($content) };\n\n# Check status of response.\nmy $status = Net::SSLeay::OCSPresponsestatus($resp);\nif ($status != Net::SSLeay::OCSPRESPONSESTATUSSUCCESSFUL())\ndie \"OCSP response failed: \".\nNet::SSLeay::OCSPresponsestatusstr($status);\n}\n\n# Verify signature of response and if nonce matches request.\n# This will croak if there is a nonce in the response, but it does not match\n# the request. It will return false if the signature could not be verified,\n# in which case details can be retrieved with Net::SSLeay::ERRgeterror.\n# It will not complain if the response does not contain a nonce, which is\n# usually the case with pre-signed responses.\nif ( ! eval { Net::SSLeay::OCSPresponseverify($ssl,$resp,$req) }) {\ndie \"OCSP response verification failed\";\n}\n\n# Extract information from OCSPRESPONSE for each of the ids.\n\n# If called in scalar context it will return the time (as timet), when the\n# next update is due (minimum of all successful responses inside $resp). It\n# will croak on the following problems:\n# - response is expired or not yet valid\n# - no response for given OCSPCERTID\n# - certificate status is not good (e.g. revoked or unknown)\nif ( my $nextupd = eval { Net::SSLeay::OCSPresponseresults($resp,$id) }) {\nwarn \"certificate is valid, next update in \".\n($nextupd-time()).\" seconds\\n\";\n} else {\ndie \"certificate is not valid: $@\";\n}\n\n# But in array context it will return detailed information about each given\n# OCSPCERTID instead croaking on errors:\n# if no @ids are given it will return information about all single responses\n# in the OCSPRESPONSE\nmy @results = Net::SSLeay::OCSPresponseresults($resp,@ids);\nfor my $r (@results) {\nprint Dumper($r);\n# @results are in the same order as the @ids and contain:\n# $r->[0] - OCSPCERTID\n# $r->[1] - undef if no error (certificate good) OR error message as string\n# $r->[2] - hash with details:\n#   thisUpdate - timet of this single response\n#   nextUpdate - timet when update is expected\n#   statusType - integer:\n#      VOCSPCERTSTATUSGOOD(0)\n#      VOCSPCERTSTATUSREVOKED(1)\n#      VOCSPCERTSTATUSUNKNOWN(2)\n#   revocationTime - timet (only if revoked)\n#   revocationReason - integer (only if revoked)\n#   revocationReasonstr - reason as string (only if revoked)\n}\n\nTo further speed up certificate revocation checking one can use a TLS extension to instruct the\nserver to staple the OCSP response:\n\n# set TLS extension before doing SSLconnect\nNet::SSLeay::settlsextstatustype($ssl,\nNet::SSLeay::TLSEXTSTATUSTYPEocsp());\n\n# setup callback to verify OCSP response\nmy $certvalid = undef;\nNet::SSLeay::CTXsettlsextstatuscb($context,sub {\nmy ($ssl,$resp) = @;\nif (!$resp) {\n# Lots of servers don't return an OCSP response.\n# In this case we must check the OCSP status outside the SSL\n# handshake.\nwarn \"server did not return stapled OCSP response\\n\";\nreturn 1;\n}\n# verify status\nmy $status = Net::SSLeay::OCSPresponsestatus($resp);\nif ($status != Net::SSLeay::OCSPRESPONSESTATUSSUCCESSFUL()) {\nwarn \"OCSP response failure: $status\\n\";\nreturn 1;\n}\n# verify signature - we have no OCSPREQUEST here to check nonce\nif (!eval { Net::SSLeay::OCSPresponseverify($ssl,$resp) }) {\nwarn \"OCSP response verify failed\\n\";\nreturn 1;\n}\n# check if the certificate is valid\n# we should check here against the peercertificate\nmy $cert = Net::SSLeay::getpeercertificate();\nmy $certid = eval { Net::SSLeay::OCSPcert2ids($ssl,$cert) } or do {\nwarn \"cannot get certid from cert: $@\";\n$certvalid = -1;\nreturn 1;\n};\n\nif ( $nextupd = eval {\nNet::SSLeay::OCSPresponseresults($resp,$certid) }) {\nwarn \"certificate not revoked\\n\";\n$certvalid = 1;\n} else {\nwarn \"certificate not valid: $@\";\n$certvalid = 0;\n}\n});\n\n# do SSL handshake here\n....\n# check if certificate revocation was checked already\nif ( ! defined $certvalid) {\n# check revocation outside of SSL handshake by asking OCSP responder\n...\n} elsif ( ! $certvalid ) {\ndie \"certificate not valid - closing SSL connection\";\n} elsif ( $certvalid<0 ) {\ndie \"cannot verify certificate revocation - self-signed ?\";\n} else {\n# everything fine\n...\n}\n\n#### Using Net::SSLeay in multi-threaded applications\n\nIMPORTANT: versions 1.42 or earlier are not thread-safe!\n\nNet::SSLeay module implements all necessary stuff to be ready for multi-threaded environment -\nit requires openssl-0.9.7 or newer. The implementation fully follows thread safety related\nrequirements of openssl library(see <http://www.openssl.org/docs/crypto/threads.html>).\n\nIf you are about to use Net::SSLeay (or any other module based on Net::SSLeay) in multi-threaded\nperl application it is recommended to follow this best-practice:\n\nInitialization\nLoad and initialize Net::SSLeay module in the main thread:\n\nuse threads;\nuse Net::SSLeay;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub domasterjob {\n#... call whatever from Net::SSLeay\n}\n\nsub doworkerjob {\n#... call whatever from Net::SSLeay\n}\n\n#start threads\nmy $master  = threads->new(\\&domasterjob, 'param1', 'param2');\nmy @workers = threads->new(\\&doworkerjob, 'arg1', 'arg2') for (1..10);\n\n#waiting for all threads to finish\n$->join() for (threads->list);\n\nNOTE: Openssl's \"int SSLlibraryinit(void)\" function (which is also aliased as\n\"SSLeayaddsslalgorithms\", \"OpenSSLaddsslalgorithms\" and \"addsslalgorithms\") is not\nre-entrant and multiple calls can cause a crash in threaded application. Net::SSLeay implements\nflags preventing repeated calls to this function, therefore even multiple initialization via\nNet::SSLeay::SSLeayaddsslalgorithms() should work without trouble.\n\nUsing callbacks\nDo not use callbacks across threads (the module blocks cross-thread callback operations and\nthrows a warning). Always do the callback setup, callback use and callback destruction within\nthe same thread.\n\nUsing openssl elements\nAll openssl elements (X509, SSLCTX, ...) can be directly passed between threads.\n\nuse threads;\nuse Net::SSLeay;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub dojob {\nmy $context = shift;\nNet::SSLeay::CTXsetdefaultpasswdcb($context, sub { \"secret\" });\n#...\n}\n\nmy $c = Net::SSLeay::CTXnew();\nthreads->create(\\&dojob, $c);\n\nOr:\n\nuse threads;\nuse Net::SSLeay;\n\nmy $context; #does not need to be 'shared'\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub dojob {\nNet::SSLeay::CTXsetdefaultpasswdcb($context, sub { \"secret\" });\n#...\n}\n\n$context = Net::SSLeay::CTXnew();\nthreads->create(\\&dojob);\n\nUsing other perl modules based on Net::SSLeay\nIt should be fine to use any other module based on Net::SSLeay (like IO::Socket::SSL) in\nmulti-threaded applications. It is generally recommended to do any global initialization of such\na module in the main thread before calling \"threads->new(..)\" or \"threads->create(..)\" but it\nmight differ module by module.\n\nTo be safe you can load and init Net::SSLeay explicitly in the main thread:\n\nuse Net::SSLeay;\nuse Other::SSLeay::Based::Module;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nOr even safer:\n\nuse Net::SSLeay;\nuse Other::SSLeay::Based::Module;\n\nBEGIN {\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n}\n\nCombining Net::SSLeay with other modules linked with openssl\nBEWARE: This might be a big trouble! This is not guaranteed be thread-safe!\n\nThere are many other (XS) modules linked directly to openssl library (like Crypt::SSLeay).\n\nAs it is expected that also \"another\" module will call \"SSLeayaddsslalgorithms\" at some point\nwe have again a trouble with multiple openssl initialization by Net::SSLeay and \"another\"\nmodule.\n\nAs you can expect Net::SSLeay is not able to avoid multiple initialization of openssl library\ncalled by \"another\" module, thus you have to handle this on your own (in some cases it might not\nbe possible at all to avoid this).\n\nThreading with gethttps and friends\nThe convenience functions gethttps, posthttps etc all initialize the SSL library by calling\nNet::SSLeay::initialize which does the conventional library initialization:\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nNet::SSLeay::initialize initializes the SSL library at most once. You can override the\nNet::SSLeay::initialize function if you desire some other type of initialization behaviour by\ngethttps and friends. You can call Net::SSLeay::initialize from your own code if you desire\nthis conventional library initialization.\n\n#### Convenience routines\n\nTo be used with Low level API\n\nNet::SSLeay::randomize($rnseedfile,$additionalseed);\nNet::SSLeay::setcertandkey($ctx, $certpath, $keypath);\n$cert = Net::SSLeay::dumppeercertificate($ssl);\nNet::SSLeay::sslwriteall($ssl, $message) or die \"ssl write failure\";\n$got = Net::SSLeay::sslreadall($ssl) or die \"ssl read failure\";\n\n$got = Net::SSLeay::sslreadCRLF($ssl [, $maxlength]);\n$got = Net::SSLeay::sslreaduntil($ssl [, $delimit [, $maxlength]]);\nNet::SSLeay::sslwriteCRLF($ssl, $message);\n\n*   randomize\n\nseeds the openssl PRNG with \"/dev/urandom\" (see the top of \"SSLeay.pm\" for how to change or\nconfigure this) and optionally with user provided data. It is very important to properly\nseed your random numbers, so do not forget to call this. The high level API functions\nautomatically call \"randomize()\" so it is not needed with them. See also caveats.\n\n*   setcertandkey\n\ntakes two file names as arguments and sets the certificate and private key to those. This\ncan be used to set either server certificates or client certificates.\n\n*   dumppeercertificate\n\nallows you to get a plaintext description of the certificate the peer (usually the server)\npresented to us.\n\n*   sslreadall\n\nsee sslwriteall (below)\n\n*   sslwriteall\n\n\"sslreadall()\" and \"sslwriteall()\" provide true blocking semantics for these operations\n(see limitation, below, for explanation). These are much preferred to the low level API\nequivalents (which implement BSD blocking semantics). The message argument to\n\"sslwriteall()\" can be a reference. This is helpful to avoid unnecessary copying when\nwriting something big, e.g:\n\n$data = 'A' x 1000000000;\nNet::SSLeay::sslwriteall($ssl, \\$data) or die \"ssl write failed\";\n\n*   sslreadCRLF\n\nuses \"sslreadall()\" to read in a line terminated with a carriage return followed by a\nlinefeed (CRLF). The CRLF is included in the returned scalar.\n\n*   sslreaduntil\n\nuses \"sslreadall()\" to read from the SSL input stream until it encounters a programmer\nspecified delimiter. If the delimiter is undefined, $/ is used. If $/ is undefined, \"\\n\" is\nused. One can optionally set a maximum length of bytes to read from the SSL input stream.\n\n*   sslwriteCRLF\n\nwrites $message and appends CRLF to the SSL output stream.\n\n#### Initialization\n\nIn order to use the low level API you should start your programs with the following incantation:\n\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();    # Important!\nNet::SSLeay::ENGINEloadbuiltinengines();  # If you want built-in engines\nNet::SSLeay::ENGINEregisterallcomplete(); # If you want built-in engines\nNet::SSLeay::randomize();\n\n#### Error handling functions\n\nI can not emphasize the need to check for error enough. Use these functions even in the most\nsimple programs, they will reduce debugging time greatly. Do not ask questions on the mailing\nlist without having first sprinkled these in your code.\n\n*   dienow\n\n*   dieifsslerror\n\n\"dienow()\" and \"dieifsslerror()\" are used to conveniently print the SSLeay error stack\nwhen something goes wrong:\n\nNet::SSLeay::connect($ssl) or dienow(\"Failed SSL connect ($!)\");\n\n\nNet::SSLeay::write($ssl, \"foo\") or dieifsslerror(\"SSL write ($!)\");\n\n*   printerrs\n\nYou can also use \"Net::SSLeay::printerrs()\" to dump the error stack without exiting the\nprogram. As can be seen, your code becomes much more readable if you import the error\nreporting functions into your main name space.\n\n#### Sockets\n\nPerl uses file handles for all I/O. While SSLeay has a quite flexible BIO mechanism and perl has\nan evolved PerlIO mechanism, this module still sticks to using file descriptors. Thus to attach\nSSLeay to a socket you should use \"fileno()\" to extract the underlying file descriptor:\n\nNet::SSLeay::setfd($ssl, fileno(S));   # Must use fileno\n\nYou should also set $| to 1 to eliminate STDIO buffering so you do not get confused if you use\nperl I/O functions to manipulate your socket handle.\n\nIf you need to select(2) on the socket, go right ahead, but be warned that OpenSSL does some\ninternal buffering so SSLread does not always return data even if the socket selected for\nreading (just keep on selecting and trying to read). \"Net::SSLeay\" is no different from the C\nlanguage OpenSSL in this respect.\n\n#### Callbacks\n\nYou can establish a per-context verify callback function something like this:\n\nsub verify {\nmy ($ok, $x509storectx) = @;\nprint \"Verifying certificate...\\n\";\n...\nreturn $ok;\n}\n\nIt is used like this:\n\nNet::SSLeay::setverify ($ssl, Net::SSLeay::VERIFYPEER, \\&verify);\n\nPer-context callbacks for decrypting private keys are implemented.\n\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, sub { \"top-secret\" });\nNet::SSLeay::CTXusePrivateKeyfile($ctx, \"key.pem\",\nNet::SSLeay::FILETYPEPEM)\nor die \"Error reading private key\";\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, undef);\n\nIf Hello Extensions are supported by your OpenSSL, a session secret callback can be set up to be\ncalled when a session secret is set by openssl.\n\nEstablish it like this:\n\nNet::SSLeay::setsessionsecretcb($ssl, \\&sessionsecretcb, $somedata);\n\nIt will be called like this:\n\nsub sessionsecretcb\n{\nmy ($secret, \\@cipherlist, \\$preferredcipher, $somedata) = @;\n}\n\nNo other callbacks are implemented. You do not need to use any callback for simple (i.e. normal)\ncases where the SSLeay built-in verify mechanism satisfies your needs.\n\nIt is required to reset these callbacks to undef immediately after use to prevent memory leaks,\nthread safety problems and crashes on exit that can occur if different threads set different\ncallbacks.\n\nIf you want to use callback stuff, see examples/callback.pl! It's the only one I am able to make\nwork reliably.\n\n#### Low level API\n\nIn addition to the high level functions outlined above, this module contains straight-forward\naccess to CRYPTO and SSL parts of OpenSSL C API.\n\nSee the \"*.h\" headers from OpenSSL C distribution for a list of low level SSLeay functions to\ncall (check SSLeay.xs to see if some function has been implemented). The module strips the\ninitial \"SSL\" off of the SSLeay names. Generally you should use \"Net::SSLeay::\" in its place.\n\nNote that some functions are prefixed with \"P\" - these are very close to the original API\nhowever contain some kind of a wrapper making its interface more perl friendly.\n\nFor example:\n\nIn C:\n\n#include <ssl.h>\n\nerr = SSLsetverify (ssl, SSLVERIFYCLIENTONCE,\n&yourcallbackhere);\n\nIn Perl:\n\nuse Net::SSLeay;\n\n$err = Net::SSLeay::setverify ($ssl,\nNet::SSLeay::VERIFYCLIENTONCE,\n\\&yourcallbackhere);\n\nIf the function does not start with \"SSL\" you should use the full function name, e.g.:\n\n$err = Net::SSLeay::ERRgeterror;\n\nThe following new functions behave in perlish way:\n\n$got = Net::SSLeay::read($ssl);\n# Performs SSLread, but returns $got\n# resized according to data received.\n# Returns undef on failure.\n\nNet::SSLeay::write($ssl, $foo) || die;\n# Performs SSLwrite, but automatically\n# figures out the size of $foo\n\nLow level API: Version and library information related functions\n*   OpenSSLversionnum and SSLeay\n\nCOMPATIBILITY: SSLeay() is not available in Net-SSLeay-1.42 and before. SSLeay() was made an\nalias of OpenSSLversionnum() in OpenSSL 1.1.0 and LibreSSL 2.7.0.\n\nCOMPATIBILITY: OpenSSLversionnum() requires at least Net-SSLeay-1.82 with OpenSSL 1.1.0,\nor Net-SSLeay-1.88 with LibreSSL 2.7.0.\n\nBoth functions return OPENSSLVERSIONNUMBER constant (numeric) as defined by the underlying\nOpenSSL or LibreSSL library.\n\nmy $vernumber = Net::SSLeay::SSLeay();\nor\nmy $vernumber = Net::SSLeay::OpenSSLversionnum();\n# returns: OPENSSLVERSIONNUMBER constant\n\nOpenSSL version numbering is:\n\n# 0x00903100 => openssl-0.9.3\n# 0x00904100 => openssl-0.9.4\n# 0x00905100 => openssl-0.9.5\n# 0x0090600f => openssl-0.9.6\n# 0x0090601f => openssl-0.9.6a\n# ...\n# 0x009060df => openssl-0.9.6m\n# 0x0090700f => openssl-0.9.7\n# 0x0090701f => openssl-0.9.7a\n# ...\n# 0x009070df => openssl-0.9.7m\n# 0x0090800f => openssl-0.9.8\n# 0x0090801f => openssl-0.9.8a\n# ...\n# 0x0090821f => openssl-0.9.8zh\n# 0x1000000f => openssl-1.0.0\n# ...\n# 0x1000014f => openssl-1.0.0t\n# 0x1000100f => openssl-1.0.1\n# ...\n# 0x1000115f => openssl-1.0.1u\n# 0x1000200f => openssl-1.0.2\n# ...\n# 0x1000215f => openssl-1.0.2u\n# 0x1010000f => openssl-1.1.0\n# ...\n# 0x101000cf => openssl-1.1.0l\n# 0x1010100f => openssl-1.1.1\n# ...\n# 0x101010df => openssl-1.1.1m\n# 0x30000000 => openssl-3.0.0\n# 0x30000010 => openssl-3.0.1\n\nNote that OpenSSL 3.0.0 and later do not set the status nibble in the\nleast significant octet to f.\n\nLibreSSL returns 0x20000000 always:\n\n# 0x20000000 => libressl-2.2.1\n# ...\n# 0x20000000 => libressl-3.4.2\n\nYou can use the version number like this when you know that the underlying library is\nOpenSSL:\n\nif (Net::SSLeay::SSLeay() < 0x0090800f) {\ndie \"You need OpenSSL 0.9.8 or higher\";\n}\n\nLibresSSL 2.2.2 and later define constant LIBRESSLVERSIONNUMBER that gives the LibreSSL\nversion number. The format is the same that OpenSSL uses with OPENSSLVERSIONNUMBER. You\ncan do this if you need to check that the underlying library is LibreSSL and it's recent\nenough:\n\nif (Net::SSLeay::SSLeay() != 0x20000000 ||\nNet::SSLeay::LIBRESSLVERSIONNUMBER() < 0x3040200f) {\ndie \"You need LibreSSL. Version 3.4.2 or higher\";\n}\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversionnum.html>\n\nSee OpenSSL 1.1.1 and earlier documentation for the details of status nibble and the format\ninterpretation.\n\n*   SSLeayversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nReturns different strings depending on $type.\n\nmy $verstring = Net::SSLeay::SSLeayversion($type);\n# $type\n#   SSLEAYVERSION  - e.g. 'OpenSSL 1.0.0d 8 Feb 2011'\n#   SSLEAYCFLAGS   - e.g. 'compiler: gcc -DWINDLL -DOPENSSLUSEAPPLINK .....'\n#   SSLEAYBUILTON - e.g. 'built on: Fri May  6 00:00:46 GMT 2011'\n#   SSLEAYPLATFORM - e.g. 'platform: mingw'\n#   SSLEAYDIR      - e.g. 'OPENSSLDIR: \"z:/....\"'\n#\n# returns: string\n\nNet::SSLeay::SSLeayversion();\n#is equivalent to\nNet::SSLeay::SSLeayversion(SSLEAYVERSION);\n\nOpenSSL 1.1.0 changed SSLeayversion() to an alias of OpenSSLversion(). To ensure correct\nfunctionality with LibreSSL, use SSLEAY* constants with SSLeayversion() and OPENSSL*\nconstants with OpenSSLversion().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversion.html>\n\nOpenSSL website no longer has a manual page for SSLeayversion().\n\n*   OpenSSLversion\n\nCOMPATIBILITY: requires at least Net-SSLeay-1.82 with OpenSSL 1.1.0, or Net-SSLeay-1.88 with\nLibreSSL 2.7.0.\n\nReturns different strings depending on $t. Available $t constants depend on the library\nversion.\n\nmy $verstring = Net::SSLeay::OpenSSLversion($t);\n# $t\n#   OPENSSLVERSION     - e.g. 'OpenSSL 1.1.0g  2 Nov 2017'\n#   OPENSSLCFLAGS      - e.g. 'compiler: cc -DDSODLFCN -DHAVEDLFCNH .....'\n#   OPENSSLBUILTON    - e.g. 'built on: reproducible build, date unspecified'\n#   OPENSSLPLATFORM    - e.g. 'platform: darwin64-x8664-cc'\n#   OPENSSLDIR         - e.g. 'OPENSSLDIR: \"/opt/openssl-1.1.0g\"'\n#   OPENSSLENGINESDIR - e.g. 'ENGINESDIR: \"/opt/openssl-1.1.0g/lib/engines-1.1\"'\n#\n# returns: string\n\nNet::SSLeay::OpenSSLversion();\n#is equivalent to\nNet::SSLeay::OpenSSLversion(OPENSSLVERSION);\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversion.html>\n\n*   OPENSSLinfo\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1\n\nReturns different strings depending on $t. Available $t constants depend on the library\nversion.\n\nmy $infostring = Net::SSLeay::OPENSSLinfo($t);\n# $t\n#   OPENSSLINFOCONFIGDIR - e.g. '/opt/openssl-3.0.1'\n#   OPENSSLINFO...\n#\n# returns: string\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OPENSSLinfo.html>\n\n*   OPENSSLversionmajor, OPENSSLversionminor and OPENSSLversionpatch\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constants OPENSSLVERSIONMAJOR, OPENSSLVERSIONMINOR and OPENSSLVERSIONPATCH,\nrespectively.\n\nmy $major = Net::SSLeay::OPENSSLversionmajor();\nmy $minor = Net::SSLeay::OPENSSLversionminor();\nmy $patch = Net::SSLeay::OPENSSLversionpatch();\n#\n# return: integer\n\nFor example with OpenSSL 3.0.1, $major is 3, $minor is 0 and $patch is 1.\n\nNote: the constants record Net::SSLeay compile time values whereas the three functions\nreturn values from the library. Typically these are the same, but they can be different if\nthe library version is updated but Net::SSLeay is not re-compiled. See the OpenSSL and\nLibreSSL API/ABI compatibility statements for more information.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OPENSSLversionmajor.html>\n\n*   OPENSSLversionprerelease\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constant string defined by C macro OPENSSLVERSIONPRERELEASE.\n\nmy $prerelease = Net::SSLeay::OPENSSLversionprerelease();\n#\n# returns: string\n\nFor example: \"-alpha3\" or \"\" for a release version.\n\nWhen the macro is not defined, an empty string is returned instead.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OPENSSLversionprerelease.html>\n\n*   OPENSSLversionbuildmetadata()\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constant string defined by C macro OPENSSLVERSIONBUILDMETADATA.\n\nmy $metadata = Net::SSLeay::OPENSSLversionbuildmetadata();\n#\n# returns: string\n\nFor example: \"+fips\" or \"\".\n\nWhen the macro is not defined, an empty string is returned instead.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OPENSSLversionbuildmetadata.html>\n\nLow level API: Initialization related functions\n*   libraryinit\n\nInitialize SSL library by registering algorithms.\n\nmy $rv = Net::SSLeay::libraryinit();\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLlibraryinit.html>\n\nWhile the original function from OpenSSL always returns 1, Net::SSLeay adds a wrapper around\nit to make sure that the OpenSSL function is only called once. Thus the function will return\n1 if initialization was done and 0 if not, i.e. if initialization was done already before.\n\n*   addsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::addsslalgorithms();\n\n*   OpenSSLaddsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::OpenSSLaddsslalgorithms();\n\n*   SSLeayaddsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::SSLeayaddsslalgorithms();\n\n*   loaderrorstrings\n\nRegisters the error strings for all libcrypto + libssl related functions.\n\nNet::SSLeay::loaderrorstrings();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRloadcryptostrings.html>\n\n*   ERRloadcryptostrings\n\nRegisters the error strings for all libcrypto functions. No need to call this function if\nyou have already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadcryptostrings();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRloadcryptostrings.html>\n\n*   ERRloadRANDstrings\n\nRegisters the error strings for RAND related functions. No need to call this function if you\nhave already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadRANDstrings();\n#\n# returns: no return value\n\n*   ERRloadSSLstrings\n\nRegisters the error strings for SSL related functions. No need to call this function if you\nhave already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadSSLstrings();\n#\n# returns: no return value\n\n*   OpenSSLaddallalgorithms\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdd algorithms to internal table.\n\nNet::SSLeay::OpenSSLaddallalgorithms();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OpenSSLaddallalgorithms.html>\n\n*   OPENSSLaddallalgorithmsconf\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSimilar to \"OpenSSLaddallalgorithms\" - will ALWAYS load the config file\n\nNet::SSLeay::OPENSSLaddallalgorithmsconf();\n#\n# returns: no return value\n\n*   OPENSSLaddallalgorithmsnoconf\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSimilar to \"OpenSSLaddallalgorithms\" - will NEVER load the config file\n\nNet::SSLeay::OPENSSLaddallalgorithmsnoconf();\n#\n# returns: no return value\n\nLow level API: ERR* and SSLalert* related functions\nNOTE: Please note that SSLalert* function have \"SSL\" part stripped from their names.\n\n*   ERRclearerror\n\nClear the error queue.\n\nNet::SSLeay::ERRclearerror();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRclearerror.html>\n\n*   ERRerrorstring\n\nGenerates a human-readable string representing the error code $error.\n\nmy $rv = Net::SSLeay::ERRerrorstring($error);\n# $error - (unsigned integer) error code\n#\n# returns: string\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRerrorstring.html>\n\n*   ERRgeterror\n\nReturns the earliest error code from the thread's error queue and removes the entry. This\nfunction can be called repeatedly until there are no more error codes to return.\n\nmy $rv = Net::SSLeay::ERRgeterror();\n#\n# returns: (unsigned integer) error code\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRgeterror.html>\n\n*   ERRpeekerror\n\nReturns the earliest error code from the thread's error queue without modifying it.\n\nmy $rv = Net::SSLeay::ERRpeekerror();\n#\n# returns: (unsigned integer) error code\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRgeterror.html>\n\n*   ERRputerror\n\nAdds an error code to the thread's error queue. It signals that the error of $reason code\nreason occurred in function $func of library $lib, in line number $line of $file.\n\nNet::SSLeay::ERRputerror($lib, $func, $reason, $file, $line);\n# $lib - (integer) library id (check openssl/err.h for constants e.g. ERRLIBSSL)\n# $func - (integer) function id (check openssl/ssl.h for constants e.g. SSLFSSL23READ)\n# $reason - (integer) reason id (check openssl/ssl.h for constants e.g. SSLRSSLHANDSHAKEFAILURE)\n# $file - (string) file name\n# $line - (integer) line number in $file\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRputerror.html> and\n<http://www.openssl.org/docs/crypto/err.html>\n\n*   alertdescstring\n\nReturns a two letter string as a short form describing the reason of the alert specified by\nvalue.\n\nmy $rv = Net::SSLeay::alertdescstring($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: description string (2 letters)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alertdescstringlong\n\nReturns a string describing the reason of the alert specified by value.\n\nmy $rv = Net::SSLeay::alertdescstringlong($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: description string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alerttypestring\n\nReturns a one letter string indicating the type of the alert specified by value.\n\nmy $rv = Net::SSLeay::alerttypestring($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: string (1 letter)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alerttypestringlong\n\nReturns a string indicating the type of the alert specified by value.\n\nmy $rv = Net::SSLeay::alerttypestringlong($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\nLow level API: SSLMETHOD* related functions\n*   SSLv23method, SSLv23servermethod and SSLv23clientmethod\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to general-purpose version-flexible TLS method,\nthe return value can be later used as a param of \"CTXnewwithmethod\".\n\nNOTE: Consider using TLSmethod, TLSservermethod or TLSclientmethod with new code.\n\nmy $rv = Net::SSLeay::SSLv2method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\n*   SSLv2method\n\nReturns SSLMETHOD structure corresponding to SSLv2 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::SSLv2method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\n*   SSLv3method\n\nReturns SSLMETHOD structure corresponding to SSLv3 method, the return value can be later\nused as a param of \"CTXnewwithmethod\".\n\nmy $rv = Net::SSLeay::SSLv3method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv1method, TLSv1servermethod and TLSv1clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv1 method, the return value can be later\nused as a param of \"CTXnewwithmethod\".\n\nmy $rv = Net::SSLeay::TLSv1method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv11method, TLSv11servermethod and TLSv11clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv11 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::TLSv11method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv12method, TLSv12servermethod and TLSv12clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv12 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::TLSv12method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSmethod, TLSservermethod and TLSclientmethod\n\nCOMPATIBILITY: Not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to general-purpose version-flexible TLS method,\nthe return value can be later used as a param of \"CTXnewwithmethod\". Only available where\nsupported by the underlying openssl.\n\nmy $rv = Net::SSLeay::TLSmethod();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\nLow level API: ENGINE* related functions\n*   ENGINEloadbuiltinengines\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nLoad all bundled ENGINEs into memory and make them visible.\n\nNet::SSLeay::ENGINEloadbuiltinengines();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEregisterallcomplete\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nRegister all loaded ENGINEs for every algorithm they collectively implement.\n\nNet::SSLeay::ENGINEregisterallcomplete();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEsetdefault\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nSet default engine to $e + set its flags to $flags.\n\nmy $rv = Net::SSLeay::ENGINEsetdefault($e, $flags);\n# $e - value corresponding to openssl's ENGINE structure\n# $flags - (integer) engine flags\n#          flags value can be made by bitwise \"OR\"ing:\n#          0x0001 - ENGINEMETHODRSA\n#          0x0002 - ENGINEMETHODDSA\n#          0x0004 - ENGINEMETHODDH\n#          0x0008 - ENGINEMETHODRAND\n#          0x0010 - ENGINEMETHODECDH\n#          0x0020 - ENGINEMETHODECDSA\n#          0x0040 - ENGINEMETHODCIPHERS\n#          0x0080 - ENGINEMETHODDIGESTS\n#          0x0100 - ENGINEMETHODSTORE\n#          0x0200 - ENGINEMETHODPKEYMETHS\n#          0x0400 - ENGINEMETHODPKEYASN1METHS\n#          Obvious all-or-nothing cases:\n#          0xFFFF - ENGINEMETHODALL\n#          0x0000 - ENGINEMETHODNONE\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEbyid\n\nGet ENGINE by its identification $id.\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nmy $rv = Net::SSLeay::ENGINEbyid($id);\n# $id - (string) engine identification e.g. \"dynamic\"\n#\n# returns: value corresponding to openssl's ENGINE structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\nLow level API: EVPPKEY* related functions\n*   EVPPKEYcopyparameters\n\nCopies the parameters from key $from to key $to.\n\nmy $rv = Net::SSLeay::EVPPKEYcopyparameters($to, $from);\n# $to - value corresponding to openssl's EVPPKEY structure\n# $from - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYcmp.html>\n\n*   EVPPKEYnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new EVPPKEY structure.\n\nmy $rv = Net::SSLeay::EVPPKEYnew();\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYnew.html>\n\n*   EVPPKEYfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated EVPPKEY structure.\n\nNet::SSLeay::EVPPKEYfree($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYnew.html>\n\n*   EVPPKEYassignRSA\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSet the key referenced by $pkey to $key\n\nNOTE: No reference counter will be increased, i.e. $key will be freed if $pkey is freed.\n\nmy $rv = Net::SSLeay::EVPPKEYassignRSA($pkey, $key);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $key - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYassignRSA.html>\n\n*   EVPPKEYassignECKEY\n\nCOMPATIBILITY: not available in Net-SSLeay-1.74 and before\n\nSet the key referenced by $pkey to $key\n\nNOTE: No reference counter will be increased, i.e. $key will be freed if $pkey is freed.\n\nmy $rv = Net::SSLeay::EVPPKEYassignECKEY($pkey, $key);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $key - value corresponding to openssl's ECKEY structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYassignECKEY.html>\n\n*   EVPPKEYbits\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the size of the key $pkey in bits.\n\nmy $rv = Net::SSLeay::EVPPKEYbits($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: size in bits\n\n*   EVPPKEYsize\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the maximum size of a signature in bytes. The actual signature may be smaller.\n\nmy $rv = Net::SSLeay::EVPPKEYsize($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: the maximum size in bytes\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPSignInit.html>\n\n*   EVPPKEYid\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.0\n\nReturns $pkey type (integer value of corresponding NID).\n\nmy $rv = Net::SSLeay::EVPPKEYid($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: (integer) key type\n\nExample:\n\nmy $pubkey = Net::SSLeay::X509getpubkey($x509);\nmy $type = Net::SSLeay::EVPPKEYid($pubkey);\nprint Net::SSLeay::OBJnid2sn($type);             #prints e.g. 'rsaEncryption'\n\nLow level API: PEM* related functions\nCheck openssl doc <http://www.openssl.org/docs/crypto/pem.html>\n\n*   PEMreadbioX509\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted X509 certificate via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioX509($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $x509 = Net::SSLeay::PEMreadbioX509($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMreadbioX509REQ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted X509REQ object via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioX509REQ($bio, $x=NULL, $cb=NULL, $u=NULL);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $x509req = Net::SSLeay::PEMreadbioX509REQ($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMreadbioDHparams\n\nReads DH structure from BIO.\n\nmy $rv = Net::SSLeay::PEMreadbioDHparams($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's DH structure (0 on failure)\n\n*   PEMreadbioX509CRL\n\nReads X509CRL structure from BIO.\n\nmy $rv = Net::SSLeay::PEMreadbioX509CRL($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\n*   PEMreadbioPrivateKey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted private key via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioPrivateKey($bio, $cb, $data);\n# $bio - value corresponding to openssl's BIO structure\n# $cb - reference to perl callback function\n# $data - data that will be passed to callback function (see examples below)\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $privkey = Net::SSLeay::PEMreadbioPrivateKey($bio); #ask for password if needed\nNet::SSLeay::BIOfree($bio);\n\nTo use password you have the following options:\n\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, \\&callbackfunc); # use callback func for getting password\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, \\&callbackfunc, $data); # use callbackfunc + pass $data to callbackfunc\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, undef, \"secret\"); # use password \"secret\"\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, undef, \"\");       # use empty password\n\nCallback function signature:\n\nsub callbackfunc {\nmy ($maxpasswdsize, $rwflag, $data) = @;\n# $maxpasswdsize - maximum size of returned password (longer values will be discarded)\n# $rwflag - indicates whether we are loading (0) or storing (1) - for PEMreadbioPrivateKey always 0\n# $data - the data passed to PEMreadbioPrivateKey as 3rd parameter\n\nreturn \"secret\";\n}\n\n*   PEMX509INFOreadbio\n\nReads a BIO containing a PEM formatted file into a STACKOF(X509INFO) structure.\n\nmy $rv = Net::SSLeay::PEMX509INFOreadbio($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's STACKOF(X509INFO) structure.\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $skx509info = Net::SSLeay::PEMX509INFOreadbio($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMgetstringX509\n\nNOTE: Does not exactly correspond to any low level API function\n\nConverts/exports X509 certificate to string (PEM format).\n\nNet::SSLeay::PEMgetstringX509($x509);\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: string with $x509 in PEM format\n\n*   PEMgetstringPrivateKey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts public key $pk into PEM formatted string (optionally protected with password).\n\nmy $rv = Net::SSLeay::PEMgetstringPrivateKey($pk, $passwd, $encalg);\n# $pk - value corresponding to openssl's EVPPKEY structure\n# $passwd - [optional] (string) password to use for key encryption\n# $encalg - [optional] algorithm to use for key encryption (default: DESCBC) - value corresponding to openssl's EVPCIPHER structure\n#\n# returns: PEM formatted string\n\nExamples:\n\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk);\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk, \"secret\");\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk, \"secret\", Net::SSLeay::EVPgetcipherbyname(\"DES-EDE3-CBC\"));\n\n*   PEMgetstringX509CRL\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts X509CRL object $x509crl into PEM formatted string.\n\nNet::SSLeay::PEMgetstringX509CRL($x509crl);\n# $x509crl - value corresponding to openssl's X509CRL structure\n#\n# returns: no return value\n\n*   PEMgetstringX509REQ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts X509REQ object $x509crl into PEM formatted string.\n\nNet::SSLeay::PEMgetstringX509REQ($x509req);\n# $x509req - value corresponding to openssl's X509REQ structure\n#\n# returns: no return value\n\nLow level API: d2i* (DER format) related functions\n*   d2iX509bio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509 certificate via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509bio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509 = Net::SSLeay::d2iX509bio($bio);\nNet::SSLeay::BIOfree($bio);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/d2iX509.html>\n\n*   d2iX509CRLbio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509CRL object via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509CRLbio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509crl = Net::SSLeay::d2iX509CRLbio($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   d2iX509REQbio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509REQ object via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509REQbio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509req = Net::SSLeay::d2iX509REQbio($bio);\nNet::SSLeay::BIOfree($bio);\n\nLow level API: PKCS12 related functions\n*   PPKCS12loadfile\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads X509 certificate + private key + certificates of CA chain (if present in PKCS12 file).\n\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, $loadchain, $password);\n# $filename - name of PKCS12 file\n# $loadchain - [optional] whether load (1) or not(0) CA chain (default: 0)\n# $password - [optional] password for private key\n#\n# returns: triplet ($privkey, $cert, @cachain)\n#          $privkey - value corresponding to openssl's EVPPKEY structure\n#          $cert - value corresponding to openssl's X509 structure\n#          @cachain - array of values corresponding to openssl's X509 structure (empty if no CA chain in PKCS12)\n\nIMPORTANT NOTE: after you do the job you need to call X509free() on $privkey + all members\nof @cachain and EVPPKEYfree() on $privkey.\n\nExamples:\n\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename);\n#or\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename, 0, $password);\n#or\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, 1);\n#or\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, 1, $password);\n\n#BEWARE: THIS IS WRONG - MEMORY LEAKS! (you cannot free @cachain items)\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename, 1, $password);\n\nNOTE With some combinations of Windows, perl, compiler and compiler options, you may see a\nruntime error \"no OPENSSLApplink\", when calling Net::SSLeay::PPKCS12loadfile. See\nREADME.Win32 for more details.\n\nLow level API: SESSION* related functions\n*   d2iSSLSESSION\n\nCOMPATIBILITY: does not work in Net-SSLeay-1.85 and before\n\nTransforms the binary ASN1 representation string of an SSL/TLS session into an SSLSESSION\nobject.\n\nmy $ses = Net::SSLeay::d2iSSLSESSION($data);\n# $data - the session as ASN1 representation string\n#\n# returns: $ses - the new SSLSESSION\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/i2dSSLSESSION.html>\n\n*   i2dSSLSESSION\n\nCOMPATIBILITY: does not work in Net-SSLeay-1.85 and before\n\nTransforms the SSLSESSION object in into the ASN1 representation and returns it as string.\n\nmy $data = Net::SSLeay::i2dSSLSESSION($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: $data - session as string\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/d2iSSLSESSION.html>\n\n*   SESSIONnew\n\nCreates a new SSLSESSION structure.\n\nmy $rv = Net::SSLeay::SESSIONnew();\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\n*   SESSIONfree\n\nFree an allocated SSLSESSION structure.\n\nNet::SSLeay::SESSIONfree($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONfree.html>\n\n*   SESSIONupref\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL\n1.1.0-pre4 or LibreSSL 2.7.0\n\nIncreases the reference counter on a SSLSESSION structure.\n\nNet::SSLeay::SESSIONupref($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success else 0\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLSESSIONupref.html>\n\n*   SESSIONdup\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nDuplicates a SSLSESSION structure.\n\nNet::SSLeay::SESSIONdup($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: the duplicated session\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLSESSIONdup.html>\n\n*   SESSIONisresumable\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nDetermine whether an SSLSESSION object can be used for resumption.\n\nNet::SSLeay::SESSIONisresumable($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: (integer) 1 if it can or 0 if not\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLSESSIONisresumable.html>\n\n*   SESSIONcmp\n\nCompare two SSLSESSION structures.\n\nmy $rv = Net::SSLeay::SESSIONcmp($sesa, $sesb);\n# $sesa - value corresponding to openssl's SSLSESSION structure\n# $sesb - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 0 if the two structures are the same\n\nNOTE: Not available in openssl 1.0 or later\n\n*   SESSIONgetappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::SESSIONgetappdata($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: string/buffer/pointer ???\n\n*   SESSIONsetappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::SESSIONsetappdata($s, $a);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $a - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   SESSIONgetexdata\n\nIs used to retrieve the information for $idx from session $ses.\n\nmy $rv = Net::SSLeay::SESSIONgetexdata($ses, $idx);\n# $ses - value corresponding to openssl's SSLSESSION structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONsetexdata\n\nIs used to store application data at arg for idx into the session object.\n\nmy $rv = Net::SSLeay::SESSIONsetexdata($ss, $idx, $data);\n# $ss - value corresponding to openssl's SSLSESSION structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONgetexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::SESSIONgetexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONgetmasterkey\n\nNOTE: Does not exactly correspond to any low level API function\n\nReturns 'masterkey' value from SSLSESSION structure $s\n\nNet::SSLeay::SESSIONgetmasterkey($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: master key (binary data)\n\n*   SESSIONsetmasterkey\n\nSets 'masterkey' value for SSLSESSION structure $s\n\nNet::SSLeay::SESSIONsetmasterkey($s, $key);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $key - master key (binary data)\n#\n# returns: no return value\n\nNot available with OpenSSL 1.1 and later. Code that previously used SESSIONsetmasterkey\nmust now set $secret in the sessionsecret callback set with SSLsetsessionsecretcb.\n\n*   SESSIONgettime\n\nReturns the time at which the session s was established. The time is given in seconds since\n1.1.1970.\n\nmy $rv = Net::SSLeay::SESSIONgettime($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: timestamp (seconds since 1.1.1970)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   gettime\n\nTechnically the same functionality as \"SESSIONgettime\".\n\nmy $rv = Net::SSLeay::gettime($s);\n\n*   SESSIONgettimeout\n\nReturns the timeout value set for session $s in seconds.\n\nmy $rv = Net::SSLeay::SESSIONgettimeout($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: timeout (in seconds)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   gettimeout\n\nTechnically the same functionality as \"SESSIONgettimeout\".\n\nmy $rv = Net::SSLeay::gettimeout($s);\n\n*   SESSIONprint\n\nNOTE: Does not exactly correspond to any low level API function\n\nPrints session details (e.g. protocol version, cipher, session-id ...) to BIO.\n\nmy $rv = Net::SSLeay::SESSIONprint($fp, $ses);\n# $fp - value corresponding to openssl's BIO structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nYou have to use necessary BIO functions like this:\n\n# let us have $ssl corresponding to openssl's SSL structure\nmy $ses = Net::SSLeay::getsession($ssl);\nmy $bio = Net::SSLeay::BIOnew(&Net::SSLeay::BIOsmem);\nNet::SSLeay::SESSIONprint($bio, $ses);\nprint Net::SSLeay::BIOread($bio);\n\n*   SESSIONprintfp\n\nPrints session details (e.g. protocol version, cipher, session-id ...) to file handle.\n\nmy $rv = Net::SSLeay::SESSIONprintfp($fp, $ses);\n# $fp - perl file handle\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nExample:\n\n# let us have $ssl corresponding to openssl's SSL structure\nmy $ses = Net::SSLeay::getsession($ssl);\nopen my $fh, \">\", \"output.txt\";\nNet::SSLeay::SESSIONprintfp($fh,$ses);\n\n*   SESSIONsettime\n\nReplaces the creation time of the session s with the chosen value $t (seconds since\n1.1.1970).\n\nmy $rv = Net::SSLeay::SESSIONsettime($ses, $t);\n# $ses - value corresponding to openssl's SSLSESSION structure\n# $t - time value\n#\n# returns: 1 on success\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   settime\n\nTechnically the same functionality as \"SESSIONsettime\".\n\nmy $rv = Net::SSLeay::settime($ses, $t);\n\n*   SESSIONsettimeout\n\nSets the timeout value for session s in seconds to $t.\n\nmy $rv = Net::SSLeay::SESSIONsettimeout($s, $t);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $t - timeout (in seconds)\n#\n# returns: 1 on success\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   settimeout\n\nTechnically the same functionality as \"SESSIONsettimeout\".\n\nmy $rv = Net::SSLeay::settimeout($ses, $t);\n\nLow level API: SSLCTX* related functions\nNOTE: Please note that the function described in this chapter have \"SSL\" part stripped from\ntheir original openssl names.\n\n*   CTXaddclientCA\n\nAdds the CA name extracted from $cacert to the list of CAs sent to the client when\nrequesting a client certificate for $ctx.\n\nmy $rv = Net::SSLeay::CTXaddclientCA($ctx, $cacert);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cacert - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   CTXaddextrachaincert\n\nAdds the certificate $x509 to the certificate chain presented together with the certificate.\nSeveral certificates can be added one after the other.\n\nmy $rv = Net::SSLeay::CTXaddextrachaincert($ctx, $x509);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, check out the error stack to find out the reason for failure otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddextrachaincert.html>\n\n*   CTXaddsession\n\nAdds the session $ses to the context $ctx.\n\nmy $rv = Net::SSLeay::CTXaddsession($ctx, $ses);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddsession.html>\n\n*   CTXcallbackctrl\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::CTXcallbackctrl($ctx, $cmd, $fp);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cmd - (integer) command id\n# $fp - (function pointer) ???\n#\n# returns: ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   CTXcheckprivatekey\n\nChecks the consistency of a private key with the corresponding certificate loaded into $ctx.\n\nmy $rv = Net::SSLeay::CTXcheckprivatekey($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXctrl\n\nInternal handling function for SSLCTX objects.\n\nBEWARE: openssl doc says: This function should never be called directly!\n\nmy $rv = Net::SSLeay::CTXctrl($ctx, $cmd, $larg, $parg);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cmd - (integer) command id\n# $larg - (integer) long ???\n# $parg - (string/pointer) ???\n#\n# returns: (long) result of given command ???\n\n#valid $cmd values\n1 - SSLCTRLNEEDTMPRSA\n2 - SSLCTRLSETTMPRSA\n3 - SSLCTRLSETTMPDH\n4 - SSLCTRLSETTMPECDH\n5 - SSLCTRLSETTMPRSACB\n6 - SSLCTRLSETTMPDHCB\n7 - SSLCTRLSETTMPECDHCB\n8 - SSLCTRLGETSESSIONREUSED\n9 - SSLCTRLGETCLIENTCERTREQUEST\n10 - SSLCTRLGETNUMRENEGOTIATIONS\n11 - SSLCTRLCLEARNUMRENEGOTIATIONS\n12 - SSLCTRLGETTOTALRENEGOTIATIONS\n13 - SSLCTRLGETFLAGS\n14 - SSLCTRLEXTRACHAINCERT\n15 - SSLCTRLSETMSGCALLBACK\n16 - SSLCTRLSETMSGCALLBACKARG\n17 - SSLCTRLSETMTU\n20 - SSLCTRLSESSNUMBER\n21 - SSLCTRLSESSCONNECT\n22 - SSLCTRLSESSCONNECTGOOD\n23 - SSLCTRLSESSCONNECTRENEGOTIATE\n24 - SSLCTRLSESSACCEPT\n25 - SSLCTRLSESSACCEPTGOOD\n26 - SSLCTRLSESSACCEPTRENEGOTIATE\n27 - SSLCTRLSESSHIT\n28 - SSLCTRLSESSCBHIT\n29 - SSLCTRLSESSMISSES\n30 - SSLCTRLSESSTIMEOUTS\n31 - SSLCTRLSESSCACHEFULL\n32 - SSLCTRLOPTIONS\n33 - SSLCTRLMODE\n40 - SSLCTRLGETREADAHEAD\n41 - SSLCTRLSETREADAHEAD\n42 - SSLCTRLSETSESSCACHESIZE\n43 - SSLCTRLGETSESSCACHESIZE\n44 - SSLCTRLSETSESSCACHEMODE\n45 - SSLCTRLGETSESSCACHEMODE\n50 - SSLCTRLGETMAXCERTLIST\n51 - SSLCTRLSETMAXCERTLIST\n52 - SSLCTRLSETMAXSENDFRAGMENT\n53 - SSLCTRLSETTLSEXTSERVERNAMECB\n54 - SSLCTRLSETTLSEXTSERVERNAMEARG\n55 - SSLCTRLSETTLSEXTHOSTNAME\n56 - SSLCTRLSETTLSEXTDEBUGCB\n57 - SSLCTRLSETTLSEXTDEBUGARG\n58 - SSLCTRLGETTLSEXTTICKETKEYS\n59 - SSLCTRLSETTLSEXTTICKETKEYS\n60 - SSLCTRLSETTLSEXTOPAQUEPRFINPUT\n61 - SSLCTRLSETTLSEXTOPAQUEPRFINPUTCB\n62 - SSLCTRLSETTLSEXTOPAQUEPRFINPUTCBARG\n63 - SSLCTRLSETTLSEXTSTATUSREQCB\n64 - SSLCTRLSETTLSEXTSTATUSREQCBARG\n65 - SSLCTRLSETTLSEXTSTATUSREQTYPE\n66 - SSLCTRLGETTLSEXTSTATUSREQEXTS\n67 - SSLCTRLSETTLSEXTSTATUSREQEXTS\n68 - SSLCTRLGETTLSEXTSTATUSREQIDS\n69 - SSLCTRLSETTLSEXTSTATUSREQIDS\n70 - SSLCTRLGETTLSEXTSTATUSREQOCSPRESP\n71 - SSLCTRLSETTLSEXTSTATUSREQOCSPRESP\n72 - SSLCTRLSETTLSEXTTICKETKEYCB\n73 - DTLSCTRLGETTIMEOUT\n74 - DTLSCTRLHANDLETIMEOUT\n75 - DTLSCTRLLISTEN\n76 - SSLCTRLGETRISUPPORT\n77 - SSLCTRLCLEAROPTIONS\n78 - SSLCTRLCLEARMODE\n\n82 - SSLCTRLGETEXTRACHAINCERTS\n83 - SSLCTRLCLEAREXTRACHAINCERTS\n\n88 - SSLCTRLCHAIN\n89 - SSLCTRLCHAINCERT\n\n90 - SSLCTRLGETCURVES\n91 - SSLCTRLSETCURVES\n92 - SSLCTRLSETCURVESLIST\n93 - SSLCTRLGETSHAREDCURVE\n94 - SSLCTRLSETECDHAUTO\n97 - SSLCTRLSETSIGALGS\n98 - SSLCTRLSETSIGALGSLIST\n99 - SSLCTRLCERTFLAGS\n100 - SSLCTRLCLEARCERTFLAGS\n101 - SSLCTRLSETCLIENTSIGALGS\n102 - SSLCTRLSETCLIENTSIGALGSLIST\n103 - SSLCTRLGETCLIENTCERTTYPES\n104 - SSLCTRLSETCLIENTCERTTYPES\n105 - SSLCTRLBUILDCERTCHAIN\n106 - SSLCTRLSETVERIFYCERTSTORE\n107 - SSLCTRLSETCHAINCERTSTORE\n108 - SSLCTRLGETPEERSIGNATURENID\n109 - SSLCTRLGETSERVERTMPKEY\n110 - SSLCTRLGETRAWCIPHERLIST\n111 - SSLCTRLGETECPOINTFORMATS\n112 - SSLCTRLGETTLSARECORD\n113 - SSLCTRLSETTLSARECORD\n114 - SSLCTRLPULLTLSARECORD\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   CTXflushsessions\n\nCauses a run through the session cache of $ctx to remove sessions expired at time $tm.\n\nNet::SSLeay::CTXflushsessions($ctx, $tm);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $tm - specifies the time which should be used for the expiration test (seconds since 1.1.1970)\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXflushsessions.html>\n\n*   CTXfree\n\nFree an allocated SSLCTX object.\n\nNet::SSLeay::CTXfree($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXfree.html>\n\n*   CTXgetappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::CTXgetappdata($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: string/buffer/pointer ???\n\n*   CTXsetappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::CTXsetappdata($ctx, $arg);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arg - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   CTXget0param\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nReturns the current verification parameters.\n\nmy $vpm = Net::SSLeay::CTXget0param($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   CTXgetcertstore\n\nReturns the current certificate verification storage.\n\nmy $rv = Net::SSLeay::CTXgetcertstore($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509STORE structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertstore.html>\n\n*   CTXgetclientCAlist\n\nReturns the list of client CAs explicitly set for $ctx using \"CTXsetclientCAlist\".\n\nmy $rv = Net::SSLeay::CTXgetclientCAlist($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509NAMESTACK structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetclientCAlist.html>\n\n*   CTXgetexdata\n\nIs used to retrieve the information for index $idx from $ctx.\n\nmy $rv = Net::SSLeay::CTXgetexdata($ssl, $idx);\n# $ssl - value corresponding to openssl's SSLCTX structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXgetexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::CTXgetexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXgetmode\n\nReturns the mode set for ctx.\n\nmy $rv = Net::SSLeay::CTXgetmode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\n#to decode the return value (bitmask) use:\n0x00000001 corresponds to SSLMODEENABLEPARTIALWRITE\n0x00000002 corresponds to SSLMODEACCEPTMOVINGWRITEBUFFER\n0x00000004 corresponds to SSLMODEAUTORETRY\n0x00000008 corresponds to SSLMODENOAUTOCHAIN\n0x00000010 corresponds to SSLMODERELEASEBUFFERS\n(note: some of the bits might not be supported by older openssl versions)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   CTXsetmode\n\nAdds the mode set via bitmask in $mode to $ctx. Options already set before are not cleared.\n\nmy $rv = Net::SSLeay::CTXsetmode($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode bitmask\n#\n# returns: the new mode bitmask after adding $mode\n\nFor bitmask details see \"CTXgetmode\" (above).\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   CTXgetoptions\n\nReturns the options (bitmask) set for $ctx.\n\nmy $rv = Net::SSLeay::CTXgetoptions($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: options (bitmask)\n\nBEWARE: The available constants and their values in bitmask depend on the TLS library. For\nexample, SSLOPNOTLSv13 became available much later than SSLOPNOCOMPRESS which is\nalready deprecated by some libraries. Also, some previously used option values have been\nrecycled and are now used for newer options. See the list of constants in this document for\noptions Net::SSLeay currently supports.\n\nYou are strongly encouraged to check your TLS library if you need to use numeric values\ndirectly. The following is a sample of historic values. It may not be correct anymore.\n\n#to decode the return value (bitmask) use:\n0x00000004 corresponds to SSLOPLEGACYSERVERCONNECT\n0x00000800 corresponds to SSLOPDONTINSERTEMPTYFRAGMENTS\n0x00004000 corresponds to SSLOPNOTICKET\n0x00010000 corresponds to SSLOPNOSESSIONRESUMPTIONONRENEGOTIATION\n0x00400000 corresponds to SSLOPCIPHERSERVERPREFERENCE\n0x04000000 corresponds to SSLOPNOTLSv1\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetoptions.html>\n\n*   CTXsetoptions\n\nAdds the options set via bitmask in $options to ctx. Options already set before are not\ncleared.\n\nNet::SSLeay::CTXsetoptions($ctx, $options);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $options - options bitmask\n#\n# returns: the new options bitmask after adding $options\n\nFor bitmask details see \"CTXgetoptions\" (above).\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetoptions.html>\n\n*   CTXgetquietshutdown\n\nReturns the 'quiet shutdown' setting of $ctx.\n\nmy $rv = Net::SSLeay::CTXgetquietshutdown($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) the current setting\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   CTXgetreadahead\n\nmy $rv = Net::SSLeay::CTXgetreadahead($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) readahead value\n\n*   CTXgetsessioncachemode\n\nReturns the currently used cache mode (bitmask).\n\nmy $rv = Net::SSLeay::CTXgetsessioncachemode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\nBEWARE: SESSCACHEOFF and other constants are not available in Net-SSLeay-1.82 and before.\nIf the constants are not available, the following values have historically been correct. You\nare strongly encouraged to check your TLS library for the current values.\n\n#to decode the return value (bitmask) use:\n0x0000 corresponds to SSLSESSCACHEOFF\n0x0001 corresponds to SSLSESSCACHECLIENT\n0x0002 corresponds to SSLSESSCACHESERVER\n0x0080 corresponds to SSLSESSCACHENOAUTOCLEAR\n0x0100 corresponds to SSLSESSCACHENOINTERNALLOOKUP\n0x0200 corresponds to SSLSESSCACHENOINTERNALSTORE\n(note: some of the bits might not be supported by older openssl versions)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessioncachemode.html>\n\n*   CTXsetsessioncachemode\n\nEnables/disables session caching by setting the operational mode for $ctx to $mode.\n\nmy $rv = Net::SSLeay::CTXsetsessioncachemode($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode (bitmask)\n#\n# returns: previously set cache mode\n\nFor bitmask details see \"CTXgetsessioncachemode\" (above).\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessioncachemode.html>\n\n*   CTXgettimeout\n\nReturns the currently set timeout value for $ctx.\n\nmy $rv = Net::SSLeay::CTXgettimeout($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: timeout in seconds\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettimeout.html>\n\n*   CTXgetverifydepth\n\nReturns the verification depth limit currently set in $ctx. If no limit has been explicitly\nset, -1 is returned and the default value will be used.\n\nmy $rv = Net::SSLeay::CTXgetverifydepth($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: depth limit currently set in $ctx, -1 if no limit has been explicitly set\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   CTXgetverifymode\n\nReturns the verification mode (bitmask) currently set in $ctx.\n\nmy $rv = Net::SSLeay::CTXgetverifymode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\nFor bitmask details see \"CTXsetverify\".\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetverifymode.html>\n\n*   CTXsetverify\n\nSets the verification flags for $ctx to be $mode and specifies the verifycallback function\nto be used.\n\nNet::SSLeay::CTXsetverify($ctx, $mode, $callback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode (bitmask), see OpenSSL manual\n# $callback - [optional] reference to perl callback function\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetverify.html>\n\n*   CTXsetposthandshakeauth\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nEnable the Post-Handshake Authentication extension to be added to the ClientHello such that\npost-handshake authentication can be requested by the server.\n\nNet::SSLeay::CTXsetposthandshakeauth($ctx, $val);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $val - 0 then the extension is not sent, otherwise it is\n#\n# returns: no return value\n\nCheck openssl doc\nhttps://www.openssl.org/docs/manmaster/man3/SSLCTXsetposthandshakeauth\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetposthandshakeauth.html>\n\n*   CTXloadverifylocations\n\nSpecifies the locations for $ctx, at which CA certificates for verification purposes are\nlocated. The certificates available via $CAfile and $CApath are trusted.\n\nmy $rv = Net::SSLeay::CTXloadverifylocations($ctx, $CAfile, $CApath);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $CAfile - (string) file of CA certificates in PEM format, the file can contain several CA certificates (or '')\n# $CApath - (string) directory containing CA certificates in PEM format (or '')\n#\n# returns: 1 on success, 0 on failure (check the error stack to find out the reason)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXloadverifylocations.html>\n\n*   CTXneedtmpRSA\n\nReturn the result of \"SSLCTXctrl(ctx,SSLCTRLNEEDTMPRSA,0,NULL)\"\n\nmy $rv = Net::SSLeay::CTXneedtmpRSA($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: result of SSLCTRLNEEDTMPRSA command\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXnew\n\nThe same as \"CTXv23new\"\n\nmy $rv = Net::SSLeay::CTXnew();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXv2new\n\nCreates a new SSLCTX object - based on SSLv2method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv2new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXv23new\n\nCreates a new SSLCTX object - based on SSLv23method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv23new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXv3new\n\nCreates a new SSLCTX object - based on SSLv3method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv3new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv1new\n\nCreates a new SSLCTX object - based on TLSv1method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXtlsv1new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv11new\n\nCreates a new SSLCTX object - based on TLSv11method() - as framework to establish TLS/SSL\nenabled connections. Only available where supported by the underlying openssl.\n\nmy $rv = Net::SSLeay::CTXtlsv11new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv12new\n\nCreates a new SSLCTX object - based on TLSv12method() - as framework to establish TLS/SSL\nenabled connections. Only available where supported by the underlying openssl.\n\nmy $rv = Net::SSLeay::CTXtlsv12new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXnewwithmethod\n\nCreates a new SSLCTX object based on $meth method\n\nmy $rv = Net::SSLeay::CTXnewwithmethod($meth);\n# $meth - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n#example\nmy $ctx = Net::SSLeay::CTXnewwithmethod(&Net::SSLeay::TLSv1method);\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   CTXsetminprotoversion, CTXsetmaxprotoversion, setminprotoversion and\nsetmaxprotoversion,\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0-pre2 or LibreSSL 2.6.0\n\nSet the minimum and maximum supported protocol for $ctx or $ssl.\n\nmy $rv = Net::SSLeay::CTXsetminprotoversion($ctx, $version)\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $version - (integer) constat version value or 0 for automatic lowest or highest value\n#\n# returns: 1 on success, 0 on failure\n\n#example: allow only TLS 1.2 for a SSLCTX\nmy $rvmin = Net::SSLeay::CTXsetminprotoversion($ctx, Net::SSLeay::TLS12VERSION());\nmy $rvmax = Net::SSLeay::CTXsetmaxprotoversion($ctx, Net::SSLeay::TLS12VERSION());\n\n#example: allow only TLS 1.1 for a SSL\nmy $rvmin = Net::SSLeay::setminprotoversion($ssl, Net::SSLeay::TLS11VERSION());\nmy $rvmax = Net::SSLeay::setmaxprotoversion($ssl, Net::SSLeay::TLS11VERSION());\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetminprotoversion.html>\n\n*   CTXgetminprotoversion, CTXgetmaxprotoversion, getminprotoversion and\ngetmaxprotoversion,\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0g\n\nGet the minimum and maximum supported protocol for $ctx or $ssl.\n\nmy $version = Net::SSLeay::CTXgetminprotoversion($ctx)\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 0 automatic lowest or highest value, configured value otherwise\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetminprotoversion.html>\n\n*   CTXremovesession\n\nRemoves the session $ses from the context $ctx.\n\nmy $rv = Net::SSLeay::CTXremovesession($ctx, $ses);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddsession.html>\n\n*   CTXsessaccept\n\nmy $rv = Net::SSLeay::CTXsessaccept($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of started SSL/TLS handshakes in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessacceptgood\n\nmy $rv = Net::SSLeay::CTXsessacceptgood($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully established SSL/TLS sessions in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessacceptrenegotiate\n\nmy $rv = Net::SSLeay::CTXsessacceptrenegotiate($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of start renegotiations in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesscachefull\n\nmy $rv = Net::SSLeay::CTXsesscachefull($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions that were removed because the maximum session cache size was exceeded\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesscbhits\n\nmy $rv = Net::SSLeay::CTXsesscbhits($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully retrieved sessions from the external session cache in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnect\n\nmy $rv = Net::SSLeay::CTXsessconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of started SSL/TLS handshakes in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnectgood\n\nmy $rv = Net::SSLeay::CTXsessconnectgood($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully established SSL/TLS sessions in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnectrenegotiate\n\nmy $rv = Net::SSLeay::CTXsessconnectrenegotiate($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of start renegotiations in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessgetcachesize\n\nReturns the currently valid session cache size.\n\nmy $rv = Net::SSLeay::CTXsessgetcachesize($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: current size\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsesssetcachesize.html>\n\n*   CTXsesshits\n\nmy $rv = Net::SSLeay::CTXsesshits($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully reused sessions\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessmisses\n\nmy $rv = Net::SSLeay::CTXsessmisses($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions proposed by clients that were not found in the internal session cache in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessnumber\n\nmy $rv = Net::SSLeay::CTXsessnumber($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: current number of sessions in the internal session cache\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesssetcachesize\n\nSets the size of the internal session cache of context $ctx to $size.\n\nNet::SSLeay::CTXsesssetcachesize($ctx, $size);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $size - cache size (0 = unlimited)\n#\n# returns: previously valid size\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsesssetcachesize.html>\n\n*   CTXsesstimeouts\n\nReturns the number of sessions proposed by clients and either found in the internal or\nexternal session cache in server mode, but that were invalid due to timeout. These sessions\nare not included in the SSLCTXsesshits count.\n\nmy $rv = Net::SSLeay::CTXsesstimeouts($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesssetnewcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before\n\nSets the callback function, which is automatically called whenever a new session was\nnegotiated.\n\nNet::SSLeay::CTXsesssetnewcb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsesssetnewcb.html>\n\n*   CTXsesssetremovecb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before\n\nSets the callback function, which is automatically called whenever a session is removed by\nthe SSL engine.\n\nNet::SSLeay::CTXsesssetremovecb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsesssetremovecb.html>\n\n*   CTXsessions\n\nReturns a pointer to the lhash databases containing the internal session cache for ctx.\n\nmy $rv = Net::SSLeay::CTXsessions($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's LHASH structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessions.html>\n\n*   CTXset1param\n\nCOMPATIBILITY: requires at least OpenSSL 1.0.0-beta3\n\nApplies X509 verification parameters $vpm on $ctx\n\nmy $rv = Net::SSLeay::CTXset1param($ctx, $vpm);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $vpm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   CTXsetcertstore\n\nSets/replaces the certificate verification storage of $ctx to/with $store.\n\nNet::SSLeay::CTXsetcertstore($ctx, $store);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $store - value corresponding to openssl's X509STORE structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertstore.html>\n\n*   CTXsetcertverifycallback\n\nSets the verification callback function for $ctx. SSL objects that are created from $ctx\ninherit the setting valid at the time when \"Net::SSLeay::new($ctx)\" is called.\n\nNet::SSLeay::CTXsetcertverifycallback($ctx, $func, $data);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertverifycallback.html>\n\n*   CTXsetcipherlist\n\nSets the list of available ciphers for $ctx using the control string $str. The list of\nciphers is inherited by all ssl objects created from $ctx.\n\nmy $rv = Net::SSLeay::CTXsetcipherlist($s, $str);\n# $s - value corresponding to openssl's SSLCTX structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nThe format of $str is described in\n<https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html>\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetcipherlist.html>\n\n*   CTXsetciphersuites\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nConfigure the available TLSv1.3 ciphersuites.\n\nmy $rv = Net::SSLeay::CTXsetciphersuites($ctx, $str);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $str  - colon (\":\") separated list of TLSv1.3 ciphersuite names in order of preference\n#\n# returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetciphersuites.html>\n\n*   CTXsetclientCAlist\n\nSets the list of CAs sent to the client when requesting a client certificate for $ctx.\n\nNet::SSLeay::CTXsetclientCAlist($ctx, $list);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $list - value corresponding to openssl's X509NAMESTACK structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   CTXsetdefaultpasswdcb\n\nSets the default password callback called when loading/storing a PEM certificate with\nencryption.\n\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   CTXsetdefaultpasswdcbuserdata\n\nSets a pointer to userdata which will be provided to the password callback on invocation.\n\nNet::SSLeay::CTXsetdefaultpasswdcbuserdata($ctx, $userdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $userdata - data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   CTXsetdefaultverifypaths\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::CTXsetdefaultverifypaths($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 1 on success, 0 on failure\n\n*   CTXsetexdata\n\nIs used to store application data at $data for $idx into the $ctx object.\n\nmy $rv = Net::SSLeay::CTXsetexdata($ssl, $idx, $data);\n# $ssl - value corresponding to openssl's SSLCTX structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXsetpurpose\n\nmy $rv = Net::SSLeay::CTXsetpurpose($s, $purpose);\n# $s - value corresponding to openssl's SSLCTX structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\n#avainable purpose identifier\n1 - X509PURPOSESSLCLIENT\n2 - X509PURPOSESSLSERVER\n3 - X509PURPOSENSSSLSERVER\n4 - X509PURPOSESMIMESIGN\n5 - X509PURPOSESMIMEENCRYPT\n6 - X509PURPOSECRLSIGN\n7 - X509PURPOSEANY\n8 - X509PURPOSEOCSPHELPER\n9 - X509PURPOSETIMESTAMPSIGN\n\n#or use corresponding constants\n$purpose = &Net::SSLeay::X509PURPOSESSLCLIENT;\n...\n$purpose = &Net::SSLeay::X509PURPOSETIMESTAMPSIGN;\n\n*   CTXsetquietshutdown\n\nSets the 'quiet shutdown' flag for $ctx to be mode. SSL objects created from $ctx inherit\nthe mode valid at the time \"Net::SSLeay::new($ctx)\" is called.\n\nNet::SSLeay::CTXsetquietshutdown($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - 0 or 1\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   CTXsetreadahead\n\nmy $rv = Net::SSLeay::CTXsetreadahead($ctx, $val);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $val - readahead value to be set\n#\n# returns: the original readahead value\n\n*   CTXsetsessionidcontext\n\nSets the context $sidctx of length $sidctxlen within which a session can be reused for\nthe $ctx object.\n\nmy $rv = Net::SSLeay::CTXsetsessionidcontext($ctx, $sidctx, $sidctxlen);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $sidctx - data buffer\n# $sidctxlen - length of data in $sidctx\n#\n# returns: 1 on success, 0 on failure (the error is logged to the error stack)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessionidcontext.html>\n\n*   CTXsetsslversion\n\nSets a new default TLS/SSL method for SSL objects newly created from this $ctx. SSL objects\nalready created with \"Net::SSLeay::new($ctx)\" are not affected, except when\n\"Net::SSLeay:clear($ssl)\" is being called.\n\nmy $rv = Net::SSLeay::CTXsetsslversion($ctx, $meth);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $meth - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   CTXsettimeout\n\nSets the timeout for newly created sessions for $ctx to $t. The timeout value $t must be\ngiven in seconds.\n\nmy $rv = Net::SSLeay::CTXsettimeout($ctx, $t);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $t - timeout in seconds\n#\n# returns: previously set timeout value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettimeout.html>\n\n*   CTXsettmpdh\n\nSets DH parameters to be used to be $dh. The key is inherited by all ssl objects created\nfrom $ctx.\n\nmy $rv = Net::SSLeay::CTXsettmpdh($ctx, $dh);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   CTXsettmpdhcallback\n\nSets the callback function for $ctx to be used when a DH parameters are required to\n$tmpdhcallback.\n\nNet::SSLeay::CTXsettmpdhcallback($ctx, $tmpdhcallback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# tmpdhcallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   CTXsettmprsa\n\nSets the temporary/ephemeral RSA key to be used to be $rsa.\n\nmy $rv = Net::SSLeay::CTXsettmprsa($ctx, $rsa);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXsettmprsacallback\n\nSets the callback function for ctx to be used when a temporary/ephemeral RSA key is required\nto $tmprsacallback.\n\n??? (does this function really work?)\n\nNet::SSLeay::CTXsettmprsacallback($ctx, $tmprsacallback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $tmprsacallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXsettrust\n\nmy $rv = Net::SSLeay::CTXsettrust($s, $trust);\n# $s - value corresponding to openssl's SSLCTX structure\n# $trust - (integer) trust identifier\n#\n# returns: the original value\n\n#available trust identifiers\n1 - X509TRUSTCOMPAT\n2 - X509TRUSTSSLCLIENT\n3 - X509TRUSTSSLSERVER\n4 - X509TRUSTEMAIL\n5 - X509TRUSTOBJECTSIGN\n6 - X509TRUSTOCSPSIGN\n7 - X509TRUSTOCSPREQUEST\n8 - X509TRUSTTSA\n\n#or use corresponding constants\n$trust = &Net::SSLeay::X509TRUSTCOMPAT;\n...\n$trust = &Net::SSLeay::X509TRUSTTSA;\n\n*   CTXsetverifydepth\n\nSets the maximum depth for the certificate chain verification that shall be allowed for ctx.\n\nNet::SSLeay::CTXsetverifydepth($ctx, $depth);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $depth - max. depth\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   CTXusePKCS12file\n\nAdds the certificate and private key from PKCS12 file $p12filename to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePKCS12file($ctx, $p12filename, $password);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $p12filename - (string) filename\n# $password - (string) password to decrypt private key\n#\n# returns: 1 on success, 0 on failure\n\n*   CTXusePrivateKey\n\nAdds the private key $pkey to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePrivateKey($ctx, $pkey);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusePrivateKeyfile\n\nAdds the first private key found in $file to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePrivateKeyfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXuseRSAPrivateKey\n\nAdds the RSA private key $rsa to $ctx.\n\nmy $rv = Net::SSLeay::CTXuseRSAPrivateKey($ctx, $rsa);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXuseRSAPrivateKeyfile\n\nAdds the first RSA private key found in $file to $ctx.\n\nmy $rv = Net::SSLeay::CTXuseRSAPrivateKeyfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\n*   CTXusecertificate\n\nLoads the certificate $x into $ctx\n\nmy $rv = Net::SSLeay::CTXusecertificate($ctx, $x);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusecertificatechainfile\n\nLoads a certificate chain from $file into $ctx. The certificates must be in PEM format and\nmust be sorted starting with the subject's certificate (actual client or server\ncertificate), followed by intermediate CA certificates if applicable, and ending at the\nhighest level (root) CA.\n\nmy $rv = Net::SSLeay::CTXusecertificatechainfile($ctx, $file);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusecertificatefile\n\nLoads the first certificate stored in $file into $ctx.\n\nmy $rv = Net::SSLeay::CTXusecertificatefile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXgetsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns the security level associated with $ctx.\n\nmy $level = Net::SSLeay::CTXgetsecuritylevel($ctx);\n# $ctx   - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) current security level\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXgetsecuritylevel.html>\n\n*   CTXsetsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nSets the security level associated with $ctx to $level.\n\nNet::SSLeay::CTXsetsecuritylevel($ctx, $level);\n# $ssl   - value corresponding to openssl's SSLCTX structure\n# $level - new security level\n#\n# returns: no return value\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetsecuritylevel.html>\n\n*   CTXsetnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nSet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $rv = Net::SSLeay::CTXsetnumtickets($ctx, $numberoftickets);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $numberoftickets - number of tickets to send\n#\n# returns: 1 on success, 0 on failure\n\nSet to zero if you do not no want to support a session resumption.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetnumtickets.html>\n\n*   CTXgetnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nGet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $numberoftickets = Net::SSLeay::CTXgetnumtickets($ctx);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) number of tickets to send\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetnumtickets.html>\n\n*   CTXsetkeylogcallback\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n1.1.1pre1, not in LibreSSL\n\nSet the TLS key logging callback.\n\nNet::SSLeay::CTXsetkeylogcallback($ctx, $cb);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $cb - reference to a perl callback function\n#\n# returns: no return value\n\nThe callback function will be called like this:\n\nkeylogcbfunc($ssl, $line);\n# $ssl - value corresponding to OpenSSL's SSL object associated with the connection\n# $line - a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetkeylogcallback.html>\n\n*   CTXgetkeylogcallback\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n1.1.1pre1, not in LibreSSL\n\nRetrieve the previously set TLS key logging callback.\n\nmy $cb = Net::SSLeay::CTXgetkeylogcallback($ctx);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n#\n# returns: a reference to a perl callback function or undef if no callback is set\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXgetkeylogcallback.html>\n\nLow level API: SSL* related functions\nNOTE: Please note that the function described in this chapter have \"SSL\" part stripped from\ntheir original openssl names.\n\n*   new\n\nCreates a new SSL structure which is needed to hold the data for a TLS/SSL connection. The\nnew structure inherits the settings of the underlying context $ctx: connection method\n(SSLv2/v3/TLSv1), options, verification settings, timeout settings.\n\nmy $rv = Net::SSLeay::new($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's SSL structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLnew.html>\n\n*   accept\n\nWaits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must\nalready have been set and assigned to the ssl by setting an underlying BIO.\n\nmy $rv = Net::SSLeay::accept($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLaccept.html>\n\n*   addclientCA\n\nAdds the CA name extracted from cacert to the list of CAs sent to the client when requesting\na client certificate for the chosen ssl, overriding the setting valid for ssl's SSLCTX\nobject.\n\nmy $rv = Net::SSLeay::addclientCA($ssl, $x);\n# $ssl - value corresponding to openssl's SSL structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   callbackctrl\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::callbackctrl($ssl, $cmd, $fp);\n# $ssl - value corresponding to openssl's SSL structure\n# $cmd - (integer) command id\n# $fp - (function pointer) ???\n#\n# returns: ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   checkprivatekey\n\nChecks the consistency of a private key with the corresponding certificate loaded into $ssl\n\nmy $rv = Net::SSLeay::checkprivatekey($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   clear\n\nReset SSL object to allow another connection.\n\nNet::SSLeay::clear($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLclear.html>\n\n*   connect\n\nInitiate the TLS/SSL handshake with an TLS/SSL server.\n\nmy $rv = Net::SSLeay::connect($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLconnect.html>\n\n*   copysessionid\n\nCopies the session structure fro $from to $to (+ also the private key and certificate\nassociated with $from).\n\nNet::SSLeay::copysessionid($to, $from);\n# $to - value corresponding to openssl's SSL structure\n# $from - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\n*   ctrl\n\nInternal handling function for SSL objects.\n\nBEWARE: openssl doc says: This function should never be called directly!\n\nmy $rv = Net::SSLeay::ctrl($ssl, $cmd, $larg, $parg);\n# $ssl - value corresponding to openssl's SSL structure\n# $cmd - (integer) command id\n# $larg - (integer) long ???\n# $parg - (string/pointer) ???\n#\n# returns: (long) result of given command ???\n\nFor more details about valid $cmd values check \"CTXctrl\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   dohandshake\n\nWill wait for a SSL/TLS handshake to take place. If the connection is in client mode, the\nhandshake will be started. The handshake routines may have to be explicitly set in advance\nusing either SSLsetconnectstate or SSLsetacceptstate(3).\n\nmy $rv = Net::SSLeay::dohandshake($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLdohandshake.html>\n\n*   dup\n\nReturns a duplicate of $ssl.\n\nmy $rv = Net::SSLeay::dup($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSL structure (0 on failure)\n\n*   free\n\nFree an allocated SSL structure.\n\nNet::SSLeay::free($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLfree.html>\n\n*   get0param\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nReturns the current verification parameters.\n\nmy $vpm = Net::SSLeay::get0param($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   getSSLCTX\n\nReturns a pointer to the SSLCTX object, from which $ssl was created with Net::SSLeay::new.\n\nmy $rv = Net::SSLeay::getSSLCTX($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetSSLCTX.html>\n\n*   setSSLCTX\n\nCOMPATIBILITY: requires at least OpenSSL 0.9.8f\n\nSets the SSLCTX the corresponds to an SSL session.\n\nmy $thesslctx = Net::SSLeay::setSSLCTX($ssl, $sslctx);\n# $ssl - value corresponding to openssl's SSL structure\n# $sslctx - Change the ssl object to the given sslctx\n#\n# returns - the sslctx\n\n*   getappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::getappdata($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: string/buffer/pointer ???\n\n*   setappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::setappdata($ssl, $arg);\n# $ssl - value corresponding to openssl's SSL structure\n# $arg - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   getcertificate\n\nGets X509 certificate from an established SSL connection.\n\nmy $rv = Net::SSLeay::getcertificate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\n*   getcipher\n\nObtains the name of the currently used cipher.\n\nmy $rv = Net::SSLeay::getcipher($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA' or '', when no session has been established.\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html>\n\n*   getcipherbits\n\nObtain the number of secret/algorithm bits used.\n\nmy $rv = Net::SSLeay::getcipherbits($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: number of secret bits used by current cipher\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html> and\n<http://www.openssl.org/docs/ssl/SSLCIPHERgetname.html>\n\n*   getciphers\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nReturns a list of SSLCIPHER structures available for $ssl sorted by preference\n\nmy @ciphers = Net::SSLeay::getciphers($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (list) SSLCIPHER structures or nothing when $ssl is undefined or no ciphers are available\n\nExample:\n\nmy @ciphers = Net::SSLeay::getciphers($ssl);\nforeach my $c (@ciphers) {\nprint Net::SSLeay::CIPHERgetname($c) . \"\\n\";\n}\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLgetciphers.html>\n\n*   getcipherlist\n\nReturns the name (string) of the SSLCIPHER listed for $ssl with priority $n.\n\nmy $rv = Net::SSLeay::getcipherlist($ssl, $n);\n# $ssl - value corresponding to openssl's SSL structure\n# $n - (integer) priority\n#\n# returns: (string) cipher name e.g. 'EDH-DSS-DES-CBC3-SHA' or undef in case of error\n\nCall Net::SSLeay::getcipherlist with priority starting from 0 to obtain the sorted list of\navailable ciphers, until undef is returned:\n\nmy $priority = 0;\nwhile (my $c = Net::SSLeay::getcipherlist($ssl, $priority)) {\nprint \"cipher[$priority] = $c\\n\";\n$priority++;\n}\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLgetcipherlist.html>\n\n*   getclientCAlist\n\nReturns the list of client CAs explicitly set for $ssl using\n\"Net::SSleay::setclientCAlist\" or $ssl's SSLCTX object with\n\"Net::SSLeay::CTXsetclientCAlist\", when in server mode.\n\nIn client mode, returns the list of client CAs sent from the server, if any.\n\nmy $rv = Net::SSLeay::getclientCAlist($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's STACKOF(X509NAME) structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetclientCAlist.html>\n\n*   getcurrentcipher\n\nReturns the cipher actually used.\n\nmy $rv = Net::SSLeay::getcurrentcipher($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLCIPHER structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html>\n\n*   getdefaulttimeout\n\nReturns the default timeout value assigned to SSLSESSION objects negotiated for the\nprotocol valid for $ssl.\n\nmy $rv = Net::SSLeay::getdefaulttimeout($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (long) timeout in seconds\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetdefaulttimeout.html>\n\n*   geterror\n\nReturns a result code for a preceding call to \"connect\", \"accept\", \"dohandshake\", \"read\",\n\"peek\" or \"write\" on $ssl.\n\nmy $rv = Net::SSLeay::geterror($ssl, $ret);\n# $ssl - value corresponding to openssl's SSL structure\n# $ret - return value of preceding TLS/SSL I/O operation\n#\n# returns: result code, which is one of the following values:\n#  0 - SSLERRORNONE\n#  1 - SSLERRORSSL\n#  2 - SSLERRORWANTREAD\n#  3 - SSLERRORWANTWRITE\n#  4 - SSLERRORWANTX509LOOKUP\n#  5 - SSLERRORSYSCALL\n#  6 - SSLERRORZERORETURN\n#  7 - SSLERRORWANTCONNECT\n#  8 - SSLERRORWANTACCEPT\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgeterror.html>\n\n*   getexdata\n\nIs used to retrieve the information for $idx from $ssl.\n\nmy $rv = Net::SSLeay::getexdata($ssl, $idx);\n# $ssl - value corresponding to openssl's SSL structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   setexdata\n\nIs used to store application data at $data for $idx into the $ssl object.\n\nmy $rv = Net::SSLeay::setexdata($ssl, $idx, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   getexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::getexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   getfd\n\nReturns the file descriptor which is linked to $ssl.\n\nmy $rv = Net::SSLeay::getfd($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: file descriptor (>=0) or -1 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetfd.html>\n\n*   getfinished\n\nObtains the latest 'Finished' message sent to the peer. Return value is zero if there's been\nno Finished message yet. Default count is 2*EVPMAXMDSIZE that is long enough for all\npossible Finish messages. If you supply a non-default count, the resulting return value may\nbe longer than returned buf's length.\n\nmy $rv = Net::SSLeay::getfinished($ssl, $buf, $count);\n# $ssl - value corresponding to openssl's SSL structure\n# $buf - buffer where the returned data will be stored\n# $count - [optional] max size of return data - default is 2*EVPMAXMDSIZE\n#\n# returns: length of latest Finished message\n\n*   getpeerfinished\n\nObtains the latest 'Finished' message expected from the peer. Parameters and return value\nare similar to getfinished().\n\nmy $rv = Net::SSLeay::getpeerfinished($ssl, $buf, $count);\n# $ssl - value corresponding to openssl's SSL structure\n# $buf - buffer where the returned data will be stored\n# $count - [optional] max size of return data - default is 2*EVPMAXMDSIZE\n#\n# returns: length of latest Finished message\n\n*   getkeyblocksize\n\nGets the length of the TLS keyblock.\n\nNOTE: Does not exactly correspond to any low level API function.\n\nmy $rv = Net::SSLeay::getkeyblocksize($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: keyblock size, -1 on error\n\n*   getmode\n\nReturns the mode (bitmask) set for $ssl.\n\nmy $rv = Net::SSLeay::getmode($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: mode (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetmode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   setmode\n\nAdds the mode set via bitmask in $mode to $ssl. Options already set before are not cleared.\n\nmy $rv = Net::SSLeay::setmode($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - mode (bitmask)\n#\n# returns: the new mode bitmask after adding $mode\n\nFor $mode bitmask details see \"CTXgetmode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   getoptions\n\nReturns the options (bitmask) set for $ssl.\n\nmy $rv = Net::SSLeay::getoptions($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: options (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetoptions\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetoptions.html>\n\n*   setoptions\n\nAdds the options set via bitmask in $options to $ssl. Options already set before are not\ncleared!\n\nNet::SSLeay::setoptions($ssl, $options);\n# $ssl - value corresponding to openssl's SSL structure\n# $options - options (bitmask)\n#\n# returns: the new options bitmask after adding $options\n\nFor $options bitmask details see \"CTXgetoptions\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetoptions.html>\n\n*   getpeercertificate\n\nGet the X509 certificate of the peer.\n\nmy $rv = Net::SSLeay::getpeercertificate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetpeercertificate.html>\n\n*   getpeercertchain\n\nGet the certificate chain of the peer as an array of X509 structures.\n\nmy @rv = Net::SSLeay::getpeercertchain($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: list of X509 structures\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetpeercertificate.html>\n\n*   getquietshutdown\n\nReturns the 'quiet shutdown' setting of ssl.\n\nmy $rv = Net::SSLeay::getquietshutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) current 'quiet shutdown' value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   getrbio\n\nGet 'read' BIO linked to an SSL object $ssl.\n\nmy $rv = Net::SSLeay::getrbio($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetrbio.html>\n\n*   getreadahead\n\nmy $rv = Net::SSLeay::getreadahead($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) readahead value\n\n*   setreadahead\n\nNet::SSLeay::setreadahead($ssl, $val);\n# $ssl - value corresponding to openssl's SSL structure\n# $val - readahead value to be set\n#\n# returns: the original readahead value\n\n*   getsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns the security level associated with $ssl.\n\nmy $level = Net::SSLeay::getsecuritylevel($ssl);\n# $ssl   - value corresponding to openssl's SSL structure\n#\n# returns: (integer) current security level\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetsecuritylevel.html>\n\n*   setsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nSets the security level associated with $ssl to $level.\n\nNet::SSLeay::setsecuritylevel($ssl, $level);\n# $ssl   - value corresponding to openssl's SSL structure\n# $level - new security level\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetsecuritylevel.html>\n\n*   setnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nSet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $rv = Net::SSLeay::setnumtickets($ssl, $numberoftickets);\n# $ssl  - value corresponding to openssl's SSL structure\n# $numberoftickets - number of tickets to send\n#\n# returns: 1 on success, 0 on failure\n\nSet to zero if you do not no want to support a session resumption.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetnumtickets.html>\n\n*   getnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nGet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $numberoftickets = Net::SSLeay::getnumtickets($ctx);\n# $ctx  - value corresponding to openssl's SSL structure\n#\n# returns: number of tickets to send\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetnumtickets.html>\n\n*   getserverrandom\n\nReturns internal SSLv3 serverrandom value.\n\nNet::SSLeay::getserverrandom($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: serverrandom value (binary data)\n\n*   getclientrandom\n\nNOTE: Does not exactly correspond to any low level API function\n\nReturns internal SSLv3 clientrandom value.\n\nNet::SSLeay::getclientrandom($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: clientrandom value (binary data)\n\n*   exportkeyingmaterial\n\nReturns keying material based on the string $label and optional $context. Note that with\nTLSv1.2 and lower, empty context (empty string) and undefined context (no value or 'undef')\nwill return different values.\n\nmy $out = Net::SSLeay::exportkeyingmaterial($ssl, $olen, $label, $context);\n# $ssl - value corresponding to openssl's SSL structure\n# $olen - number of bytes to return\n# $label - application specific label\n# $context - [optional] context - default is undef for no context\n#\n# returns: keying material (binary data) or undef on error\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLexportkeyingmaterial.html>\n\n*   getsession\n\nRetrieve TLS/SSL session data used in $ssl. The reference count of the SSLSESSION is NOT\nincremented.\n\nmy $rv = Net::SSLeay::getsession($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetsession.html>\n\n*   SSLget0session\n\nThe alias for \"getsession\" (note that the name is \"SSLget0session\" NOT \"get0session\").\n\nmy $rv = Net::SSLeay::SSLget0session();\n\n*   get1session\n\nReturns a pointer to the SSLSESSION actually used in $ssl. The reference count of the\nSSLSESSION is incremented by 1.\n\nmy $rv = Net::SSLeay::get1session($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetsession.html>\n\n*   getsharedciphers\n\nReturns string with a list (colon ':' separated) of ciphers shared between client and server\nwithin SSL session $ssl.\n\nmy $rv = Net::SSLeay::getsharedciphers()\n#\n# returns: string like 'ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:...'\n\n*   getshutdown\n\nReturns the shutdown mode of $ssl.\n\nmy $rv = Net::SSLeay::getshutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: shutdown mode (bitmask) of ssl\n\n#to decode the return value (bitmask) use:\n0 - No shutdown setting, yet\n1 - SSLSENTSHUTDOWN\n2 - SSLRECEIVEDSHUTDOWN\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetshutdown.html>\n\n*   getsslmethod\n\nReturns a function pointer to the TLS/SSL method set in $ssl.\n\nmy $rv = Net::SSLeay::getsslmethod($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   ininit, inbefore, isinitfinished, inconnectinit, inacceptinit\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before.\n\nRetrieve information about the handshake state machine. All functions take $ssl as the only\nargument and return 0 or 1. These functions are recommended over getstate() and state().\n\nmy $rv = Net::SSLeay::isinitfinished($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: All functions return 1 or 0\n\nCheck openssl doc https://www.openssl.org/docs/ssl/SSLininit.html\n<http://www.openssl.org/docs/ssl/SSLininit.html>\n\n*   getstate\n\nCOMPATIBILITY: OpenSSL 1.1.0 and later use different constants which are not made available.\nUse isinitfinished() and related functions instead.\n\nReturns the SSL connection state.\n\nmy $rv = Net::SSLeay::getstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) state value\n#          to decode the returned state check:\n#          SSLST* constants in openssl/ssl.h\n#          SSL2ST* constants in openssl/ssl2.h\n#          SSL23ST* constants in openssl/ssl23.h\n#          SSL3ST* + DTLS1ST* constants in openssl/ssl3.h\n\n*   state\n\nExactly the same as \"getstate\".\n\nmy $rv = Net::SSLeay::state($ssl);\n\n*   setstate\n\nSets the SSL connection state.\n\nNet::SSLeay::setstate($ssl,Net::SSLeay::SSLSTACCEPT());\n\nNot available with OpenSSL 1.1 and later.\n\n*   getverifydepth\n\nReturns the verification depth limit currently set in $ssl.\n\nmy $rv = Net::SSLeay::getverifydepth($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: current depth or -1 if no limit has been explicitly set\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   setverifydepth\n\nSets the maximum depth for the certificate chain verification that shall be allowed for\n$ssl.\n\nNet::SSLeay::setverifydepth($ssl, $depth);\n# $ssl - value corresponding to openssl's SSL structure\n# $depth - (integer) depth\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   getverifymode\n\nReturns the verification mode (bitmask) currently set in $ssl.\n\nmy $rv = Net::SSLeay::getverifymode($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: mode (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetverifymode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   setverify\n\nSets the verification flags for $ssl to be $mode and specifies the $verifycallback function\nto be used.\n\nNet::SSLeay::setverify($ssl, $mode, $callback);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - mode (bitmask)\n# $callback - [optional] reference to perl callback function\n#\n# returns: no return value\n\nFor $mode bitmask details see \"CTXgetverifymode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   setposthandshakeauth\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nEnable the Post-Handshake Authentication extension to be added to the ClientHello such that\npost-handshake authentication can be requested by the server.\n\nNet::SSLeay::setposthandshakeauth($ssl, $val);\n# $ssl - value corresponding to openssl's SSL structure\n# $val - 0 then the extension is not sent, otherwise it is\n#\n# returns: no return value\n\nCheck openssl doc https://www.openssl.org/docs/manmaster/man3/SSLsetposthandshakeauth\n<https://www.openssl.org/docs/manmaster/man3/SSLsetposthandshakeauth.html>\n\n*   verifyclientposthandshake\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nverifyclientposthandshake causes a CertificateRequest message to be sent by a server on\nthe given ssl connection.\n\nmy $rv = Net::SSLeay::verifyclientposthandshake($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLverifyclientposthandshake.html>\n\n*   getverifyresult\n\nReturns the result of the verification of the X509 certificate presented by the peer, if\nany.\n\nmy $rv = Net::SSLeay::getverifyresult($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer)\n#      0 - X509VOK: ok\n#      2 - X509VERRUNABLETOGETISSUERCERT: unable to get issuer certificate\n#      3 - X509VERRUNABLETOGETCRL: unable to get certificate CRL\n#      4 - X509VERRUNABLETODECRYPTCERTSIGNATURE: unable to decrypt certificate's signature\n#      5 - X509VERRUNABLETODECRYPTCRLSIGNATURE: unable to decrypt CRL's signature\n#      6 - X509VERRUNABLETODECODEISSUERPUBLICKEY: unable to decode issuer public key\n#      7 - X509VERRCERTSIGNATUREFAILURE: certificate signature failure\n#      8 - X509VERRCRLSIGNATUREFAILURE: CRL signature failure\n#      9 - X509VERRCERTNOTYETVALID: certificate is not yet valid\n#     10 - X509VERRCERTHASEXPIRED: certificate has expired\n#     11 - X509VERRCRLNOTYETVALID: CRL is not yet valid\n#     12 - X509VERRCRLHASEXPIRED: CRL has expired\n#     13 - X509VERRERRORINCERTNOTBEFOREFIELD: format error in certificate's notBefore field\n#     14 - X509VERRERRORINCERTNOTAFTERFIELD: format error in certificate's notAfter field\n#     15 - X509VERRERRORINCRLLASTUPDATEFIELD: format error in CRL's lastUpdate field\n#     16 - X509VERRERRORINCRLNEXTUPDATEFIELD: format error in CRL's nextUpdate field\n#     17 - X509VERROUTOFMEM: out of memory\n#     18 - X509VERRDEPTHZEROSELFSIGNEDCERT: self signed certificate\n#     19 - X509VERRSELFSIGNEDCERTINCHAIN: self signed certificate in certificate chain\n#     20 - X509VERRUNABLETOGETISSUERCERTLOCALLY: unable to get local issuer certificate\n#     21 - X509VERRUNABLETOVERIFYLEAFSIGNATURE: unable to verify the first certificate\n#     22 - X509VERRCERTCHAINTOOLONG: certificate chain too long\n#     23 - X509VERRCERTREVOKED: certificate revoked\n#     24 - X509VERRINVALIDCA: invalid CA certificate\n#     25 - X509VERRPATHLENGTHEXCEEDED: path length constraint exceeded\n#     26 - X509VERRINVALIDPURPOSE: unsupported certificate purpose\n#     27 - X509VERRCERTUNTRUSTED: certificate not trusted\n#     28 - X509VERRCERTREJECTED: certificate rejected\n#     29 - X509VERRSUBJECTISSUERMISMATCH: subject issuer mismatch\n#     30 - X509VERRAKIDSKIDMISMATCH: authority and subject key identifier mismatch\n#     31 - X509VERRAKIDISSUERSERIALMISMATCH: authority and issuer serial number mismatch\n#     32 - X509VERRKEYUSAGENOCERTSIGN:key usage does not include certificate signing\n#     50 - X509VERRAPPLICATIONVERIFICATION: application verification failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetverifyresult.html>\n\n*   setverifyresult\n\nOverride result of peer certificate verification.\n\nNet::SSLeay::setverifyresult($ssl, $v);\n# $ssl - value corresponding to openssl's SSL structure\n# $v - (integer) result value\n#\n# returns: no return value\n\nFor more info about valid return values see \"getverifyresult\"\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetverifyresult.html>\n\n*   getwbio\n\nGet 'write' BIO linked to an SSL object $ssl.\n\nmy $rv = Net::SSLeay::getwbio($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetrbio.html>\n\n*   loadclientCAfile\n\nLoad X509 certificates from file (PEM formatted).\n\nmy $rv = Net::SSLeay::loadclientCAfile($file);\n# $file - (string) file name\n#\n# returns: value corresponding to openssl's STACKOF(X509NAME) structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLloadclientCAfile.html>\n\n*   clearnumrenegotiations\n\nExecutes SSLCTRLCLEARNUMRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::clearnumrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   needtmpRSA\n\nExecutes SSLCTRLNEEDTMPRSA command on $ssl.\n\nmy $rv = Net::SSLeay::needtmpRSA($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\nNot available with OpenSSL 1.1 and later.\n\n*   numrenegotiations\n\nExecutes SSLCTRLGETNUMRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::numrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   totalrenegotiations\n\nExecutes SSLCTRLGETTOTALRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::totalrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   peek\n\nCopies $max bytes from the specified $ssl into the returned value. In contrast to the\n\"Net::SSLeay::read()\" function, the data in the SSL buffer is unmodified after the\nSSLpeek() operation.\n\nNet::SSLeay::peek($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to peek (integer) - default is 32768\n#\n# in scalar context: data read from the TLS/SSL connection, undef on error\n# in list context:   two-item array consisting of data read (undef on error),\n#                      and return code from SSLpeek().\n\n*   peekex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nCopies $max bytes from the specified $ssl into the returned value. In contrast to the\n\"Net::SSLeay::readex()\" function, the data in the SSL buffer is unmodified after the\nSSLpeekex() operation.\n\nmy($got, $rv) = Net::SSLeay::peekex($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to peek (integer) - default is 32768\n#\n# returns a list: two-item list consisting of data read (undef on error),\n#                 and return code from SSLpeekex().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLpeekex.html>\n\n*   pending\n\nObtain number of readable bytes buffered in $ssl object.\n\nmy $rv = Net::SSLeay::pending($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: the number of bytes pending\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLpending.html>\n\n*   haspending\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns 1 if $ssl has buffered data (whether processed or unprocessed) and 0 otherwise.\n\nmy $rv = Net::SSLeay::haspending($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) 1 or 0\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLhaspending.html>\n\n*   read\n\nTries to read $max bytes from the specified $ssl.\n\nmy $got = Net::SSLeay::read($ssl, $max);\nmy($got, $rv) = Net::SSLeay::read($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to read (integer) - default is 32768\n#\n# returns:\n# in scalar context: data read from the TLS/SSL connection, undef on error\n# in list context:   two-item array consisting of data read (undef on error),\n#                      and return code from SSLread().\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLread.html>\n\n*   readex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nTries to read $max bytes from the specified $ssl.\n\nmy($got, $rv) = Net::SSLeay::readex($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to read (integer) - default is 32768\n#\n# returns a list: two-item list consisting of data read (undef on error),\n#                 and return code from SSLreadex().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLreadex.html>\n\n*   renegotiate\n\nTurn on flags for renegotiation so that renegotiation will happen\n\nmy $rv = Net::SSLeay::renegotiate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   rstatestring\n\nReturns a 2 letter string indicating the current read state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::rstatestring($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 2-letter string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLrstatestring.html>\n\n*   rstatestringlong\n\nReturns a string indicating the current read state of the SSL object ssl.\n\nmy $rv = Net::SSLeay::rstatestringlong($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: string with current state\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLrstatestring.html>\n\n*   sessionreused\n\nQuery whether a reused session was negotiated during handshake.\n\nmy $rv = Net::SSLeay::sessionreused($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 0 - new session was negotiated; 1 - session was reused.\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsessionreused.html>\n\n*   set1param\n\nCOMPATIBILITY: requires at least OpenSSL 1.0.0-beta3\n\nApplies X509 verification parameters $vpm on $ssl\n\nmy $rv = Net::SSLeay::set1param($ssl, $vpm);\n# $ssl - value corresponding to openssl's SSL structure\n# $vpm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   setacceptstate\n\nSets $ssl to work in server mode.\n\nNet::SSLeay::setacceptstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetconnectstate.html>\n\n*   setbio\n\nConnects the BIOs $rbio and $wbio for the read and write operations of the TLS/SSL\n(encrypted) side of $ssl.\n\nNet::SSLeay::setbio($ssl, $rbio, $wbio);\n# $ssl - value corresponding to openssl's SSL structure\n# $rbio - value corresponding to openssl's BIO structure\n# $wbio - value corresponding to openssl's BIO structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetbio.html>\n\n*   setcipherlist\n\nSets the list of ciphers only for ssl.\n\nmy $rv = Net::SSLeay::setcipherlist($ssl, $str);\n# $ssl - value corresponding to openssl's SSL structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcipherlist.html>\n\n*   setciphersuites\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nConfigure the available TLSv1.3 ciphersuites.\n\nmy $rv = Net::SSLeay::setciphersuites($ssl, $str);\n# $ssl  - value corresponding to openssl's SSL structure\n# $str  - colon (\":\") separated list of TLSv1.3 ciphersuite names in order of preference\n#\n# returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetciphersuites.html>\n\n*   setclientCAlist\n\nSets the list of CAs sent to the client when requesting a client certificate for the chosen\n$ssl, overriding the setting valid for $ssl's SSLCTX object.\n\nmy $rv = Net::SSLeay::setclientCAlist($ssl, $list);\n# $ssl - value corresponding to openssl's SSL structure\n# $list - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   setconnectstate\n\nSets $ssl to work in client mode.\n\nNet::SSLeay::setconnectstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetconnectstate.html>\n\n*   setfd\n\nSets the file descriptor $fd as the input/output facility for the TLS/SSL (encrypted) side\nof $ssl, $fd will typically be the socket file descriptor of a network connection.\n\nmy $rv = Net::SSLeay::setfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setpskclientcallback\n\nSets the psk client callback.\n\nNet::SSLeay::setpskclientcallback($ssl, sub { my $hint = shift; return ($identity, $key) } );\n# $ssl - value corresponding to openssl's SSL structure\n# $hint - PSK identity hint send by the server\n# $identity - PSK identity\n# $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetpskclientcallback.html>\n\n*   setrfd\n\nSets the file descriptor $fd as the input (read) facility for the TLS/SSL (encrypted) side\nof $ssl.\n\nmy $rv = Net::SSLeay::setrfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setwfd\n\nmy $rv = Net::SSLeay::setwfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setinfocallback\n\nSets the callback function, that can be used to obtain state information for $ssl during\nconnection setup and use. When callback is undef, the callback setting currently valid for\nctx is used.\n\nNet::SSLeay::setinfocallback($ssl, $cb, [$data]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($ssl,$where,$ret,$data) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetinfocallback.html>\n\n*   CTXsetinfocallback\n\nSets the callback function on ctx, that can be used to obtain state information during ssl\nconnection setup and use. When callback is undef, an existing callback will be disabled.\n\nNet::SSLeay::CTXsetinfocallback($ssl, $cb, [$data]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($ssl,$where,$ret,$data) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetinfocallback.html>\n\n*   setmsgcallback\n\nSets the callback function, that can be used to obtain protocol messages information for\n$ssl during connection setup and use. When callback is undef, the callback setting currently\nvalid for ctx is used. Note that setmsgcallbackarg is not provided as there is no need to\nexplicitly set $arg, this is handled by setmsgcallback.\n\nNet::SSLeay::setmsgcallback($ssl, $cb, [$arg]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($writep,$version,$contenttype,$buf,$len,$ssl,$arg) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/SSLsetmsgcallback.html>\n\n*   CTXsetmsgcallback\n\nSets the callback function on ctx, that can be used to obtain protocol messages information\nfor ssl connection setup and use. When callback is undef, the existing callback will be\ndisabled. Note that CTXsetmsgcallbackarg is not provided as there is no need to\nexplicitly set $arg, this is handled by CTXsetmsgcallback.\n\nNet::SSLeay::CTXsetmsgcallback($ssl, $cb, [$arg]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($writep,$version,$contenttype,$buf,$len,$ssl,$arg) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/SSLCTXsetmsgcallback.html>\n\n*   setprefcipher\n\nSets the list of available ciphers for $ssl using the control string $str.\n\nmy $rv = Net::SSLeay::setprefcipher($ssl, $str);\n# $ssl - value corresponding to openssl's SSL structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcipherlist.html>\n\n*   CTXsetpskclientcallback\n\nSets the psk client callback.\n\nNet::SSLeay::CTXsetpskclientcallback($ssl, sub { my $hint = shift; return ($identity, $key) } );\n# $ssl - value corresponding to openssl's SSL structure\n# $hint - PSK identity hint send by the server\n# $identity - PSK identity\n# $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetpskclientcallback.html>\n\n*   setpurpose\n\nmy $rv = Net::SSLeay::setpurpose($ssl, $purpose);\n# $ssl - value corresponding to openssl's SSL structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more info about available $purpose identifiers see \"CTXsetpurpose\".\n\n*   setquietshutdown\n\nSets the 'quiet shutdown' flag for $ssl to be $mode.\n\nNet::SSLeay::setquietshutdown($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - 0 or 1\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   setsession\n\nSet a TLS/SSL session to be used during TLS/SSL connect.\n\nmy $rv = Net::SSLeay::setsession($to, $ses);\n# $to - value corresponding to openssl's SSL structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetsession.html>\n\n*   setsessionidcontext\n\nSets the context $sidctx of length $sidctxlen within which a session can be reused for\nthe $ssl object.\n\nmy $rv = Net::SSLeay::setsessionidcontext($ssl, $sidctx, $sidctxlen);\n# $ssl - value corresponding to openssl's SSL structure\n# $sidctx - data buffer\n# $sidctxlen - length of data in $sidctx\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessionidcontext.html>\n\n*   setsessionsecretcb\n\nSetup pre-shared secret session resumption function.\n\nNet::SSLeay::setsessionsecretcb($ssl, $func, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ncallbackfunction($secret, $ciphers, $prefcipher, $data);\n# $secret is the current master session key, usually all 0s at the beginning of a session\n# $ciphers is ref to an array of peer cipher names\n# $prefcipher is a ref to an index into the list of cipher names of\n#  the preferred cipher. Set it if you want to specify a preferred cipher\n# $data is the data passed to setsessionsecretcb\n\nThe callback function should return 1 if it likes the suggested cipher (or has selected an\nalternative by setting prefcipher), else it should return 0 (in which case OpenSSL will\nselect its own preferred cipher).\n\nWith OpenSSL 1.1 and later, callbackfunction can change the master key for the session by\naltering $secret and returning 1.\n\n*   CTXsettlsextticketgetkeycb\n\nSetup encryption for TLS session tickets (stateless session reuse).\n\nNet::SSLeay::CTXsettlsextticketgetkeycb($ctx, $func, $data);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetkey($data,[$keyname]) -> ($key,$currentkeyname)\n# $data is the data passed to setsessionsecretcb\n# $keyname is the name of the key OpenSSL has extracted from the session ticket\n# $key is the requested key for ticket encryption + HMAC\n# $currentkeyname is the name for the currently valid key\n\nOpenSSL will call the function without a key name if it generates a new ticket. It then\nneeds the callback to return the encryption+HMAC key and an identifier (key name) for this\nkey.\n\nWhen OpenSSL gets a session ticket from the client it extracts the key name and calls the\ncallback with this name as argument. It then expects the callback to return the\nencryption+HMAC key matching the requested key name and and also the key name which should\nbe used at the moment. If the requested key name and the returned key name differ it means\nthat this session ticket was created with an expired key and need to be renewed. In this\ncase OpenSSL will call the callback again with no key name to create a new session ticket\nbased on the old one.\n\nThe key must be at least 32 byte of random data which can be created with RANDbytes.\nInternally the first 16 byte are used as key in AES-128 encryption while the next 16 byte\nare used for the SHA-256 HMAC. The key name are binary data and must be exactly 16 byte\nlong.\n\nExample:\n\nNet::SSLeay::RANDbytes(my $oldkey,32);\nNet::SSLeay::RANDbytes(my $newkey,32);\nmy $oldkeyname = pack(\"a16\",'oldsecret');\nmy $newkeyname = pack(\"a16\",'newsecret');\n\nmy @keys = (\n[ $newkeyname, $newkey ], # current active key\n[ $oldkeyname, $oldkey ], # already expired\n);\n\nNet::SSLeay::CTXsettlsextticketgetkeycb($server2->ctx, sub {\nmy ($mykeys,$name) = @;\n\n# return (currentkey, currentkeyname) if no name given\nreturn ($mykeys->[0][1],$mykeys->[0][0]) if ! $name;\n\n# return (matchingkey, currentkeyname) if we find a key matching\n# the given name\nfor(my $i = 0; $i<@$mykeys; $i++) {\nnext if $name ne $mykeys->[$i][0];\nreturn ($mykeys->[$i][1],$mykeys->[0][0]);\n}\n\n# no matching key found\nreturn;\n},\\@keys);\n\nThis function is based on the OpenSSL function SSLCTXsettlsextticketkeycb but provides\na simpler to use interface. For more information see\n<http://www.openssl.org/docs/ssl/SSLCTXsettlsextticketkeycb.html>\n\n*   setsessionticketextcb\n\nSetup callback for TLS session tickets (stateless session reuse).\n\nNet::SSLeay::setsessionticketextcb($ssl, $func, $data);\n# $ssl  - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetticket($ssl,$ticket,$data) -> $returnvalue\n# $ssl is a value corresponding to openssl's SSL structure\n# $ticket is a value of received TLS session ticket (can also be empty)\n# $data is the data passed to setsessionticketextcb\n# $returnvalue is either 0 (failure) or 1 (success)\n\nThis function is based on the OpenSSL function SSLsetsessionticketextcb.\n\n*   setsessionticketext\n\nSet TLS session ticket (stateless session reuse).\n\nNet::SSLeay::setsessionticketext($ssl, $ticket);\n# $ssl    - value corresponding to openssl's SSL structure\n# $ticket - is a value of TLS session ticket which client will send (can also be empty string)\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetticket($ssl,$ticket,$data) -> $returnvalue\n# $ssl is a value corresponding to openssl's SSL structure\n# $ticket is a value of received TLS session ticket (can also be empty)\n# $data is the data passed to setsessionticketextcb\n# $returnvalue is either 0 (failure) or 1 (success)\n\nThis function is based on the OpenSSL function SSLsetsessionticketextcb.\n\n*   setshutdown\n\nSets the shutdown state of $ssl to $mode.\n\nNet::SSLeay::setshutdown($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - (integer) shutdown mode:\n#         0 - No shutdown\n#         1 - SSLSENTSHUTDOWN\n#         2 - SSLRECEIVEDSHUTDOWN\n#         3 - SSLRECEIVEDSHUTDOWN+SSLSENTSHUTDOWN\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetshutdown.html>\n\n*   setsslmethod\n\nSets a new TLS/SSL method for a particular $ssl object.\n\nmy $rv = Net::SSLeay::setsslmethod($ssl, $method);\n# $ssl - value corresponding to openssl's SSL structure\n# $method - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   settmpdh\n\nSets DH parameters to be used to be $dh.\n\nmy $rv = Net::SSLeay::settmpdh($ssl, $dh);\n# $ssl - value corresponding to openssl's SSL structure\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   settmpdhcallback\n\nSets the callback function for $ssl to be used when a DH parameters are required to $dhcb.\n\n??? (does this function really work?)\n\nNet::SSLeay::settmpdhcallback($ssl, $dh);\n# $ssl - value corresponding to openssl's SSL structure\n# $dhcb - pointer to function ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   settmprsa\n\nSets the temporary/ephemeral RSA key to be used in $ssl to be $rsa.\n\nmy $rv = Net::SSLeay::settmprsa($ssl, $rsa);\n# $ssl - value corresponding to openssl's SSL structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nExample:\n\n$rsakey = Net::SSLeay::RSAgeneratekey();\nNet::SSLeay::settmprsa($ssl, $rsakey);\nNet::SSLeay::RSAfree($rsakey);\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\n*   settmprsacallback\n\nSets the callback function for $ssl to be used when a temporary/ephemeral RSA key is\nrequired to $tmprsacallback.\n\n??? (does this function really work?)\n\nNet::SSLeay::settmprsacallback($ssl, $tmprsacallback);\n# $ssl - value corresponding to openssl's SSL structure\n# $tmprsacallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\n*   settrust\n\nmy $rv = Net::SSLeay::settrust($ssl, $trust);\n# $ssl - value corresponding to openssl's SSL structure\n# $trust - (integer) trust identifier\n#\n# returns: the original value\n\nFor more details about $trust values see \"CTXsettrust\".\n\n*   shutdown\n\nShuts down an active TLS/SSL connection. It sends the 'close notify' shutdown alert to the\npeer.\n\nmy $rv = Net::SSLeay::shutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 - shutdown was successfully completed\n#          0 - shutdown is not yet finished,\n#         -1 - shutdown was not successful\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLshutdown.html>\n\n*   statestring\n\nReturns a 6 letter string indicating the current state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::statestring($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 6-letter string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLstatestring.html>\n\n*   statestringlong\n\nReturns a string indicating the current state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::statestringlong($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: state strings\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLstatestring.html>\n\n*   setdefaultpasswdcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0f. Not needed with LibreSSL.\n\nSets the default password callback called when loading/storing a PEM certificate with\nencryption for $ssl.\n\nNet::SSLeay::setdefaultpasswdcb($ssl, $func);\n# $ssl - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   setdefaultpasswdcbuserdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0f. Not needed with LibreSSL.\n\nSets a pointer to userdata which will be provided to the password callback of $ssl on\ninvocation.\n\nNet::SSLeay::setdefaultpasswdcbuserdata($ssl, $userdata);\n# $ssl - value corresponding to openssl's SSL structure\n# $userdata - data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   usePrivateKey\n\nAdds $pkey as private key to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKey($ssl, $pkey);\n# $ssl - value corresponding to openssl's SSL structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usePrivateKeyASN1\n\nAdds the private key of type $pk stored in $data to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKeyASN1($pk, $ssl, $d, $len);\n# $pk - (integer) key type, NID of corresponding algorithm\n# $ssl - value corresponding to openssl's SSL structure\n# $data - key data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usePrivateKeyfile\n\nAdds the first private key found in $file to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKeyfile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKey\n\nAdds $rsa as RSA private key to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKey($ssl, $rsa);\n# $ssl - value corresponding to openssl's SSL structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKeyASN1\n\nAdds RSA private key stored in $data to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKeyASN1($ssl, $data, $len);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - key data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKeyfile\n\nAdds the first RSA private key found in $file to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKeyfile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificate\n\nLoads the certificate $x into $ssl.\n\nmy $rv = Net::SSLeay::usecertificate($ssl, $x);\n# $ssl - value corresponding to openssl's SSL structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificateASN1\n\nLoads the ASN1 encoded certificate from $data to $ssl.\n\nmy $rv = Net::SSLeay::usecertificateASN1($ssl, $data, $len);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - certificate data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificatechainfile\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0\n\nLoads a certificate chain from $file into $ssl. The certificates must be in PEM format and\nmust be sorted starting with the subject's certificate (actual client or server\ncertificate), followed by intermediate CA certificates if applicable, and ending at the\nhighest level (root) CA.\n\nmy $rv = Net::SSLeay::usecertificatechainfile($ssl, $file);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificatefile\n\nLoads the first certificate stored in $file into $ssl.\n\nmy $rv = Net::SSLeay::usecertificatefile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   getversion\n\nReturns SSL/TLS protocol name\n\nmy $rv = Net::SSLeay::getversion($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) protocol name, see OpenSSL manual for the full list\n#          TLSv1\n#          TLSv1.3\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetversion.html>\n\n*   version\n\nReturns SSL/TLS protocol version\n\nmy $rv = Net::SSLeay::version($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) protocol version, see OpenSSL manual for the full list\n#          0x0301 - TLS1VERSION  (TLSv1)\n#          0xFEFF - DTLS1VERSION (DTLSv1)\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLversion.html>\n\n*   clientversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns TLS protocol version used by the client when initiating the connection\n\nmy $rv = Net::SSLeay::clientversion($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) protocol version, see OpenSSL manual for the full list\n#          0x0301 - TLS1VERSION  (TLSv1)\n#          0xFEFF - DTLS1VERSION (DTLSv1)\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLclientversion.html>\n\n*   isdtls\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nmy $rv = Net::SSLeay::isdtls($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) zero or one\n#          0 - connection is not using DTLS\n#          1 - connection is using DTLS\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLisdtls.html>\n\n*   want\n\nReturns state information for the SSL object $ssl.\n\nmy $rv = Net::SSLeay::want($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: state\n#          1 - SSLNOTHING\n#          2 - SSLWRITING\n#          3 - SSLREADING\n#          4 - SSLX509LOOKUP\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLwant.html>\n\n*   write\n\nWrites data from the buffer $data into the specified $ssl connection.\n\nmy $rv = Net::SSLeay::write($ssl, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - data to be written\n#\n# returns: >0 - (success) number of bytes actually written to the TLS/SSL connection\n#           0 - write not successful, probably the underlying connection was closed\n#          <0 - error\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLwrite.html>\n\n*   writeex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nWrites data from the buffer $data into the specified $ssl connection.\n\nmy ($len, $rv) = Net::SSLeay::writeex($ssl, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - data to be written\n#\n# returns a list: two-item list consisting of number of bytes written,\n#                 and return code from SSLwriteex()\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLwriteex.html>\n\n*   writepartial\n\nNOTE: Does not exactly correspond to any low level API function\n\nWrites a fragment of data in $data from the buffer $data into the specified $ssl connection.\nThis is a non-blocking function like Net::SSLeay::write().\n\nmy $rv = Net::SSLeay::writepartial($ssl, $from, $count, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $from - (integer) offset from the beginning of $data\n# $count - (integer) length of data to be written\n# $data - data buffer\n#\n# returns: >0 - (success) number of bytes actually written to the TLS/SSL connection\n#           0 - write not successful, probably the underlying connection was closed\n#          <0 - error\n\n*   settlsexthostname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.8f\n\nSets TLS servername extension on SLL object $ssl to value $name.\n\nmy $rv = settlsexthostname($ssl, $name);\n# $ssl - value corresponding to openssl's SSL structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: RAND* related functions\nCheck openssl doc related to RAND stuff <http://www.openssl.org/docs/crypto/rand.html>\n\n*   RANDadd\n\nMixes the $num bytes at $buf into the PRNG state.\n\nNet::SSLeay::RANDadd($buf, $num, $entropy);\n# $buf - buffer with data to be mixed into the PRNG state\n# $num - number of bytes in $buf\n# $entropy - estimate of how much randomness is contained in $buf (in bytes)\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDseed\n\nEquivalent to \"RANDadd\" when $num == $entropy.\n\nNet::SSLeay::RANDseed($buf);   # Perlishly figures out buf size\n# $buf - buffer with data to be mixed into the PRNG state\n# $num - number of bytes in $buf\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDstatus\n\nGives PRNG status (seeded enough or not).\n\nmy $rv = Net::SSLeay::RANDstatus();\n#returns: 1 if the PRNG has been seeded with enough data, 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDbytes\n\nPuts $num cryptographically strong pseudo-random bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDbytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/RANDbytes.html>\n\n*   RANDprivbytes\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nPuts $num cryptographically strong pseudo-random bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDprivbytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure\n\nRANDprivbytes has the same semantics as RANDbytes, but see see the documentation for more\ninformation.\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/RANDprivbytes.html>\n\n*   RANDpseudobytes\n\nPuts $num pseudo-random (not necessarily unpredictable) bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDpseudobytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 if the bytes generated are cryptographically strong, 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDbytes.html>\n\n*   RANDcleanup\n\nErase the PRNG state.\n\nNet::SSLeay::RANDcleanup();\n# no args, no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDcleanup.html>\n\n*   RANDegdbytes\n\nQueries the entropy gathering daemon EGD on socket $path for $bytes bytes.\n\nmy $rv = Net::SSLeay::RANDegdbytes($path, $bytes);\n# $path - path to a socket of entropy gathering daemon EGD\n# $bytes - number of bytes we want from EGD\n#\n# returns: the number of bytes read from the daemon on success, and -1 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDegd.html>\n\n*   RANDfilename\n\nGenerates a default path for the random seed file.\n\nmy $file = Net::SSLeay::RANDfilename($num);\n# $num - maximum size of returned file name\n#\n# returns: string with file name on success, '' (empty string) or undef on failure\n\nLibreSSL and OpenSSL 1.1.0a and later return undef when, for example, $num is not large\nenough to hold the filename.\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDloadfile\n\nCOMPATIBILITY: Is no longer functional on LibreSSL\n\nReads $maxbytes of bytes from $filename and adds them to the PRNG.\n\nmy $rv = Net::SSLeay::RANDloadfile($filename, $maxbytes);\n# $filename - the name of file\n# $maxbytes - bytes to read from $filename; -1 => the complete file is read\n#\n# returns: the number of bytes read\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDwritefile\n\nWrites 1024 random bytes to $filename which can be used to initialize the PRNG by calling\n\"RANDloadfile\" in a later session.\n\nmy $rv = Net::SSLeay::RANDwritefile($filename);\n# $filename - the name of file\n#\n# returns: the number of bytes written, and -1 if the bytes written were generated without appropriate seed\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDpoll\n\nCollects some entropy from operating system and adds it to the PRNG.\n\nmy $rv = Net::SSLeay::RANDpoll();\n# returns: 1 on success, 0 on failure (unable to gather reasonable entropy)\n\nLow level API: OBJ* related functions\n*   OBJcmp\n\nCompares ASN1OBJECT $a to ASN1OBJECT $b.\n\nmy $rv = Net::SSLeay::OBJcmp($a, $b);\n# $a - value corresponding to openssl's ASN1OBJECT structure\n# $b - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: if the two are identical 0 is returned\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJdup\n\nReturns a copy/duplicate of $o.\n\nmy $rv = Net::SSLeay::OBJdup($o);\n# $o - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJnid2ln\n\nReturns long name for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2ln($n);\n# $n - (integer) NID\n#\n# returns: (string) long name e.g. 'commonName'\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJln2nid\n\nReturns NID corresponding to given long name $n.\n\nmy $rv = Net::SSLeay::OBJln2nid($s);\n# $s - (string) long name e.g. 'commonName'\n#\n# returns: (integer) NID\n\n*   OBJnid2sn\n\nReturns short name for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2sn($n);\n# $n - (integer) NID\n#\n# returns: (string) short name e.g. 'CN'\n\nExample:\n\nprint Net::SSLeay::OBJnid2sn(&Net::SSLeay::NIDcommonName);\n\n*   OBJsn2nid\n\nReturns NID corresponding to given short name $s.\n\nmy $rv = Net::SSLeay::OBJsn2nid($s);\n# $s - (string) short name e.g. 'CN'\n#\n# returns: (integer) NID\n\nExample:\n\nprint \"NIDcommonName constant=\", &Net::SSLeay::NIDcommonName;\nprint \"OBJsn2nid('CN')=\", Net::SSLeay::OBJsn2nid('CN');\n\n*   OBJnid2obj\n\nReturns ASN1OBJECT for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2obj($n);\n# $n - (integer) NID\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJobj2nid\n\nReturns NID corresponding to given ASN1OBJECT $o.\n\nmy $rv = Net::SSLeay::OBJobj2nid($o);\n# $o - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: (integer) NID\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJtxt2obj\n\nConverts the text string s into an ASN1OBJECT structure. If $noname is 0 then long names\n(e.g. 'commonName') and short names (e.g. 'CN') will be interpreted as well as numerical\nforms (e.g. '2.5.4.3'). If $noname is 1 only the numerical form is acceptable.\n\nmy $rv = Net::SSLeay::OBJtxt2obj($s, $noname);\n# $s - text string to be converted\n# $noname - (integer) 0 or 1\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJobj2txt\n\nConverts the ASN1OBJECT a into a textual representation.\n\nNet::SSLeay::OBJobj2txt($a, $noname);\n# $a - value corresponding to openssl's ASN1OBJECT structure\n# $noname - (integer) 0 or 1\n#\n# returns: textual representation e.g. 'commonName' ($noname=0), '2.5.4.3' ($noname=1)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJtxt2nid\n\nReturns NID corresponding to text string $s which can be a long name, a short name or the\nnumerical representation of an object.\n\nmy $rv = Net::SSLeay::OBJtxt2nid($s);\n# $s - (string) e.g. 'commonName' or 'CN' or '2.5.4.3'\n#\n# returns: (integer) NID\n\nExample:\n\nmy $nid = Net::SSLeay::OBJtxt2nid('2.5.4.3');\nNet::SSLeay::OBJnid2sn($n);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\nLow level API: ASN1INTEGER* related functions\n*   ASN1INTEGERnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new ASN1INTEGER structure.\n\nmy $rv = Net::SSLeay::ASN1INTEGERnew();\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\n*   ASN1INTEGERfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated ASN1INTEGER structure.\n\nNet::SSLeay::ASN1INTEGERfree($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: no return value\n\n*   ASN1INTEGERget\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns integer value of given ASN1INTEGER object.\n\nBEWARE: If the value stored in ASN1INTEGER is greater than max. integer that can be stored\nin 'long' type (usually 32bit but may vary according to platform) then this function will\nreturn -1. For getting large ASN1INTEGER values consider using \"PASN1INTEGERgetdec\" or\n\"PASN1INTEGERgethex\".\n\nmy $rv = Net::SSLeay::ASN1INTEGERget($a);\n# $a - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: integer value of ASN1INTEGER object in $a\n\n*   ASN1INTEGERset\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val\n\nBEWARE: $val has max. limit (= max. integer that can be stored in 'long' type). For setting\nlarge ASN1INTEGER values consider using \"PASN1INTEGERsetdec\" or\n\"PASN1INTEGERsethex\".\n\nmy $rv = Net::SSLeay::ASN1INTEGERset($i, $val);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $val - integer value\n#\n# returns: 1 on success, 0 on failure\n\n*   PASN1INTEGERgetdec\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string with decimal representation of integer value of given ASN1INTEGER object.\n\nNet::SSLeay::PASN1INTEGERgetdec($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: string with decimal representation\n\n*   PASN1INTEGERgethex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string with hexadecimal representation of integer value of given ASN1INTEGER\nobject.\n\nNet::SSLeay::PASN1INTEGERgethex($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: string with hexadecimal representation\n\n*   PASN1INTEGERsetdec\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val (decimal string, suitable for large\nintegers)\n\nNet::SSLeay::PASN1INTEGERsetdec($i, $str);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $str - string with decimal representation\n#\n# returns: 1 on success, 0 on failure\n\n*   PASN1INTEGERsethex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val (hexadecimal string, suitable for\nlarge integers)\n\nNet::SSLeay::PASN1INTEGERsethex($i, $str);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $str - string with hexadecimal representation\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: ASN1STRING* related functions\n*   PASN1STRINGget\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string value of given ASN1STRING object.\n\nNet::SSLeay::PASN1STRINGget($s, $utf8decode);\n# $s - value corresponding to openssl's ASN1STRING structure\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: string\n\n$string = Net::SSLeay::PASN1STRINGget($s);\n#is the same as:\n$string = Net::SSLeay::PASN1STRINGget($s, 0);\n\nLow level API: ASN1TIME* related functions\n*   ASN1TIMEnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $time = ASN1TIMEnew();\n# returns: value corresponding to openssl's ASN1TIME structure\n\n*   ASN1TIMEfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nASN1TIMEfree($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n\n*   ASN1TIMEset\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nASN1TIMEset($time, $t);\n# $time - value corresponding to openssl's ASN1TIME structure\n# $t - time value in seconds since 1.1.1970\n\nBEWARE: It is platform dependent how this function will handle dates after 2038. Although\nperl's integer is large enough the internal implementation of this function is dependent on\nthe size of timet structure (32bit timet has problem with 2038).\n\nIf you want to safely set date and time after 2038 use function \"PASN1TIMEsetisotime\".\n\n*   PASN1TIMEgetisotime\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e\n\nNOTE: Does not exactly correspond to any low level API function\n\nGives ISO-8601 string representation of ASN1TIME structure.\n\nmy $datetimestring = PASN1TIMEgetisotime($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n#\n# returns: datetime string like '2033-05-16T20:39:37Z' or '' on failure\n\nThe output format is compatible with module DateTime::Format::RFC3339\n\n*   PASN1TIMEsetisotime\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e\n\nNOTE: Does not exactly correspond to any low level API function\n\nSets time and date value of ANS1time structure.\n\nmy $rv = PASN1TIMEsetisotime($time, $string);\n# $time - value corresponding to openssl's ASN1TIME structure\n# $string - ISO-8601 timedate string like '2033-05-16T20:39:37Z'\n#\n# returns: 1 on success, 0 on failure\n\nThe $string parameter has to be in full form like \"2012-03-22T23:55:33\" or\n\"2012-03-22T23:55:33Z\" or \"2012-03-22T23:55:33CET\". Short forms like \"2012-03-22T23:55\" or\n\"2012-03-22\" are not supported.\n\n*   PASN1TIMEput2string\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before, has bugs with openssl-0.9.8i\n\nNOTE: Does not exactly correspond to any low level API function\n\nGives string representation of ASN1TIME structure.\n\nmy $str = PASN1TIMEput2string($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n#\n# returns: datetime string like 'May 16 20:39:37 2033 GMT'\n\n*   PASN1UTCTIMEput2string\n\nNOTE: deprecated function, only for backward compatibility, just an alias for\n\"PASN1TIMEput2string\"\n\nLow level API: X509* related functions\n*   X509new\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAllocates and initializes a X509 structure.\n\nmy $rv = Net::SSLeay::X509new();\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509new.html>\n\n*   X509free\n\nFrees up the X509 structure.\n\nNet::SSLeay::X509free($a);\n# $a - value corresponding to openssl's X509 structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509new.html>\n\n*   X509checkhost\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\nX509CHECKFLAGNEVERCHECKSUBJECT requires OpenSSL 1.1.0.\n\nChecks if the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches\nthe specified host name.\n\nmy $rv = Net::SSLeay::X509checkhost($cert, $name, $flags, $peername);\n# $cert - value corresponding to openssl's X509 structure\n# $name - host name to check\n# $flags (optional, default: 0) - can be the bitwise OR of:\n#   &Net::SSLeay::X509CHECKFLAGALWAYSCHECKSUBJECT\n#   &Net::SSLeay::X509CHECKFLAGNOWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGNOPARTIALWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGMULTILABELWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGSINGLELABELSUBDOMAINS\n#   &Net::SSLeay::X509CHECKFLAGNEVERCHECKSUBJECT\n# $peername (optional) - If not omitted and $host matches $cert,\n#                        a copy of the matching SAN or CN from\n#                        the peer certificate is stored in $peername.\n#\n# returns:\n#   1 for a successful match\n#   0 for a failed match\n#  -1 for an internal error\n#  -2 if the input is malformed\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkhost.html>.\n\n*   X509checkemail\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified email address.\n\nmy $rv = Net::SSLeay::X509checkemail($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - email address to check\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkemail.html>.\n\n*   X509checkip\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified IPv4 or IPv6 address.\n\nmy $rv = Net::SSLeay::X509checkip($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - IP address to check in binary format, in network byte order\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkip.html>.\n\n*   X509checkipasc\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified IPv4 or IPv6 address.\n\nmy $rv = Net::SSLeay::X509checkipasc($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - IP address to check in text representation\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkipasc.html>.\n\n*   X509certificatetype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns bitmask with type of certificate $x.\n\nmy $rv = Net::SSLeay::X509certificatetype($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: (integer) bitmask with certificate type\n\n#to decode bitmask returned by this function use these constants:\n&Net::SSLeay::EVPPKSDSA\n&Net::SSLeay::EVPPKSEC\n&Net::SSLeay::EVPPKSRSA\n&Net::SSLeay::EVPPKTENC\n&Net::SSLeay::EVPPKTEXCH\n&Net::SSLeay::EVPPKTEXP\n&Net::SSLeay::EVPPKTSIGN\n&Net::SSLeay::EVPPKDH\n&Net::SSLeay::EVPPKDSA\n&Net::SSLeay::EVPPKEC\n&Net::SSLeay::EVPPKRSA\n\n*   X509digest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509 $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509digest($data, $type);\n# $data - value corresponding to openssl's X509 structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509issuerandserialhash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of issuer name and serial number of X509 certificate $x. The result is\nnot a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long'\n(32 bits). The resulting value might differ across different openssl versions for the same\nX509 certificate.\n\nmy $rv = Net::SSLeay::X509issuerandserialhash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509issuernamehash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of issuer name of X509 certificate $x. The result is not a full hash\n(e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The\nresulting value might differ across different openssl versions for the same X509\ncertificate.\n\nmy $rv = Net::SSLeay::X509issuernamehash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509subjectnamehash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of subject name of X509 certificate $x. The result is not a full hash\n(e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The\nresulting value might differ across different openssl versions for the same X509\ncertificate.\n\nmy $rv = Net::SSLeay::X509subjectnamehash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509pubkeydigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nComputes digest/fingerprint of public key from X509 certificate $data using $type hash\nfunction.\n\nmy $digestvalue = Net::SSLeay::X509pubkeydigest($data, $type);\n# $data - value corresponding to openssl's X509 structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509setissuername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets issuer of X509 certificate $x to $name.\n\nmy $rv = Net::SSLeay::X509setissuername($x, $name);\n# $x - value corresponding to openssl's X509 structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets public key of X509 certificate $x to $pkey.\n\nmy $rv = Net::SSLeay::X509setpubkey($x, $pkey);\n# $x - value corresponding to openssl's X509 structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setserialNumber\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets serial number of X509 certificate $x to $serial.\n\nmy $rv = Net::SSLeay::X509setserialNumber($x, $serial);\n# $x - value corresponding to openssl's X509 structure\n# $serial - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: 1 on success, 0 on failure\n\n#to create $serial value use one of these:\n$serial = Net::SSLeay::PASN1INTEGERsethex('45ad6f');\n$serial = Net::SSLeay::PASN1INTEGERsetdec('7896541238529631478');\n$serial = Net::SSLeay::ASN1INTEGERset(45896);\n\n*   X509setsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets subject of X509 certificate $x to $name.\n\nmy $rv = Net::SSLeay::X509setsubjectname($x, $name);\n# $x - value corresponding to openssl's X509 structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSet 'version' value for X509 certificate $ to $version.\n\nmy $rv = Net::SSLeay::X509setversion($x, $version);\n# $x - value corresponding to openssl's X509 structure\n# $version - (integer) version number\n#\n# returns: 1 on success, 0 on failure\n\n*   X509sign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509 certificate $x with private key $pkey (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509sign($x, $pkey, $md);\n# $x - value corresponding to openssl's X509 structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509verify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509 object $a using public key $r (pubkey of issuing CA).\n\nmy $rv = Net::SSLeay::X509verify($x, $r);\n# $x - value corresponding to openssl's X509 structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   X509getextcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of extensions in X509 object $x.\n\nmy $rv = Net::SSLeay::X509getextcount($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: count of extensions\n\n*   X509getpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns public key corresponding to given X509 object $x.\n\nmy $rv = Net::SSLeay::X509getpubkey($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nNOTE: This method returns only the public key's key bits, without the algorithm or\nparameters. Use \"X509getX509PUBKEY()\" to return the full public key (SPKI) instead.\n\n*   X509getX509PUBKEY\n\nCOMPATIBILITY: not available in Net-SSLeay-1.72 and before\n\nReturns the full public key (SPKI) of given X509 certificate $x.\n\nNet::SSLeay::X509getX509PUBKEY($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: public key data in DER format (binary)\n\n*   X509getserialNumber\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns serial number of X509 certificate $x.\n\nmy $rv = Net::SSLeay::X509getserialNumber($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\nSee \"PASN1INTEGERgetdec\", \"PASN1INTEGERgethex\" or \"ASN1INTEGERget\" to decode\nASN1INTEGER object.\n\n*   X509get0serialNumber\n\nCOMPATIBILITY: available in Net-SSLeay-1.86 onwards\n\nX509get0serialNumber() is the same as X509getserialNumber() except it accepts a const\nparameter and returns a const result.\n\n*   X509getversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value of given X509 certificate $x.\n\nmy $rv = Net::SSLeay::X509getversion($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: (integer) version\n\n*   X509getext\n\nReturns X509EXTENSION from $x509 based on given position/index.\n\nmy $rv = Net::SSLeay::X509getext($x509, $index);\n# $x509 - value corresponding to openssl's X509 structure\n# $index - (integer) position/index of extension within $x509\n#\n# returns: value corresponding to openssl's X509EXTENSION structure (0 on failure)\n\n*   X509getextbyNID\n\nReturns X509EXTENSION from $x509 based on given NID.\n\nmy $rv = Net::SSLeay::X509getextbyNID($x509, $nid, $loc);\n# $x509 - value corresponding to openssl's X509 structure\n# $nid - (integer) NID value\n# $loc - (integer) position to start lookup at\n#\n# returns: position/index of extension, negative value on error\n#          call Net::SSLeay::X509getext($x509, $rv) to get the actual extension\n\n*   X509getfingerprint\n\nReturns fingerprint of certificate $cert.\n\nNOTE: Does not exactly correspond to any low level API function. The implementation is based\non openssl's \"X509digest()\".\n\nNet::SSLeay::X509getfingerprint($x509, $type);\n# $x509 - value corresponding to openssl's X509 structure\n# $type - (string) digest type, currently supported values:\n#         \"md5\"\n#         \"sha1\"\n#         \"sha256\"\n#         \"ripemd160\"\n#\n# returns: certificate digest - hexadecimal string (NOT binary data!)\n\n*   X509getissuername\n\nReturn an X509NAME object representing the issuer of the certificate $cert.\n\nmy $rv = Net::SSLeay::X509getissuername($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509getnotAfter\n\nReturn an object giving the time after which the certificate $cert is not valid.\n\nmy $rv = Net::SSLeay::X509getnotAfter($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nTo get human readable/printable form the return value you can use:\n\nmy $time = Net::SSLeay::X509getnotAfter($cert);\nprint \"notAfter=\", Net::SSLeay::PASN1TIMEgetisotime($time), \"\\n\";\n\n*   X509getnotBefore\n\nReturn an object giving the time before which the certificate $cert is not valid\n\nmy $rv = Net::SSLeay::X509getnotBefore($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nTo get human readable/printable form the return value you can use:\n\nmy $time = Net::SSLeay::X509getnotBefore($cert);\nprint \"notBefore=\", Net::SSLeay::PASN1TIMEgetisotime($time), \"\\n\";\n\n*   X509getsubjectAltNames\n\nNOTE: Does not exactly correspond to any low level API function.\n\nReturns the list of alternative subject names from X509 certificate $cert.\n\nmy @rv = Net::SSLeay::X509getsubjectAltNames($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list containing pairs - nametype (integer), namevalue (string)\n#          where nametype can be:\n#          0 - GENOTHERNAME\n#          1 - GENEMAIL\n#          2 - GENDNS\n#          3 - GENX400\n#          4 - GENDIRNAME\n#          5 - GENEDIPARTY\n#          6 - GENURI\n#          7 - GENIPADD\n#          8 - GENRID\n\nNote: type 7 - GENIPADD contains the IP address as a packed binary address. GENRID is\navailable in Net-SSLeay-1.90 and later. Maximum length for returned RID string is currently\n2500. Invalid and overly long RID values are skipped and not returned. GENX400 and\nGENEDIPARTY are not supported and will not be returned even when present in the\ncertificate.\n\n*   X509getsubjectname\n\nReturns the subject of the certificate $cert.\n\nmy $rv = Net::SSLeay::X509getsubjectname($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509gmtimeadj\n\nAdjust th ASN1TIME object to the timestamp (in GMT).\n\nmy $rv = Net::SSLeay::X509gmtimeadj($s, $adj);\n# $s - value corresponding to openssl's ASN1TIME structure\n# $adj - timestamp (seconds since 1.1.1970)\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nBEWARE: this function may fail for dates after 2038 as it is dependent on timet size on\nyour system (32bit timet does not work after 2038). Consider using\n\"PASN1TIMEsetisotime\" instead).\n\n*   X509loadcertcrlfile\n\nTakes PEM file and loads all X509 certificates and X509 CRLs from that file into X509LOOKUP\nstructure.\n\nmy $rv = Net::SSLeay::X509loadcertcrlfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#                          if not FILETYPEPEM then behaves as Net::SSLeay::X509loadcertfile()\n#\n# returns: 1 on success, 0 on failure\n\n*   X509loadcertfile\n\nLoads/adds X509 certificate from $file to X509LOOKUP structure\n\nmy $rv = Net::SSLeay::X509loadcertfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, 0 on failure\n\n*   X509loadcrlfile\n\nLoads/adds X509 CRL from $file to X509LOOKUP structure\n\nmy $rv = Net::SSLeay::X509loadcrlfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, 0 on failure\n\n*   X509policylevelget0node\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policylevelget0node($level, $i);\n# $level - value corresponding to openssl's X509POLICYLEVEL structure\n# $i - (integer) index/position\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policylevelnodecount\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policylevelnodecount($level);\n# $level - value corresponding to openssl's X509POLICYLEVEL structure\n#\n# returns: (integer) node count\n\n*   X509policynodeget0parent\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0parent($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policynodeget0policy\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0policy($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\n*   X509policynodeget0qualifiers\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0qualifiers($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's STACKOF(POLICYQUALINFO) structure (0 on failure)\n\n*   X509policytreefree\n\n??? (more info needed)\n\nNet::SSLeay::X509policytreefree($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: no return value\n\n*   X509policytreeget0level\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0level($tree, $i);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n# $i - (integer) level index\n#\n# returns: value corresponding to openssl's X509POLICYLEVEL structure (0 on failure)\n\n*   X509policytreeget0policies\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0policies($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policytreeget0userpolicies\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0userpolicies($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policytreelevelcount\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreelevelcount($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: (integer) count\n\n*   X509verifycerterrorstring\n\nReturns a human readable error string for verification error $n.\n\nmy $rv = Net::SSLeay::X509verifycerterrorstring($n);\n# $n - (long) numeric error code\n#\n# returns: error string\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   PX509addextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds one or more X509 extensions to X509 object $x.\n\nmy $rv = Net::SSLeay::PX509addextensions($x, $cacert, $nid, $value);\n# $x - value corresponding to openssl's X509 structure\n# $cacert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NIDauthoritykeyidentifier)\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nYou can set more extensions at once:\n\nmy $rv = Net::SSLeay::PX509addextensions($x509, $cacert,\n&Net::SSLeay::NIDkeyusage => 'digitalSignature,keyEncipherment',\n&Net::SSLeay::NIDsubjectkeyidentifier => 'hash',\n&Net::SSLeay::NIDauthoritykeyidentifier => 'keyid',\n&Net::SSLeay::NIDauthoritykeyidentifier => 'issuer',\n&Net::SSLeay::NIDbasicconstraints => 'CA:FALSE',\n&Net::SSLeay::NIDextkeyusage => 'serverAuth,clientAuth',\n&Net::SSLeay::NIDnetscapecerttype => 'server',\n&Net::SSLeay::NIDsubjectaltname => 'DNS:s1.dom.com,DNS:s2.dom.com,DNS:s3.dom.com',\n);\n\n*   PX509copyextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCopies X509 extensions from X509REQ object to X509 object - handy when you need to turn\nX509REQ into X509 certificate.\n\nNet::SSLeay::PX509copyextensions($x509req, $x509, $override);\n# $x509req - value corresponding to openssl's X509REQ structure\n# $x509 - value corresponding to openssl's X509 structure\n# $override - (integer) flag indication whether to override already existing items in $x509 (default 1)\n#\n# returns: 1 on success, 0 on failure\n\n*   PX509getcrldistributionpoints\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nGet the list of CRL distribution points from X509 certificate.\n\nmy @cdp = Net::SSLeay::PX509getcrldistributionpoints($x509);\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: list of distribution points (usually URLs)\n\n*   PX509getextkeyusage\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nGets the list of extended key usage of given X509 certificate $cert.\n\nmy @extusage = Net::SSLeay::PX509getextkeyusage($cert, $format);\n# $cert - value corresponding to openssl's X509 structure\n# $format - choose type of return values: 0=OIDs, 1=NIDs, 2=shortnames, 3=longnames\n#\n# returns: list of values\n\nExamples:\n\nmy @extkeyusageoid = Net::SSLeay::PX509getextkeyusage($x509,0);\n# returns for example: (\"1.3.6.1.5.5.7.3.1\", \"1.3.6.1.5.5.7.3.2\")\n\nmy @extkeyusagenid = Net::SSLeay::PX509getextkeyusage($x509,1);\n# returns for example: (129, 130)\n\nmy @extkeyusagesn  = Net::SSLeay::PX509getextkeyusage($x509,2);\n# returns for example: (\"serverAuth\", \"clientAuth\")\n\nmy @extkeyusageln  = Net::SSLeay::PX509getextkeyusage($x509,3);\n# returns for example: (\"TLS Web Server Authentication\",  \"TLS Web Client Authentication\")\n\n*   PX509getkeyusage\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nGets the list of key usage of given X509 certificate $cert.\n\nmy @keyusage = Net::SSLeay::PX509getkeyusage($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list of key usage values which can be none, one or more from the following list:\n#          \"digitalSignature\"\n#          \"nonRepudiation\"\n#          \"keyEncipherment\"\n#          \"dataEncipherment\"\n#          \"keyAgreement\"\n#          \"keyCertSign\"\n#          \"cRLSign\"\n#          \"encipherOnly\"\n#          \"decipherOnly\"\n\n*   PX509getnetscapecerttype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nGets the list of Netscape cert types of given X509 certificate $cert.\n\nNet::SSLeay::PX509getnetscapecerttype($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list of Netscape type values which can be none, one or more from the following list:\n#          \"client\"\n#          \"server\"\n#          \"email\"\n#          \"objsign\"\n#          \"reserved\"\n#          \"sslCA\"\n#          \"emailCA\"\n#          \"objCA\"\n\n*   PX509getpubkeyalg\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns ASN1OBJECT corresponding to X509 certificate public key algorithm.\n\nmy $rv = Net::SSLeay::PX509getpubkeyalg($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nTo get textual representation use:\n\nmy $alg = Net::SSLeay::OBJobj2txt(Net::SSLeay::PX509getpubkeyalg($x509));\n# returns for example: \"rsaEncryption\"\n\n*   PX509getsignaturealg\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns ASN1OBJECT corresponding to X509 signarite key algorithm.\n\nmy $rv = Net::SSLeay::PX509getsignaturealg($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nTo get textual representation use:\n\nmy $alg = Net::SSLeay::OBJobj2txt(Net::SSLeay::PX509getsignaturealg($x509))\n# returns for example: \"sha1WithRSAEncryption\"\n\n*   skX509newnull\n\nReturns a new, empty, STACKOF(X509) structure.\n\nmy $rv = Net::SSLeay::skX509newnull();\n#\n# returns: value corresponding to openssl's STACKOF(X509) structure\n\n*   skX509push\n\nPushes an X509 structure onto a STACKOF(X509) structure.\n\nmy $rv = Net::SSLeay::skX509push($skx509, $x509);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: total number of elements after the operation, 0 on failure\n\n*   skX509pop\n\nPops an single X509 structure from a STACKOF(X509) structure.\n\nmy $x509 = NetSSLeay::skX509pop($skx509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEpop.html>\n\n*   skX509shift\n\nShifts an single X509 structure onto a STACKOF(X509) structure.\n\nmy $x509 = NetSSLeay::skX509shift($skx509, $x509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEshift.html>\n\n*   skX509unshift\n\nUnshifts an single X509 structure from a STACKOF(X509) structure.\n\nmy $rv = NetSSLeay::skX509unshift($skx509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: total number of elements after the operation, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEunshift.html>\n\n*   skX509insert\n\nInserts a single X509 structure into a STACKOF(X509) at the specified index.\n\nmy $rv = Net::SSLeay::skX509insert($skx509, $x509, index);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n# index - integer - 0 based index\n#\n# returns: total number of elements after the operation, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEinsert.html>\n\n*   skX509delete\n\nDelete a single X509 structure from a STACKOF(X509) at the specified index.\n\nmy $x509 = Net::SSLeay::skX509delete($skx509, index);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# index - integer - 0 based index\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEdelete.html>\n\n*   skX509value\n\nReturn a single X509 structure from a STACKOF(X509) at the specified index.\n\nmy $x509 = Net::SSLeay::skX509value($skx509, index)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# index - integer - 0 based index\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEvalue.html>\n\n*   skX509num\n\nReturn the number of X509 elements in a STACKOF(X509).\n\nmy $num = Net::SSLeay::skX509num($skx509);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: the number of elements in the stack, -1 if the passed stack is NULL\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEnum.html>\n\nLow level API: X509REQ* related functions\n*   X509REQnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new X509REQ structure.\n\nmy $rv = Net::SSLeay::X509REQnew();\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\n*   X509REQfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated X509REQ structure.\n\nNet::SSLeay::X509REQfree($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: no return value\n\n*   X509REQadd1attrbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds an attribute whose name is defined by a NID $nid. The field value to be added is in\n$bytes.\n\nmy $rv = Net::SSLeay::X509REQadd1attrbyNID($req, $nid, $type, $bytes);\n# $req - value corresponding to openssl's X509REQ structure\n# $nid - (integer) NID value\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n#\n# returns: 1 on success, 0 on failure\n\n# values for $type - use constants:\n&Net::SSLeay::MBSTRINGUTF8     - $bytes contains utf8 encoded data\n&Net::SSLeay::MBSTRINGASC      - $bytes contains ASCII data\n\n*   X509REQdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509REQ $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509REQdigest($data, $type);\n# $data - value corresponding to openssl's X509REQ structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509REQgetattrbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieve the next index matching $nid after $lastpos ($lastpos should initially be set to\n-1).\n\nmy $rv = Net::SSLeay::X509REQgetattrbyNID($req, $nid, $lastpos=-1);\n# $req - value corresponding to openssl's X509REQ structure\n# $nid - (integer) NID value\n# $lastpos - [optional] (integer) index where to start search (default -1)\n#\n# returns: index (-1 if there are no more entries)\n\nNote: use \"PX509REQgetattr\" to get the actual attribute value - e.g.\n\nmy $index = Net::SSLeay::X509REQgetattrbyNID($req, $nid);\nmy @attrvalues = Net::SSLeay::PX509REQgetattr($req, $index);\n\n*   X509REQgetattrbyOBJ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieve the next index matching $obj after $lastpos ($lastpos should initially be set to\n-1).\n\nmy $rv = Net::SSLeay::X509REQgetattrbyOBJ($req, $obj, $lastpos=-1);\n# $req - value corresponding to openssl's X509REQ structure\n# $obj - value corresponding to openssl's ASN1OBJECT structure\n# $lastpos - [optional] (integer) index where to start search (default -1)\n#\n# returns: index (-1 if there are no more entries)\n\nNote: use \"PX509REQgetattr\" to get the actual attribute value - e.g.\n\nmy $index = Net::SSLeay::X509REQgetattrbyNID($req, $nid);\nmy @attrvalues = Net::SSLeay::PX509REQgetattr($req, $index);\n\n*   X509REQgetattrcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of attributes in $req.\n\nmy $rv = Net::SSLeay::X509REQgetattrcount($req);\n# $req - value corresponding to openssl's X509REQ structure\n#\n# returns: (integer) items count\n\n*   X509REQgetpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns public key corresponding to given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetpubkey($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\n*   X509REQgetsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns X509NAME object corresponding to subject name of given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetsubjectname($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509REQgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value for given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetversion($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: (integer) version e.g. 0 = \"version 1\"\n\n*   X509REQsetpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets public key of given X509REQ object $x to $pkey.\n\nmy $rv = Net::SSLeay::X509REQsetpubkey($x, $pkey);\n# $x - value corresponding to openssl's X509REQ structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsetsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets subject name of given X509REQ object $x to X509NAME object $name.\n\nmy $rv = Net::SSLeay::X509REQsetsubjectname($x, $name);\n# $x - value corresponding to openssl's X509REQ structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets 'version' of given X509REQ object $x to $version.\n\nmy $rv = Net::SSLeay::X509REQsetversion($x, $version);\n# $x - value corresponding to openssl's X509REQ structure\n# $version - (integer) e.g. 0 = \"version 1\"\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509REQ object $x with private key $pk (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509REQsign($x, $pk, $md);\n# $x - value corresponding to openssl's X509REQ structure\n# $pk - value corresponding to openssl's EVPPKEY structure (requestor's private key)\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQverify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509REQ object $x using public key $r (pubkey of requesting party).\n\nmy $rv = Net::SSLeay::X509REQverify($x, $r);\n# $x - value corresponding to openssl's X509REQ structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   PX509REQaddextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds one or more X509 extensions to X509REQ object $x.\n\nmy $rv = Net::SSLeay::PX509REQaddextensions($x, $nid, $value);\n# $x - value corresponding to openssl's X509REQ structure\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nYou can set more extensions at once:\n\nmy $rv = Net::SSLeay::PX509REQaddextensions($x509req,\n&Net::SSLeay::NIDkeyusage => 'digitalSignature,keyEncipherment',\n&Net::SSLeay::NIDbasicconstraints => 'CA:FALSE',\n&Net::SSLeay::NIDextkeyusage => 'serverAuth,clientAuth',\n&Net::SSLeay::NIDnetscapecerttype => 'server',\n&Net::SSLeay::NIDsubjectaltname => 'DNS:s1.com,DNS:s2.com',\n&Net::SSLeay::NIDcrldistributionpoints => 'URI:http://pki.com/crl1,URI:http://pki.com/crl2',\n);\n\n*   PX509REQgetattr\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nReturns attribute value for X509REQ's attribute at index $n.\n\nNet::SSLeay::PX509REQgetattr($req, $n);\n# $req - value corresponding to openssl's X509REQ structure\n# $n - (integer) attribute index\n#\n# returns: value corresponding to openssl's ASN1STRING structure\n\nLow level API: X509CRL* related functions\n*   X509CRLnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new X509CRL structure.\n\nmy $rv = Net::SSLeay::X509CRLnew();\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\n*   X509CRLfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated X509CRL structure.\n\nNet::SSLeay::X509CRLfree($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: no return value\n\n*   X509CRLdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509CRL $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509CRLdigest($data, $type);\n# $data - value corresponding to openssl's X509CRL structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\nExample:\n\nmy $x509crl\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\");\nmy $digestvalue = Net::SSLeay::X509CRLdigest($x509crl, $md);\n#to get printable (hex) value of digest use:\nprint \"digest=\", unpack('H*', $digestvalue), \"\\n\";\n\n*   X509CRLgetext\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns X509EXTENSION from $x509 based on given position/index.\n\nmy $rv = Net::SSLeay::X509CRLgetext($x509, $index);\n# $x509 - value corresponding to openssl's X509CRL structure\n# $index - (integer) position/index of extension within $x509\n#\n# returns: value corresponding to openssl's X509EXTENSION structure (0 on failure)\n\n*   X509CRLgetextbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns X509EXTENSION from $x509 based on given NID.\n\nmy $rv = Net::SSLeay::X509CRLgetextbyNID($x509, $nid, $loc);\n# $x509 - value corresponding to openssl's X509CRL structure\n# $nid - (integer) NID value\n# $loc - (integer) position to start lookup at\n#\n# returns: position/index of extension, negative value on error\n#          call Net::SSLeay::X509CRLgetext($x509, $rv) to get the actual extension\n\n*   X509CRLgetextcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns the total number of extensions in X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetextcount($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: count of extensions\n\n*   X509CRLgetissuer\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns X509NAME object corresponding to the issuer of X509CRL $x.\n\nmy $rv = Net::SSLeay::X509CRLgetissuer($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\nSee other \"X509NAME*\" functions to get more info from X509NAME structure.\n\n*   X509CRLgetlastUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'lastUpdate' date-time value of X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetlastUpdate($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\n*   X509CRLgetnextUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'nextUpdate' date-time value of X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetnextUpdate($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\n*   X509CRLgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value of given X509CRL structure $x.\n\nmy $rv = Net::SSLeay::X509CRLgetversion($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: (integer) version\n\n*   X509CRLsetissuername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets the issuer of X509CRL object $x to X509NAME object $name.\n\nmy $rv = Net::SSLeay::X509CRLsetissuername($x, $name);\n# $x - value corresponding to openssl's X509CRL structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetlastUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'lastUpdate' value of X509CRL object $x to $tm.\n\nmy $rv = Net::SSLeay::X509CRLsetlastUpdate($x, $tm);\n# $x - value corresponding to openssl's X509CRL structure\n# $tm - value corresponding to openssl's ASN1TIME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetnextUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'nextUpdate' value of X509CRL object $x to $tm.\n\nmy $rv = Net::SSLeay::X509CRLsetnextUpdate($x, $tm);\n# $x - value corresponding to openssl's X509CRL structure\n# $tm - value corresponding to openssl's ASN1TIME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'version' value of given X509CRL structure $x to $version.\n\nmy $rv = Net::SSLeay::X509CRLsetversion($x, $version);\n# $x - value corresponding to openssl's X509CRL structure\n# $version - (integer) version number (1 = version 2 CRL)\n#\n# returns: 1 on success, 0 on failure\n\nNote that if you want to use any X509CRL extension you need to set \"version 2 CRL\" -\n\"Net::SSLeay::X509CRLsetversion($x, 1)\".\n\n*   X509CRLsign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509CRL object $x with private key $pkey (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509CRLsign($x, $pkey, $md);\n# $x - value corresponding to openssl's X509CRL structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsort\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSorts the data of X509CRL object so it will be written in serial number order.\n\nmy $rv = Net::SSLeay::X509CRLsort($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLverify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509CRL object $a using public key $r (pubkey of issuing CA).\n\nmy $rv = Net::SSLeay::X509CRLverify($a, $r);\n# $a - value corresponding to openssl's X509CRL structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   PX509CRLaddrevokedserialhex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nAdds given serial number $serialhex to X509CRL object $crl.\n\nNet::SSLeay::PX509CRLaddrevokedserialhex($crl, $serialhex, $revtime, $reasoncode, $comptime);\n# $crl - value corresponding to openssl's X509CRL structure\n# $serialhex - string (hexadecimal) representation of serial number\n# $revtime - (revocation time) value corresponding to openssl's ASN1TIME structure\n# $reasoncode - [optional] (integer) reason code (see below) - default 0\n# $comptime - [optional] (compromise time) value corresponding to openssl's ASN1TIME structure\n#\n# returns: no return value\n\nreason codes:\n0 - unspecified\n1 - keyCompromise\n2 - CACompromise\n3 - affiliationChanged\n4 - superseded\n5 - cessationOfOperation\n6 - certificateHold\n7 - removeFromCRL\n\n*   PX509CRLgetserial\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nReturns serial number of X509CRL object.\n\nmy $rv = Net::SSLeay::PX509CRLgetserial($crl);\n# $crl - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\n*   PX509CRLsetserial\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets serial number of X509CRL object to $crlnumber.\n\nmy $rv = Net::SSLeay::PX509CRLsetserial($crl, $crlnumber);\n# $crl - value corresponding to openssl's X509CRL structure\n# $crlnumber - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: 1 on success, 0 on failure\n\n*   PX509CRLaddextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nAdds one or more X509 extensions to X509 CRL object $x.\n\nmy $rv = Net::SSLeay::PX509CRLaddextensions($x, $cacert, $nid, $value);\n# $x - value corresponding to openssl's X509 CRL structure\n# $cacert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NIDauthoritykeyidentifier)\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nFor more details see \"PX509addextensions\".\n\nLow level API: X509EXTENSION* related functions\n*   X509EXTENSIONgetcritical\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'critical' flag of given X509EXTENSION object $ex.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetcritical($ex);\n# $ex - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: (integer) 1 - critical, 0 - noncritical\n\n*   X509EXTENSIONgetdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns value (raw data) of X509EXTENSION object $ne.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetdata($ne);\n# $ne - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: value corresponding to openssl's ASN1OCTETSTRING structure (0 on failure)\n\nNote: you can use \"PASN1STRINGget\" to convert ASN1OCTETSTRING into perl scalar\nvariable.\n\n*   X509EXTENSIONgetobject\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns OID (ASN1OBJECT) of X509EXTENSION object $ne.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetobject($ex);\n# $ex - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\n*   X509V3EXTprint\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string representation of given X509EXTENSION object $ext.\n\nNet::SSLeay::X509V3EXTprint($ext, $flags, $utf8decode);\n# $ext - value corresponding to openssl's X509EXTENSION structure\n# $flags - [optional] (integer) Currently the flag argument is unused and should be set to 0\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: no return value\n\n*   X509V3EXTd2i\n\nParses an extension and returns its internal structure.\n\nmy $rv = Net::SSLeay::X509V3EXTd2i($ext);\n# $ext - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: pointer ???\n\nLow level API: X509NAME* related functions\n*   X509NAMEENTRYgetdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the field value of $ne in and ASN1STRING structure.\n\nmy $rv = Net::SSLeay::X509NAMEENTRYgetdata($ne);\n# $ne - value corresponding to openssl's X509NAMEENTRY structure\n#\n# returns: value corresponding to openssl's ASN1STRING structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEENTRYgetobject.html>\n\n*   X509NAMEENTRYgetobject\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the field name of $ne in and ASN1OBJECT structure.\n\nmy $rv = Net::SSLeay::X509NAMEENTRYgetobject($ne);\n# $ne - value corresponding to openssl's X509NAMEENTRY structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEENTRYgetobject.html>\n\n*   X509NAMEnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5\n\nCreates a new X509NAME structure. Adds a field whose name is defined by a string $field.\nThe field value to be added is in $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEnew();\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509NAMEhash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5\n\nSort of a checksum of issuer name $name. The result is not a full hash (e.g. sha-1), it is\nkind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The resulting value might\ndiffer across different openssl versions for the same X509 certificate.\n\nmy $rv = Net::SSLeay::X509NAMEhash($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: number representing checksum\n\n*   X509NAMEaddentrybytxt\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a string $field. The field value to be added is in\n$bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybytxt($name, $field, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $field - (string) field definition (name) - e.g. \"organizationName\"\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\n# values for $type - use constants:\n&Net::SSLeay::MBSTRINGUTF8     - $bytes contains utf8 encoded data\n&Net::SSLeay::MBSTRINGASC      - $bytes contains ASCII data\n\nUnicode note: when passing non-ascii (unicode) string in $bytes do not forget to set \"$flags\n= &Net::SSLeay::MBSTRINGUTF8\" and encode the perl $string via \"$bytes = encode('utf-8',\n$string)\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEaddentrybyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a NID $nid. The field value to be added is in $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybyNID($name, $nid, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $nid - (integer) field definition - NID value\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEaddentrybyOBJ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a object (OID) $obj . The field value to be added is\nin $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybyOBJ($name, $obj, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $obj - field definition - value corresponding to openssl's ASN1OBJECT structure\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEcmp\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCompares two X509NAME obejcts.\n\nmy $rv = Net::SSLeay::X509NAMEcmp($a, $b);\n# $a - value corresponding to openssl's X509NAME structure\n# $b - value corresponding to openssl's X509NAME structure\n#\n# returns: 0 if $a matches $b; non zero otherwise\n\n*   X509NAMEdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509NAME $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509NAMEdigest($data, $type);\n# $data - value corresponding to openssl's X509NAME structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509NAMEentrycount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of entries in $name.\n\nmy $rv = Net::SSLeay::X509NAMEentrycount($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: (integer) entries count\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEgetentry\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the X509NAMEENTRY from $name corresponding to index $loc. Acceptable values for\n$loc run from 0 to \"Net::SSLeay::X509NAMEentrycount($name)- 1\". The value returned is an\ninternal pointer which must not be freed.\n\nmy $rv = Net::SSLeay::X509NAMEgetentry($name, $loc);\n# $name - value corresponding to openssl's X509NAME structure\n# $loc - (integer) index of wanted entry\n#\n# returns: value corresponding to openssl's X509NAMEENTRY structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEprintex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns a string with human readable version of $name.\n\nNet::SSLeay::X509NAMEprintex($name, $flags, $utf8decode);\n# $name - value corresponding to openssl's X509NAME structure\n# $flags - [optional] conversion flags (default XNFLAGRFC2253) - see below\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: string representation of $name\n\n#available conversion flags - use constants:\n&Net::SSLeay::XNFLAGCOMPAT\n&Net::SSLeay::XNFLAGDNREV\n&Net::SSLeay::XNFLAGDUMPUNKNOWNFIELDS\n&Net::SSLeay::XNFLAGFNALIGN\n&Net::SSLeay::XNFLAGFNLN\n&Net::SSLeay::XNFLAGFNMASK\n&Net::SSLeay::XNFLAGFNNONE\n&Net::SSLeay::XNFLAGFNOID\n&Net::SSLeay::XNFLAGFNSN\n&Net::SSLeay::XNFLAGMULTILINE\n&Net::SSLeay::XNFLAGONELINE\n&Net::SSLeay::XNFLAGRFC2253\n&Net::SSLeay::XNFLAGSEPCOMMAPLUS\n&Net::SSLeay::XNFLAGSEPCPLUSSPC\n&Net::SSLeay::XNFLAGSEPMASK\n&Net::SSLeay::XNFLAGSEPMULTILINE\n&Net::SSLeay::XNFLAGSEPSPLUSSPC\n&Net::SSLeay::XNFLAGSPCEQ\n\nMost likely you will be fine with default:\n\nNet::SSLeay::X509NAMEprintex($name, &Net::SSLeay::XNFLAGRFC2253);\n\nOr you might want RFC2253-like output without utf8 chars escaping:\n\nuse Net::SSLeay qw/XNFLAGRFC2253 ASN1STRFLGSESCMSB/;\nmy $flagrfc22536utf8 = (XNFLAGRFC2253) & (~ ASN1STRFLGSESCMSB);\nmy $result = Net::SSLeay::X509NAMEprintex($name, $flagrfc22536utf8, 1);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEprintex.html>\n\n*   X509NAMEgettextbyNID\n\nRetrieves the text from the first entry in name which matches $nid, if no such entry exists\n-1 is returned.\n\nopenssl note: this is a legacy function which has various limitations which makes it of\nminimal use in practice. It can only find the first matching entry and will copy the\ncontents of the field verbatim: this can be highly confusing if the target is a\nmulticharacter string type like a BMPString or a UTF8String.\n\nNet::SSLeay::X509NAMEgettextbyNID($name, $nid);\n# $name - value corresponding to openssl's X509NAME structure\n# $nid - NID value (integer)\n#\n# returns: text value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEoneline\n\nReturn an ASCII version of $name.\n\nNet::SSLeay::X509NAMEoneline($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: (string) ASCII version of $name\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEprintex.html>\n\n*   skX509NAMEfree\n\nFree an allocated STACKOF(X509NAME) structure.\n\nNet::SSLeay::skX509NAMEfree($sk);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: no return value\n\n*   skX509NAMEnum\n\nReturn number of items in STACKOF(X509NAME)\n\nmy $rv = Net::SSLeay::skX509NAMEnum($sk);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: number of items\n\n*   skX509NAMEvalue\n\nReturns X509NAME from position $index in STACKOF(X509NAME)\n\nmy $rv = Net::SSLeay::skX509NAMEvalue($sk, $i);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n# $i - (integer) index/position\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   addfilecertsubjectstostack\n\nAdd a file of certs to a stack. All certs in $file that are not already in the $stackCAs\nwill be added.\n\nmy $rv = Net::SSLeay::addfilecertsubjectstostack($stackCAs, $file);\n# $stackCAs - value corresponding to openssl's STACKOF(X509NAME) structure\n# $file - (string) filename\n#\n# returns: 1 on success, 0 on failure\n\n*   adddircertsubjectstostack\n\nAdd a directory of certs to a stack. All certs in $dir that are not already in the $stackCAs\nwill be added.\n\nmy $rv = Net::SSLeay::adddircertsubjectstostack($stackCAs, $dir);\n# $stackCAs - value corresponding to openssl's STACKOF(X509NAME) structure\n# $dir - (string) the directory to append from. All files in this directory will be examined as potential certs. Any that are acceptable to SSLadddircertsubjectstostack() that are not already in the stack will be included.\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: X509STORE* related functions\n*   X509STORECTXnew\n\nreturns a newly initialised X509STORECTX structure.\n\n*   X509STORECTXinit\n\nX509STORECTXinit() sets up an X509STORECTX for a subsequent verification operation. It\nmust be called before each call to X509verifycert().\n\nmy $rv = Net::SSLeay::X509STORECTXinit($x509storectx, $x509store, $x509, $chain);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure (required)\n# $x509store - value corresponding to openssl's X509STORE structure (optional)\n# $x509 - value corresponding to openssl's X509 structure (optional)\n# $chain - value corresponding to openssl's STACKOF(X509) structure (optional)\n#\n# returns: 1 on success, 0 on failure\n#\n# Note: returns nothing with Net::SSLeay 1.90 and earlier.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509STORECTXinit.html>\n\n*   X509STORECTXfree\n\nFrees an X509STORECTX structure.\n\nNet::SSLeay::X509STORECTXfree($x509storectx);\n\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n\n*   X509verifycert\n\nThe X509verifycert() function attempts to discover and validate a certificate chain based\non parameters in ctx. A complete description of the process is contained in the verify(1)\nmanual page.\n\nIf this function returns 0, use X509STORECTXgeterror to get additional error\ninformation.\n\nmy $rv = Net::SSLeay::X509verifycert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: 1 if a complete chain can be built and validated, otherwise 0\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509verifycert.html>\n\n*   X509STORECTXgetcurrentcert\n\nReturns the certificate in ctx which caused the error or 0 if no certificate is relevant.\n\nmy $rv = Net::SSLeay::X509STORECTXgetcurrentcert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXget0cert\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before; requires at least OpenSSL\n1.1.0pre6 or LibreSSL 2.7.0\n\nReturns an internal pointer to the certificate being verified by the ctx.\n\nmy $x509 = Net::SSLeay::X509STORECTXget0cert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's X509 structure\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/X509STORECTXget0cert.html>\n\n*   X509STORECTXget1chain\n\nReturns a returns a complete validate chain if a previous call to X509verifycert() is\nsuccessful.\n\nmy $rv = Net::SSLeay::X509STORECTXget1chain($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's STACKOF(X509) structure\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/X509STORECTXget1chain.html>\n\n*   X509STORECTXgeterror\n\nReturns the error code of $ctx.\n\nmy $rv = Net::SSLeay::X509STORECTXgeterror($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: (integer) error code\n\nFor more info about erro code values check function \"getverifyresult\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXgeterrordepth\n\nReturns the depth of the error. This is a non-negative integer representing where in the\ncertificate chain the error occurred. If it is zero it occurred in the end entity\ncertificate, one if it is the certificate which signed the end entity certificate and so on.\n\nmy $rv = Net::SSLeay::X509STORECTXgeterrordepth($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: (integer) depth\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXgetexdata\n\nIs used to retrieve the information for $idx from $x509storectx.\n\nmy $rv = Net::SSLeay::X509STORECTXgetexdata($x509storectx, $idx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\n*   X509STORECTXsetexdata\n\nIs used to store application data at arg for idx into $x509storectx.\n\nmy $rv = Net::SSLeay::X509STORECTXsetexdata($x509storectx, $idx, $data);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STORECTXsetcert\n\nSets the certificate to be verified in $x509storectx to $x.\n\nNet::SSLeay::X509STORECTXsetcert($x509storectx, $x);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXnew.html>\n\n*   X509STOREnew\n\nReturns a newly initialized X509STORE structure.\n\nmy $rv = Net::SSLeay::X509STOREnew();\n#\n# returns: value corresponding to openssl's X509STORE structure (0 on failure)\n\n*   X509STOREfree\n\nFrees an X509STORE structure\n\nNet::SSLeay::X509STOREfree($x509store);\n# $x509store - value corresponding to openssl's X509STORE structure\n\n*   X509STOREaddlookup\n\nAdds a lookup to an X509STORE for a given lookup method.\n\nmy $method = &Net::SSLeay::X509LOOKUPhashdir;\nmy $rv = Net::SSLeay::X509STOREaddlookup($x509store, $method);\n# $method - value corresponding to openssl's X509LOOKUPMETHOD structure\n# $x509store - value corresponding to openssl's X509STORE structure\n#\n# returns: value corresponding to openssl's X509LOOKUP structure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509STOREaddlookup.html>\n\n*   X509STORECTXseterror\n\nSets the error code of $ctx to $s. For example it might be used in a verification callback\nto set an error based on additional checks.\n\nNet::SSLeay::X509STORECTXseterror($x509storectx, $s);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $s - (integer) error id\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STOREaddcert\n\nAdds X509 certificate $x into the X509STORE $store.\n\nmy $rv = Net::SSLeay::X509STOREaddcert($store, $x);\n# $store - value corresponding to openssl's X509STORE structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STOREaddcrl\n\nAdds X509 CRL $x into the X509STORE $store.\n\nmy $rv = Net::SSLeay::X509STOREaddcrl($store, $x);\n# $store - value corresponding to openssl's X509STORE structure\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STOREset1param\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509STOREset1param($store, $pm);\n# $store - value corresponding to openssl's X509STORE structure\n# $pm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509LOOKUPhashdir\n\nReturns an X509LOOKUP structure that instructs an X509STORE to load files from a directory\ncontaining certificates with filenames in the format *hash.N* or crls with filenames in the\nformat *hash.*r*N*\n\nmy $rv = Net::SSLeay::X509LOOKUPhashdir();\n#\n# returns: value corresponding to openssl's X509LOOKUPMETHOD structure, with the hashed directory method\n\nCheck openssl doc <https://www.openssl.org/docs/man1.1.1/man3/X509loadcrlfile.html>\n\n*   X509LOOKUPadddir\n\nAdd a directory to an X509LOOKUP structure, usually obtained from X509STOREaddlookup.\n\nmy $method = &Net::SSLeay::X509LOOKUPhashdir;\nmy $lookup = Net::SSLeay::X509STOREaddlookup($x509store, $method);\nmy $type = &Net::SSLeay::X509FILETYPEPEM;\nNet::SSLeay::X509LOOKUPadddir($lookup, $dir, $type);\n# $lookup - value corresponding to openssl's X509LOOKUP structure\n# $dir - string path to a directory\n# $type - constant corresponding to the type of file in the directory - can be X509FILETYPEPEM, X509FILETYPEDEFAULT, or X509FILETYPEASN1\n\n*   X509STOREsetflags\n\nNet::SSLeay::X509STOREsetflags($ctx, $flags);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: no return value\n\n#to create $flags value use corresponding constants like\n$flags = Net::SSLeay::X509VFLAGCRLCHECK();\n\nFor more details about $flags bitmask see \"X509VERIFYPARAMsetflags\".\n\n*   X509STOREsetpurpose\n\nNet::SSLeay::X509STOREsetpurpose($ctx, $purpose);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $purpose - (integer) purpose identifier\n#\n# returns: no return value\n\nFor more details about $purpose identifier check \"CTXsetpurpose\".\n\n*   X509STOREsettrust\n\nNet::SSLeay::X509STOREsettrust($ctx, $trust);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $trust - (integer) trust identifier\n#\n# returns: no return value\n\nFor more details about $trust identifier check \"CTXsettrust\".\n\nLow Level API: X509INFO related functions\n*   skX509INFOnum\n\nReturns the number of values in a STACKOF(X509INFO) structure.\n\nmy $rv = Net::SSLeay::skX509INFOnum($skx509info);\n# $skx509info - value corresponding to openssl's STACKOF(X509INFO) structure\n#\n# returns: number of values in $skX509info\n\n*   skX509INFOvalue\n\nReturns the value of a STACKOF(X509INFO) structure at a given index.\n\nmy $rv = Net::SSLeay::skX509INFOvalue($skx509info, $index);\n# $skx509info - value corresponding to openssl's STACKOF(X509INFO) structure\n# $index - index into the stack\n#\n# returns: value corresponding to openssl's X509INFO structure at the given index\n\n*   PX509INFOgetx509\n\nReturns the X509 structure stored in an X509INFO structure.\n\nmy $rv = Net::SSLeay::PX509INFOgetx509($x509info);\n# $x509info - value corresponding to openssl's X509INFO structure\n#\n# returns: value corresponding to openssl's X509 structure\n\nLow level API: X509VERIFYPARAM* related functions\n*   X509VERIFYPARAMadd0policy\n\nEnables policy checking (it is disabled by default) and adds $policy to the acceptable\npolicy set.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd0policy($param, $policy);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $policy - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMadd0table\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd0table($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMadd1host\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nAdds an additional reference identifier that can match the peer's certificate.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd1host($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nSee also OpenSSL docs, \"X509VERIFYPARAMset1host\" and \"X509VERIFYPARAMsethostflags\"\nfor more information, including wildcard matching.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMclearflags\n\nClears the flags $flags in param.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMclearflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $flags bitmask see \"X509VERIFYPARAMsetflags\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMfree\n\nFrees up the X509VERIFYPARAM structure.\n\nNet::SSLeay::X509VERIFYPARAMfree($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: no return value\n\n*   X509VERIFYPARAMget0peername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nReturns the DNS hostname or subject CommonName from the peer certificate that matched one of\nthe reference identifiers.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMget0peername($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (string) name e.g. '*.example.com' or undef\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMgetdepth\n\nReturns the current verification depth.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMgetdepth($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (ineger) depth\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMgetflags\n\nReturns the current verification flags.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMgetflags($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (unsigned long) flags to be set (bitmask)\n\nFor more details about returned flags bitmask see \"X509VERIFYPARAMsetflags\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetflags\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsetflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: 1 on success, 0 on failure\n\n#to create $flags value use corresponding constants like\n$flags = Net::SSLeay::X509VFLAGCRLCHECK();\n\nFor more details about $flags bitmask, see the OpenSSL docs below.\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMinherit\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMinherit($to, $from);\n# $to - value corresponding to openssl's X509VERIFYPARAM structure\n# $from - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMlookup\n\nFinds X509VERIFYPARAM by name.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMlookup($name);\n# $name - (string) name we want to find\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure (0 on failure)\n\n*   X509VERIFYPARAMnew\n\nCreates a new X509VERIFYPARAM structure.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMnew();\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure (0 on failure)\n\n*   X509VERIFYPARAMset1\n\nSets the name of X509VERIFYPARAM structure $to to the same value as the name of\nX509VERIFYPARAM structure $from.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1($to, $from);\n# $to - value corresponding to openssl's X509VERIFYPARAM structure\n# $from - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMset1email\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected RFC822 email address to email.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1email($param, $email);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $email - (string) email to be set\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1host\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected DNS hostname to name clearing any previously specified host name or names.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1host($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nSee also OpenSSL docs, \"X509VERIFYPARAMadd1host\" and \"X509VERIFYPARAMsethostflags\"\nfor more information, including wildcard matching.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1ip\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected IP address to ip.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1ip($param, $ip);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $ip - (binary) 4 octet IPv4 or 16 octet IPv6 address\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1ipasc\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected IP address to ipasc.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1asc($param, $ipasc);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $ip - (string) IPv4 or IPv6 address\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1name\n\nSets the name of X509VERIFYPARAM structure $param to $name.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1name($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMset1policies\n\nEnables policy checking (it is disabled by default) and sets the acceptable policy set to\npolicies. Any existing policy set is cleared. The policies parameter can be 0 to clear an\nexisting policy set.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1policies($param, $policies);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $policies - value corresponding to openssl's STACKOF(ASN1OBJECT) structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetdepth\n\nSets the maximum verification depth to depth. That is the maximum number of untrusted CA\ncertificates that can appear in a chain.\n\nNet::SSLeay::X509VERIFYPARAMsetdepth($param, $depth);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $depth - (integer) depth to be set\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsethostflags\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nNet::SSLeay::X509VERIFYPARAMsethostflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned int) flags to be set (bitmask)\n#\n# returns: no return value\n\nSee also OpenSSL docs, \"X509VERIFYPARAMadd1host\" and \"X509VERIFYPARAMset1host\" for\nmore information. The flags for controlling wildcard checks and other features are defined\nin OpenSSL docs.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetpurpose\n\nSets the verification purpose in $param to $purpose. This determines the acceptable purpose\nof the certificate chain, for example SSL client or SSL server.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsetpurpose($param, $purpose);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $purpose identifier check \"CTXsetpurpose\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsettime\n\nSets the verification time in $param to $t. Normally the current time is used.\n\nNet::SSLeay::X509VERIFYPARAMsettime($param, $t);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $t - (timet) time in seconds since 1.1.1970\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsettrust\n\nSets the trust setting in $param to $trust.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsettrust($param, $trust);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $trust - (integer) trust identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $trust identifier check \"CTXsettrust\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMtablecleanup\n\n??? (more info needed)\n\nNet::SSLeay::X509VERIFYPARAMtablecleanup();\n#\n# returns: no return value\n\nLow level API: Cipher (EVPCIPHER*) related functions\n*   EVPgetcipherbyname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns an EVPCIPHER structure when passed a cipher name.\n\nmy $rv = Net::SSLeay::EVPgetcipherbyname($name);\n# $name - (string) cipher name e.g. 'aes-128-cbc', 'camellia-256-ecb', 'des-ede', ...\n#\n# returns: value corresponding to openssl's EVPCIPHER structure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPEncryptInit.html>\n\nLow level API: Digest (EVPMD*) related functions\n*   OpenSSLaddalldigests\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nNet::SSLeay::OpenSSLaddalldigests();\n# no args, no return value\n\nhttp://www.openssl.org/docs/crypto/OpenSSLaddallalgorithms.html\n\n*   PEVPMDlistall\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-1.0.0\n\nNOTE: Does not exactly correspond to any low level API function\n\nmy $rv = Net::SSLeay::PEVPMDlistall();\n#\n# returns: arrayref - list of available digest names\n\nThe returned digest names correspond to values expected by \"EVPgetdigestbyname\".\n\nNote that some of the digests are available by default and some only after calling\n\"OpenSSLaddalldigests\".\n\n*   EVPgetdigestbyname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPgetdigestbyname($name);\n# $name - string with digest name\n#\n# returns: value corresponding to openssl's EVPMD structure\n\nThe $name param can be:\n\nmd2\nmd4\nmd5\nmdc2\nripemd160\nsha\nsha1\nsha224\nsha256\nsha512\nwhirlpool\n\nOr better check the supported digests by calling \"PEVPMDlistall\".\n\n*   EVPMDtype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPMDtype($md);\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: the NID (integer) of the OBJECT IDENTIFIER representing the given message digest\n\n*   EVPMDsize\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPMDsize($md);\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: the size of the message digest in bytes (e.g. 20 for SHA1)\n\n*   EVPMDCTXmd\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nNet::SSLeay::EVPMDCTXmd($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPMDCTXcreate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nAllocates, initializes and returns a digest context.\n\nmy $rv = Net::SSLeay::EVPMDCTXcreate();\n#\n# returns: value corresponding to openssl's EVPMDCTX structure\n\nThe complete idea behind EVPMDCTX looks like this example:\n\nNet::SSLeay::OpenSSLaddalldigests();\n\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\");\nmy $ctx = Net::SSLeay::EVPMDCTXcreate();\nNet::SSLeay::EVPDigestInit($ctx, $md);\n\nwhile(my $chunk = getpieceofdata()) {\nNet::SSLeay::EVPDigestUpdate($ctx,$chunk);\n}\n\nmy $result = Net::SSLeay::EVPDigestFinal($ctx);\nNet::SSLeay::EVPMDCTXdestroy($ctx);\n\nprint \"digest=\", unpack('H*', $result), \"\\n\"; #print hex value\n\n*   EVPDigestInitex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nSets up digest context $ctx to use a digest $type from ENGINE $impl, $ctx must be\ninitialized before calling this function, type will typically be supplied by a function such\nas \"EVPgetdigestbyname\". If $impl is 0 then the default implementation of digest $type is\nused.\n\nmy $rv = Net::SSLeay::EVPDigestInitex($ctx, $type, $impl);\n# $ctx  - value corresponding to openssl's EVPMDCTX structure\n# $type - value corresponding to openssl's EVPMD structure\n# $impl - value corresponding to openssl's ENGINE structure\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPDigestInit\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nBehaves in the same way as \"EVPDigestInitex\" except the passed context $ctx does not have\nto be initialized, and it always uses the default digest implementation.\n\nmy $rv = Net::SSLeay::EVPDigestInit($ctx, $type);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n# $type - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPMDCTXdestroy\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nCleans up digest context $ctx and frees up the space allocated to it, it should be called\nonly on a context created using \"EVPMDCTXcreate\".\n\nNet::SSLeay::EVPMDCTXdestroy($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: no return value\n\n*   EVPDigestUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nmy $rv = Net::SSLeay::EVPDigestUpdate($ctx, $data);\n# $ctx  - value corresponding to openssl's EVPMDCTX structure\n# $data - data to be hashed\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPDigestFinalex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nRetrieves the digest value from $ctx. After calling \"EVPDigestFinalex\" no additional calls\nto \"EVPDigestUpdate\" can be made, but \"EVPDigestInitex\" can be called to initialize a new\ndigest operation.\n\nmy $digestvalue = Net::SSLeay::EVPDigestFinalex($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   EVPDigestFinal\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nSimilar to \"EVPDigestFinalex\" except the digest context ctx is automatically cleaned up.\n\nmy $rv = Net::SSLeay::EVPDigestFinal($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   MD2\n\nCOMPATIBILITY: no supported by default in openssl-1.0.0\n\nComputes MD2 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD2($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   MD4\n\nComputes MD4 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD4($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   MD5\n\nComputes MD5 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD5($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   RIPEMD160\n\nComputes RIPEMD160 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::RIPEMD160($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA1\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nComputes SHA1 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA1($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA256\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nComputes SHA256 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA256($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA512\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nComputes SHA512 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA512($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   EVPDigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nComputes \"any\" digest from given $data (all data needs to be loaded into memory)\n\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\"); #or any other algorithm\nmy $digest = Net::SSLeay::EVPDigest($data, $md);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   EVPsha1\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $md = Net::SSLeay::EVPsha1();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPsha256\n\nCOMPATIBILITY: requires at least openssl-0.9.8\n\nmy $md = Net::SSLeay::EVPsha256();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPsha512\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nmy $md = Net::SSLeay::EVPsha512();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPadddigest\n\nmy $rv = Net::SSLeay::EVPadddigest($digest);\n# $digest - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 otherwise\n\nLow level API: CIPHER* related functions\n*   CIPHERgetname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nReturns name of the cipher used.\n\nmy $rv = Net::SSLeay::CIPHERgetname($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA', '(NONE)' if $cipher is undefined.\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetname.html>\n\nExample:\n\nmy $sslcipher = Net::SSLeay::getcurrentcipher($ssl);\nmy $ciphername = Net::SSLeay::CIPHERgetname($sslcipher);\n\n*   CIPHERdescription\n\nCOMPATIBILITY: doesn't work correctly in Net-SSLeay-1.88 and before\n\nReturns a textual description of the cipher used.\n\nmy $rv = Net::SSLeay::CIPHERdescription($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher description e.g. 'DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1'\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERdescription.html>\n\n*   CIPHERgetbits\n\nCOMPATIBILITY: $algbits doesn't work correctly in Net-SSLeay-1.88 and before\n\nReturns the number of secret bits used for cipher.\n\nmy $rv = Net::SSLeay::CIPHERgetbits($cipher, $algbits);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n# $algbits - [optional] empty scalar for storing additional return value\n#\n# returns: (integer) number of secret bits, 0 on error\n#          (integer) in $algbits for bits processed by the chosen algorithm\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetbits.html>\n\nExample:\n\n# bits and algbits are not equal for e.g., TLSECDHERSAWITH3DESEDECBCSHA,\n# RFC 8422 name TLSECDHERSAWITH3DESEDECBCSHA\nmy $algbits;\nmy $bits = Net::SSLeay::CIPHERgetbits($cipher, $algbits);\n#my $bits = Net::SSLeay::CIPHERgetbits($cipher);\nprint \"bits: $bits, algbits: $algbits\\n\";\n\n*   CIPHERgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nReturns version of SSL/TLS protocol that first defined the cipher\n\nmy $rv = Net::SSLeay::CIPHERgetversion($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher name e.g. 'TLSv1/SSLv3' with some libraries, 'TLSv1.0' or 'TLSv1.3', '(NONE)' if $cipher is undefined.\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetversion.html>\n\nLow level API: RSA* related functions\n*   RSAgeneratekey\n\nGenerates a key pair and returns it in a newly allocated RSA structure. The pseudo-random\nnumber generator must be seeded prior to calling RSAgeneratekey.\n\nmy $rv = Net::SSLeay::RSAgeneratekey($bits, $e, $perlcb, $perlcbarg);\n# $bits - (integer) modulus size in bits e.g. 512, 1024, 2048\n# $e - (integer) public exponent, an odd number, typically 3, 17 or 65537\n# $perlcb - [optional] reference to perl callback function\n# $perlcbarg - [optional] data that will be passed to callback function when invoked\n#\n# returns: value corresponding to openssl's RSA structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RSAgeneratekey.html>\n\n*   RSAfree\n\nFrees the RSA structure and its components. The key is erased before the memory is returned\nto the system.\n\nNet::SSLeay::RSAfree($r);\n# $r - value corresponding to openssl's RSA structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RSAnew.html>\n\n*   RSAgetkeyparameters\n\nReturns a list of pointers to BIGNUMs representing the parameters of the key in this order:\n(n, e, d, p, q, dmp1, dmq1, iqmp)\n\nCaution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as\nCrypt::OpenSSL::Bignum for further use\n\nmy (@params) = RSAgetkeyparameters($r);\n\nLow level API: BIO* related functions\n*   BIOeof\n\nReturns 1 if the BIO has read EOF, the precise meaning of 'EOF' varies according to the BIO\ntype.\n\nmy $rv = Net::SSLeay::BIOeof($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: 1 if EOF has been reached 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOfssl\n\nReturns the SSL BIO method. This is a filter BIO which is a wrapper round the OpenSSL SSL\nroutines adding a BIO 'flavour' to SSL I/O.\n\nmy $rv = Net::SSLeay::BIOfssl();\n#\n# returns: value corresponding to openssl's BIOMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOfree\n\nFrees up a single BIO.\n\nmy $rv = Net::SSLeay::BIOfree($bio;);\n# $bio; - value corresponding to openssl's BIO structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOnew.html>\n\n*   BIOnew\n\nReturns a new BIO using method $type\n\nmy $rv = Net::SSLeay::BIOnew($type);\n# $type - value corresponding to openssl's BIOMETHOD structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOnew.html>\n\n*   BIOnewbuffersslconnect\n\nCreates a new BIO chain consisting of a buffering BIO, an SSL BIO (using ctx) and a connect\nBIO.\n\nmy $rv = Net::SSLeay::BIOnewbuffersslconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOnewfile\n\nCreates a new file BIO with mode $mode the meaning of mode is the same as the stdio function\nfopen(). The BIOCLOSE flag is set on the returned BIO.\n\nmy $rv = Net::SSLeay::BIOnewfile($filename, $mode);\n# $filename - (string) filename\n# $mode - (string) opening mode (as mode by stdio function fopen)\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOsfile.html>\n\n*   BIOnewssl\n\nAllocates an SSL BIO using SSLCTX ctx and using client mode if client is non zero.\n\nmy $rv = Net::SSLeay::BIOnewssl($ctx, $client);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $client - (integer) 0 or 1 - indicates ssl client mode\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOnewsslconnect\n\nCreates a new BIO chain consisting of an SSL BIO (using ctx) followed by a connect BIO.\n\nmy $rv = Net::SSLeay::BIOnewsslconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOpending\n\nReturn the number of pending characters in the BIOs read buffers.\n\nmy $rv = Net::SSLeay::BIOpending($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: the amount of pending data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOwpending\n\nReturn the number of pending characters in the BIOs write buffers.\n\nmy $rv = Net::SSLeay::BIOwpending($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: the amount of pending data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOread\n\nRead the underlying descriptor.\n\nNet::SSLeay::BIOread($s, $max);\n# $s - value corresponding to openssl's BIO structure\n# $max - [optional] max. bytes to read (if not specified, the value 32768 is used)\n#\n# returns: data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOread.html>\n\n*   BIOwrite\n\nAttempts to write data from $buffer to BIO $b.\n\nmy $rv = Net::SSLeay::BIOwrite($b, $buffer);\n# $b - value corresponding to openssl's BIO structure\n# $buffer - data\n#\n# returns: amount of data successfully written\n#          or that no data was successfully read or written if the result is 0 or -1\n#          or -2 when the operation is not implemented in the specific BIO type\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOread.html>\n\n*   BIOsmem\n\nReturn the memory BIO method function.\n\nmy $rv = Net::SSLeay::BIOsmem();\n#\n# returns: value corresponding to openssl's BIOMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOsmem.html>\n\n*   BIOsslcopysessionid\n\nCopies an SSL session id between BIO chains from and to. It does this by locating the SSL\nBIOs in each chain and calling SSLcopysessionid() on the internal SSL pointer.\n\nmy $rv = Net::SSLeay::BIOsslcopysessionid($to, $from);\n# $to - value corresponding to openssl's BIO structure\n# $from - value corresponding to openssl's BIO structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOsslshutdown\n\nCloses down an SSL connection on BIO chain bio. It does this by locating the SSL BIO in the\nchain and calling SSLshutdown() on its internal SSL pointer.\n\nNet::SSLeay::BIOsslshutdown($sslbio);\n# $sslbio - value corresponding to openssl's BIO structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\nLow level API: Server side Server Name Indication (SNI) support\n*   settlsexthostname\n\nTBA\n\n*   getservername\n\nTBA\n\n*   getservernametype\n\nTBA\n\n*   CTXsettlsextservernamecallback\n\nCOMPATIBILITY: requires at least OpenSSL 0.9.8f\n\nThis function is used in a server to support Server side Server Name Indication (SNI).\n\nNet::SSLeay::CTXsettlsextservernamecallback($ctx, $code)\n# $ctx - SSL context\n# $code - reference to a subroutine that will be called when a new connection is being initiated\n#\n# returns: no return value\n\nOn the client side: use settlsexthostname($ssl, $servername) before initiating the SSL\nconnection.\n\nOn the server side: Set up an additional SSLCTX() for each different certificate;\n\nAdd a servername callback to each SSLCTX() using CTXsettlsextservernamecallback();\n\nThe callback function is required to retrieve the client-supplied servername with\ngetservername(ssl). Figure out the right SSLCTX to go with that host name, then switch the\nSSL object to that SSLCTX with setSSLCTX().\n\nExample:\n\n# set callback\nNet::SSLeay::CTXsettlsextservernamecallback($ctx,\nsub {\nmy $ssl = shift;\nmy $h = Net::SSLeay::getservername($ssl);\nNet::SSLeay::setSSLCTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};\n} );\n\nMore complete example:\n\n# ... initialize Net::SSLeay\n\nmy %hostnames = (\n'sni1' => { cert=>'sni1.pem', key=>'sni1.key' },\n'sni2' => { cert=>'sni2.pem', key=>'sni2.key' },\n);\n\n# create a new context for each certificate/key pair\nfor my $name (keys %hostnames) {\n$hostnames{$name}->{ctx} = Net::SSLeay::CTXnew or die;\nNet::SSLeay::CTXsetcipherlist($hostnames{$name}->{ctx}, 'ALL');\nNet::SSLeay::setcertandkey($hostnames{$name}->{ctx},\n$hostnames{$name}->{cert}, $hostnames{$name}->{key}) or die;\n}\n\n# create default context\nmy $ctx = Net::SSLeay::CTXnew or die;\nNet::SSLeay::CTXsetcipherlist($ctx, 'ALL');\nNet::SSLeay::setcertandkey($ctx, 'cert.pem','key.pem') or die;\n\n# set callback\nNet::SSLeay::CTXsettlsextservernamecallback($ctx, sub {\nmy $ssl = shift;\nmy $h = Net::SSLeay::getservername($ssl);\nNet::SSLeay::setSSLCTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};\n} );\n\n# ... later\n\n$s = Net::SSLeay::new($ctx);\nNet::SSLeay::setfd($s, fileno($acceptedsocket));\nNet::SSLeay::accept($s);\n\nLow level API: NPN (next protocol negotiation) related functions\nNPN is being replaced with ALPN, a more recent TLS extension for application protocol\nnegotiation that's in process of being adopted by IETF. Please look below for APLN API\ndescription.\n\nSimple approach for using NPN support looks like this:\n\n### client side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::CTXsetnextprotoselectcb($ctx, ['http1.1','spdy/2']);\nmy $ssl = Net::SSLeay::new($ctx) or die;\nNet::SSLeay::setfd($ssl, fileno($sock)) or die;\nNet::SSLeay::connect($ssl);\n\nwarn \"client:negotiated=\",Net::SSLeay::Pnextprotonegotiated($ssl), \"\\n\";\nwarn \"client:laststatus=\", Net::SSLeay::Pnextprotolaststatus($ssl), \"\\n\";\n\n### server side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::setcertandkey($ctx, \"cert.pem\", \"key.pem\");\nNet::SSLeay::CTXsetnextprotosadvertisedcb($ctx, ['spdy/2','http1.1']);\nmy $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;\n\nwhile (1) {\nmy $ssl = Net::SSLeay::new($ctx);\nwarn(\"server:waiting for incoming connection...\\n\");\nmy $fd = $sock->accept();\nNet::SSLeay::setfd($ssl, $fd->fileno);\nNet::SSLeay::accept($ssl);\nwarn \"server:negotiated=\",Net::SSLeay::Pnextprotonegotiated($ssl),\"\\n\";\nmy $got = Net::SSLeay::read($ssl);\nNet::SSLeay::sslwriteall($ssl, \"length=\".length($got));\nNet::SSLeay::free($ssl);\n$fd->close();\n}\n# check with: openssl sclient -connect localhost:5443 -nextprotoneg http/1.1,spdy/2\n\nPlease note that the selection (negotiation) is performed by client side, the server side simply\nadvertise the list of supported protocols.\n\nAdvanced approach allows you to implement your own negotiation algorithm.\n\n#see below documentation for:\nNet::SSleay::CTXsetnextprotoselectcb($ctx, $perlcallbackfunction, $callbackdata);\nNet::SSleay::CTXsetnextprotosadvertisedcb($ctx, $perlcallbackfunction, $callbackdata);\n\nDetection of NPN support (works even in older Net::SSLeay versions):\n\nuse Net::SSLeay;\n\nif (exists &Net::SSLeay::Pnextprotonegotiated) {\n# do NPN stuff\n}\n\n*   CTXsetnextprotoselectcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nNOTE: You need CTXsetnextprotoselectcb on client side of SSL connection.\n\nSimple usage - in this case a \"common\" negotiation algorithm (as implemented by openssl's\nfunction SSLselectnextproto) is used.\n\n$rv = Net::SSleay::CTXsetnextprotoselectcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of accepted protocols - e.g. ['http1.0', 'http1.1']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetnextprotoselectcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub npnadvertisedcbinvoke {\nmy ($ssl, $arrayrefprotolistadvertisedbyserver, $callbackdata) = @;\nmy $status;\n# ...\n$status = 1;   #status can be:\n# 0 - OPENSSLNPNUNSUPPORTED\n# 1 - OPENSSLNPNNEGOTIATED\n# 2 - OPENSSLNPNNOOVERLAP\nreturn $status, ['http1.1','spdy/2']; # the callback has to return 2 values\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetnextprotoselectcb($ctx, undef);\n\n*   CTXsetnextprotosadvertisedcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nNOTE: You need CTXsetnextprotoselectcb on server side of SSL connection.\n\nSimple usage:\n\n$rv = Net::SSleay::CTXsetnextprotosadvertisedcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of advertised protocols - e.g. ['http1.0', 'http1.1']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetnextprotosadvertisedcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub npnadvertisedcbinvoke {\nmy ($ssl, $callbackdata) = @;\n# ...\nreturn ['http1.1','spdy/2']; # the callback has to return arrayref\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetnextprotosadvertisedcb($ctx, undef);\n\n*   Pnextprotonegotiated\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nReturns the name of negotiated protocol for given SSL connection $ssl.\n\n$rv = Net::SSLeay::Pnextprotonegotiated($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)\n\n*   Pnextprotolaststatus\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nReturns the result of the last negotiation for given SSL connection $ssl.\n\n$rv = Net::SSLeay::Pnextprotolaststatus($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) negotiation status\n#          0 - OPENSSLNPNUNSUPPORTED\n#          1 - OPENSSLNPNNEGOTIATED\n#          2 - OPENSSLNPNNOOVERLAP\n\nLow level API: ALPN (application layer protocol negotiation) related functions\nApplication protocol can be negotiated via two different mechanisms employing two different TLS\nextensions: NPN (obsolete) and ALPN (recommended).\n\nThe API is rather similar, with slight differences reflecting protocol specifics. In particular,\nwith ALPN the protocol negotiation takes place on server, while with NPN the client implements\nthe protocol negotiation logic.\n\nWith ALPN, the most basic implementation looks like this:\n\n### client side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::CTXsetalpnprotos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\nmy $ssl = Net::SSLeay::new($ctx) or die;\nNet::SSLeay::setfd($ssl, fileno($sock)) or die;\nNet::SSLeay::connect($ssl);\n\nwarn \"client:selected=\",Net::SSLeay::Palpnselected($ssl), \"\\n\";\n\n### server side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::setcertandkey($ctx, \"cert.pem\", \"key.pem\");\nNet::SSLeay::CTXsetalpnselectcb($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\nmy $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;\n\nwhile (1) {\nmy $ssl = Net::SSLeay::new($ctx);\nwarn(\"server:waiting for incoming connection...\\n\");\nmy $fd = $sock->accept();\nNet::SSLeay::setfd($ssl, $fd->fileno);\nNet::SSLeay::accept($ssl);\nwarn \"server:selected=\",Net::SSLeay::Palpnselected($ssl),\"\\n\";\nmy $got = Net::SSLeay::read($ssl);\nNet::SSLeay::sslwriteall($ssl, \"length=\".length($got));\nNet::SSLeay::free($ssl);\n$fd->close();\n}\n# check with: openssl sclient -connect localhost:5443 -alpn spdy/3,http/1.1\n\nAdvanced approach allows you to implement your own negotiation algorithm.\n\n#see below documentation for:\nNet::SSleay::CTXsetalpnselectcb($ctx, $perlcallbackfunction, $callbackdata);\n\nDetection of ALPN support (works even in older Net::SSLeay versions):\n\nuse Net::SSLeay;\n\nif (exists &Net::SSLeay::Palpnselected) {\n# do ALPN stuff\n}\n\n*   CTXsetalpnselectcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need CTXsetalpnselectcb on server side of TLS connection.\n\nSimple usage - in this case a \"common\" negotiation algorithm (as implemented by openssl's\nfunction SSLselectnextproto) is used.\n\n$rv = Net::SSleay::CTXsetalpnselectcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of accepted protocols - e.g. ['http/2.0', 'http/1.1', 'spdy/3']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetalpnselectcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub alpnselectcbinvoke {\nmy ($ssl, $arrayrefprotolistadvertisedbyclient, $callbackdata) = @;\n# ...\nif ($negotiated) {\nreturn 'http/2.0';\n} else {\nreturn undef;\n}\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetalpnselectcb($ctx, undef);\n\n*   setalpnprotos\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need setalpnprotos on client side of TLS connection.\n\nThis adds list of supported application layer protocols to ClientHello message sent by a\nclient. It advertises the enumeration of supported protocols:\n\nNet::SSLeay::setalpnprotos($ssl, ['http/1.1', 'http/2.0', 'spdy/3]);\n# returns 0 on success\n\n*   CTXsetalpnprotos\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need CTXsetalpnprotos on client side of TLS connection.\n\nThis adds list of supported application layer protocols to ClientHello message sent by a\nclient. It advertises the enumeration of supported protocols:\n\nNet::SSLeay::CTXsetalpnprotos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\n# returns 0 on success\n\n*   Palpnselected\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nReturns the name of negotiated protocol for given TLS connection $ssl.\n\n$rv = Net::SSLeay::Palpnselected($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)\n\nLow level API: DANE Support\nOpenSSL version 1.0.2 adds preliminary support RFC6698 Domain Authentication of Named Entities\n(DANE) Transport Layer Association within OpenSSL\n\n*   SSLgettlsarecordbyname\n\nCOMPATIBILITY: DELETED from net-ssleay, since it is not supported by OpenSSL\n\nIn order to facilitate DANE there is additional interface, SSLgettlsarecordbyname,\naccepting hostname, port and socket type that returns packed TLSA record. In order to make\nit even easier there is additional SSLctrl function that calls SSLgettlsarecordbyname\nfor you. Latter is recommended for programmers that wish to maintain broader binary\ncompatibility, e.g. make application work with both 1.0.2 and prior version (in which case\ncall to SSLctrl with new code returning error would have to be ignored when running with\nprior version).\n\nNet::SSLeay::gettlsarecordbyname($name, $port, $type);\n\nLow level API: Other functions\n*   COMPaddcompressionmethod\n\nAdds the compression method cm with the identifier id to the list of available compression\nmethods. This list is globally maintained for all SSL operations within this application. It\ncannot be set for specific SSLCTX or SSL objects.\n\nmy $rv = Net::SSLeay::COMPaddcompressionmethod($id, $cm);\n# $id - (integer) compression method id\n#       0 to 63:    methods defined by the IETF\n#       64 to 192:  external party methods assigned by IANA\n#       193 to 255: reserved for private use\n#\n# $cm - value corresponding to openssl's COMPMETHOD structure\n#\n# returns: 0 on success, 1 on failure (check the error queue to find out the reason)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCOMPaddcompressionmethod.html>\n\n*   DHfree\n\nFrees the DH structure and its components. The values are erased before the memory is\nreturned to the system.\n\nNet::SSLeay::DHfree($dh);\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/DHnew.html>\n\n*   FIPSmodeset\n\nEnable or disable FIPS mode in a FIPS capable OpenSSL.\n\nNet::SSLeay:: FIPSmodeset($enable);\n# $enable - (integer) 1 to enable, 0 to disable\n\nLow level API: EC related functions\n*   CTXsettmpecdh\n\nTBA\n\n*   ECKEYfree\n\nTBA\n\n*   ECKEYnewbycurvename\n\nTBA\n\n*   ECKEYgeneratekey\n\nGenerates a EC key and returns it in a newly allocated ECKEY structure. The EC key then can\nbe used to create a PKEY which can be used in calls like X509setpubkey.\n\nmy $key = Net::SSLeay::EVPPKEYnew();\nmy $ec  = Net::SSLeay::ECKEYgeneratekey($curve);\nNet::SSLeay::EVPPKEYassignECKEY($key,$ec);\n\n# $curve - curve name like 'secp521r1' or the matching Id (integer) of the curve\n#\n# returns: value corresponding to openssl's ECKEY structure (0 on failure)\n\nThis function has no equivalent in OpenSSL but combines multiple OpenSSL functions for an\neasier interface.\n\n*   CTXsetecdhauto, setecdhauto\n\nThese functions enable or disable the automatic curve selection on the server side by\ncalling SSLCTXsetecdhauto or SSLsetecdhauto respectively. If enabled the highest\npreference curve is automatically used for ECDH temporary keys used during key exchange.\nThis function is no longer available for OpenSSL 1.1.0 or higher.\n\nNet::SSLeay::CTXsetecdhauto($ctx,1);\nNet::SSLeay::setecdhauto($ssl,1);\n\n*   CTXset1curveslist, set1curveslist\n\nThese functions set the supported curves (in order of preference) by calling\nSSLCTXset1curveslist or SSLset1curveslist respectively. For a TLS client these curves\nare offered to the server in the supported curves extension while on the server side these\nare used to determine the shared curve. These functions are only available since OpenSSL\n1.1.0.\n\nNet::SSLeay::CTXset1curveslist($ctx,\"P-521:P-384:P-256\");\nNet::SSLeay::set1curveslist($ssl,\"P-521:P-384:P-256\");\n\n*   CTXset1groupslist, set1groupslist\n\nThese functions set the supported groups (in order of preference) by calling\nSSLCTXset1groupslist or SSLset1groupslist respectively. This is practically the same\nas CTXset1curveslist and set1curveslist except that all DH groups can be given as\nsupported by TLS 1.3. These functions are only available since OpenSSL 1.1.1.\n\nNet::SSLeay::CTXset1groupslist($ctx,\"P-521:P-384:P-256\");\nNet::SSLeay::set1groupslist($ssl,\"P-521:P-384:P-256\");\n\nLow level API: OSSLLIBCTX and OSSLPROVIDER related functions\n*   OSSLLIBCTXget0globaldefault\n\nReturns a concrete (non NULL) reference to the global default library context.\n\nmy $libctx = Net::SSLeay::OSSLLIBCTXget0globaldefault();\n# returns: a value corresponding to OSSLLIBCTX structure or false on failure\n\nTypically it's simpler to use undef with functions that take an OSSLLIBCTX argument when\nglobal default library context is needed.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OSSLLIBCTXget0globaldefault.html>\n\n*   OSSLPROVIDERload\n\nLoads and initializes a provider\n\nmy $provider = Net::SSLeay::OSSLPROVIDERload($libctx, $name);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n#\n# returns: a value corresponding to OSSLPROVIDER or false on failure\n\nUsing undef loads the provider within the global default library context.\n\nmy $provider = Net::SSLeay::OSSLPROVIDERload(undef, 'legacy');\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERload.html>\n\n*   OSSLPROVIDERtryload\n\nLoads and initializes a provider similar to OSSLPROVIDERload with additional fallback\ncontrol.\n\nmy $provider = Net::SSLeay::OSSLPROVIDERtryload($libctx, $name, $retainfallbacks);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n# $retainfallbacks - (integer) 0 or 1\n#\n# returns: a value corresponding to OSSLPROVIDER or false on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERtryload.html>\n\n*   OSSLPROVIDERunload\n\nUnloads the given provider.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERunload($provider);\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (integer) 1 on success, 0 on error\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERunload.html>\n\n*   OSSLPROVIDERavailable\n\nChecks if a named provider is available for use.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERavailable($libctx, $name);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n#\n# returns: (integer) 1 if the named provider is available, otherwise 0.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERavailable.html>\n\n*   OSSLPROVIDERdoall\n\nIterates over all loaded providers. A callback is called for each provider.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERdoall($libctx, $cb, $cbdata);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $cb - reference to a perl callback function\n$ $cbdata - data that will be passed to callback function\n#\n# returns: (integer) 1 if all callbacks returned 1, 0 the first time a callback returns 0.\n\nExample:\n\nsub doallcb {\nmy ($provider, $cbdata) = @;\n\nmy $name = Net::SSLeay::OSSLPROVIDERget0name($provider);\nprint \"Callback for provider: '$name', cbdata: '$cbdata'\\n\";\nreturn 1;\n}\nmy $dataforcb = 'Hello';\n\n# Triggers default provider automatic loading.\nNet::SSLeay::OSSLPROVIDERavailable(undef, 'default') || die 'default provider not available';\nNet::SSLeay::OSSLPROVIDERload(undef, 'legacy') || die 'load legacy';\nNet::SSLeay::OSSLPROVIDERload(undef, 'null')   || die 'load null';\nNet::SSLeay::OSSLPROVIDERdoall(undef, \\&doallcb, $dataforcb) || die 'a callback failed';\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERdoall.html>\n\n*   OSSLPROVIDERget0name\n\nReturns the name of the given provider.\n\nmy $name = Net::SSLeay::OSSLPROVIDERget0name($provider);\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (string) provider name, e.g., 'legacy'\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERget0name.html>\n\n*   OSSLPROVIDERselftest\n\nRuns the provider's self tests.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERselftest($provider);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (integer) returns 1 if the self tests pass, 0 on error\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERselftest.html>\n\n#### Constants\n\nThere are many openssl constants available in Net::SSLeay. You can use them like this:\n\nuse Net::SSLeay;\nprint &Net::SSLeay::NIDcommonName;\n#or\nprint Net::SSLeay::NIDcommonName();\n\nOr you can import them and use:\n\nuse Net::SSLeay qw/NIDcommonName/;\nprint &NIDcommonName;\n#or\nprint NIDcommonName();\n#or\nprint NIDcommonName;\n\nThe constants names are derived from openssl constants, however constants starting with \"SSL\"\nprefix have name with \"SSL\" part stripped - e.g. openssl's constant \"SSLOPALL\" is available\nas \"Net::SSleay::OPALL\"\n\nThe list of all available constant names:\n\nASN1STRFLGSESCCTRL                   OPENSSLVERSIONSTRING\nASN1STRFLGSESCMSB                    OPALL\nASN1STRFLGSESCQUOTE                  OPALLOWNODHEKEX\nASN1STRFLGSRFC2253                    OPALLOWUNSAFELEGACYRENEGOTIATION\nCBACCEPTEXIT                          OPCIPHERSERVERPREFERENCE\nCBACCEPTLOOP                          OPCISCOANYCONNECT\nCBALERT                                OPCOOKIEEXCHANGE\nCBCONNECTEXIT                         OPCRYPTOPROTLSEXTBUG\nCBCONNECTLOOP                         OPDONTINSERTEMPTYFRAGMENTS\nCBEXIT                                 OPENABLEMIDDLEBOXCOMPAT\nCBHANDSHAKEDONE                       OPEPHEMERALRSA\nCBHANDSHAKESTART                      OPLEGACYSERVERCONNECT\nCBLOOP                                 OPMICROSOFTBIGSSLV3BUFFER\nCBREAD                                 OPMICROSOFTSESSIDBUG\nCBREADALERT                           OPMSIESSLV2RSAPADDING\nCBWRITE                                OPNETSCAPECADNBUG\nCBWRITEALERT                          OPNETSCAPECHALLENGEBUG\nERRORNONE                              OPNETSCAPEDEMOCIPHERCHANGEBUG\nERRORSSL                               OPNETSCAPEREUSECIPHERCHANGEBUG\nERRORSYSCALL                           OPNONEXPORTFIRST\nERRORWANTACCEPT                       OPNOANTIREPLAY\nERRORWANTCONNECT                      OPNOCLIENTRENEGOTIATION\nERRORWANTREAD                         OPNOCOMPRESSION\nERRORWANTWRITE                        OPNOENCRYPTTHENMAC\nERRORWANTX509LOOKUP                  OPNOQUERYMTU\nERRORZERORETURN                       OPNORENEGOTIATION\nEVPPKSDSA                             OPNOSESSIONRESUMPTIONONRENEGOTIATION\nEVPPKSEC                              OPNOSSLMASK\nEVPPKSRSA                             OPNOSSLv2\nEVPPKTENC                             OPNOSSLv3\nEVPPKTEXCH                            OPNOTICKET\nEVPPKTEXP                             OPNOTLSv1\nEVPPKTSIGN                            OPNOTLSv11\nEVPPKDH                               OPNOTLSv12\nEVPPKDSA                              OPNOTLSv13\nEVPPKEC                               OPPKCS1CHECK1\nEVPPKRSA                              OPPKCS1CHECK2\nFILETYPEASN1                           OPPRIORITIZECHACHA\nFILETYPEPEM                            OPSAFARIECDHEECDSABUG\nFCLIENTCERTIFICATE                    OPSINGLEDHUSE\nFCLIENTHELLO                          OPSINGLEECDHUSE\nFCLIENTMASTERKEY                     OPSSLEAY080CLIENTDHBUG\nFD2ISSLSESSION                       OPSSLREF2REUSECERTTYPEBUG\nFGETCLIENTFINISHED                   OPTLSEXTPADDING\nFGETCLIENTHELLO                      OPTLSBLOCKPADDINGBUG\nFGETCLIENTMASTERKEY                 OPTLSD5BUG\nFGETSERVERFINISHED                   OPTLSROLLBACKBUG\nFGETSERVERHELLO                      READING\nFGETSERVERVERIFY                     RECEIVEDSHUTDOWN\nFI2DSSLSESSION                       RSA3\nFREADN                                RSAF4\nFREQUESTCERTIFICATE                   RBADAUTHENTICATIONTYPE\nFSERVERHELLO                          RBADCHECKSUM\nFSSLCERTNEW                          RBADMACDECODE\nFSSLGETNEWSESSION                   RBADRESPONSEARGUMENT\nFSSLNEW                               RBADSSLFILETYPE\nFSSLREAD                              RBADSSLSESSIONIDLENGTH\nFSSLRSAPRIVATEDECRYPT               RBADSTATE\nFSSLRSAPUBLICENCRYPT                RBADWRITERETRY\nFSSLSESSIONNEW                       RCHALLENGEISDIFFERENT\nFSSLSESSIONPRINTFP                  RCIPHERTABLESRCERROR\nFSSLSETFD                            RINVALIDCHALLENGELENGTH\nFSSLSETRFD                           RNOCERTIFICATESET\nFSSLSETWFD                           RNOCERTIFICATESPECIFIED\nFSSLUSECERTIFICATE                   RNOCIPHERLIST\nFSSLUSECERTIFICATEASN1              RNOCIPHERMATCH\nFSSLUSECERTIFICATEFILE              RNOPRIVATEKEY\nFSSLUSEPRIVATEKEY                    RNOPUBLICKEY\nFSSLUSEPRIVATEKEYASN1               RNULLSSLCTX\nFSSLUSEPRIVATEKEYFILE               RPEERDIDNOTRETURNACERTIFICATE\nFSSLUSERSAPRIVATEKEY                 RPEERERROR\nFSSLUSERSAPRIVATEKEYASN1            RPEERERRORCERTIFICATE\nFSSLUSERSAPRIVATEKEYFILE            RPEERERRORNOCIPHER\nFWRITEPENDING                         RPEERERRORUNSUPPORTEDCERTIFICATETYPE\nGENDIRNAME                             RPUBLICKEYENCRYPTERROR\nGENDNS                                 RPUBLICKEYISNOTRSA\nGENEDIPARTY                            RREADWRONGPACKETTYPE\nGENEMAIL                               RSHORTREAD\nGENIPADD                               RSSLSESSIONIDISDIFFERENT\nGENOTHERNAME                           RUNABLETOEXTRACTPUBLICKEY\nGENRID                                 RUNKNOWNREMOTEERRORTYPE\nGENURI                                 RUNKNOWNSTATE\nGENX400                                RX509LIB\nLIBRESSLVERSIONNUMBER                 SENTSHUTDOWN\nMBSTRINGASC                            SESSIONASN1VERSION\nMBSTRINGBMP                            SESSCACHEBOTH\nMBSTRINGFLAG                           SESSCACHECLIENT\nMBSTRINGUNIV                           SESSCACHENOAUTOCLEAR\nMBSTRINGUTF8                           SESSCACHENOINTERNAL\nMINRSAMODULUSLENGTHINBYTES         SESSCACHENOINTERNALLOOKUP\nMODEACCEPTMOVINGWRITEBUFFER         SESSCACHENOINTERNALSTORE\nMODEAUTORETRY                         SESSCACHEOFF\nMODEENABLEPARTIALWRITE               SESSCACHESERVER\nMODERELEASEBUFFERS                    SSL2MTCLIENTCERTIFICATE\nNIDOCSPsign                           SSL2MTCLIENTFINISHED\nNIDSMIMECapabilities                   SSL2MTCLIENTHELLO\nNIDX500                                SSL2MTCLIENTMASTERKEY\nNIDX509                                SSL2MTERROR\nNIDadOCSP                             SSL2MTREQUESTCERTIFICATE\nNIDadcaissuers                       SSL2MTSERVERFINISHED\nNIDalgorithm                           SSL2MTSERVERHELLO\nNIDauthoritykeyidentifier            SSL2MTSERVERVERIFY\nNIDbasicconstraints                   SSL2VERSION\nNIDbfcbc                              SSL3MTCCS\nNIDbfcfb64                            SSL3MTCERTIFICATE\nNIDbfecb                              SSL3MTCERTIFICATEREQUEST\nNIDbfofb64                            SSL3MTCERTIFICATESTATUS\nNIDcast5cbc                           SSL3MTCERTIFICATEURL\nNIDcast5cfb64                         SSL3MTCERTIFICATEVERIFY\nNIDcast5ecb                           SSL3MTCHANGECIPHERSPEC\nNIDcast5ofb64                         SSL3MTCLIENTHELLO\nNIDcertBag                             SSL3MTCLIENTKEYEXCHANGE\nNIDcertificatepolicies                SSL3MTENCRYPTEDEXTENSIONS\nNIDclientauth                         SSL3MTENDOFEARLYDATA\nNIDcodesign                           SSL3MTFINISHED\nNIDcommonName                          SSL3MTHELLOREQUEST\nNIDcountryName                         SSL3MTKEYUPDATE\nNIDcrlBag                              SSL3MTMESSAGEHASH\nNIDcrldistributionpoints             SSL3MTNEWSESSIONTICKET\nNIDcrlnumber                          SSL3MTNEXTPROTO\nNIDcrlreason                          SSL3MTSERVERDONE\nNIDdeltacrl                           SSL3MTSERVERHELLO\nNIDdescbc                             SSL3MTSERVERKEYEXCHANGE\nNIDdescfb64                           SSL3MTSUPPLEMENTALDATA\nNIDdesecb                             SSL3RTALERT\nNIDdesede                             SSL3RTAPPLICATIONDATA\nNIDdesede3                            SSL3RTCHANGECIPHERSPEC\nNIDdesede3cbc                        SSL3RTHANDSHAKE\nNIDdesede3cfb64                      SSL3RTHEADER\nNIDdesede3ofb64                      SSL3RTINNERCONTENTTYPE\nNIDdesedecbc                         SSL3VERSION\nNIDdesedecfb64                       SSLEAYBUILTON\nNIDdesedeofb64                       SSLEAYCFLAGS\nNIDdesofb64                           SSLEAYDIR\nNIDdescription                         SSLEAYPLATFORM\nNIDdesxcbc                            SSLEAYVERSION\nNIDdhKeyAgreement                      STACCEPT\nNIDdnQualifier                         STBEFORE\nNIDdsa                                 STCONNECT\nNIDdsaWithSHA                          STINIT\nNIDdsaWithSHA1                         STOK\nNIDdsaWithSHA12                       STREADBODY\nNIDdsa2                               STREADHEADER\nNIDemailprotect                       TLS11VERSION\nNIDextkeyusage                       TLS12VERSION\nNIDextreq                             TLS13VERSION\nNIDfriendlyName                        TLS1VERSION\nNIDgivenName                           TLSEXTSTATUSTYPEocsp\nNIDhmacWithSHA1                        VERIFYCLIENTONCE\nNIDidad                               VERIFYFAILIFNOPEERCERT\nNIDidce                               VERIFYNONE\nNIDidkp                               VERIFYPEER\nNIDidpbkdf2                           VERIFYPOSTHANDSHAKE\nNIDidpe                               VOCSPCERTSTATUSGOOD\nNIDidpkix                             VOCSPCERTSTATUSREVOKED\nNIDidqtcps                           VOCSPCERTSTATUSUNKNOWN\nNIDidqtunotice                       WRITING\nNIDideacbc                            X509CHECKFLAGALWAYSCHECKSUBJECT\nNIDideacfb64                          X509CHECKFLAGMULTILABELWILDCARDS\nNIDideaecb                            X509CHECKFLAGNEVERCHECKSUBJECT\nNIDideaofb64                          X509CHECKFLAGNOPARTIALWILDCARDS\nNIDinfoaccess                         X509CHECKFLAGNOWILDCARDS\nNIDinitials                            X509CHECKFLAGSINGLELABELSUBDOMAINS\nNIDinvaliditydate                     X509FILETYPEASN1\nNIDissueraltname                     X509FILETYPEDEFAULT\nNIDkeyBag                              X509FILETYPEPEM\nNIDkeyusage                           X509LOOKUP\nNIDlocalKeyID                          X509PURPOSEANY\nNIDlocalityName                        X509PURPOSECRLSIGN\nNIDmd2                                 X509PURPOSENSSSLSERVER\nNIDmd2WithRSAEncryption                X509PURPOSEOCSPHELPER\nNIDmd5                                 X509PURPOSESMIMEENCRYPT\nNIDmd5WithRSA                          X509PURPOSESMIMESIGN\nNIDmd5WithRSAEncryption                X509PURPOSESSLCLIENT\nNIDmd5sha1                            X509PURPOSESSLSERVER\nNIDmdc2                                X509PURPOSETIMESTAMPSIGN\nNIDmdc2WithRSA                         X509TRUSTCOMPAT\nNIDmscodecom                         X509TRUSTEMAIL\nNIDmscodeind                         X509TRUSTOBJECTSIGN\nNIDmsctlsign                         X509TRUSTOCSPREQUEST\nNIDmsefs                              X509TRUSTOCSPSIGN\nNIDmsextreq                          X509TRUSTSSLCLIENT\nNIDmssgc                              X509TRUSTSSLSERVER\nNIDname                                X509TRUSTTSA\nNIDnetscape                            X509VERRAKIDISSUERSERIALMISMATCH\nNIDnetscapebaseurl                   X509VERRAKIDSKIDMISMATCH\nNIDnetscapecapolicyurl              X509VERRAPPLICATIONVERIFICATION\nNIDnetscapecarevocationurl          X509VERRCAKEYTOOSMALL\nNIDnetscapecertextension             X509VERRCAMDTOOWEAK\nNIDnetscapecertsequence              X509VERRCERTCHAINTOOLONG\nNIDnetscapecerttype                  X509VERRCERTHASEXPIRED\nNIDnetscapecomment                    X509VERRCERTNOTYETVALID\nNIDnetscapedatatype                  X509VERRCERTREJECTED\nNIDnetscaperenewalurl                X509VERRCERTREVOKED\nNIDnetscaperevocationurl             X509VERRCERTSIGNATUREFAILURE\nNIDnetscapesslservername            X509VERRCERTUNTRUSTED\nNIDnssgc                              X509VERRCRLHASEXPIRED\nNIDorganizationName                    X509VERRCRLNOTYETVALID\nNIDorganizationalUnitName              X509VERRCRLPATHVALIDATIONERROR\nNIDpbeWithMD2AndDESCBC                X509VERRCRLSIGNATUREFAILURE\nNIDpbeWithMD2AndRC2CBC                X509VERRDANENOMATCH\nNIDpbeWithMD5AndCast5CBC              X509VERRDEPTHZEROSELFSIGNEDCERT\nNIDpbeWithMD5AndDESCBC                X509VERRDIFFERENTCRLSCOPE\nNIDpbeWithMD5AndRC2CBC                X509VERREEKEYTOOSMALL\nNIDpbeWithSHA1AndDESCBC               X509VERREMAILMISMATCH\nNIDpbeWithSHA1AndRC2CBC               X509VERRERRORINCERTNOTAFTERFIELD\nNIDpbeWithSHA1And128BitRC2CBC        X509VERRERRORINCERTNOTBEFOREFIELD\nNIDpbeWithSHA1And128BitRC4            X509VERRERRORINCRLLASTUPDATEFIELD\nNIDpbeWithSHA1And2KeyTripleDESCBC  X509VERRERRORINCRLNEXTUPDATEFIELD\nNIDpbeWithSHA1And3KeyTripleDESCBC  X509VERREXCLUDEDVIOLATION\nNIDpbeWithSHA1And40BitRC2CBC         X509VERRHOSTNAMEMISMATCH\nNIDpbeWithSHA1And40BitRC4             X509VERRINVALIDCA\nNIDpbes2                               X509VERRINVALIDCALL\nNIDpbmac1                              X509VERRINVALIDEXTENSION\nNIDpkcs                                X509VERRINVALIDNONCA\nNIDpkcs3                               X509VERRINVALIDPOLICYEXTENSION\nNIDpkcs7                               X509VERRINVALIDPURPOSE\nNIDpkcs7data                          X509VERRIPADDRESSMISMATCH\nNIDpkcs7digest                        X509VERRKEYUSAGENOCERTSIGN\nNIDpkcs7encrypted                     X509VERRKEYUSAGENOCRLSIGN\nNIDpkcs7enveloped                     X509VERRKEYUSAGENODIGITALSIGNATURE\nNIDpkcs7signed                        X509VERRNOEXPLICITPOLICY\nNIDpkcs7signedAndEnveloped            X509VERRNOVALIDSCTS\nNIDpkcs8ShroudedKeyBag                 X509VERROCSPCERTUNKNOWN\nNIDpkcs9                               X509VERROCSPVERIFYFAILED\nNIDpkcs9challengePassword             X509VERROCSPVERIFYNEEDED\nNIDpkcs9contentType                   X509VERROUTOFMEM\nNIDpkcs9countersignature              X509VERRPATHLENGTHEXCEEDED\nNIDpkcs9emailAddress                  X509VERRPATHLOOP\nNIDpkcs9extCertAttributes             X509VERRPERMITTEDVIOLATION\nNIDpkcs9messageDigest                 X509VERRPROXYCERTIFICATESNOTALLOWED\nNIDpkcs9signingTime                   X509VERRPROXYPATHLENGTHEXCEEDED\nNIDpkcs9unstructuredAddress           X509VERRPROXYSUBJECTNAMEVIOLATION\nNIDpkcs9unstructuredName              X509VERRSELFSIGNEDCERTINCHAIN\nNIDprivatekeyusageperiod            X509VERRSTORELOOKUP\nNIDrc240cbc                          X509VERRSUBJECTISSUERMISMATCH\nNIDrc264cbc                          X509VERRSUBTREEMINMAX\nNIDrc2cbc                             X509VERRSUITEBCANNOTSIGNP384WITHP256\nNIDrc2cfb64                           X509VERRSUITEBINVALIDALGORITHM\nNIDrc2ecb                             X509VERRSUITEBINVALIDCURVE\nNIDrc2ofb64                           X509VERRSUITEBINVALIDSIGNATUREALGORITHM\nNIDrc4                                 X509VERRSUITEBINVALIDVERSION\nNIDrc440                              X509VERRSUITEBLOSNOTALLOWED\nNIDrc5cbc                             X509VERRUNABLETODECODEISSUERPUBLICKEY\nNIDrc5cfb64                           X509VERRUNABLETODECRYPTCERTSIGNATURE\nNIDrc5ecb                             X509VERRUNABLETODECRYPTCRLSIGNATURE\nNIDrc5ofb64                           X509VERRUNABLETOGETCRL\nNIDripemd160                           X509VERRUNABLETOGETCRLISSUER\nNIDripemd160WithRSA                    X509VERRUNABLETOGETISSUERCERT\nNIDrlecompression                     X509VERRUNABLETOGETISSUERCERTLOCALLY\nNIDrsa                                 X509VERRUNABLETOVERIFYLEAFSIGNATURE\nNIDrsaEncryption                       X509VERRUNHANDLEDCRITICALCRLEXTENSION\nNIDrsadsi                              X509VERRUNHANDLEDCRITICALEXTENSION\nNIDsafeContentsBag                     X509VERRUNNESTEDRESOURCE\nNIDsdsiCertificate                     X509VERRUNSPECIFIED\nNIDsecretBag                           X509VERRUNSUPPORTEDCONSTRAINTSYNTAX\nNIDserialNumber                        X509VERRUNSUPPORTEDCONSTRAINTTYPE\nNIDserverauth                         X509VERRUNSUPPORTEDEXTENSIONFEATURE\nNIDsha                                 X509VERRUNSUPPORTEDNAMESYNTAX\nNIDsha1                                X509VFLAGALLOWPROXYCERTS\nNIDsha1WithRSA                         X509VFLAGCBISSUERCHECK\nNIDsha1WithRSAEncryption               X509VFLAGCHECKSSSIGNATURE\nNIDshaWithRSAEncryption                X509VFLAGCRLCHECK\nNIDstateOrProvinceName                 X509VFLAGCRLCHECKALL\nNIDsubjectaltname                    X509VFLAGEXPLICITPOLICY\nNIDsubjectkeyidentifier              X509VFLAGEXTENDEDCRLSUPPORT\nNIDsurname                             X509VFLAGIGNORECRITICAL\nNIDsxnet                               X509VFLAGINHIBITANY\nNIDtimestamp                          X509VFLAGINHIBITMAP\nNIDtitle                               X509VFLAGLEGACYVERIFY\nNIDundef                               X509VFLAGNOTIFYPOLICY\nNIDuniqueIdentifier                    X509VFLAGNOALTCHAINS\nNIDx509Certificate                     X509VFLAGNOCHECKTIME\nNIDx509Crl                             X509VFLAGPARTIALCHAIN\nNIDzlibcompression                    X509VFLAGPOLICYCHECK\nNOTHING                                 X509VFLAGPOLICYMASK\nOCSPRESPONSESTATUSINTERNALERROR      X509VFLAGSUITEB128LOS\nOCSPRESPONSESTATUSMALFORMEDREQUEST   X509VFLAGSUITEB128LOSONLY\nOCSPRESPONSESTATUSSIGREQUIRED        X509VFLAGSUITEB192LOS\nOCSPRESPONSESTATUSSUCCESSFUL         X509VFLAGTRUSTEDFIRST\nOCSPRESPONSESTATUSTRYLATER           X509VFLAGUSECHECKTIME\nOCSPRESPONSESTATUSUNAUTHORIZED       X509VFLAGUSEDELTAS\nOPENSSLBUILTON                        X509VFLAGX509STRICT\nOPENSSLCFLAGS                          X509VOK\nOPENSSLCPUINFO                        XNFLAGCOMPAT\nOPENSSLDIR                             XNFLAGDNREV\nOPENSSLENGINESDIR                     XNFLAGDUMPUNKNOWNFIELDS\nOPENSSLFULLVERSIONSTRING             XNFLAGFNALIGN\nOPENSSLINFOCONFIGDIR                 XNFLAGFNLN\nOPENSSLINFOCPUSETTINGS               XNFLAGFNMASK\nOPENSSLINFODIRFILENAMESEPARATOR     XNFLAGFNNONE\nOPENSSLINFODSOEXTENSION              XNFLAGFNOID\nOPENSSLINFOENGINESDIR                XNFLAGFNSN\nOPENSSLINFOLISTSEPARATOR             XNFLAGMULTILINE\nOPENSSLINFOMODULESDIR                XNFLAGONELINE\nOPENSSLINFOSEEDSOURCE                XNFLAGRFC2253\nOPENSSLMODULESDIR                     XNFLAGSEPCOMMAPLUS\nOPENSSLPLATFORM                        XNFLAGSEPCPLUSSPC\nOPENSSLVERSION                         XNFLAGSEPMASK\nOPENSSLVERSIONMAJOR                   XNFLAGSEPMULTILINE\nOPENSSLVERSIONMINOR                   XNFLAGSEPSPLUSSPC\nOPENSSLVERSIONNUMBER                  XNFLAGSPCEQ\nOPENSSLVERSIONPATCH\n\nINTERNAL ONLY functions (do not use these)\nThe following functions are not intended for use from outside of Net::SSLeay module. They might\nbe removed, renamed or changed without prior notice in future version.\n\nSimply DO NOT USE THEM!\n\n*   hello\n\n*   blength\n\n*   constant\n\n### EXAMPLES\n\nOne very good example to look at is the implementation of \"sslcat()\" in the \"SSLeay.pm\" file.\n\nThe following is a simple SSLeay client (with too little error checking :-(\n\n#!/usr/bin/perl\nuse Socket;\nuse Net::SSLeay qw(dienow dieifsslerror) ;\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\n($destserv, $port, $msg) = @ARGV;      # Read command line\n$port = getservbyname ($port, 'tcp') unless $port =~ /^\\d+$/;\n$destip = gethostbyname ($destserv);\n$destservparams  = sockaddrin($port, $destip);\n\nsocket  (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";\nconnect (S, $destservparams)          or die \"connect: $!\";\nselect  (S); $| = 1; select (STDOUT);   # Eliminate STDIO buffering\n\n# The network connection is now open, lets fire up SSL\n\n$ctx = Net::SSLeay::CTXnew() or dienow(\"Failed to create SSLCTX $!\");\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n$ssl = Net::SSLeay::new($ctx) or dienow(\"Failed to create SSL $!\");\nNet::SSLeay::setfd($ssl, fileno(S));   # Must use fileno\n$res = Net::SSLeay::connect($ssl) and dieifsslerror(\"ssl connect\");\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n# Exchange data\n\n$res = Net::SSLeay::write($ssl, $msg);  # Perl knows how long $msg is\ndieifsslerror(\"ssl write\");\nCORE::shutdown S, 1;  # Half close --> No more output, sends EOF to server\n$got = Net::SSLeay::read($ssl);         # Perl returns undef on failure\ndieifsslerror(\"ssl read\");\nprint $got;\n\nNet::SSLeay::free ($ssl);               # Tear down connection\nNet::SSLeay::CTXfree ($ctx);\nclose S;\n\nThe following is a simple SSLeay echo server (non forking):\n\n#!/usr/bin/perl -w\nuse Socket;\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\n$ourip = \"\\0\\0\\0\\0\"; # Bind to all interfaces\n$port = 1235;\n$sockaddrtemplate = 'S n a4 x8';\n$ourservparams = pack ($sockaddrtemplate, &AFINET, $port, $ourip);\n\nsocket (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";\nbind (S, $ourservparams)             or die \"bind:   $!\";\nlisten (S, 5)                          or die \"listen: $!\";\n$ctx = Net::SSLeay::CTXnew ()         or dienow(\"CTXnew ($ctx): $!\");\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n\n# Following will ask password unless private key is not encrypted\nNet::SSLeay::CTXuseRSAPrivateKeyfile ($ctx, 'plain-rsa.pem',\n&Net::SSLeay::FILETYPEPEM);\ndieifsslerror(\"private key\");\nNet::SSLeay::CTXusecertificatefile ($ctx, 'plain-cert.pem',\n&Net::SSLeay::FILETYPEPEM);\ndieifsslerror(\"certificate\");\n\nwhile (1) {\nprint \"Accepting connections...\\n\";\n($addr = accept (NS, S))           or die \"accept: $!\";\nselect (NS); $| = 1; select (STDOUT);  # Piping hot!\n\n($af,$clientport,$clientip) = unpack($sockaddrtemplate,$addr);\n@inetaddr = unpack('C4',$clientip);\nprint \"$af connection from \" .\njoin ('.', @inetaddr) . \":$clientport\\n\";\n\n# We now have a network connection, lets fire up SSLeay...\n\n$ssl = Net::SSLeay::new($ctx)      or dienow(\"SSLnew ($ssl): $!\");\nNet::SSLeay::setfd($ssl, fileno(NS));\n\n$err = Net::SSLeay::accept($ssl) and dieifsslerror('ssl accept');\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n# Connected. Exchange some data.\n\n$got = Net::SSLeay::read($ssl);     # Returns undef on fail\ndieifsslerror(\"ssl read\");\nprint \"Got `$got' (\" . length ($got) . \" chars)\\n\";\n\nNet::SSLeay::write ($ssl, uc ($got)) or die \"write: $!\";\ndieifsslerror(\"ssl write\");\n\nNet::SSLeay::free ($ssl);           # Tear down connection\nclose NS;\n}\n\nYet another echo server. This one runs from \"/etc/inetd.conf\" so it avoids all the socket code\noverhead. Only caveat is opening an rsa key file - it had better be without any encryption or\nelse it will not know where to ask for the password. Note how \"STDIN\" and \"STDOUT\" are wired to\nSSL.\n\n#!/usr/bin/perl\n# /etc/inetd.conf\n#    ssltst stream tcp nowait root /path/to/server.pl server.pl\n# /etc/services\n#    ssltst         1234/tcp\n\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nchdir '/key/dir' or die \"chdir: $!\";\n$| = 1;  # Piping hot!\nopen LOG, \">>/dev/console\" or die \"Can't open log file $!\";\nselect LOG; print \"server.pl started\\n\";\n\n$ctx = Net::SSLeay::CTXnew()     or dienow \"CTXnew ($ctx) ($!)\";\n$ssl = Net::SSLeay::new($ctx)     or dienow \"new ($ssl) ($!)\";\nNet::SSLeay::setoptions($ssl, &Net::SSLeay::OPALL)\nand dieifsslerror(\"ssl set options\");\n\n# We get already open network connection from inetd, now we just\n# need to attach SSLeay to STDIN and STDOUT\nNet::SSLeay::setrfd($ssl, fileno(STDIN));\nNet::SSLeay::setwfd($ssl, fileno(STDOUT));\n\nNet::SSLeay::useRSAPrivateKeyfile ($ssl, 'plain-rsa.pem',\nNet::SSLeay::FILETYPEPEM);\ndieifsslerror(\"private key\");\nNet::SSLeay::usecertificatefile ($ssl, 'plain-cert.pem',\nNet::SSLeay::FILETYPEPEM);\ndieifsslerror(\"certificate\");\n\nNet::SSLeay::accept($ssl) and dieifsslerr(\"ssl accept: $!\");\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n$got = Net::SSLeay::read($ssl);\ndieifsslerror(\"ssl read\");\nprint \"Got `$got' (\" . length ($got) . \" chars)\\n\";\n\nNet::SSLeay::write ($ssl, uc($got)) or die \"write: $!\";\ndieifsslerror(\"ssl write\");\n\nNet::SSLeay::free ($ssl);         # Tear down the connection\nNet::SSLeay::CTXfree ($ctx);\nclose LOG;\n\nThere are also a number of example/test programs in the examples directory:\n\nsslecho.pl   -  A simple server, not unlike the one above\nminicli.pl   -  Implements a client using low level SSLeay routines\nsslcat.pl    -  Demonstrates using high level sslcat utility function\ngetpage.pl  -  Is a utility for getting html pages from secure servers\ncallback.pl  -  Demonstrates certificate verification and callback usage\nstdiobulk.pl       - Does SSL over Unix pipes\nssl-inetd-serv.pl   - SSL server that can be invoked from inetd.conf\nhttpd-proxy-snif.pl - Utility that allows you to see how a browser\nsends https request to given server and what reply\nit gets back (very educative :-)\nmakecert.pl  -  Creates a self signed cert (does not use this module)\n\n### INSTALLATION\n\nSee README and README.* in the distribution directory for installation guidance on a variety of\nplatforms.\n\n### LIMITATIONS\n\n\"Net::SSLeay::read()\" uses an internal buffer of 32KB, thus no single read will return more. In\npractice one read returns much less, usually as much as fits in one network packet. To work\naround this, you should use a loop like this:\n\n$reply = '';\nwhile ($got = Net::SSLeay::read($ssl)) {\nlast if printerrs('SSLread');\n$reply .= $got;\n}\n\nAlthough there is no built-in limit in \"Net::SSLeay::write()\", the network packet size\nlimitation applies here as well, thus use:\n\n$written = 0;\n\nwhile ($written < length($message)) {\n$written += Net::SSLeay::write($ssl, substr($message, $written));\nlast if printerrs('SSLwrite');\n}\n\nOr alternatively you can just use the following convenience functions:\n\nNet::SSLeay::sslwriteall($ssl, $message) or die \"ssl write failure\";\n$got = Net::SSLeay::sslreadall($ssl) or die \"ssl read failure\";\n\n### KNOWN BUGS AND CAVEATS\n\nLibreSSL versions in the 3.1 - 3.3 series contain a TLS 1.3 implementation that is not fully\ncompatible with the libssl API, but is still advertised during protocol auto-negotiation. If you\nencounter problems or unexpected behaviour with SSL or SSLCTX objects whose protocol version\nwas automatically negotiated and libssl is provided by any of these versions of LibreSSL, it\ncould be because the peers negotiated to use TLS 1.3 - try setting the maximum protocol version\nto TLS 1.2 (via \"Net::SSLeay::setmaxprotoversion()\" or\n\"Net::SSLeay::CTXsetmaxprotoversion()\") before establishing the connection. The first stable\nLibreSSL version with a fully libssl-compatible TLS 1.3 implementation is 3.4.1.\n\nAn OpenSSL bug CVE-2015-0290 \"OpenSSL Multiblock Corrupted Pointer Issue\" can cause POST\nrequests of over 90kB to fail or crash. This bug is reported to be fixed in OpenSSL 1.0.2a.\n\nAutoloader emits a\n\nArgument \"xxx\" isn't numeric in entersub at blib/lib/Net/SSLeay.pm'\n\nwarning if dieifsslerror is made autoloadable. If you figure out why, drop me a line.\n\nCallback set using \"SSLsetverify()\" does not appear to work. This may well be an openssl\nproblem (e.g. see \"ssl/ssllib.c\" line 1029). Try using \"SSLCTXsetverify()\" instead and do\nnot be surprised if even this stops working in future versions.\n\nCallback and certificate verification stuff is generally too little tested.\n\nRandom numbers are not initialized randomly enough, especially if you do not have \"/dev/random\"\nand/or \"/dev/urandom\" (such as in Solaris platforms - but it's been suggested that cryptorand\ndaemon from the SUNski package solves this). In this case you should investigate third party\nsoftware that can emulate these devices, e.g. by way of a named pipe to some program.\n\nAnother gotcha with random number initialization is randomness depletion. This phenomenon, which\nhas been extensively discussed in OpenSSL, Apache-SSL, and Apache-modssl forums, can cause your\nscript to block if you use \"/dev/random\" or to operate insecurely if you use \"/dev/urandom\".\nWhat happens is that when too much randomness is drawn from the operating system's randomness\npool then randomness can temporarily be unavailable. \"/dev/random\" solves this problem by\nwaiting until enough randomness can be gathered - and this can take a long time since blocking\nreduces activity in the machine and less activity provides less random events: a vicious circle.\n\"/dev/urandom\" solves this dilemma more pragmatically by simply returning predictable \"random\"\nnumbers. Some\" /dev/urandom\" emulation software however actually seems to implement\n\"/dev/random\" semantics. Caveat emptor.\n\nI've been pointed to two such daemons by Mik Firestone <mik@@speed.stdio.com> who has used them\non Solaris 8:\n\n1   Entropy Gathering Daemon (EGD) at <http://www.lothar.com/tech/crypto/>\n\n2   Pseudo-random number generating daemon (PRNGD) at\n<http://www.aet.tu-cottbus.de/personen/jaenicke/postfixtls/prngd.html>\n\nIf you are using the low level API functions to communicate with other SSL implementations, you\nwould do well to call\n\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n\nto cope with some well know bugs in some other SSL implementations. The high level API functions\nalways set all known compatibility options.\n\nSometimes \"sslcat()\" (and the high level HTTPS functions that build on it) is too fast in\nsignaling the EOF to legacy HTTPS servers. This causes the server to return empty page. To work\naround this problem you can set the global variable\n\n$Net::SSLeay::slowly = 1;   # Add sleep so broken servers can keep up\n\nHTTP/1.1 is not supported. Specifically this module does not know to issue or serve multiple\nhttp requests per connection. This is a serious shortcoming, but using the SSL session cache on\nyour server helps to alleviate the CPU load somewhat.\n\nAs of version 1.09 many newer OpenSSL auxiliary functions were added (from\n\"REMAUTOMATICALLYGENERATED109\" onwards in \"SSLeay.xs\"). Unfortunately I have not had any\nopportunity to test these. Some of them are trivial enough that I believe they \"just work\", but\nothers have rather complex interfaces with function pointers and all. In these cases you should\nproceed wit great caution.\n\nThis module defaults to using OpenSSL automatic protocol negotiation code for automatically\ndetecting the version of the SSL/TLS protocol that the other end talks. With most web servers\nthis works just fine, but once in a while I get complaints from people that the module does not\nwork with some web servers. Usually this can be solved by explicitly setting the protocol\nversion, e.g.\n\n$Net::SSLeay::sslversion = 2;  # Insist on SSLv2\n$Net::SSLeay::sslversion = 3;  # Insist on SSLv3\n$Net::SSLeay::sslversion = 10; # Insist on TLSv1\n$Net::SSLeay::sslversion = 11; # Insist on TLSv1.1\n$Net::SSLeay::sslversion = 12; # Insist on TLSv1.2\n$Net::SSLeay::sslversion = 13; # Insist on TLSv1.3\n\nAlthough the autonegotiation is nice to have, the SSL standards do not formally specify any such\nmechanism. Most of the world has accepted the SSLeay/OpenSSL way of doing it as the de facto\nstandard. But for the few that think differently, you have to explicitly speak the correct\nversion. This is not really a bug, but rather a deficiency in the standards. If a site refuses\nto respond or sends back some nonsensical error codes (at the SSL handshake level), try this\noption before mailing me.\n\nOn some systems, OpenSSL may be compiled without support for SSLv2. If this is the case,\nNet::SSLeay will warn if sslversion has been set to 2.\n\nThe high level API returns the certificate of the peer, thus allowing one to check what\ncertificate was supplied. However, you will only be able to check the certificate after the\nfact, i.e. you already sent your form data by the time you find out that you did not trust them,\noops.\n\nSo, while being able to know the certificate after the fact is surely useful, the security\nminded would still choose to do the connection and certificate verification first and only then\nexchange data with the site. Currently none of the high level API functions do this, thus you\nwould have to program it using the low level API. A good place to start is to see how the\n\"Net::SSLeay::httpcat()\" function is implemented.\n\nThe high level API functions use a global file handle \"SSLCATS\" internally. This really should\nnot be a problem because there is no way to interleave the high level API functions, unless you\nuse threads (but threads are not very well supported in perl anyway). However, you may run into\nproblems if you call undocumented internal functions in an interleaved fashion. The best\nsolution is to \"require Net::SSLeay\" in one thread after all the threads have been created.\n\n### DIAGNOSTICS\n\nRandom number generator not seeded!!!\n(W) This warning indicates that \"randomize()\" was not able to read \"/dev/random\" or\n\"/dev/urandom\", possibly because your system does not have them or they are differently\nnamed. You can still use SSL, but the encryption will not be as strong.\n\nopentcpconnection: destination host not found:`server' (port 123) ($!)\nName lookup for host named \"server\" failed.\n\nopentcpconnection: failed `server', 123 ($!)\nThe name was resolved, but establishing the TCP connection failed.\n\nmsg 123: 1 - error:140770F8:SSL routines:SSL23GETSERVERHELLO:unknown proto\nSSLeay error string. The first number (123) is the PID, the second number (1) indicates the\nposition of the error message in SSLeay error stack. You often see a pile of these messages\nas errors cascade.\n\nmsg 123: 1 - error:02001002::lib(2) :func(1) :reason(2)\nThe same as above, but you didn't call loaderrorstrings() so SSLeay couldn't verbosely\nexplain the error. You can still find out what it means with this command:\n\n/usr/local/ssl/bin/ssleay errstr 02001002\n\nPassword is being asked for private key\nThis is normal behaviour if your private key is encrypted. Either you have to supply the\npassword or you have to use an unencrypted private key. Scan OpenSSL.org for the FAQ that\nexplains how to do this (or just study examples/makecert.pl which is used during \"make test\"\nto do just that).\n\n### SECURITY\n\nYou can mitigate some of the security vulnerabilities that might be present in your SSL/TLS\napplication:\n\nBEAST Attack\nhttp://blogs.cisco.com/security/beat-the-beast-with-tls/\nhttps://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls\nhttp://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html\n\nThe BEAST attack relies on a weakness in the way CBC mode is used in SSL/TLS. In OpenSSL\nversions 0.9.6d and later, the protocol-level mitigation is enabled by default, thus making it\nnot vulnerable to the BEAST attack.\n\nSolutions:\n\n*   Compile with OpenSSL versions 0.9.6d or later, which enables SSLOPALL by default\n\n*   Ensure SSLOPDONTINSERTEMPTYFRAGMENTS is not enabled (its not enabled by default)\n\n*   Don't support SSLv2, SSLv3\n\n*   Actively control the ciphers your server supports with setcipherlist:\n\nNet::SSLeay::setcipherlist($ssl, 'RC4-SHA:HIGH:!ADH');\n\n#### Session Resumption\n\nhttp://www.openssl.org/docs/ssl/SSLCTXsetoptions.html\n\nThe SSL Labs vulnerability test on your SSL server might report in red:\n\nSession resumption No (IDs assigned but not accepted)\n\nThis report is not really bug or a vulnerability, since the server will not accept session\nresumption requests. However, you can prevent this noise in the report by disabling the session\ncache altogether: Net::SSLeay::CTXsetsessioncachemode($sslctx,\nNet::SSLeay::SESSCACHEOFF()); Use 0 if you don't have SESSCACHEOFF constant.\n\n#### Secure Renegotiation and DoS Attack\n\nhttps://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-servi\nce-attacks\n\nThis is not a \"security flaw,\" it is more of a DoS vulnerability.\n\nSolutions:\n\n*   Do not support SSLv2\n\n*   Do not set the SSLOPALLOWUNSAFELEGACYRENEGOTIATION option\n\n*   Compile with OpenSSL 0.9.8m or later\n\n### BUGS\n\nIf you encounter a problem with this module that you believe is a bug, please create a new issue\n<https://github.com/radiator-software/p5-net-ssleay/issues/new> in the Net-SSLeay GitHub\nrepository. Please make sure your bug report includes the following information:\n\n*   the code you are trying to run;\n\n*   your operating system name and version;\n\n*   the output of \"perl -V\";\n\n*   the version of OpenSSL or LibreSSL you are using.\n\n### AUTHOR\n\nOriginally written by Sampo Kellomäki.\n\nMaintained by Florian Ragwitz between November 2005 and January 2010.\n\nMaintained by Mike McCauley between November 2005 and June 2018.\n\nMaintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen since June 2018.\n\n### COPYRIGHT\n\nCopyright (c) 1996-2003 Sampo Kellomäki <sampo@iki.fi>\n\nCopyright (c) 2005-2010 Florian Ragwitz <rafl@debian.org>\n\nCopyright (c) 2005-2018 Mike McCauley <mikem@airspayce.com>\n\nCopyright (c) 2018- Chris Novakovic <chris@chrisn.me.uk>\n\nCopyright (c) 2018- Tuure Vartiainen <vartiait@radiatorsoftware.com>\n\nCopyright (c) 2018- Heikki Vatiainen <hvn@radiatorsoftware.com>\n\nAll rights reserved.\n\n### LICENSE\n\nThis module is released under the terms of the Artistic License 2.0. For details, see the\n\"LICENSE\" file distributed with Net-SSLeay's source code.\n\n### SEE ALSO\n\nNet::SSLeay::Handle                      - File handle interface\n./examples                               - Example servers and a clients\n<http://www.openssl.org/>                - OpenSSL source, documentation, etc\nopenssl-users-request@openssl.org        - General OpenSSL mailing list\n<http://www.ietf.org/rfc/rfc2246.txt>    - TLS 1.0 specification\n<http://www.w3c.org>                     - HTTP specifications\n<http://www.ietf.org/rfc/rfc2617.txt>    - How to send password\n<http://www.lothar.com/tech/crypto/>     - Entropy Gathering Daemon (EGD)\n<http://www.aet.tu-cottbus.de/personen/jaenicke/postfixtls/prngd.html>\n- pseudo-random number generating daemon (PRNGD)\nperl(1)\nperlref(1)\nperllol(1)\nperldoc ~openssl/doc/ssl/SSLCTXsetverify.pod\n\n"
        }
    ],
    "structuredContent": {
        "command": "Net::SSLeay",
        "section": "",
        "mode": "perldoc",
        "summary": "Net::SSLeay - Perl bindings for OpenSSL and LibreSSL",
        "synopsis": "use Net::SSLeay qw(gethttps posthttps sslcat makeheaders makeform);\n($page) = gethttps('www.bacus.pt', 443, '/');                 # Case 1\n($page, $response, %replyheaders)\n= gethttps('www.bacus.pt', 443, '/',                   # Case 2\nmakeheaders(User-Agent => 'Cryptozilla/5.0b1',\nReferer    => 'https://www.bacus.pt'\n));\n($page, $result, %headers) =                                   # Case 2b\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi', '',       # Case 3\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n$reply = sslcat($host, $port, $request);                       # Case 4\n($reply, $err, $servercert) = sslcat($host, $port, $request); # Case 5\n$Net::SSLeay::trace = 2;  # 0=no debugging, 1=ciphers, 2=trace, 3=dump data\nNet::SSLeay::initialize(); # Initialize ssl library once",
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [],
        "examples": [
            "One very good example to look at is the implementation of \"sslcat()\" in the \"SSLeay.pm\" file.",
            "The following is a simple SSLeay client (with too little error checking :-(",
            "#!/usr/bin/perl",
            "use Socket;",
            "use Net::SSLeay qw(dienow dieifsslerror) ;",
            "Net::SSLeay::loaderrorstrings();",
            "Net::SSLeay::SSLeayaddsslalgorithms();",
            "Net::SSLeay::randomize();",
            "($destserv, $port, $msg) = @ARGV;      # Read command line",
            "$port = getservbyname ($port, 'tcp') unless $port =~ /^\\d+$/;",
            "$destip = gethostbyname ($destserv);",
            "$destservparams  = sockaddrin($port, $destip);",
            "socket  (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";",
            "connect (S, $destservparams)          or die \"connect: $!\";",
            "select  (S); $| = 1; select (STDOUT);   # Eliminate STDIO buffering",
            "# The network connection is now open, lets fire up SSL",
            "$ctx = Net::SSLeay::CTXnew() or dienow(\"Failed to create SSLCTX $!\");",
            "Net::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)",
            "or dieifsslerror(\"ssl ctx set options\");",
            "$ssl = Net::SSLeay::new($ctx) or dienow(\"Failed to create SSL $!\");",
            "Net::SSLeay::setfd($ssl, fileno(S));   # Must use fileno",
            "$res = Net::SSLeay::connect($ssl) and dieifsslerror(\"ssl connect\");",
            "print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";",
            "# Exchange data",
            "$res = Net::SSLeay::write($ssl, $msg);  # Perl knows how long $msg is",
            "dieifsslerror(\"ssl write\");",
            "CORE::shutdown S, 1;  # Half close --> No more output, sends EOF to server",
            "$got = Net::SSLeay::read($ssl);         # Perl returns undef on failure",
            "dieifsslerror(\"ssl read\");",
            "print $got;",
            "Net::SSLeay::free ($ssl);               # Tear down connection",
            "Net::SSLeay::CTXfree ($ctx);",
            "close S;",
            "The following is a simple SSLeay echo server (non forking):",
            "#!/usr/bin/perl -w",
            "use Socket;",
            "use Net::SSLeay qw(dienow dieifsslerror);",
            "Net::SSLeay::loaderrorstrings();",
            "Net::SSLeay::SSLeayaddsslalgorithms();",
            "Net::SSLeay::randomize();",
            "$ourip = \"\\0\\0\\0\\0\"; # Bind to all interfaces",
            "$port = 1235;",
            "$sockaddrtemplate = 'S n a4 x8';",
            "$ourservparams = pack ($sockaddrtemplate, &AFINET, $port, $ourip);",
            "socket (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";",
            "bind (S, $ourservparams)             or die \"bind:   $!\";",
            "listen (S, 5)                          or die \"listen: $!\";",
            "$ctx = Net::SSLeay::CTXnew ()         or dienow(\"CTXnew ($ctx): $!\");",
            "Net::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)",
            "or dieifsslerror(\"ssl ctx set options\");",
            "# Following will ask password unless private key is not encrypted",
            "Net::SSLeay::CTXuseRSAPrivateKeyfile ($ctx, 'plain-rsa.pem',",
            "&Net::SSLeay::FILETYPEPEM);",
            "dieifsslerror(\"private key\");",
            "Net::SSLeay::CTXusecertificatefile ($ctx, 'plain-cert.pem',",
            "&Net::SSLeay::FILETYPEPEM);",
            "dieifsslerror(\"certificate\");",
            "while (1) {",
            "print \"Accepting connections...\\n\";",
            "($addr = accept (NS, S))           or die \"accept: $!\";",
            "select (NS); $| = 1; select (STDOUT);  # Piping hot!",
            "($af,$clientport,$clientip) = unpack($sockaddrtemplate,$addr);",
            "@inetaddr = unpack('C4',$clientip);",
            "print \"$af connection from \" .",
            "join ('.', @inetaddr) . \":$clientport\\n\";",
            "# We now have a network connection, lets fire up SSLeay...",
            "$ssl = Net::SSLeay::new($ctx)      or dienow(\"SSLnew ($ssl): $!\");",
            "Net::SSLeay::setfd($ssl, fileno(NS));",
            "$err = Net::SSLeay::accept($ssl) and dieifsslerror('ssl accept');",
            "print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";",
            "# Connected. Exchange some data.",
            "$got = Net::SSLeay::read($ssl);     # Returns undef on fail",
            "dieifsslerror(\"ssl read\");",
            "print \"Got `$got' (\" . length ($got) . \" chars)\\n\";",
            "Net::SSLeay::write ($ssl, uc ($got)) or die \"write: $!\";",
            "dieifsslerror(\"ssl write\");",
            "Net::SSLeay::free ($ssl);           # Tear down connection",
            "close NS;",
            "Yet another echo server. This one runs from \"/etc/inetd.conf\" so it avoids all the socket code",
            "overhead. Only caveat is opening an rsa key file - it had better be without any encryption or",
            "else it will not know where to ask for the password. Note how \"STDIN\" and \"STDOUT\" are wired to",
            "SSL.",
            "#!/usr/bin/perl",
            "# /etc/inetd.conf",
            "#    ssltst stream tcp nowait root /path/to/server.pl server.pl",
            "# /etc/services",
            "#    ssltst         1234/tcp",
            "use Net::SSLeay qw(dienow dieifsslerror);",
            "Net::SSLeay::loaderrorstrings();",
            "Net::SSLeay::SSLeayaddsslalgorithms();",
            "Net::SSLeay::randomize();",
            "chdir '/key/dir' or die \"chdir: $!\";",
            "$| = 1;  # Piping hot!",
            "open LOG, \">>/dev/console\" or die \"Can't open log file $!\";",
            "select LOG; print \"server.pl started\\n\";",
            "$ctx = Net::SSLeay::CTXnew()     or dienow \"CTXnew ($ctx) ($!)\";",
            "$ssl = Net::SSLeay::new($ctx)     or dienow \"new ($ssl) ($!)\";",
            "Net::SSLeay::setoptions($ssl, &Net::SSLeay::OPALL)",
            "and dieifsslerror(\"ssl set options\");",
            "# We get already open network connection from inetd, now we just",
            "# need to attach SSLeay to STDIN and STDOUT",
            "Net::SSLeay::setrfd($ssl, fileno(STDIN));",
            "Net::SSLeay::setwfd($ssl, fileno(STDOUT));",
            "Net::SSLeay::useRSAPrivateKeyfile ($ssl, 'plain-rsa.pem',",
            "Net::SSLeay::FILETYPEPEM);",
            "dieifsslerror(\"private key\");",
            "Net::SSLeay::usecertificatefile ($ssl, 'plain-cert.pem',",
            "Net::SSLeay::FILETYPEPEM);",
            "dieifsslerror(\"certificate\");",
            "Net::SSLeay::accept($ssl) and dieifsslerr(\"ssl accept: $!\");",
            "print \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";",
            "$got = Net::SSLeay::read($ssl);",
            "dieifsslerror(\"ssl read\");",
            "print \"Got `$got' (\" . length ($got) . \" chars)\\n\";",
            "Net::SSLeay::write ($ssl, uc($got)) or die \"write: $!\";",
            "dieifsslerror(\"ssl write\");",
            "Net::SSLeay::free ($ssl);         # Tear down the connection",
            "Net::SSLeay::CTXfree ($ctx);",
            "close LOG;",
            "There are also a number of example/test programs in the examples directory:",
            "sslecho.pl   -  A simple server, not unlike the one above",
            "minicli.pl   -  Implements a client using low level SSLeay routines",
            "sslcat.pl    -  Demonstrates using high level sslcat utility function",
            "getpage.pl  -  Is a utility for getting html pages from secure servers",
            "callback.pl  -  Demonstrates certificate verification and callback usage",
            "stdiobulk.pl       - Does SSL over Unix pipes",
            "ssl-inetd-serv.pl   - SSL server that can be invoked from inetd.conf",
            "httpd-proxy-snif.pl - Utility that allows you to see how a browser",
            "sends https request to given server and what reply",
            "it gets back (very educative :-)",
            "makecert.pl  -  Creates a self signed cert (does not use this module)"
        ],
        "see_also": [
            {
                "name": "perl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/perl/1/json"
            },
            {
                "name": "perlref",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/perlref/1/json"
            },
            {
                "name": "perllol",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/perllol/1/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "SYNOPSIS",
                "lines": 30,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "COMPATIBILITY",
                "lines": 34,
                "subsections": []
            },
            {
                "name": "OVERVIEW",
                "lines": 11,
                "subsections": [
                    {
                        "name": "High level functions for accessing web servers",
                        "lines": 459
                    },
                    {
                        "name": "Using Net::SSLeay in multi-threaded applications",
                        "lines": 135
                    },
                    {
                        "name": "Convenience routines",
                        "lines": 59
                    },
                    {
                        "name": "Initialization",
                        "lines": 9
                    },
                    {
                        "name": "Error handling functions",
                        "lines": 22
                    },
                    {
                        "name": "Sockets",
                        "lines": 14
                    },
                    {
                        "name": "Callbacks",
                        "lines": 45
                    },
                    {
                        "name": "Low level API",
                        "lines": 8558
                    },
                    {
                        "name": "Constants",
                        "lines": 338
                    }
                ]
            },
            {
                "name": "EXAMPLES",
                "lines": 169,
                "subsections": []
            },
            {
                "name": "INSTALLATION",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "LIMITATIONS",
                "lines": 25,
                "subsections": []
            },
            {
                "name": "KNOWN BUGS AND CAVEATS",
                "lines": 113,
                "subsections": []
            },
            {
                "name": "DIAGNOSTICS",
                "lines": 28,
                "subsections": []
            },
            {
                "name": "SECURITY",
                "lines": 24,
                "subsections": [
                    {
                        "name": "Session Resumption",
                        "lines": 11
                    },
                    {
                        "name": "Secure Renegotiation and DoS Attack",
                        "lines": 13
                    }
                ]
            },
            {
                "name": "BUGS",
                "lines": 12,
                "subsections": []
            },
            {
                "name": "AUTHOR",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "COPYRIGHT",
                "lines": 14,
                "subsections": []
            },
            {
                "name": "LICENSE",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 15,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "Net::SSLeay - Perl bindings for OpenSSL and LibreSSL\n",
                "subsections": []
            },
            "SYNOPSIS": {
                "content": "use Net::SSLeay qw(gethttps posthttps sslcat makeheaders makeform);\n\n($page) = gethttps('www.bacus.pt', 443, '/');                 # Case 1\n\n($page, $response, %replyheaders)\n= gethttps('www.bacus.pt', 443, '/',                   # Case 2\nmakeheaders(User-Agent => 'Cryptozilla/5.0b1',\nReferer    => 'https://www.bacus.pt'\n));\n\n($page, $result, %headers) =                                   # Case 2b\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi', '',       # Case 3\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n\n$reply = sslcat($host, $port, $request);                       # Case 4\n\n($reply, $err, $servercert) = sslcat($host, $port, $request); # Case 5\n\n$Net::SSLeay::trace = 2;  # 0=no debugging, 1=ciphers, 2=trace, 3=dump data\n\nNet::SSLeay::initialize(); # Initialize ssl library once\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "This module provides Perl bindings for libssl (an SSL/TLS API) and libcrypto (a cryptography\nAPI).\n",
                "subsections": []
            },
            "COMPATIBILITY": {
                "content": "Net::SSLeay supports the following libssl implementations:\n\n*   Any stable release of OpenSSL <https://www.openssl.org> in the 0.9.8 - 3.0 branches, except\nfor OpenSSL 0.9.8 - 0.9.8b.\n\n*   Any stable release of LibreSSL <https://www.libressl.org> in the 2.0 - 3.4 series, except\nfor LibreSSL 3.2.2 and 3.2.3.\n\nNet::SSLeay may not function as expected with releases other than the ones listed above due to\nlibssl API incompatibilities, or, in the case of LibreSSL, because of deviations from the libssl\nAPI.\n\nNet::SSLeay is only as secure as the underlying libssl implementation you use. Although\nNet::SSLeay maintains compatibility with old versions of OpenSSL and LibreSSL, it is strongly\nrecommended that you use a version of OpenSSL or LibreSSL that is supported by the\nOpenSSL/LibreSSL developers and/or your operating system vendor. Many unsupported versions of\nOpenSSL and LibreSSL are known to contain severe security vulnerabilities. Refer to the OpenSSL\nRelease Strategy <https://www.openssl.org/policies/releasestrat.html> and LibreSSL Support\nSchedule <https://www.libressl.org/releases.html> for information on which versions are\ncurrently supported.\n\nThe libssl API has changed significantly since OpenSSL 0.9.8: hundreds of functions have been\nadded, deprecated or removed in the intervening versions. Although this documentation lists all\nof the functions and constants that Net::SSLeay may expose, they will not be available for use\nif they are missing from the underlying libssl implementation. Refer to the compatibility notes\nin this documentation, as well as the OpenSSL/LibreSSL manual pages, for information on which\nOpenSSL/LibreSSL versions support each function or constant. At run-time, you can check whether\na function or constant is exposed before calling it using the following convention:\n\nif ( defined &Net::SSLeay::libsslfunction ) {\n# libsslfunction() (or SSLlibsslfunction()) is available\nNet::SSLeay::libsslfunction(...);\n}\n",
                "subsections": []
            },
            "OVERVIEW": {
                "content": "Net::SSLeay module basically comprise of:\n\n*   High level functions for accessing web servers (by using HTTP/HTTPS)\n\n*   Low level API (mostly mapped 1:1 to openssl's C functions)\n\n*   Convenience functions (related to low level API but with more perl friendly interface)\n\nThere is also a related module called Net::SSLeay::Handle included in this distribution that you\nmight want to use instead. It has its own pod documentation.\n",
                "subsections": [
                    {
                        "name": "High level functions for accessing web servers",
                        "content": "This module offers some high level convenience functions for accessing web pages on SSL servers\n(for symmetry, the same API is offered for accessing http servers, too), an \"sslcat()\" function\nfor writing your own clients, and finally access to the SSL api of the SSLeay/OpenSSL package so\nyou can write servers or clients for more complicated applications.\n\nFor high level functions it is most convenient to import them into your main namespace as\nindicated in the synopsis.\n\nBasic set of functions\n*   gethttps\n\n*   posthttps\n\n*   puthttps\n\n*   headhttps\n\n*   dohttps\n\n*   sslcat\n\n*   httpscat\n\n*   makeform\n\n*   makeheaders\n\nCase 1 (in SYNOPSIS) demonstrates the typical invocation of gethttps() to fetch an HTML page\nfrom secure server. The first argument provides the hostname or IP in dotted decimal notation of\nthe remote server to contact. The second argument is the TCP port at the remote end (your own\nport is picked arbitrarily from high numbered ports as usual for TCP). The third argument is the\nURL of the page without the host name part. If in doubt consult the HTTP specifications at\n<http://www.w3c.org>.\n\nCase 2 (in SYNOPSIS) demonstrates full fledged use of \"gethttps()\". As can be seen,\n\"gethttps()\" parses the response and response headers and returns them as a list, which can be\ncaptured in a hash for later reference. Also a fourth argument to \"gethttps()\" is used to\ninsert some additional headers in the request. \"makeheaders()\" is a function that will convert\na list or hash to such headers. By default \"gethttps()\" supplies \"Host\" (to make virtual\nhosting easy) and \"Accept\" (reportedly needed by IIS) headers.\n\nCase 2b (in SYNOPSIS) demonstrates how to get a password protected page. Refer to the HTTP\nprotocol specifications for further details (e.g. RFC-2617).\n\nCase 3 (in SYNOPSIS) invokes \"posthttps()\" to submit a HTML/CGI form to a secure server. The\nfirst four arguments are equal to \"gethttps()\" (note that the empty string ('') is passed as\nheader argument). The fifth argument is the contents of the form formatted according to CGI\nspecification. Do not post UTF-8 data as content: use utf8::downgrade first. In this case the\nhelper function \"makehttps()\" is used to do the formatting, but you could pass any string.\n\"posthttps()\" automatically adds \"Content-Type\" and \"Content-Length\" headers to the request.\n\nCase 4 (in SYNOPSIS) shows the fundamental \"sslcat()\" function (inspired in spirit by the\n\"netcat\" utility :-). It's your swiss army knife that allows you to easily contact servers, send\nsome data, and then get the response. You are responsible for formatting the data and parsing\nthe response - \"sslcat()\" is just a transport.\n\nCase 5 (in SYNOPSIS) is a full invocation of \"sslcat()\" which allows the return of errors as\nwell as the server (peer) certificate.\n\nThe $trace global variable can be used to control the verbosity of the high level functions.\nLevel 0 guarantees silence, level 1 (the default) only emits error messages.\n\nAlternate versions of high-level API\n*   gethttps3\n\n*   posthttps3\n\n*   puthttps3\n\n*   gethttps4\n\n*   posthttps4\n\n*   puthttps4\n\nThe above mentioned functions actually return the response headers as a list, which only gets\nconverted to hash upon assignment (this assignment looses information if the same header occurs\ntwice, as may be the case with cookies). There are also other variants of the functions that\nreturn unprocessed headers and that return a reference to a hash.\n\n($page, $response, @headers) = gethttps('www.bacus.pt', 443, '/');\nfor ($i = 0; $i < $#headers; $i+=2) {\nprint \"$headers[$i] = \" . $headers[$i+1] . \"\\n\";\n}\n\n($page, $response, $headers, $servercert)\n= gethttps3('www.bacus.pt', 443, '/');\nprint \"$headers\\n\";\n\n($page, $response, $headersref)\n= gethttps4('www.bacus.pt', 443, '/');\nfor $k (sort keys %{$headersref}) {\nfor $v (@{$$headersref{$k}}) {\nprint \"$k = $v\\n\";\n}\n}\n\nAll of the above code fragments accomplish the same thing: display all values of all headers.\nThe API functions ending in \"3\" return the headers simply as a scalar string and it is up to the\napplication to split them up. The functions ending in \"4\" return a reference to a hash of arrays\n(see perlref and perllol if you are not familiar with complex perl data structures). To access a\nsingle value of such a header hash you would do something like\n\nprint $$headersref{COOKIE}[0];\n\nVariants 3 and 4 also allow you to discover the server certificate in case you would like to\nstore or display it, e.g.\n\n($p, $resp, $hdrs, $servercert) = gethttps3('www.bacus.pt', 443, '/');\nif (!defined($servercert) || ($servercert == 0)) {\nwarn \"Subject Name: undefined, Issuer  Name: undefined\";\n} else {\nwarn 'Subject Name: '\n. Net::SSLeay::X509NAMEoneline(\nNet::SSLeay::X509getsubjectname($servercert))\n. 'Issuer  Name: '\n. Net::SSLeay::X509NAMEoneline(\nNet::SSLeay::X509getissuername($servercert));\n}\n\nBeware that this method only allows after the fact verification of the certificate: by the time\n\"gethttps3()\" has returned the https request has already been sent to the server, whether you\ndecide to trust it or not. To do the verification correctly you must either employ the OpenSSL\ncertificate verification framework or use the lower level API to first connect and verify the\ncertificate and only then send the http data. See the implementation of \"dshttps3()\" for\nguidance on how to do this.\n\nUsing client certificates\nSecure web communications are encrypted using symmetric crypto keys exchanged using encryption\nbased on the certificate of the server. Therefore in all SSL connections the server must have a\ncertificate. This serves both to authenticate the server to the clients and to perform the key\nexchange.\n\nSometimes it is necessary to authenticate the client as well. Two options are available: HTTP\nbasic authentication and a client side certificate. The basic authentication over HTTPS is\nactually quite safe because HTTPS guarantees that the password will not travel in the clear.\nNever-the-less, problems like easily guessable passwords remain. The client certificate method\ninvolves authentication of the client at the SSL level using a certificate. For this to work,\nboth the client and the server have certificates (which typically are different) and private\nkeys.\n\nThe API functions outlined above accept additional arguments that allow one to supply the client\nside certificate and key files. The format of these files is the same as used for server\ncertificates and the caveat about encrypting private keys applies.\n\n($page, $result, %headers) =                                   # 2c\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",'')),\n'', $mimetype6, $pathtocrt7, $pathtokey8);\n\n($page, $response, %replyheaders)\n= posthttps('www.bacus.pt', 443, '/foo.cgi',           # 3b\nmakeheaders('Authorization' =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",'')),\nmakeform(OK   => '1', name => 'Sampo'),\n$mimetype6, $pathtocrt7, $pathtokey8);\n\nCase 2c (in SYNOPSIS) demonstrates getting a password protected page that also requires a client\ncertificate, i.e. it is possible to use both authentication methods simultaneously.\n\nCase 3b (in SYNOPSIS) is a full blown POST to a secure server that requires both password\nauthentication and a client certificate, just like in case 2c.\n\nNote: The client will not send a certificate unless the server requests one. This is typically\nachieved by setting the verify mode to \"VERIFYPEER\" on the server:\n\nNet::SSLeay::setverify(ssl, Net::SSLeay::VERIFYPEER, 0);\n\nSee \"perldoc ~openssl/doc/ssl/SSLCTXsetverify.pod\" for a full description.\n\nWorking through a web proxy\n*   setproxy\n\n\"Net::SSLeay\" can use a web proxy to make its connections. You need to first set the proxy host\nand port using \"setproxy()\" and then just use the normal API functions, e.g:\n\nNet::SSLeay::setproxy('gateway.myorg.com', 8080);\n($page) = gethttps('www.bacus.pt', 443, '/');\n\nIf your proxy requires authentication, you can supply a username and password as well\n\nNet::SSLeay::setproxy('gateway.myorg.com', 8080, 'joe', 'salainen');\n($page, $result, %headers) =\n= gethttps('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"susie:pass\",''))\n);\n\nThis example demonstrates the case where we authenticate to the proxy as \"joe\" and to the final\nweb server as \"susie\". Proxy authentication requires the \"MIME::Base64\" module to work.\n\nHTTP (without S) API\n*   gethttp\n\n*   posthttp\n\n*   tcpcat\n\n*   gethttpx\n\n*   posthttpx\n\n*   tcpxcat\n\nOver the years it has become clear that it would be convenient to use the light-weight flavour\nAPI of \"Net::SSLeay\" for normal HTTP as well (see \"LWP\" for the heavy-weight object-oriented\napproach). In fact it would be nice to be able to flip https on and off on the fly. Thus regular\nHTTP support was evolved.\n\nuse Net::SSLeay qw(gethttp posthttp tcpcat\ngethttpx posthttpx tcpxcat\nmakeheaders makeform);\n\n($page, $result, %headers)\n= gethttp('www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttp('www.bacus.pt', 443, '/foo.cgi', '',\nmakeform(OK   => '1',\nname => 'Sampo'\n));\n\n($reply, $err) = tcpcat($host, $port, $request);\n\n($page, $result, %headers)\n= gethttpx($usessl, 'www.bacus.pt', 443, '/protected.html',\nmakeheaders(Authorization =>\n'Basic ' . MIME::Base64::encode(\"$user:$pass\",''))\n);\n\n($page, $response, %replyheaders)\n= posthttpx($usessl, 'www.bacus.pt', 443, '/foo.cgi', '',\nmakeform(OK   => '1',  name => 'Sampo' ));\n\n($reply, $err, $servercert) = tcpxcat($usessl, $host, $port, $request);\n\nAs can be seen, the \"x\" family of APIs takes as the first argument a flag which indicates\nwhether SSL is used or not.\n\nCertificate verification and Certificate Revocation Lists (CRLs)\nOpenSSL supports the ability to verify peer certificates. It can also optionally check the peer\ncertificate against a Certificate Revocation List (CRL) from the certificates issuer. A CRL is a\nfile, created by the certificate issuer that lists all the certificates that it previously\nsigned, but which it now revokes. CRLs are in PEM format.\n\nYou can enable \"Net::SSLeay CRL\" checking like this:\n\n&Net::SSLeay::X509STOREsetflags\n(&Net::SSLeay::CTXgetcertstore($ssl),\n&Net::SSLeay::X509VFLAGCRLCHECK);\n\nAfter setting this flag, if OpenSSL checks a peer's certificate, then it will attempt to find a\nCRL for the issuer. It does this by looking for a specially named file in the search directory\nspecified by CTXloadverifylocations. CRL files are named with the hash of the issuer's\nsubject name, followed by \".r0\", \".r1\" etc. For example \"ab1331b2.r0\", \"ab1331b2.r1\". It will\nread all the .r files for the issuer, and then check for a revocation of the peer certificate in\nall of them. (You can also force it to look in a specific named CRL file., see below). You can\nfind out the hash of the issuer subject name in a CRL with\n\nopenssl crl -in crl.pem -hash -noout\n\nIf the peer certificate does not pass the revocation list, or if no CRL is found, then the\nhandshaking fails with an error.\n\nYou can also force OpenSSL to look for CRLs in one or more arbitrarily named files.\n\nmy $bio = Net::SSLeay::BIOnewfile($crlfilename, 'r');\nmy $crl = Net::SSLeay::PEMreadbioX509CRL($bio);\nif ($crl) {\nNet::SSLeay::X509STOREaddcrl(\nNet::SSLeay::CTXgetcertstore($ssl, $crl)\n);\n} else {\nerror reading CRL....\n}\n\nUsually the URLs where you can download the CRLs is contained in the certificate itself and you\ncan extract them with\n\nmy @url = Net::SSLeay::PX509getcrldistributionpoints($cert)\n\nBut there is no automatic downloading of the CRLs and often these CRLs are too huge to just\ndownload them to verify a single certificate. Also, these CRLs are often in DER format which you\nneed to convert to PEM before you can use it:\n\nopenssl crl -in crl.der -inform der -out crl.pem\n\nSo as an alternative for faster and timely revocation checks you better use the Online Status\nRevocation Protocol (OCSP).\n\nCertificate verification and Online Status Revocation Protocol (OCSP)\nWhile checking for revoked certificates is possible and fast with Certificate Revocation Lists,\nyou need to download the complete and often huge list before you can verify a single\ncertificate.\n\nA faster way is to ask the CA to check the revocation of just a single or a few certificates\nusing OCSP. Basically you generate for each certificate an OCSPCERTID based on the certificate\nitself and its issuer, put the ids togetether into an OCSPREQUEST and send the request to the\nURL given in the certificate.\n\nAs a result you get back an OCSPRESPONSE and need to check the status of the response, check\nthat it is valid (e.g. signed by the CA) and finally extract the information about each\nOCSPCERTID to find out if the certificate is still valid or got revoked.\n\nWith Net::SSLeay this can be done like this:\n\n# get id(s) for given certs, like from getpeercertificate\n# or getpeercertchain. This will croak if\n# - one tries to make an OCSPCERTID for a self-signed certificate\n# - the issuer of the certificate cannot be found in the SSL objects\n#   store, nor in the current certificate chain\nmy $cert = Net::SSLeay::getpeercertificate($ssl);\nmy $id = eval { Net::SSLeay::OCSPcert2ids($ssl,$cert) };\ndie \"failed to make OCSPCERTID: $@\" if $@;\n\n# create OCSPREQUEST from id(s)\n# Multiple can be put into the same request, if the same OCSP responder\n# is responsible for them.\nmy $req = Net::SSLeay::OCSPids2req($id);\n\n# determine URI of OCSP responder\nmy $uri = Net::SSLeay::PX509getocspuri($cert);\n\n# Send stringified OCSPREQUEST with POST to $uri.\n# We can ignore certificate verification for https, because the OCSP\n# response itself is signed.\nmy $ua = HTTP::Tiny->new(verifySSL => 0);\nmy $res = $ua->request( 'POST',$uri, {\nheaders => { 'Content-type' => 'application/ocsp-request' },\ncontent => Net::SSLeay::i2dOCSPREQUEST($req)\n});\nmy $content = $res && $res->{success} && $res->{content}\nor die \"query failed\";\n\n# Extract OCSPRESPONSE.\n# this will croak if the string is not an OCSPRESPONSE\nmy $resp = eval { Net::SSLeay::d2iOCSPRESPONSE($content) };\n\n# Check status of response.\nmy $status = Net::SSLeay::OCSPresponsestatus($resp);\nif ($status != Net::SSLeay::OCSPRESPONSESTATUSSUCCESSFUL())\ndie \"OCSP response failed: \".\nNet::SSLeay::OCSPresponsestatusstr($status);\n}\n\n# Verify signature of response and if nonce matches request.\n# This will croak if there is a nonce in the response, but it does not match\n# the request. It will return false if the signature could not be verified,\n# in which case details can be retrieved with Net::SSLeay::ERRgeterror.\n# It will not complain if the response does not contain a nonce, which is\n# usually the case with pre-signed responses.\nif ( ! eval { Net::SSLeay::OCSPresponseverify($ssl,$resp,$req) }) {\ndie \"OCSP response verification failed\";\n}\n\n# Extract information from OCSPRESPONSE for each of the ids.\n\n# If called in scalar context it will return the time (as timet), when the\n# next update is due (minimum of all successful responses inside $resp). It\n# will croak on the following problems:\n# - response is expired or not yet valid\n# - no response for given OCSPCERTID\n# - certificate status is not good (e.g. revoked or unknown)\nif ( my $nextupd = eval { Net::SSLeay::OCSPresponseresults($resp,$id) }) {\nwarn \"certificate is valid, next update in \".\n($nextupd-time()).\" seconds\\n\";\n} else {\ndie \"certificate is not valid: $@\";\n}\n\n# But in array context it will return detailed information about each given\n# OCSPCERTID instead croaking on errors:\n# if no @ids are given it will return information about all single responses\n# in the OCSPRESPONSE\nmy @results = Net::SSLeay::OCSPresponseresults($resp,@ids);\nfor my $r (@results) {\nprint Dumper($r);\n# @results are in the same order as the @ids and contain:\n# $r->[0] - OCSPCERTID\n# $r->[1] - undef if no error (certificate good) OR error message as string\n# $r->[2] - hash with details:\n#   thisUpdate - timet of this single response\n#   nextUpdate - timet when update is expected\n#   statusType - integer:\n#      VOCSPCERTSTATUSGOOD(0)\n#      VOCSPCERTSTATUSREVOKED(1)\n#      VOCSPCERTSTATUSUNKNOWN(2)\n#   revocationTime - timet (only if revoked)\n#   revocationReason - integer (only if revoked)\n#   revocationReasonstr - reason as string (only if revoked)\n}\n\nTo further speed up certificate revocation checking one can use a TLS extension to instruct the\nserver to staple the OCSP response:\n\n# set TLS extension before doing SSLconnect\nNet::SSLeay::settlsextstatustype($ssl,\nNet::SSLeay::TLSEXTSTATUSTYPEocsp());\n\n# setup callback to verify OCSP response\nmy $certvalid = undef;\nNet::SSLeay::CTXsettlsextstatuscb($context,sub {\nmy ($ssl,$resp) = @;\nif (!$resp) {\n# Lots of servers don't return an OCSP response.\n# In this case we must check the OCSP status outside the SSL\n# handshake.\nwarn \"server did not return stapled OCSP response\\n\";\nreturn 1;\n}\n# verify status\nmy $status = Net::SSLeay::OCSPresponsestatus($resp);\nif ($status != Net::SSLeay::OCSPRESPONSESTATUSSUCCESSFUL()) {\nwarn \"OCSP response failure: $status\\n\";\nreturn 1;\n}\n# verify signature - we have no OCSPREQUEST here to check nonce\nif (!eval { Net::SSLeay::OCSPresponseverify($ssl,$resp) }) {\nwarn \"OCSP response verify failed\\n\";\nreturn 1;\n}\n# check if the certificate is valid\n# we should check here against the peercertificate\nmy $cert = Net::SSLeay::getpeercertificate();\nmy $certid = eval { Net::SSLeay::OCSPcert2ids($ssl,$cert) } or do {\nwarn \"cannot get certid from cert: $@\";\n$certvalid = -1;\nreturn 1;\n};\n\nif ( $nextupd = eval {\nNet::SSLeay::OCSPresponseresults($resp,$certid) }) {\nwarn \"certificate not revoked\\n\";\n$certvalid = 1;\n} else {\nwarn \"certificate not valid: $@\";\n$certvalid = 0;\n}\n});\n\n# do SSL handshake here\n....\n# check if certificate revocation was checked already\nif ( ! defined $certvalid) {\n# check revocation outside of SSL handshake by asking OCSP responder\n...\n} elsif ( ! $certvalid ) {\ndie \"certificate not valid - closing SSL connection\";\n} elsif ( $certvalid<0 ) {\ndie \"cannot verify certificate revocation - self-signed ?\";\n} else {\n# everything fine\n...\n}\n"
                    },
                    {
                        "name": "Using Net::SSLeay in multi-threaded applications",
                        "content": "IMPORTANT: versions 1.42 or earlier are not thread-safe!\n\nNet::SSLeay module implements all necessary stuff to be ready for multi-threaded environment -\nit requires openssl-0.9.7 or newer. The implementation fully follows thread safety related\nrequirements of openssl library(see <http://www.openssl.org/docs/crypto/threads.html>).\n\nIf you are about to use Net::SSLeay (or any other module based on Net::SSLeay) in multi-threaded\nperl application it is recommended to follow this best-practice:\n\nInitialization\nLoad and initialize Net::SSLeay module in the main thread:\n\nuse threads;\nuse Net::SSLeay;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub domasterjob {\n#... call whatever from Net::SSLeay\n}\n\nsub doworkerjob {\n#... call whatever from Net::SSLeay\n}\n\n#start threads\nmy $master  = threads->new(\\&domasterjob, 'param1', 'param2');\nmy @workers = threads->new(\\&doworkerjob, 'arg1', 'arg2') for (1..10);\n\n#waiting for all threads to finish\n$->join() for (threads->list);\n\nNOTE: Openssl's \"int SSLlibraryinit(void)\" function (which is also aliased as\n\"SSLeayaddsslalgorithms\", \"OpenSSLaddsslalgorithms\" and \"addsslalgorithms\") is not\nre-entrant and multiple calls can cause a crash in threaded application. Net::SSLeay implements\nflags preventing repeated calls to this function, therefore even multiple initialization via\nNet::SSLeay::SSLeayaddsslalgorithms() should work without trouble.\n\nUsing callbacks\nDo not use callbacks across threads (the module blocks cross-thread callback operations and\nthrows a warning). Always do the callback setup, callback use and callback destruction within\nthe same thread.\n\nUsing openssl elements\nAll openssl elements (X509, SSLCTX, ...) can be directly passed between threads.\n\nuse threads;\nuse Net::SSLeay;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub dojob {\nmy $context = shift;\nNet::SSLeay::CTXsetdefaultpasswdcb($context, sub { \"secret\" });\n#...\n}\n\nmy $c = Net::SSLeay::CTXnew();\nthreads->create(\\&dojob, $c);\n\nOr:\n\nuse threads;\nuse Net::SSLeay;\n\nmy $context; #does not need to be 'shared'\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nsub dojob {\nNet::SSLeay::CTXsetdefaultpasswdcb($context, sub { \"secret\" });\n#...\n}\n\n$context = Net::SSLeay::CTXnew();\nthreads->create(\\&dojob);\n\nUsing other perl modules based on Net::SSLeay\nIt should be fine to use any other module based on Net::SSLeay (like IO::Socket::SSL) in\nmulti-threaded applications. It is generally recommended to do any global initialization of such\na module in the main thread before calling \"threads->new(..)\" or \"threads->create(..)\" but it\nmight differ module by module.\n\nTo be safe you can load and init Net::SSLeay explicitly in the main thread:\n\nuse Net::SSLeay;\nuse Other::SSLeay::Based::Module;\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nOr even safer:\n\nuse Net::SSLeay;\nuse Other::SSLeay::Based::Module;\n\nBEGIN {\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n}\n\nCombining Net::SSLeay with other modules linked with openssl\nBEWARE: This might be a big trouble! This is not guaranteed be thread-safe!\n\nThere are many other (XS) modules linked directly to openssl library (like Crypt::SSLeay).\n\nAs it is expected that also \"another\" module will call \"SSLeayaddsslalgorithms\" at some point\nwe have again a trouble with multiple openssl initialization by Net::SSLeay and \"another\"\nmodule.\n\nAs you can expect Net::SSLeay is not able to avoid multiple initialization of openssl library\ncalled by \"another\" module, thus you have to handle this on your own (in some cases it might not\nbe possible at all to avoid this).\n\nThreading with gethttps and friends\nThe convenience functions gethttps, posthttps etc all initialize the SSL library by calling\nNet::SSLeay::initialize which does the conventional library initialization:\n\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nNet::SSLeay::initialize initializes the SSL library at most once. You can override the\nNet::SSLeay::initialize function if you desire some other type of initialization behaviour by\ngethttps and friends. You can call Net::SSLeay::initialize from your own code if you desire\nthis conventional library initialization.\n"
                    },
                    {
                        "name": "Convenience routines",
                        "content": "To be used with Low level API\n\nNet::SSLeay::randomize($rnseedfile,$additionalseed);\nNet::SSLeay::setcertandkey($ctx, $certpath, $keypath);\n$cert = Net::SSLeay::dumppeercertificate($ssl);\nNet::SSLeay::sslwriteall($ssl, $message) or die \"ssl write failure\";\n$got = Net::SSLeay::sslreadall($ssl) or die \"ssl read failure\";\n\n$got = Net::SSLeay::sslreadCRLF($ssl [, $maxlength]);\n$got = Net::SSLeay::sslreaduntil($ssl [, $delimit [, $maxlength]]);\nNet::SSLeay::sslwriteCRLF($ssl, $message);\n\n*   randomize\n\nseeds the openssl PRNG with \"/dev/urandom\" (see the top of \"SSLeay.pm\" for how to change or\nconfigure this) and optionally with user provided data. It is very important to properly\nseed your random numbers, so do not forget to call this. The high level API functions\nautomatically call \"randomize()\" so it is not needed with them. See also caveats.\n\n*   setcertandkey\n\ntakes two file names as arguments and sets the certificate and private key to those. This\ncan be used to set either server certificates or client certificates.\n\n*   dumppeercertificate\n\nallows you to get a plaintext description of the certificate the peer (usually the server)\npresented to us.\n\n*   sslreadall\n\nsee sslwriteall (below)\n\n*   sslwriteall\n\n\"sslreadall()\" and \"sslwriteall()\" provide true blocking semantics for these operations\n(see limitation, below, for explanation). These are much preferred to the low level API\nequivalents (which implement BSD blocking semantics). The message argument to\n\"sslwriteall()\" can be a reference. This is helpful to avoid unnecessary copying when\nwriting something big, e.g:\n\n$data = 'A' x 1000000000;\nNet::SSLeay::sslwriteall($ssl, \\$data) or die \"ssl write failed\";\n\n*   sslreadCRLF\n\nuses \"sslreadall()\" to read in a line terminated with a carriage return followed by a\nlinefeed (CRLF). The CRLF is included in the returned scalar.\n\n*   sslreaduntil\n\nuses \"sslreadall()\" to read from the SSL input stream until it encounters a programmer\nspecified delimiter. If the delimiter is undefined, $/ is used. If $/ is undefined, \"\\n\" is\nused. One can optionally set a maximum length of bytes to read from the SSL input stream.\n\n*   sslwriteCRLF\n\nwrites $message and appends CRLF to the SSL output stream.\n"
                    },
                    {
                        "name": "Initialization",
                        "content": "In order to use the low level API you should start your programs with the following incantation:\n\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();    # Important!\nNet::SSLeay::ENGINEloadbuiltinengines();  # If you want built-in engines\nNet::SSLeay::ENGINEregisterallcomplete(); # If you want built-in engines\nNet::SSLeay::randomize();\n"
                    },
                    {
                        "name": "Error handling functions",
                        "content": "I can not emphasize the need to check for error enough. Use these functions even in the most\nsimple programs, they will reduce debugging time greatly. Do not ask questions on the mailing\nlist without having first sprinkled these in your code.\n\n*   dienow\n\n*   dieifsslerror\n\n\"dienow()\" and \"dieifsslerror()\" are used to conveniently print the SSLeay error stack\nwhen something goes wrong:\n\nNet::SSLeay::connect($ssl) or dienow(\"Failed SSL connect ($!)\");\n\n\nNet::SSLeay::write($ssl, \"foo\") or dieifsslerror(\"SSL write ($!)\");\n\n*   printerrs\n\nYou can also use \"Net::SSLeay::printerrs()\" to dump the error stack without exiting the\nprogram. As can be seen, your code becomes much more readable if you import the error\nreporting functions into your main name space.\n"
                    },
                    {
                        "name": "Sockets",
                        "content": "Perl uses file handles for all I/O. While SSLeay has a quite flexible BIO mechanism and perl has\nan evolved PerlIO mechanism, this module still sticks to using file descriptors. Thus to attach\nSSLeay to a socket you should use \"fileno()\" to extract the underlying file descriptor:\n\nNet::SSLeay::setfd($ssl, fileno(S));   # Must use fileno\n\nYou should also set $| to 1 to eliminate STDIO buffering so you do not get confused if you use\nperl I/O functions to manipulate your socket handle.\n\nIf you need to select(2) on the socket, go right ahead, but be warned that OpenSSL does some\ninternal buffering so SSLread does not always return data even if the socket selected for\nreading (just keep on selecting and trying to read). \"Net::SSLeay\" is no different from the C\nlanguage OpenSSL in this respect.\n"
                    },
                    {
                        "name": "Callbacks",
                        "content": "You can establish a per-context verify callback function something like this:\n\nsub verify {\nmy ($ok, $x509storectx) = @;\nprint \"Verifying certificate...\\n\";\n...\nreturn $ok;\n}\n\nIt is used like this:\n\nNet::SSLeay::setverify ($ssl, Net::SSLeay::VERIFYPEER, \\&verify);\n\nPer-context callbacks for decrypting private keys are implemented.\n\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, sub { \"top-secret\" });\nNet::SSLeay::CTXusePrivateKeyfile($ctx, \"key.pem\",\nNet::SSLeay::FILETYPEPEM)\nor die \"Error reading private key\";\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, undef);\n\nIf Hello Extensions are supported by your OpenSSL, a session secret callback can be set up to be\ncalled when a session secret is set by openssl.\n\nEstablish it like this:\n\nNet::SSLeay::setsessionsecretcb($ssl, \\&sessionsecretcb, $somedata);\n\nIt will be called like this:\n\nsub sessionsecretcb\n{\nmy ($secret, \\@cipherlist, \\$preferredcipher, $somedata) = @;\n}\n\nNo other callbacks are implemented. You do not need to use any callback for simple (i.e. normal)\ncases where the SSLeay built-in verify mechanism satisfies your needs.\n\nIt is required to reset these callbacks to undef immediately after use to prevent memory leaks,\nthread safety problems and crashes on exit that can occur if different threads set different\ncallbacks.\n\nIf you want to use callback stuff, see examples/callback.pl! It's the only one I am able to make\nwork reliably.\n"
                    },
                    {
                        "name": "Low level API",
                        "content": "In addition to the high level functions outlined above, this module contains straight-forward\naccess to CRYPTO and SSL parts of OpenSSL C API.\n\nSee the \"*.h\" headers from OpenSSL C distribution for a list of low level SSLeay functions to\ncall (check SSLeay.xs to see if some function has been implemented). The module strips the\ninitial \"SSL\" off of the SSLeay names. Generally you should use \"Net::SSLeay::\" in its place.\n\nNote that some functions are prefixed with \"P\" - these are very close to the original API\nhowever contain some kind of a wrapper making its interface more perl friendly.\n\nFor example:\n\nIn C:\n\n#include <ssl.h>\n\nerr = SSLsetverify (ssl, SSLVERIFYCLIENTONCE,\n&yourcallbackhere);\n\nIn Perl:\n\nuse Net::SSLeay;\n\n$err = Net::SSLeay::setverify ($ssl,\nNet::SSLeay::VERIFYCLIENTONCE,\n\\&yourcallbackhere);\n\nIf the function does not start with \"SSL\" you should use the full function name, e.g.:\n\n$err = Net::SSLeay::ERRgeterror;\n\nThe following new functions behave in perlish way:\n\n$got = Net::SSLeay::read($ssl);\n# Performs SSLread, but returns $got\n# resized according to data received.\n# Returns undef on failure.\n\nNet::SSLeay::write($ssl, $foo) || die;\n# Performs SSLwrite, but automatically\n# figures out the size of $foo\n\nLow level API: Version and library information related functions\n*   OpenSSLversionnum and SSLeay\n\nCOMPATIBILITY: SSLeay() is not available in Net-SSLeay-1.42 and before. SSLeay() was made an\nalias of OpenSSLversionnum() in OpenSSL 1.1.0 and LibreSSL 2.7.0.\n\nCOMPATIBILITY: OpenSSLversionnum() requires at least Net-SSLeay-1.82 with OpenSSL 1.1.0,\nor Net-SSLeay-1.88 with LibreSSL 2.7.0.\n\nBoth functions return OPENSSLVERSIONNUMBER constant (numeric) as defined by the underlying\nOpenSSL or LibreSSL library.\n\nmy $vernumber = Net::SSLeay::SSLeay();\nor\nmy $vernumber = Net::SSLeay::OpenSSLversionnum();\n# returns: OPENSSLVERSIONNUMBER constant\n\nOpenSSL version numbering is:\n\n# 0x00903100 => openssl-0.9.3\n# 0x00904100 => openssl-0.9.4\n# 0x00905100 => openssl-0.9.5\n# 0x0090600f => openssl-0.9.6\n# 0x0090601f => openssl-0.9.6a\n# ...\n# 0x009060df => openssl-0.9.6m\n# 0x0090700f => openssl-0.9.7\n# 0x0090701f => openssl-0.9.7a\n# ...\n# 0x009070df => openssl-0.9.7m\n# 0x0090800f => openssl-0.9.8\n# 0x0090801f => openssl-0.9.8a\n# ...\n# 0x0090821f => openssl-0.9.8zh\n# 0x1000000f => openssl-1.0.0\n# ...\n# 0x1000014f => openssl-1.0.0t\n# 0x1000100f => openssl-1.0.1\n# ...\n# 0x1000115f => openssl-1.0.1u\n# 0x1000200f => openssl-1.0.2\n# ...\n# 0x1000215f => openssl-1.0.2u\n# 0x1010000f => openssl-1.1.0\n# ...\n# 0x101000cf => openssl-1.1.0l\n# 0x1010100f => openssl-1.1.1\n# ...\n# 0x101010df => openssl-1.1.1m\n# 0x30000000 => openssl-3.0.0\n# 0x30000010 => openssl-3.0.1\n\nNote that OpenSSL 3.0.0 and later do not set the status nibble in the\nleast significant octet to f.\n\nLibreSSL returns 0x20000000 always:\n\n# 0x20000000 => libressl-2.2.1\n# ...\n# 0x20000000 => libressl-3.4.2\n\nYou can use the version number like this when you know that the underlying library is\nOpenSSL:\n\nif (Net::SSLeay::SSLeay() < 0x0090800f) {\ndie \"You need OpenSSL 0.9.8 or higher\";\n}\n\nLibresSSL 2.2.2 and later define constant LIBRESSLVERSIONNUMBER that gives the LibreSSL\nversion number. The format is the same that OpenSSL uses with OPENSSLVERSIONNUMBER. You\ncan do this if you need to check that the underlying library is LibreSSL and it's recent\nenough:\n\nif (Net::SSLeay::SSLeay() != 0x20000000 ||\nNet::SSLeay::LIBRESSLVERSIONNUMBER() < 0x3040200f) {\ndie \"You need LibreSSL. Version 3.4.2 or higher\";\n}\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversionnum.html>\n\nSee OpenSSL 1.1.1 and earlier documentation for the details of status nibble and the format\ninterpretation.\n\n*   SSLeayversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nReturns different strings depending on $type.\n\nmy $verstring = Net::SSLeay::SSLeayversion($type);\n# $type\n#   SSLEAYVERSION  - e.g. 'OpenSSL 1.0.0d 8 Feb 2011'\n#   SSLEAYCFLAGS   - e.g. 'compiler: gcc -DWINDLL -DOPENSSLUSEAPPLINK .....'\n#   SSLEAYBUILTON - e.g. 'built on: Fri May  6 00:00:46 GMT 2011'\n#   SSLEAYPLATFORM - e.g. 'platform: mingw'\n#   SSLEAYDIR      - e.g. 'OPENSSLDIR: \"z:/....\"'\n#\n# returns: string\n\nNet::SSLeay::SSLeayversion();\n#is equivalent to\nNet::SSLeay::SSLeayversion(SSLEAYVERSION);\n\nOpenSSL 1.1.0 changed SSLeayversion() to an alias of OpenSSLversion(). To ensure correct\nfunctionality with LibreSSL, use SSLEAY* constants with SSLeayversion() and OPENSSL*\nconstants with OpenSSLversion().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversion.html>\n\nOpenSSL website no longer has a manual page for SSLeayversion().\n\n*   OpenSSLversion\n\nCOMPATIBILITY: requires at least Net-SSLeay-1.82 with OpenSSL 1.1.0, or Net-SSLeay-1.88 with\nLibreSSL 2.7.0.\n\nReturns different strings depending on $t. Available $t constants depend on the library\nversion.\n\nmy $verstring = Net::SSLeay::OpenSSLversion($t);\n# $t\n#   OPENSSLVERSION     - e.g. 'OpenSSL 1.1.0g  2 Nov 2017'\n#   OPENSSLCFLAGS      - e.g. 'compiler: cc -DDSODLFCN -DHAVEDLFCNH .....'\n#   OPENSSLBUILTON    - e.g. 'built on: reproducible build, date unspecified'\n#   OPENSSLPLATFORM    - e.g. 'platform: darwin64-x8664-cc'\n#   OPENSSLDIR         - e.g. 'OPENSSLDIR: \"/opt/openssl-1.1.0g\"'\n#   OPENSSLENGINESDIR - e.g. 'ENGINESDIR: \"/opt/openssl-1.1.0g/lib/engines-1.1\"'\n#\n# returns: string\n\nNet::SSLeay::OpenSSLversion();\n#is equivalent to\nNet::SSLeay::OpenSSLversion(OPENSSLVERSION);\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OpenSSLversion.html>\n\n*   OPENSSLinfo\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1\n\nReturns different strings depending on $t. Available $t constants depend on the library\nversion.\n\nmy $infostring = Net::SSLeay::OPENSSLinfo($t);\n# $t\n#   OPENSSLINFOCONFIGDIR - e.g. '/opt/openssl-3.0.1'\n#   OPENSSLINFO...\n#\n# returns: string\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OPENSSLinfo.html>\n\n*   OPENSSLversionmajor, OPENSSLversionminor and OPENSSLversionpatch\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constants OPENSSLVERSIONMAJOR, OPENSSLVERSIONMINOR and OPENSSLVERSIONPATCH,\nrespectively.\n\nmy $major = Net::SSLeay::OPENSSLversionmajor();\nmy $minor = Net::SSLeay::OPENSSLversionminor();\nmy $patch = Net::SSLeay::OPENSSLversionpatch();\n#\n# return: integer\n\nFor example with OpenSSL 3.0.1, $major is 3, $minor is 0 and $patch is 1.\n\nNote: the constants record Net::SSLeay compile time values whereas the three functions\nreturn values from the library. Typically these are the same, but they can be different if\nthe library version is updated but Net::SSLeay is not re-compiled. See the OpenSSL and\nLibreSSL API/ABI compatibility statements for more information.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OPENSSLversionmajor.html>\n\n*   OPENSSLversionprerelease\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constant string defined by C macro OPENSSLVERSIONPRERELEASE.\n\nmy $prerelease = Net::SSLeay::OPENSSLversionprerelease();\n#\n# returns: string\n\nFor example: \"-alpha3\" or \"\" for a release version.\n\nWhen the macro is not defined, an empty string is returned instead.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OPENSSLversionprerelease.html>\n\n*   OPENSSLversionbuildmetadata()\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n3.0.0-alpha1, not in LibreSSL\n\nReturn constant string defined by C macro OPENSSLVERSIONBUILDMETADATA.\n\nmy $metadata = Net::SSLeay::OPENSSLversionbuildmetadata();\n#\n# returns: string\n\nFor example: \"+fips\" or \"\".\n\nWhen the macro is not defined, an empty string is returned instead.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OPENSSLversionbuildmetadata.html>\n\nLow level API: Initialization related functions\n*   libraryinit\n\nInitialize SSL library by registering algorithms.\n\nmy $rv = Net::SSLeay::libraryinit();\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLlibraryinit.html>\n\nWhile the original function from OpenSSL always returns 1, Net::SSLeay adds a wrapper around\nit to make sure that the OpenSSL function is only called once. Thus the function will return\n1 if initialization was done and 0 if not, i.e. if initialization was done already before.\n\n*   addsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::addsslalgorithms();\n\n*   OpenSSLaddsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::OpenSSLaddsslalgorithms();\n\n*   SSLeayaddsslalgorithms\n\nThe alias for \"libraryinit\"\n\nNet::SSLeay::SSLeayaddsslalgorithms();\n\n*   loaderrorstrings\n\nRegisters the error strings for all libcrypto + libssl related functions.\n\nNet::SSLeay::loaderrorstrings();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRloadcryptostrings.html>\n\n*   ERRloadcryptostrings\n\nRegisters the error strings for all libcrypto functions. No need to call this function if\nyou have already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadcryptostrings();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRloadcryptostrings.html>\n\n*   ERRloadRANDstrings\n\nRegisters the error strings for RAND related functions. No need to call this function if you\nhave already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadRANDstrings();\n#\n# returns: no return value\n\n*   ERRloadSSLstrings\n\nRegisters the error strings for SSL related functions. No need to call this function if you\nhave already called \"loaderrorstrings\".\n\nNet::SSLeay::ERRloadSSLstrings();\n#\n# returns: no return value\n\n*   OpenSSLaddallalgorithms\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdd algorithms to internal table.\n\nNet::SSLeay::OpenSSLaddallalgorithms();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OpenSSLaddallalgorithms.html>\n\n*   OPENSSLaddallalgorithmsconf\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSimilar to \"OpenSSLaddallalgorithms\" - will ALWAYS load the config file\n\nNet::SSLeay::OPENSSLaddallalgorithmsconf();\n#\n# returns: no return value\n\n*   OPENSSLaddallalgorithmsnoconf\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSimilar to \"OpenSSLaddallalgorithms\" - will NEVER load the config file\n\nNet::SSLeay::OPENSSLaddallalgorithmsnoconf();\n#\n# returns: no return value\n\nLow level API: ERR* and SSLalert* related functions\nNOTE: Please note that SSLalert* function have \"SSL\" part stripped from their names.\n\n*   ERRclearerror\n\nClear the error queue.\n\nNet::SSLeay::ERRclearerror();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRclearerror.html>\n\n*   ERRerrorstring\n\nGenerates a human-readable string representing the error code $error.\n\nmy $rv = Net::SSLeay::ERRerrorstring($error);\n# $error - (unsigned integer) error code\n#\n# returns: string\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRerrorstring.html>\n\n*   ERRgeterror\n\nReturns the earliest error code from the thread's error queue and removes the entry. This\nfunction can be called repeatedly until there are no more error codes to return.\n\nmy $rv = Net::SSLeay::ERRgeterror();\n#\n# returns: (unsigned integer) error code\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRgeterror.html>\n\n*   ERRpeekerror\n\nReturns the earliest error code from the thread's error queue without modifying it.\n\nmy $rv = Net::SSLeay::ERRpeekerror();\n#\n# returns: (unsigned integer) error code\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRgeterror.html>\n\n*   ERRputerror\n\nAdds an error code to the thread's error queue. It signals that the error of $reason code\nreason occurred in function $func of library $lib, in line number $line of $file.\n\nNet::SSLeay::ERRputerror($lib, $func, $reason, $file, $line);\n# $lib - (integer) library id (check openssl/err.h for constants e.g. ERRLIBSSL)\n# $func - (integer) function id (check openssl/ssl.h for constants e.g. SSLFSSL23READ)\n# $reason - (integer) reason id (check openssl/ssl.h for constants e.g. SSLRSSLHANDSHAKEFAILURE)\n# $file - (string) file name\n# $line - (integer) line number in $file\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/ERRputerror.html> and\n<http://www.openssl.org/docs/crypto/err.html>\n\n*   alertdescstring\n\nReturns a two letter string as a short form describing the reason of the alert specified by\nvalue.\n\nmy $rv = Net::SSLeay::alertdescstring($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: description string (2 letters)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alertdescstringlong\n\nReturns a string describing the reason of the alert specified by value.\n\nmy $rv = Net::SSLeay::alertdescstringlong($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: description string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alerttypestring\n\nReturns a one letter string indicating the type of the alert specified by value.\n\nmy $rv = Net::SSLeay::alerttypestring($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: string (1 letter)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\n*   alerttypestringlong\n\nReturns a string indicating the type of the alert specified by value.\n\nmy $rv = Net::SSLeay::alerttypestringlong($value);\n# $value - (integer) allert id (check openssl/ssl.h for SSL3AD* and TLS1AD* constants)\n#\n# returns: string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLalerttypestring.html>\n\nLow level API: SSLMETHOD* related functions\n*   SSLv23method, SSLv23servermethod and SSLv23clientmethod\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to general-purpose version-flexible TLS method,\nthe return value can be later used as a param of \"CTXnewwithmethod\".\n\nNOTE: Consider using TLSmethod, TLSservermethod or TLSclientmethod with new code.\n\nmy $rv = Net::SSLeay::SSLv2method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\n*   SSLv2method\n\nReturns SSLMETHOD structure corresponding to SSLv2 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::SSLv2method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\n*   SSLv3method\n\nReturns SSLMETHOD structure corresponding to SSLv3 method, the return value can be later\nused as a param of \"CTXnewwithmethod\".\n\nmy $rv = Net::SSLeay::SSLv3method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv1method, TLSv1servermethod and TLSv1clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv1 method, the return value can be later\nused as a param of \"CTXnewwithmethod\".\n\nmy $rv = Net::SSLeay::TLSv1method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv11method, TLSv11servermethod and TLSv11clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv11 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::TLSv11method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSv12method, TLSv12servermethod and TLSv12clientmethod\n\nCOMPATIBILITY: Server and client methods not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to TLSv12 method, the return value can be later\nused as a param of \"CTXnewwithmethod\". Only available where supported by the underlying\nopenssl.\n\nmy $rv = Net::SSLeay::TLSv12method();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   TLSmethod, TLSservermethod and TLSclientmethod\n\nCOMPATIBILITY: Not available in Net-SSLeay-1.82 and before.\n\nReturns SSLMETHOD structure corresponding to general-purpose version-flexible TLS method,\nthe return value can be later used as a param of \"CTXnewwithmethod\". Only available where\nsupported by the underlying openssl.\n\nmy $rv = Net::SSLeay::TLSmethod();\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\nLow level API: ENGINE* related functions\n*   ENGINEloadbuiltinengines\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nLoad all bundled ENGINEs into memory and make them visible.\n\nNet::SSLeay::ENGINEloadbuiltinengines();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEregisterallcomplete\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nRegister all loaded ENGINEs for every algorithm they collectively implement.\n\nNet::SSLeay::ENGINEregisterallcomplete();\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEsetdefault\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nSet default engine to $e + set its flags to $flags.\n\nmy $rv = Net::SSLeay::ENGINEsetdefault($e, $flags);\n# $e - value corresponding to openssl's ENGINE structure\n# $flags - (integer) engine flags\n#          flags value can be made by bitwise \"OR\"ing:\n#          0x0001 - ENGINEMETHODRSA\n#          0x0002 - ENGINEMETHODDSA\n#          0x0004 - ENGINEMETHODDH\n#          0x0008 - ENGINEMETHODRAND\n#          0x0010 - ENGINEMETHODECDH\n#          0x0020 - ENGINEMETHODECDSA\n#          0x0040 - ENGINEMETHODCIPHERS\n#          0x0080 - ENGINEMETHODDIGESTS\n#          0x0100 - ENGINEMETHODSTORE\n#          0x0200 - ENGINEMETHODPKEYMETHS\n#          0x0400 - ENGINEMETHODPKEYASN1METHS\n#          Obvious all-or-nothing cases:\n#          0xFFFF - ENGINEMETHODALL\n#          0x0000 - ENGINEMETHODNONE\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\n*   ENGINEbyid\n\nGet ENGINE by its identification $id.\n\nCOMPATIBILITY: Requires an OpenSSL build with dynamic engine loading support.\n\nmy $rv = Net::SSLeay::ENGINEbyid($id);\n# $id - (string) engine identification e.g. \"dynamic\"\n#\n# returns: value corresponding to openssl's ENGINE structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/engine.html>\n\nLow level API: EVPPKEY* related functions\n*   EVPPKEYcopyparameters\n\nCopies the parameters from key $from to key $to.\n\nmy $rv = Net::SSLeay::EVPPKEYcopyparameters($to, $from);\n# $to - value corresponding to openssl's EVPPKEY structure\n# $from - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYcmp.html>\n\n*   EVPPKEYnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new EVPPKEY structure.\n\nmy $rv = Net::SSLeay::EVPPKEYnew();\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYnew.html>\n\n*   EVPPKEYfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated EVPPKEY structure.\n\nNet::SSLeay::EVPPKEYfree($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYnew.html>\n\n*   EVPPKEYassignRSA\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSet the key referenced by $pkey to $key\n\nNOTE: No reference counter will be increased, i.e. $key will be freed if $pkey is freed.\n\nmy $rv = Net::SSLeay::EVPPKEYassignRSA($pkey, $key);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $key - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYassignRSA.html>\n\n*   EVPPKEYassignECKEY\n\nCOMPATIBILITY: not available in Net-SSLeay-1.74 and before\n\nSet the key referenced by $pkey to $key\n\nNOTE: No reference counter will be increased, i.e. $key will be freed if $pkey is freed.\n\nmy $rv = Net::SSLeay::EVPPKEYassignECKEY($pkey, $key);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $key - value corresponding to openssl's ECKEY structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPPKEYassignECKEY.html>\n\n*   EVPPKEYbits\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the size of the key $pkey in bits.\n\nmy $rv = Net::SSLeay::EVPPKEYbits($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: size in bits\n\n*   EVPPKEYsize\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the maximum size of a signature in bytes. The actual signature may be smaller.\n\nmy $rv = Net::SSLeay::EVPPKEYsize($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: the maximum size in bytes\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPSignInit.html>\n\n*   EVPPKEYid\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.0\n\nReturns $pkey type (integer value of corresponding NID).\n\nmy $rv = Net::SSLeay::EVPPKEYid($pkey);\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: (integer) key type\n\nExample:\n\nmy $pubkey = Net::SSLeay::X509getpubkey($x509);\nmy $type = Net::SSLeay::EVPPKEYid($pubkey);\nprint Net::SSLeay::OBJnid2sn($type);             #prints e.g. 'rsaEncryption'\n\nLow level API: PEM* related functions\nCheck openssl doc <http://www.openssl.org/docs/crypto/pem.html>\n\n*   PEMreadbioX509\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted X509 certificate via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioX509($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $x509 = Net::SSLeay::PEMreadbioX509($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMreadbioX509REQ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted X509REQ object via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioX509REQ($bio, $x=NULL, $cb=NULL, $u=NULL);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $x509req = Net::SSLeay::PEMreadbioX509REQ($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMreadbioDHparams\n\nReads DH structure from BIO.\n\nmy $rv = Net::SSLeay::PEMreadbioDHparams($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's DH structure (0 on failure)\n\n*   PEMreadbioX509CRL\n\nReads X509CRL structure from BIO.\n\nmy $rv = Net::SSLeay::PEMreadbioX509CRL($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\n*   PEMreadbioPrivateKey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads PEM formatted private key via given BIO structure.\n\nmy $rv = Net::SSLeay::PEMreadbioPrivateKey($bio, $cb, $data);\n# $bio - value corresponding to openssl's BIO structure\n# $cb - reference to perl callback function\n# $data - data that will be passed to callback function (see examples below)\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $privkey = Net::SSLeay::PEMreadbioPrivateKey($bio); #ask for password if needed\nNet::SSLeay::BIOfree($bio);\n\nTo use password you have the following options:\n\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, \\&callbackfunc); # use callback func for getting password\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, \\&callbackfunc, $data); # use callbackfunc + pass $data to callbackfunc\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, undef, \"secret\"); # use password \"secret\"\n$privkey = Net::SSLeay::PEMreadbioPrivateKey($bio, undef, \"\");       # use empty password\n\nCallback function signature:\n\nsub callbackfunc {\nmy ($maxpasswdsize, $rwflag, $data) = @;\n# $maxpasswdsize - maximum size of returned password (longer values will be discarded)\n# $rwflag - indicates whether we are loading (0) or storing (1) - for PEMreadbioPrivateKey always 0\n# $data - the data passed to PEMreadbioPrivateKey as 3rd parameter\n\nreturn \"secret\";\n}\n\n*   PEMX509INFOreadbio\n\nReads a BIO containing a PEM formatted file into a STACKOF(X509INFO) structure.\n\nmy $rv = Net::SSLeay::PEMX509INFOreadbio($bio);\n# $bio - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's STACKOF(X509INFO) structure.\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'r');\nmy $skx509info = Net::SSLeay::PEMX509INFOreadbio($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   PEMgetstringX509\n\nNOTE: Does not exactly correspond to any low level API function\n\nConverts/exports X509 certificate to string (PEM format).\n\nNet::SSLeay::PEMgetstringX509($x509);\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: string with $x509 in PEM format\n\n*   PEMgetstringPrivateKey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts public key $pk into PEM formatted string (optionally protected with password).\n\nmy $rv = Net::SSLeay::PEMgetstringPrivateKey($pk, $passwd, $encalg);\n# $pk - value corresponding to openssl's EVPPKEY structure\n# $passwd - [optional] (string) password to use for key encryption\n# $encalg - [optional] algorithm to use for key encryption (default: DESCBC) - value corresponding to openssl's EVPCIPHER structure\n#\n# returns: PEM formatted string\n\nExamples:\n\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk);\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk, \"secret\");\n$pemprivkey = Net::SSLeay::PEMgetstringPrivateKey($pk, \"secret\", Net::SSLeay::EVPgetcipherbyname(\"DES-EDE3-CBC\"));\n\n*   PEMgetstringX509CRL\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts X509CRL object $x509crl into PEM formatted string.\n\nNet::SSLeay::PEMgetstringX509CRL($x509crl);\n# $x509crl - value corresponding to openssl's X509CRL structure\n#\n# returns: no return value\n\n*   PEMgetstringX509REQ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nConverts X509REQ object $x509crl into PEM formatted string.\n\nNet::SSLeay::PEMgetstringX509REQ($x509req);\n# $x509req - value corresponding to openssl's X509REQ structure\n#\n# returns: no return value\n\nLow level API: d2i* (DER format) related functions\n*   d2iX509bio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509 certificate via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509bio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509 = Net::SSLeay::d2iX509bio($bio);\nNet::SSLeay::BIOfree($bio);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/d2iX509.html>\n\n*   d2iX509CRLbio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509CRL object via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509CRLbio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509crl = Net::SSLeay::d2iX509CRLbio($bio);\nNet::SSLeay::BIOfree($bio);\n\n*   d2iX509REQbio\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads DER formatted X509REQ object via given BIO structure.\n\nmy $rv = Net::SSLeay::d2iX509REQbio($bp);\n# $bp - value corresponding to openssl's BIO structure\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\nExample:\n\nmy $bio = Net::SSLeay::BIOnewfile($filename, 'rb');\nmy $x509req = Net::SSLeay::d2iX509REQbio($bio);\nNet::SSLeay::BIOfree($bio);\n\nLow level API: PKCS12 related functions\n*   PPKCS12loadfile\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nLoads X509 certificate + private key + certificates of CA chain (if present in PKCS12 file).\n\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, $loadchain, $password);\n# $filename - name of PKCS12 file\n# $loadchain - [optional] whether load (1) or not(0) CA chain (default: 0)\n# $password - [optional] password for private key\n#\n# returns: triplet ($privkey, $cert, @cachain)\n#          $privkey - value corresponding to openssl's EVPPKEY structure\n#          $cert - value corresponding to openssl's X509 structure\n#          @cachain - array of values corresponding to openssl's X509 structure (empty if no CA chain in PKCS12)\n\nIMPORTANT NOTE: after you do the job you need to call X509free() on $privkey + all members\nof @cachain and EVPPKEYfree() on $privkey.\n\nExamples:\n\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename);\n#or\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename, 0, $password);\n#or\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, 1);\n#or\nmy ($privkey, $cert, @cachain) = Net::SSLeay::PPKCS12loadfile($filename, 1, $password);\n\n#BEWARE: THIS IS WRONG - MEMORY LEAKS! (you cannot free @cachain items)\nmy ($privkey, $cert) = Net::SSLeay::PPKCS12loadfile($filename, 1, $password);\n\nNOTE With some combinations of Windows, perl, compiler and compiler options, you may see a\nruntime error \"no OPENSSLApplink\", when calling Net::SSLeay::PPKCS12loadfile. See\nREADME.Win32 for more details.\n\nLow level API: SESSION* related functions\n*   d2iSSLSESSION\n\nCOMPATIBILITY: does not work in Net-SSLeay-1.85 and before\n\nTransforms the binary ASN1 representation string of an SSL/TLS session into an SSLSESSION\nobject.\n\nmy $ses = Net::SSLeay::d2iSSLSESSION($data);\n# $data - the session as ASN1 representation string\n#\n# returns: $ses - the new SSLSESSION\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/i2dSSLSESSION.html>\n\n*   i2dSSLSESSION\n\nCOMPATIBILITY: does not work in Net-SSLeay-1.85 and before\n\nTransforms the SSLSESSION object in into the ASN1 representation and returns it as string.\n\nmy $data = Net::SSLeay::i2dSSLSESSION($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: $data - session as string\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/d2iSSLSESSION.html>\n\n*   SESSIONnew\n\nCreates a new SSLSESSION structure.\n\nmy $rv = Net::SSLeay::SESSIONnew();\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\n*   SESSIONfree\n\nFree an allocated SSLSESSION structure.\n\nNet::SSLeay::SESSIONfree($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONfree.html>\n\n*   SESSIONupref\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL\n1.1.0-pre4 or LibreSSL 2.7.0\n\nIncreases the reference counter on a SSLSESSION structure.\n\nNet::SSLeay::SESSIONupref($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success else 0\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLSESSIONupref.html>\n\n*   SESSIONdup\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nDuplicates a SSLSESSION structure.\n\nNet::SSLeay::SESSIONdup($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: the duplicated session\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLSESSIONdup.html>\n\n*   SESSIONisresumable\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nDetermine whether an SSLSESSION object can be used for resumption.\n\nNet::SSLeay::SESSIONisresumable($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: (integer) 1 if it can or 0 if not\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLSESSIONisresumable.html>\n\n*   SESSIONcmp\n\nCompare two SSLSESSION structures.\n\nmy $rv = Net::SSLeay::SESSIONcmp($sesa, $sesb);\n# $sesa - value corresponding to openssl's SSLSESSION structure\n# $sesb - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 0 if the two structures are the same\n\nNOTE: Not available in openssl 1.0 or later\n\n*   SESSIONgetappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::SESSIONgetappdata($ses);\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: string/buffer/pointer ???\n\n*   SESSIONsetappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::SESSIONsetappdata($s, $a);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $a - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   SESSIONgetexdata\n\nIs used to retrieve the information for $idx from session $ses.\n\nmy $rv = Net::SSLeay::SESSIONgetexdata($ses, $idx);\n# $ses - value corresponding to openssl's SSLSESSION structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONsetexdata\n\nIs used to store application data at arg for idx into the session object.\n\nmy $rv = Net::SSLeay::SESSIONsetexdata($ss, $idx, $data);\n# $ss - value corresponding to openssl's SSLSESSION structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONgetexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::SESSIONgetexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgetexnewindex.html>\n\n*   SESSIONgetmasterkey\n\nNOTE: Does not exactly correspond to any low level API function\n\nReturns 'masterkey' value from SSLSESSION structure $s\n\nNet::SSLeay::SESSIONgetmasterkey($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: master key (binary data)\n\n*   SESSIONsetmasterkey\n\nSets 'masterkey' value for SSLSESSION structure $s\n\nNet::SSLeay::SESSIONsetmasterkey($s, $key);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $key - master key (binary data)\n#\n# returns: no return value\n\nNot available with OpenSSL 1.1 and later. Code that previously used SESSIONsetmasterkey\nmust now set $secret in the sessionsecret callback set with SSLsetsessionsecretcb.\n\n*   SESSIONgettime\n\nReturns the time at which the session s was established. The time is given in seconds since\n1.1.1970.\n\nmy $rv = Net::SSLeay::SESSIONgettime($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: timestamp (seconds since 1.1.1970)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   gettime\n\nTechnically the same functionality as \"SESSIONgettime\".\n\nmy $rv = Net::SSLeay::gettime($s);\n\n*   SESSIONgettimeout\n\nReturns the timeout value set for session $s in seconds.\n\nmy $rv = Net::SSLeay::SESSIONgettimeout($s);\n# $s - value corresponding to openssl's SSLSESSION structure\n#\n# returns: timeout (in seconds)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   gettimeout\n\nTechnically the same functionality as \"SESSIONgettimeout\".\n\nmy $rv = Net::SSLeay::gettimeout($s);\n\n*   SESSIONprint\n\nNOTE: Does not exactly correspond to any low level API function\n\nPrints session details (e.g. protocol version, cipher, session-id ...) to BIO.\n\nmy $rv = Net::SSLeay::SESSIONprint($fp, $ses);\n# $fp - value corresponding to openssl's BIO structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nYou have to use necessary BIO functions like this:\n\n# let us have $ssl corresponding to openssl's SSL structure\nmy $ses = Net::SSLeay::getsession($ssl);\nmy $bio = Net::SSLeay::BIOnew(&Net::SSLeay::BIOsmem);\nNet::SSLeay::SESSIONprint($bio, $ses);\nprint Net::SSLeay::BIOread($bio);\n\n*   SESSIONprintfp\n\nPrints session details (e.g. protocol version, cipher, session-id ...) to file handle.\n\nmy $rv = Net::SSLeay::SESSIONprintfp($fp, $ses);\n# $fp - perl file handle\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nExample:\n\n# let us have $ssl corresponding to openssl's SSL structure\nmy $ses = Net::SSLeay::getsession($ssl);\nopen my $fh, \">\", \"output.txt\";\nNet::SSLeay::SESSIONprintfp($fh,$ses);\n\n*   SESSIONsettime\n\nReplaces the creation time of the session s with the chosen value $t (seconds since\n1.1.1970).\n\nmy $rv = Net::SSLeay::SESSIONsettime($ses, $t);\n# $ses - value corresponding to openssl's SSLSESSION structure\n# $t - time value\n#\n# returns: 1 on success\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   settime\n\nTechnically the same functionality as \"SESSIONsettime\".\n\nmy $rv = Net::SSLeay::settime($ses, $t);\n\n*   SESSIONsettimeout\n\nSets the timeout value for session s in seconds to $t.\n\nmy $rv = Net::SSLeay::SESSIONsettimeout($s, $t);\n# $s - value corresponding to openssl's SSLSESSION structure\n# $t - timeout (in seconds)\n#\n# returns: 1 on success\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLSESSIONgettime.html>\n\n*   settimeout\n\nTechnically the same functionality as \"SESSIONsettimeout\".\n\nmy $rv = Net::SSLeay::settimeout($ses, $t);\n\nLow level API: SSLCTX* related functions\nNOTE: Please note that the function described in this chapter have \"SSL\" part stripped from\ntheir original openssl names.\n\n*   CTXaddclientCA\n\nAdds the CA name extracted from $cacert to the list of CAs sent to the client when\nrequesting a client certificate for $ctx.\n\nmy $rv = Net::SSLeay::CTXaddclientCA($ctx, $cacert);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cacert - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   CTXaddextrachaincert\n\nAdds the certificate $x509 to the certificate chain presented together with the certificate.\nSeveral certificates can be added one after the other.\n\nmy $rv = Net::SSLeay::CTXaddextrachaincert($ctx, $x509);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, check out the error stack to find out the reason for failure otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddextrachaincert.html>\n\n*   CTXaddsession\n\nAdds the session $ses to the context $ctx.\n\nmy $rv = Net::SSLeay::CTXaddsession($ctx, $ses);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddsession.html>\n\n*   CTXcallbackctrl\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::CTXcallbackctrl($ctx, $cmd, $fp);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cmd - (integer) command id\n# $fp - (function pointer) ???\n#\n# returns: ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   CTXcheckprivatekey\n\nChecks the consistency of a private key with the corresponding certificate loaded into $ctx.\n\nmy $rv = Net::SSLeay::CTXcheckprivatekey($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXctrl\n\nInternal handling function for SSLCTX objects.\n\nBEWARE: openssl doc says: This function should never be called directly!\n\nmy $rv = Net::SSLeay::CTXctrl($ctx, $cmd, $larg, $parg);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $cmd - (integer) command id\n# $larg - (integer) long ???\n# $parg - (string/pointer) ???\n#\n# returns: (long) result of given command ???\n\n#valid $cmd values\n1 - SSLCTRLNEEDTMPRSA\n2 - SSLCTRLSETTMPRSA\n3 - SSLCTRLSETTMPDH\n4 - SSLCTRLSETTMPECDH\n5 - SSLCTRLSETTMPRSACB\n6 - SSLCTRLSETTMPDHCB\n7 - SSLCTRLSETTMPECDHCB\n8 - SSLCTRLGETSESSIONREUSED\n9 - SSLCTRLGETCLIENTCERTREQUEST\n10 - SSLCTRLGETNUMRENEGOTIATIONS\n11 - SSLCTRLCLEARNUMRENEGOTIATIONS\n12 - SSLCTRLGETTOTALRENEGOTIATIONS\n13 - SSLCTRLGETFLAGS\n14 - SSLCTRLEXTRACHAINCERT\n15 - SSLCTRLSETMSGCALLBACK\n16 - SSLCTRLSETMSGCALLBACKARG\n17 - SSLCTRLSETMTU\n20 - SSLCTRLSESSNUMBER\n21 - SSLCTRLSESSCONNECT\n22 - SSLCTRLSESSCONNECTGOOD\n23 - SSLCTRLSESSCONNECTRENEGOTIATE\n24 - SSLCTRLSESSACCEPT\n25 - SSLCTRLSESSACCEPTGOOD\n26 - SSLCTRLSESSACCEPTRENEGOTIATE\n27 - SSLCTRLSESSHIT\n28 - SSLCTRLSESSCBHIT\n29 - SSLCTRLSESSMISSES\n30 - SSLCTRLSESSTIMEOUTS\n31 - SSLCTRLSESSCACHEFULL\n32 - SSLCTRLOPTIONS\n33 - SSLCTRLMODE\n40 - SSLCTRLGETREADAHEAD\n41 - SSLCTRLSETREADAHEAD\n42 - SSLCTRLSETSESSCACHESIZE\n43 - SSLCTRLGETSESSCACHESIZE\n44 - SSLCTRLSETSESSCACHEMODE\n45 - SSLCTRLGETSESSCACHEMODE\n50 - SSLCTRLGETMAXCERTLIST\n51 - SSLCTRLSETMAXCERTLIST\n52 - SSLCTRLSETMAXSENDFRAGMENT\n53 - SSLCTRLSETTLSEXTSERVERNAMECB\n54 - SSLCTRLSETTLSEXTSERVERNAMEARG\n55 - SSLCTRLSETTLSEXTHOSTNAME\n56 - SSLCTRLSETTLSEXTDEBUGCB\n57 - SSLCTRLSETTLSEXTDEBUGARG\n58 - SSLCTRLGETTLSEXTTICKETKEYS\n59 - SSLCTRLSETTLSEXTTICKETKEYS\n60 - SSLCTRLSETTLSEXTOPAQUEPRFINPUT\n61 - SSLCTRLSETTLSEXTOPAQUEPRFINPUTCB\n62 - SSLCTRLSETTLSEXTOPAQUEPRFINPUTCBARG\n63 - SSLCTRLSETTLSEXTSTATUSREQCB\n64 - SSLCTRLSETTLSEXTSTATUSREQCBARG\n65 - SSLCTRLSETTLSEXTSTATUSREQTYPE\n66 - SSLCTRLGETTLSEXTSTATUSREQEXTS\n67 - SSLCTRLSETTLSEXTSTATUSREQEXTS\n68 - SSLCTRLGETTLSEXTSTATUSREQIDS\n69 - SSLCTRLSETTLSEXTSTATUSREQIDS\n70 - SSLCTRLGETTLSEXTSTATUSREQOCSPRESP\n71 - SSLCTRLSETTLSEXTSTATUSREQOCSPRESP\n72 - SSLCTRLSETTLSEXTTICKETKEYCB\n73 - DTLSCTRLGETTIMEOUT\n74 - DTLSCTRLHANDLETIMEOUT\n75 - DTLSCTRLLISTEN\n76 - SSLCTRLGETRISUPPORT\n77 - SSLCTRLCLEAROPTIONS\n78 - SSLCTRLCLEARMODE\n\n82 - SSLCTRLGETEXTRACHAINCERTS\n83 - SSLCTRLCLEAREXTRACHAINCERTS\n\n88 - SSLCTRLCHAIN\n89 - SSLCTRLCHAINCERT\n\n90 - SSLCTRLGETCURVES\n91 - SSLCTRLSETCURVES\n92 - SSLCTRLSETCURVESLIST\n93 - SSLCTRLGETSHAREDCURVE\n94 - SSLCTRLSETECDHAUTO\n97 - SSLCTRLSETSIGALGS\n98 - SSLCTRLSETSIGALGSLIST\n99 - SSLCTRLCERTFLAGS\n100 - SSLCTRLCLEARCERTFLAGS\n101 - SSLCTRLSETCLIENTSIGALGS\n102 - SSLCTRLSETCLIENTSIGALGSLIST\n103 - SSLCTRLGETCLIENTCERTTYPES\n104 - SSLCTRLSETCLIENTCERTTYPES\n105 - SSLCTRLBUILDCERTCHAIN\n106 - SSLCTRLSETVERIFYCERTSTORE\n107 - SSLCTRLSETCHAINCERTSTORE\n108 - SSLCTRLGETPEERSIGNATURENID\n109 - SSLCTRLGETSERVERTMPKEY\n110 - SSLCTRLGETRAWCIPHERLIST\n111 - SSLCTRLGETECPOINTFORMATS\n112 - SSLCTRLGETTLSARECORD\n113 - SSLCTRLSETTLSARECORD\n114 - SSLCTRLPULLTLSARECORD\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   CTXflushsessions\n\nCauses a run through the session cache of $ctx to remove sessions expired at time $tm.\n\nNet::SSLeay::CTXflushsessions($ctx, $tm);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $tm - specifies the time which should be used for the expiration test (seconds since 1.1.1970)\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXflushsessions.html>\n\n*   CTXfree\n\nFree an allocated SSLCTX object.\n\nNet::SSLeay::CTXfree($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXfree.html>\n\n*   CTXgetappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::CTXgetappdata($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: string/buffer/pointer ???\n\n*   CTXsetappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::CTXsetappdata($ctx, $arg);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arg - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   CTXget0param\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nReturns the current verification parameters.\n\nmy $vpm = Net::SSLeay::CTXget0param($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   CTXgetcertstore\n\nReturns the current certificate verification storage.\n\nmy $rv = Net::SSLeay::CTXgetcertstore($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509STORE structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertstore.html>\n\n*   CTXgetclientCAlist\n\nReturns the list of client CAs explicitly set for $ctx using \"CTXsetclientCAlist\".\n\nmy $rv = Net::SSLeay::CTXgetclientCAlist($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's X509NAMESTACK structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetclientCAlist.html>\n\n*   CTXgetexdata\n\nIs used to retrieve the information for index $idx from $ctx.\n\nmy $rv = Net::SSLeay::CTXgetexdata($ssl, $idx);\n# $ssl - value corresponding to openssl's SSLCTX structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXgetexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::CTXgetexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXgetmode\n\nReturns the mode set for ctx.\n\nmy $rv = Net::SSLeay::CTXgetmode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\n#to decode the return value (bitmask) use:\n0x00000001 corresponds to SSLMODEENABLEPARTIALWRITE\n0x00000002 corresponds to SSLMODEACCEPTMOVINGWRITEBUFFER\n0x00000004 corresponds to SSLMODEAUTORETRY\n0x00000008 corresponds to SSLMODENOAUTOCHAIN\n0x00000010 corresponds to SSLMODERELEASEBUFFERS\n(note: some of the bits might not be supported by older openssl versions)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   CTXsetmode\n\nAdds the mode set via bitmask in $mode to $ctx. Options already set before are not cleared.\n\nmy $rv = Net::SSLeay::CTXsetmode($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode bitmask\n#\n# returns: the new mode bitmask after adding $mode\n\nFor bitmask details see \"CTXgetmode\" (above).\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   CTXgetoptions\n\nReturns the options (bitmask) set for $ctx.\n\nmy $rv = Net::SSLeay::CTXgetoptions($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: options (bitmask)\n\nBEWARE: The available constants and their values in bitmask depend on the TLS library. For\nexample, SSLOPNOTLSv13 became available much later than SSLOPNOCOMPRESS which is\nalready deprecated by some libraries. Also, some previously used option values have been\nrecycled and are now used for newer options. See the list of constants in this document for\noptions Net::SSLeay currently supports.\n\nYou are strongly encouraged to check your TLS library if you need to use numeric values\ndirectly. The following is a sample of historic values. It may not be correct anymore.\n\n#to decode the return value (bitmask) use:\n0x00000004 corresponds to SSLOPLEGACYSERVERCONNECT\n0x00000800 corresponds to SSLOPDONTINSERTEMPTYFRAGMENTS\n0x00004000 corresponds to SSLOPNOTICKET\n0x00010000 corresponds to SSLOPNOSESSIONRESUMPTIONONRENEGOTIATION\n0x00400000 corresponds to SSLOPCIPHERSERVERPREFERENCE\n0x04000000 corresponds to SSLOPNOTLSv1\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetoptions.html>\n\n*   CTXsetoptions\n\nAdds the options set via bitmask in $options to ctx. Options already set before are not\ncleared.\n\nNet::SSLeay::CTXsetoptions($ctx, $options);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $options - options bitmask\n#\n# returns: the new options bitmask after adding $options\n\nFor bitmask details see \"CTXgetoptions\" (above).\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetoptions.html>\n\n*   CTXgetquietshutdown\n\nReturns the 'quiet shutdown' setting of $ctx.\n\nmy $rv = Net::SSLeay::CTXgetquietshutdown($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) the current setting\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   CTXgetreadahead\n\nmy $rv = Net::SSLeay::CTXgetreadahead($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) readahead value\n\n*   CTXgetsessioncachemode\n\nReturns the currently used cache mode (bitmask).\n\nmy $rv = Net::SSLeay::CTXgetsessioncachemode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\nBEWARE: SESSCACHEOFF and other constants are not available in Net-SSLeay-1.82 and before.\nIf the constants are not available, the following values have historically been correct. You\nare strongly encouraged to check your TLS library for the current values.\n\n#to decode the return value (bitmask) use:\n0x0000 corresponds to SSLSESSCACHEOFF\n0x0001 corresponds to SSLSESSCACHECLIENT\n0x0002 corresponds to SSLSESSCACHESERVER\n0x0080 corresponds to SSLSESSCACHENOAUTOCLEAR\n0x0100 corresponds to SSLSESSCACHENOINTERNALLOOKUP\n0x0200 corresponds to SSLSESSCACHENOINTERNALSTORE\n(note: some of the bits might not be supported by older openssl versions)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessioncachemode.html>\n\n*   CTXsetsessioncachemode\n\nEnables/disables session caching by setting the operational mode for $ctx to $mode.\n\nmy $rv = Net::SSLeay::CTXsetsessioncachemode($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode (bitmask)\n#\n# returns: previously set cache mode\n\nFor bitmask details see \"CTXgetsessioncachemode\" (above).\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessioncachemode.html>\n\n*   CTXgettimeout\n\nReturns the currently set timeout value for $ctx.\n\nmy $rv = Net::SSLeay::CTXgettimeout($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: timeout in seconds\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettimeout.html>\n\n*   CTXgetverifydepth\n\nReturns the verification depth limit currently set in $ctx. If no limit has been explicitly\nset, -1 is returned and the default value will be used.\n\nmy $rv = Net::SSLeay::CTXgetverifydepth($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: depth limit currently set in $ctx, -1 if no limit has been explicitly set\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   CTXgetverifymode\n\nReturns the verification mode (bitmask) currently set in $ctx.\n\nmy $rv = Net::SSLeay::CTXgetverifymode($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: mode (bitmask)\n\nFor bitmask details see \"CTXsetverify\".\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetverifymode.html>\n\n*   CTXsetverify\n\nSets the verification flags for $ctx to be $mode and specifies the verifycallback function\nto be used.\n\nNet::SSLeay::CTXsetverify($ctx, $mode, $callback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - mode (bitmask), see OpenSSL manual\n# $callback - [optional] reference to perl callback function\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetverify.html>\n\n*   CTXsetposthandshakeauth\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nEnable the Post-Handshake Authentication extension to be added to the ClientHello such that\npost-handshake authentication can be requested by the server.\n\nNet::SSLeay::CTXsetposthandshakeauth($ctx, $val);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $val - 0 then the extension is not sent, otherwise it is\n#\n# returns: no return value\n\nCheck openssl doc\nhttps://www.openssl.org/docs/manmaster/man3/SSLCTXsetposthandshakeauth\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetposthandshakeauth.html>\n\n*   CTXloadverifylocations\n\nSpecifies the locations for $ctx, at which CA certificates for verification purposes are\nlocated. The certificates available via $CAfile and $CApath are trusted.\n\nmy $rv = Net::SSLeay::CTXloadverifylocations($ctx, $CAfile, $CApath);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $CAfile - (string) file of CA certificates in PEM format, the file can contain several CA certificates (or '')\n# $CApath - (string) directory containing CA certificates in PEM format (or '')\n#\n# returns: 1 on success, 0 on failure (check the error stack to find out the reason)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXloadverifylocations.html>\n\n*   CTXneedtmpRSA\n\nReturn the result of \"SSLCTXctrl(ctx,SSLCTRLNEEDTMPRSA,0,NULL)\"\n\nmy $rv = Net::SSLeay::CTXneedtmpRSA($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: result of SSLCTRLNEEDTMPRSA command\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXnew\n\nThe same as \"CTXv23new\"\n\nmy $rv = Net::SSLeay::CTXnew();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXv2new\n\nCreates a new SSLCTX object - based on SSLv2method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv2new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXv23new\n\nCreates a new SSLCTX object - based on SSLv23method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv23new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXv3new\n\nCreates a new SSLCTX object - based on SSLv3method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXv3new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv1new\n\nCreates a new SSLCTX object - based on TLSv1method() - as framework to establish TLS/SSL\nenabled connections.\n\nmy $rv = Net::SSLeay::CTXtlsv1new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv11new\n\nCreates a new SSLCTX object - based on TLSv11method() - as framework to establish TLS/SSL\nenabled connections. Only available where supported by the underlying openssl.\n\nmy $rv = Net::SSLeay::CTXtlsv11new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXtlsv12new\n\nCreates a new SSLCTX object - based on TLSv12method() - as framework to establish TLS/SSL\nenabled connections. Only available where supported by the underlying openssl.\n\nmy $rv = Net::SSLeay::CTXtlsv12new();\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n*   CTXnewwithmethod\n\nCreates a new SSLCTX object based on $meth method\n\nmy $rv = Net::SSLeay::CTXnewwithmethod($meth);\n# $meth - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\n#example\nmy $ctx = Net::SSLeay::CTXnewwithmethod(&Net::SSLeay::TLSv1method);\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXnew.html>\n\n*   CTXsetminprotoversion, CTXsetmaxprotoversion, setminprotoversion and\nsetmaxprotoversion,\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0-pre2 or LibreSSL 2.6.0\n\nSet the minimum and maximum supported protocol for $ctx or $ssl.\n\nmy $rv = Net::SSLeay::CTXsetminprotoversion($ctx, $version)\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $version - (integer) constat version value or 0 for automatic lowest or highest value\n#\n# returns: 1 on success, 0 on failure\n\n#example: allow only TLS 1.2 for a SSLCTX\nmy $rvmin = Net::SSLeay::CTXsetminprotoversion($ctx, Net::SSLeay::TLS12VERSION());\nmy $rvmax = Net::SSLeay::CTXsetmaxprotoversion($ctx, Net::SSLeay::TLS12VERSION());\n\n#example: allow only TLS 1.1 for a SSL\nmy $rvmin = Net::SSLeay::setminprotoversion($ssl, Net::SSLeay::TLS11VERSION());\nmy $rvmax = Net::SSLeay::setmaxprotoversion($ssl, Net::SSLeay::TLS11VERSION());\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetminprotoversion.html>\n\n*   CTXgetminprotoversion, CTXgetmaxprotoversion, getminprotoversion and\ngetmaxprotoversion,\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0g\n\nGet the minimum and maximum supported protocol for $ctx or $ssl.\n\nmy $version = Net::SSLeay::CTXgetminprotoversion($ctx)\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 0 automatic lowest or highest value, configured value otherwise\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetminprotoversion.html>\n\n*   CTXremovesession\n\nRemoves the session $ses from the context $ctx.\n\nmy $rv = Net::SSLeay::CTXremovesession($ctx, $ses);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXaddsession.html>\n\n*   CTXsessaccept\n\nmy $rv = Net::SSLeay::CTXsessaccept($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of started SSL/TLS handshakes in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessacceptgood\n\nmy $rv = Net::SSLeay::CTXsessacceptgood($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully established SSL/TLS sessions in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessacceptrenegotiate\n\nmy $rv = Net::SSLeay::CTXsessacceptrenegotiate($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of start renegotiations in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesscachefull\n\nmy $rv = Net::SSLeay::CTXsesscachefull($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions that were removed because the maximum session cache size was exceeded\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesscbhits\n\nmy $rv = Net::SSLeay::CTXsesscbhits($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully retrieved sessions from the external session cache in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnect\n\nmy $rv = Net::SSLeay::CTXsessconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of started SSL/TLS handshakes in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnectgood\n\nmy $rv = Net::SSLeay::CTXsessconnectgood($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully established SSL/TLS sessions in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessconnectrenegotiate\n\nmy $rv = Net::SSLeay::CTXsessconnectrenegotiate($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of start renegotiations in client mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessgetcachesize\n\nReturns the currently valid session cache size.\n\nmy $rv = Net::SSLeay::CTXsessgetcachesize($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: current size\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsesssetcachesize.html>\n\n*   CTXsesshits\n\nmy $rv = Net::SSLeay::CTXsesshits($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of successfully reused sessions\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessmisses\n\nmy $rv = Net::SSLeay::CTXsessmisses($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions proposed by clients that were not found in the internal session cache in server mode\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsessnumber\n\nmy $rv = Net::SSLeay::CTXsessnumber($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: current number of sessions in the internal session cache\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesssetcachesize\n\nSets the size of the internal session cache of context $ctx to $size.\n\nNet::SSLeay::CTXsesssetcachesize($ctx, $size);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $size - cache size (0 = unlimited)\n#\n# returns: previously valid size\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsesssetcachesize.html>\n\n*   CTXsesstimeouts\n\nReturns the number of sessions proposed by clients and either found in the internal or\nexternal session cache in server mode, but that were invalid due to timeout. These sessions\nare not included in the SSLCTXsesshits count.\n\nmy $rv = Net::SSLeay::CTXsesstimeouts($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: number of sessions\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessnumber.html>\n\n*   CTXsesssetnewcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before\n\nSets the callback function, which is automatically called whenever a new session was\nnegotiated.\n\nNet::SSLeay::CTXsesssetnewcb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsesssetnewcb.html>\n\n*   CTXsesssetremovecb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before\n\nSets the callback function, which is automatically called whenever a session is removed by\nthe SSL engine.\n\nNet::SSLeay::CTXsesssetremovecb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsesssetremovecb.html>\n\n*   CTXsessions\n\nReturns a pointer to the lhash databases containing the internal session cache for ctx.\n\nmy $rv = Net::SSLeay::CTXsessions($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's LHASH structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsessions.html>\n\n*   CTXset1param\n\nCOMPATIBILITY: requires at least OpenSSL 1.0.0-beta3\n\nApplies X509 verification parameters $vpm on $ctx\n\nmy $rv = Net::SSLeay::CTXset1param($ctx, $vpm);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $vpm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   CTXsetcertstore\n\nSets/replaces the certificate verification storage of $ctx to/with $store.\n\nNet::SSLeay::CTXsetcertstore($ctx, $store);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $store - value corresponding to openssl's X509STORE structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertstore.html>\n\n*   CTXsetcertverifycallback\n\nSets the verification callback function for $ctx. SSL objects that are created from $ctx\ninherit the setting valid at the time when \"Net::SSLeay::new($ctx)\" is called.\n\nNet::SSLeay::CTXsetcertverifycallback($ctx, $func, $data);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcertverifycallback.html>\n\n*   CTXsetcipherlist\n\nSets the list of available ciphers for $ctx using the control string $str. The list of\nciphers is inherited by all ssl objects created from $ctx.\n\nmy $rv = Net::SSLeay::CTXsetcipherlist($s, $str);\n# $s - value corresponding to openssl's SSLCTX structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nThe format of $str is described in\n<https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html>\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetcipherlist.html>\n\n*   CTXsetciphersuites\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nConfigure the available TLSv1.3 ciphersuites.\n\nmy $rv = Net::SSLeay::CTXsetciphersuites($ctx, $str);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $str  - colon (\":\") separated list of TLSv1.3 ciphersuite names in order of preference\n#\n# returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetciphersuites.html>\n\n*   CTXsetclientCAlist\n\nSets the list of CAs sent to the client when requesting a client certificate for $ctx.\n\nNet::SSLeay::CTXsetclientCAlist($ctx, $list);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $list - value corresponding to openssl's X509NAMESTACK structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   CTXsetdefaultpasswdcb\n\nSets the default password callback called when loading/storing a PEM certificate with\nencryption.\n\nNet::SSLeay::CTXsetdefaultpasswdcb($ctx, $func);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   CTXsetdefaultpasswdcbuserdata\n\nSets a pointer to userdata which will be provided to the password callback on invocation.\n\nNet::SSLeay::CTXsetdefaultpasswdcbuserdata($ctx, $userdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $userdata - data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   CTXsetdefaultverifypaths\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::CTXsetdefaultverifypaths($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: 1 on success, 0 on failure\n\n*   CTXsetexdata\n\nIs used to store application data at $data for $idx into the $ctx object.\n\nmy $rv = Net::SSLeay::CTXsetexdata($ssl, $idx, $data);\n# $ssl - value corresponding to openssl's SSLCTX structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetexnewindex.html>\n\n*   CTXsetpurpose\n\nmy $rv = Net::SSLeay::CTXsetpurpose($s, $purpose);\n# $s - value corresponding to openssl's SSLCTX structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\n#avainable purpose identifier\n1 - X509PURPOSESSLCLIENT\n2 - X509PURPOSESSLSERVER\n3 - X509PURPOSENSSSLSERVER\n4 - X509PURPOSESMIMESIGN\n5 - X509PURPOSESMIMEENCRYPT\n6 - X509PURPOSECRLSIGN\n7 - X509PURPOSEANY\n8 - X509PURPOSEOCSPHELPER\n9 - X509PURPOSETIMESTAMPSIGN\n\n#or use corresponding constants\n$purpose = &Net::SSLeay::X509PURPOSESSLCLIENT;\n...\n$purpose = &Net::SSLeay::X509PURPOSETIMESTAMPSIGN;\n\n*   CTXsetquietshutdown\n\nSets the 'quiet shutdown' flag for $ctx to be mode. SSL objects created from $ctx inherit\nthe mode valid at the time \"Net::SSLeay::new($ctx)\" is called.\n\nNet::SSLeay::CTXsetquietshutdown($ctx, $mode);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $mode - 0 or 1\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   CTXsetreadahead\n\nmy $rv = Net::SSLeay::CTXsetreadahead($ctx, $val);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $val - readahead value to be set\n#\n# returns: the original readahead value\n\n*   CTXsetsessionidcontext\n\nSets the context $sidctx of length $sidctxlen within which a session can be reused for\nthe $ctx object.\n\nmy $rv = Net::SSLeay::CTXsetsessionidcontext($ctx, $sidctx, $sidctxlen);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $sidctx - data buffer\n# $sidctxlen - length of data in $sidctx\n#\n# returns: 1 on success, 0 on failure (the error is logged to the error stack)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessionidcontext.html>\n\n*   CTXsetsslversion\n\nSets a new default TLS/SSL method for SSL objects newly created from this $ctx. SSL objects\nalready created with \"Net::SSLeay::new($ctx)\" are not affected, except when\n\"Net::SSLeay:clear($ssl)\" is being called.\n\nmy $rv = Net::SSLeay::CTXsetsslversion($ctx, $meth);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $meth - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   CTXsettimeout\n\nSets the timeout for newly created sessions for $ctx to $t. The timeout value $t must be\ngiven in seconds.\n\nmy $rv = Net::SSLeay::CTXsettimeout($ctx, $t);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $t - timeout in seconds\n#\n# returns: previously set timeout value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettimeout.html>\n\n*   CTXsettmpdh\n\nSets DH parameters to be used to be $dh. The key is inherited by all ssl objects created\nfrom $ctx.\n\nmy $rv = Net::SSLeay::CTXsettmpdh($ctx, $dh);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   CTXsettmpdhcallback\n\nSets the callback function for $ctx to be used when a DH parameters are required to\n$tmpdhcallback.\n\nNet::SSLeay::CTXsettmpdhcallback($ctx, $tmpdhcallback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# tmpdhcallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   CTXsettmprsa\n\nSets the temporary/ephemeral RSA key to be used to be $rsa.\n\nmy $rv = Net::SSLeay::CTXsettmprsa($ctx, $rsa);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXsettmprsacallback\n\nSets the callback function for ctx to be used when a temporary/ephemeral RSA key is required\nto $tmprsacallback.\n\n??? (does this function really work?)\n\nNet::SSLeay::CTXsettmprsacallback($ctx, $tmprsacallback);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $tmprsacallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\nNot available with OpenSSL 1.1 and later.\n\n*   CTXsettrust\n\nmy $rv = Net::SSLeay::CTXsettrust($s, $trust);\n# $s - value corresponding to openssl's SSLCTX structure\n# $trust - (integer) trust identifier\n#\n# returns: the original value\n\n#available trust identifiers\n1 - X509TRUSTCOMPAT\n2 - X509TRUSTSSLCLIENT\n3 - X509TRUSTSSLSERVER\n4 - X509TRUSTEMAIL\n5 - X509TRUSTOBJECTSIGN\n6 - X509TRUSTOCSPSIGN\n7 - X509TRUSTOCSPREQUEST\n8 - X509TRUSTTSA\n\n#or use corresponding constants\n$trust = &Net::SSLeay::X509TRUSTCOMPAT;\n...\n$trust = &Net::SSLeay::X509TRUSTTSA;\n\n*   CTXsetverifydepth\n\nSets the maximum depth for the certificate chain verification that shall be allowed for ctx.\n\nNet::SSLeay::CTXsetverifydepth($ctx, $depth);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $depth - max. depth\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   CTXusePKCS12file\n\nAdds the certificate and private key from PKCS12 file $p12filename to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePKCS12file($ctx, $p12filename, $password);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $p12filename - (string) filename\n# $password - (string) password to decrypt private key\n#\n# returns: 1 on success, 0 on failure\n\n*   CTXusePrivateKey\n\nAdds the private key $pkey to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePrivateKey($ctx, $pkey);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusePrivateKeyfile\n\nAdds the first private key found in $file to $ctx.\n\nmy $rv = Net::SSLeay::CTXusePrivateKeyfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXuseRSAPrivateKey\n\nAdds the RSA private key $rsa to $ctx.\n\nmy $rv = Net::SSLeay::CTXuseRSAPrivateKey($ctx, $rsa);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXuseRSAPrivateKeyfile\n\nAdds the first RSA private key found in $file to $ctx.\n\nmy $rv = Net::SSLeay::CTXuseRSAPrivateKeyfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\n*   CTXusecertificate\n\nLoads the certificate $x into $ctx\n\nmy $rv = Net::SSLeay::CTXusecertificate($ctx, $x);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusecertificatechainfile\n\nLoads a certificate chain from $file into $ctx. The certificates must be in PEM format and\nmust be sorted starting with the subject's certificate (actual client or server\ncertificate), followed by intermediate CA certificates if applicable, and ending at the\nhighest level (root) CA.\n\nmy $rv = Net::SSLeay::CTXusecertificatechainfile($ctx, $file);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXusecertificatefile\n\nLoads the first certificate stored in $file into $ctx.\n\nmy $rv = Net::SSLeay::CTXusecertificatefile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   CTXgetsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns the security level associated with $ctx.\n\nmy $level = Net::SSLeay::CTXgetsecuritylevel($ctx);\n# $ctx   - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) current security level\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXgetsecuritylevel.html>\n\n*   CTXsetsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nSets the security level associated with $ctx to $level.\n\nNet::SSLeay::CTXsetsecuritylevel($ctx, $level);\n# $ssl   - value corresponding to openssl's SSLCTX structure\n# $level - new security level\n#\n# returns: no return value\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetsecuritylevel.html>\n\n*   CTXsetnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nSet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $rv = Net::SSLeay::CTXsetnumtickets($ctx, $numberoftickets);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $numberoftickets - number of tickets to send\n#\n# returns: 1 on success, 0 on failure\n\nSet to zero if you do not no want to support a session resumption.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXsetnumtickets.html>\n\n*   CTXgetnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nGet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $numberoftickets = Net::SSLeay::CTXgetnumtickets($ctx);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n#\n# returns: (integer) number of tickets to send\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLCTXgetnumtickets.html>\n\n*   CTXsetkeylogcallback\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n1.1.1pre1, not in LibreSSL\n\nSet the TLS key logging callback.\n\nNet::SSLeay::CTXsetkeylogcallback($ctx, $cb);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $cb - reference to a perl callback function\n#\n# returns: no return value\n\nThe callback function will be called like this:\n\nkeylogcbfunc($ssl, $line);\n# $ssl - value corresponding to OpenSSL's SSL object associated with the connection\n# $line - a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXsetkeylogcallback.html>\n\n*   CTXgetkeylogcallback\n\nCOMPATIBILITY: not available in Net-SSLeay-1.90 and before; requires at least OpenSSL\n1.1.1pre1, not in LibreSSL\n\nRetrieve the previously set TLS key logging callback.\n\nmy $cb = Net::SSLeay::CTXgetkeylogcallback($ctx);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n#\n# returns: a reference to a perl callback function or undef if no callback is set\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLCTXgetkeylogcallback.html>\n\nLow level API: SSL* related functions\nNOTE: Please note that the function described in this chapter have \"SSL\" part stripped from\ntheir original openssl names.\n\n*   new\n\nCreates a new SSL structure which is needed to hold the data for a TLS/SSL connection. The\nnew structure inherits the settings of the underlying context $ctx: connection method\n(SSLv2/v3/TLSv1), options, verification settings, timeout settings.\n\nmy $rv = Net::SSLeay::new($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's SSL structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLnew.html>\n\n*   accept\n\nWaits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must\nalready have been set and assigned to the ssl by setting an underlying BIO.\n\nmy $rv = Net::SSLeay::accept($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLaccept.html>\n\n*   addclientCA\n\nAdds the CA name extracted from cacert to the list of CAs sent to the client when requesting\na client certificate for the chosen ssl, overriding the setting valid for ssl's SSLCTX\nobject.\n\nmy $rv = Net::SSLeay::addclientCA($ssl, $x);\n# $ssl - value corresponding to openssl's SSL structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   callbackctrl\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::callbackctrl($ssl, $cmd, $fp);\n# $ssl - value corresponding to openssl's SSL structure\n# $cmd - (integer) command id\n# $fp - (function pointer) ???\n#\n# returns: ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   checkprivatekey\n\nChecks the consistency of a private key with the corresponding certificate loaded into $ssl\n\nmy $rv = Net::SSLeay::checkprivatekey($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   clear\n\nReset SSL object to allow another connection.\n\nNet::SSLeay::clear($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLclear.html>\n\n*   connect\n\nInitiate the TLS/SSL handshake with an TLS/SSL server.\n\nmy $rv = Net::SSLeay::connect($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLconnect.html>\n\n*   copysessionid\n\nCopies the session structure fro $from to $to (+ also the private key and certificate\nassociated with $from).\n\nNet::SSLeay::copysessionid($to, $from);\n# $to - value corresponding to openssl's SSL structure\n# $from - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\n*   ctrl\n\nInternal handling function for SSL objects.\n\nBEWARE: openssl doc says: This function should never be called directly!\n\nmy $rv = Net::SSLeay::ctrl($ssl, $cmd, $larg, $parg);\n# $ssl - value corresponding to openssl's SSL structure\n# $cmd - (integer) command id\n# $larg - (integer) long ???\n# $parg - (string/pointer) ???\n#\n# returns: (long) result of given command ???\n\nFor more details about valid $cmd values check \"CTXctrl\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXctrl.html>\n\n*   dohandshake\n\nWill wait for a SSL/TLS handshake to take place. If the connection is in client mode, the\nhandshake will be started. The handshake routines may have to be explicitly set in advance\nusing either SSLsetconnectstate or SSLsetacceptstate(3).\n\nmy $rv = Net::SSLeay::dohandshake($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLdohandshake.html>\n\n*   dup\n\nReturns a duplicate of $ssl.\n\nmy $rv = Net::SSLeay::dup($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSL structure (0 on failure)\n\n*   free\n\nFree an allocated SSL structure.\n\nNet::SSLeay::free($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLfree.html>\n\n*   get0param\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nReturns the current verification parameters.\n\nmy $vpm = Net::SSLeay::get0param($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCTXget0param.html>\n\n*   getSSLCTX\n\nReturns a pointer to the SSLCTX object, from which $ssl was created with Net::SSLeay::new.\n\nmy $rv = Net::SSLeay::getSSLCTX($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLCTX structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetSSLCTX.html>\n\n*   setSSLCTX\n\nCOMPATIBILITY: requires at least OpenSSL 0.9.8f\n\nSets the SSLCTX the corresponds to an SSL session.\n\nmy $thesslctx = Net::SSLeay::setSSLCTX($ssl, $sslctx);\n# $ssl - value corresponding to openssl's SSL structure\n# $sslctx - Change the ssl object to the given sslctx\n#\n# returns - the sslctx\n\n*   getappdata\n\nCan be used to get application defined value/data.\n\nmy $rv = Net::SSLeay::getappdata($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: string/buffer/pointer ???\n\n*   setappdata\n\nCan be used to set some application defined value/data.\n\nmy $rv = Net::SSLeay::setappdata($ssl, $arg);\n# $ssl - value corresponding to openssl's SSL structure\n# $arg - (string/buffer/pointer ???) data\n#\n# returns: ???\n\n*   getcertificate\n\nGets X509 certificate from an established SSL connection.\n\nmy $rv = Net::SSLeay::getcertificate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\n*   getcipher\n\nObtains the name of the currently used cipher.\n\nmy $rv = Net::SSLeay::getcipher($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA' or '', when no session has been established.\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html>\n\n*   getcipherbits\n\nObtain the number of secret/algorithm bits used.\n\nmy $rv = Net::SSLeay::getcipherbits($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: number of secret bits used by current cipher\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html> and\n<http://www.openssl.org/docs/ssl/SSLCIPHERgetname.html>\n\n*   getciphers\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nReturns a list of SSLCIPHER structures available for $ssl sorted by preference\n\nmy @ciphers = Net::SSLeay::getciphers($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (list) SSLCIPHER structures or nothing when $ssl is undefined or no ciphers are available\n\nExample:\n\nmy @ciphers = Net::SSLeay::getciphers($ssl);\nforeach my $c (@ciphers) {\nprint Net::SSLeay::CIPHERgetname($c) . \"\\n\";\n}\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLgetciphers.html>\n\n*   getcipherlist\n\nReturns the name (string) of the SSLCIPHER listed for $ssl with priority $n.\n\nmy $rv = Net::SSLeay::getcipherlist($ssl, $n);\n# $ssl - value corresponding to openssl's SSL structure\n# $n - (integer) priority\n#\n# returns: (string) cipher name e.g. 'EDH-DSS-DES-CBC3-SHA' or undef in case of error\n\nCall Net::SSLeay::getcipherlist with priority starting from 0 to obtain the sorted list of\navailable ciphers, until undef is returned:\n\nmy $priority = 0;\nwhile (my $c = Net::SSLeay::getcipherlist($ssl, $priority)) {\nprint \"cipher[$priority] = $c\\n\";\n$priority++;\n}\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLgetcipherlist.html>\n\n*   getclientCAlist\n\nReturns the list of client CAs explicitly set for $ssl using\n\"Net::SSleay::setclientCAlist\" or $ssl's SSLCTX object with\n\"Net::SSLeay::CTXsetclientCAlist\", when in server mode.\n\nIn client mode, returns the list of client CAs sent from the server, if any.\n\nmy $rv = Net::SSLeay::getclientCAlist($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's STACKOF(X509NAME) structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetclientCAlist.html>\n\n*   getcurrentcipher\n\nReturns the cipher actually used.\n\nmy $rv = Net::SSLeay::getcurrentcipher($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLCIPHER structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetcurrentcipher.html>\n\n*   getdefaulttimeout\n\nReturns the default timeout value assigned to SSLSESSION objects negotiated for the\nprotocol valid for $ssl.\n\nmy $rv = Net::SSLeay::getdefaulttimeout($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (long) timeout in seconds\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetdefaulttimeout.html>\n\n*   geterror\n\nReturns a result code for a preceding call to \"connect\", \"accept\", \"dohandshake\", \"read\",\n\"peek\" or \"write\" on $ssl.\n\nmy $rv = Net::SSLeay::geterror($ssl, $ret);\n# $ssl - value corresponding to openssl's SSL structure\n# $ret - return value of preceding TLS/SSL I/O operation\n#\n# returns: result code, which is one of the following values:\n#  0 - SSLERRORNONE\n#  1 - SSLERRORSSL\n#  2 - SSLERRORWANTREAD\n#  3 - SSLERRORWANTWRITE\n#  4 - SSLERRORWANTX509LOOKUP\n#  5 - SSLERRORSYSCALL\n#  6 - SSLERRORZERORETURN\n#  7 - SSLERRORWANTCONNECT\n#  8 - SSLERRORWANTACCEPT\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgeterror.html>\n\n*   getexdata\n\nIs used to retrieve the information for $idx from $ssl.\n\nmy $rv = Net::SSLeay::getexdata($ssl, $idx);\n# $ssl - value corresponding to openssl's SSL structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   setexdata\n\nIs used to store application data at $data for $idx into the $ssl object.\n\nmy $rv = Net::SSLeay::setexdata($ssl, $idx, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   getexnewindex\n\nIs used to register a new index for application specific data.\n\nmy $rv = Net::SSLeay::getexnewindex($argl, $argp, $newfunc, $dupfunc, $freefunc);\n# $argl - (long) ???\n# $argp - (pointer) ???\n# $newfunc - function pointer ??? (CRYPTOEXnew *)\n# $dupfunc - function pointer ??? (CRYPTOEXdup *)\n# $freefunc - function pointer ??? (CRYPTOEXfree *)\n#\n# returns: (integer) ???\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetexnewindex.html>\n\n*   getfd\n\nReturns the file descriptor which is linked to $ssl.\n\nmy $rv = Net::SSLeay::getfd($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: file descriptor (>=0) or -1 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetfd.html>\n\n*   getfinished\n\nObtains the latest 'Finished' message sent to the peer. Return value is zero if there's been\nno Finished message yet. Default count is 2*EVPMAXMDSIZE that is long enough for all\npossible Finish messages. If you supply a non-default count, the resulting return value may\nbe longer than returned buf's length.\n\nmy $rv = Net::SSLeay::getfinished($ssl, $buf, $count);\n# $ssl - value corresponding to openssl's SSL structure\n# $buf - buffer where the returned data will be stored\n# $count - [optional] max size of return data - default is 2*EVPMAXMDSIZE\n#\n# returns: length of latest Finished message\n\n*   getpeerfinished\n\nObtains the latest 'Finished' message expected from the peer. Parameters and return value\nare similar to getfinished().\n\nmy $rv = Net::SSLeay::getpeerfinished($ssl, $buf, $count);\n# $ssl - value corresponding to openssl's SSL structure\n# $buf - buffer where the returned data will be stored\n# $count - [optional] max size of return data - default is 2*EVPMAXMDSIZE\n#\n# returns: length of latest Finished message\n\n*   getkeyblocksize\n\nGets the length of the TLS keyblock.\n\nNOTE: Does not exactly correspond to any low level API function.\n\nmy $rv = Net::SSLeay::getkeyblocksize($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: keyblock size, -1 on error\n\n*   getmode\n\nReturns the mode (bitmask) set for $ssl.\n\nmy $rv = Net::SSLeay::getmode($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: mode (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetmode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   setmode\n\nAdds the mode set via bitmask in $mode to $ssl. Options already set before are not cleared.\n\nmy $rv = Net::SSLeay::setmode($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - mode (bitmask)\n#\n# returns: the new mode bitmask after adding $mode\n\nFor $mode bitmask details see \"CTXgetmode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetmode.html>\n\n*   getoptions\n\nReturns the options (bitmask) set for $ssl.\n\nmy $rv = Net::SSLeay::getoptions($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: options (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetoptions\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetoptions.html>\n\n*   setoptions\n\nAdds the options set via bitmask in $options to $ssl. Options already set before are not\ncleared!\n\nNet::SSLeay::setoptions($ssl, $options);\n# $ssl - value corresponding to openssl's SSL structure\n# $options - options (bitmask)\n#\n# returns: the new options bitmask after adding $options\n\nFor $options bitmask details see \"CTXgetoptions\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetoptions.html>\n\n*   getpeercertificate\n\nGet the X509 certificate of the peer.\n\nmy $rv = Net::SSLeay::getpeercertificate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetpeercertificate.html>\n\n*   getpeercertchain\n\nGet the certificate chain of the peer as an array of X509 structures.\n\nmy @rv = Net::SSLeay::getpeercertchain($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: list of X509 structures\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetpeercertificate.html>\n\n*   getquietshutdown\n\nReturns the 'quiet shutdown' setting of ssl.\n\nmy $rv = Net::SSLeay::getquietshutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) current 'quiet shutdown' value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   getrbio\n\nGet 'read' BIO linked to an SSL object $ssl.\n\nmy $rv = Net::SSLeay::getrbio($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetrbio.html>\n\n*   getreadahead\n\nmy $rv = Net::SSLeay::getreadahead($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) readahead value\n\n*   setreadahead\n\nNet::SSLeay::setreadahead($ssl, $val);\n# $ssl - value corresponding to openssl's SSL structure\n# $val - readahead value to be set\n#\n# returns: the original readahead value\n\n*   getsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns the security level associated with $ssl.\n\nmy $level = Net::SSLeay::getsecuritylevel($ssl);\n# $ssl   - value corresponding to openssl's SSL structure\n#\n# returns: (integer) current security level\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetsecuritylevel.html>\n\n*   setsecuritylevel\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nSets the security level associated with $ssl to $level.\n\nNet::SSLeay::setsecuritylevel($ssl, $level);\n# $ssl   - value corresponding to openssl's SSL structure\n# $level - new security level\n#\n# returns: no return value\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetsecuritylevel.html>\n\n*   setnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nSet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $rv = Net::SSLeay::setnumtickets($ssl, $numberoftickets);\n# $ssl  - value corresponding to openssl's SSL structure\n# $numberoftickets - number of tickets to send\n#\n# returns: 1 on success, 0 on failure\n\nSet to zero if you do not no want to support a session resumption.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetnumtickets.html>\n\n*   getnumtickets\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nGet number of TLSv1.3 session tickets that will be sent to a client.\n\nmy $numberoftickets = Net::SSLeay::getnumtickets($ctx);\n# $ctx  - value corresponding to openssl's SSL structure\n#\n# returns: number of tickets to send\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetnumtickets.html>\n\n*   getserverrandom\n\nReturns internal SSLv3 serverrandom value.\n\nNet::SSLeay::getserverrandom($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: serverrandom value (binary data)\n\n*   getclientrandom\n\nNOTE: Does not exactly correspond to any low level API function\n\nReturns internal SSLv3 clientrandom value.\n\nNet::SSLeay::getclientrandom($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: clientrandom value (binary data)\n\n*   exportkeyingmaterial\n\nReturns keying material based on the string $label and optional $context. Note that with\nTLSv1.2 and lower, empty context (empty string) and undefined context (no value or 'undef')\nwill return different values.\n\nmy $out = Net::SSLeay::exportkeyingmaterial($ssl, $olen, $label, $context);\n# $ssl - value corresponding to openssl's SSL structure\n# $olen - number of bytes to return\n# $label - application specific label\n# $context - [optional] context - default is undef for no context\n#\n# returns: keying material (binary data) or undef on error\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLexportkeyingmaterial.html>\n\n*   getsession\n\nRetrieve TLS/SSL session data used in $ssl. The reference count of the SSLSESSION is NOT\nincremented.\n\nmy $rv = Net::SSLeay::getsession($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetsession.html>\n\n*   SSLget0session\n\nThe alias for \"getsession\" (note that the name is \"SSLget0session\" NOT \"get0session\").\n\nmy $rv = Net::SSLeay::SSLget0session();\n\n*   get1session\n\nReturns a pointer to the SSLSESSION actually used in $ssl. The reference count of the\nSSLSESSION is incremented by 1.\n\nmy $rv = Net::SSLeay::get1session($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLSESSION structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetsession.html>\n\n*   getsharedciphers\n\nReturns string with a list (colon ':' separated) of ciphers shared between client and server\nwithin SSL session $ssl.\n\nmy $rv = Net::SSLeay::getsharedciphers()\n#\n# returns: string like 'ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:...'\n\n*   getshutdown\n\nReturns the shutdown mode of $ssl.\n\nmy $rv = Net::SSLeay::getshutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: shutdown mode (bitmask) of ssl\n\n#to decode the return value (bitmask) use:\n0 - No shutdown setting, yet\n1 - SSLSENTSHUTDOWN\n2 - SSLRECEIVEDSHUTDOWN\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetshutdown.html>\n\n*   getsslmethod\n\nReturns a function pointer to the TLS/SSL method set in $ssl.\n\nmy $rv = Net::SSLeay::getsslmethod($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's SSLMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   ininit, inbefore, isinitfinished, inconnectinit, inacceptinit\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before.\n\nRetrieve information about the handshake state machine. All functions take $ssl as the only\nargument and return 0 or 1. These functions are recommended over getstate() and state().\n\nmy $rv = Net::SSLeay::isinitfinished($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: All functions return 1 or 0\n\nCheck openssl doc https://www.openssl.org/docs/ssl/SSLininit.html\n<http://www.openssl.org/docs/ssl/SSLininit.html>\n\n*   getstate\n\nCOMPATIBILITY: OpenSSL 1.1.0 and later use different constants which are not made available.\nUse isinitfinished() and related functions instead.\n\nReturns the SSL connection state.\n\nmy $rv = Net::SSLeay::getstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) state value\n#          to decode the returned state check:\n#          SSLST* constants in openssl/ssl.h\n#          SSL2ST* constants in openssl/ssl2.h\n#          SSL23ST* constants in openssl/ssl23.h\n#          SSL3ST* + DTLS1ST* constants in openssl/ssl3.h\n\n*   state\n\nExactly the same as \"getstate\".\n\nmy $rv = Net::SSLeay::state($ssl);\n\n*   setstate\n\nSets the SSL connection state.\n\nNet::SSLeay::setstate($ssl,Net::SSLeay::SSLSTACCEPT());\n\nNot available with OpenSSL 1.1 and later.\n\n*   getverifydepth\n\nReturns the verification depth limit currently set in $ssl.\n\nmy $rv = Net::SSLeay::getverifydepth($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: current depth or -1 if no limit has been explicitly set\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   setverifydepth\n\nSets the maximum depth for the certificate chain verification that shall be allowed for\n$ssl.\n\nNet::SSLeay::setverifydepth($ssl, $depth);\n# $ssl - value corresponding to openssl's SSL structure\n# $depth - (integer) depth\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   getverifymode\n\nReturns the verification mode (bitmask) currently set in $ssl.\n\nmy $rv = Net::SSLeay::getverifymode($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: mode (bitmask)\n\nTo decode the return value (bitmask) see documentation for \"CTXgetverifymode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXgetverifymode.html>\n\n*   setverify\n\nSets the verification flags for $ssl to be $mode and specifies the $verifycallback function\nto be used.\n\nNet::SSLeay::setverify($ssl, $mode, $callback);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - mode (bitmask)\n# $callback - [optional] reference to perl callback function\n#\n# returns: no return value\n\nFor $mode bitmask details see \"CTXgetverifymode\".\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetverify.html>\n\n*   setposthandshakeauth\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nEnable the Post-Handshake Authentication extension to be added to the ClientHello such that\npost-handshake authentication can be requested by the server.\n\nNet::SSLeay::setposthandshakeauth($ssl, $val);\n# $ssl - value corresponding to openssl's SSL structure\n# $val - 0 then the extension is not sent, otherwise it is\n#\n# returns: no return value\n\nCheck openssl doc https://www.openssl.org/docs/manmaster/man3/SSLsetposthandshakeauth\n<https://www.openssl.org/docs/manmaster/man3/SSLsetposthandshakeauth.html>\n\n*   verifyclientposthandshake\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nverifyclientposthandshake causes a CertificateRequest message to be sent by a server on\nthe given ssl connection.\n\nmy $rv = Net::SSLeay::verifyclientposthandshake($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/SSLverifyclientposthandshake.html>\n\n*   getverifyresult\n\nReturns the result of the verification of the X509 certificate presented by the peer, if\nany.\n\nmy $rv = Net::SSLeay::getverifyresult($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer)\n#      0 - X509VOK: ok\n#      2 - X509VERRUNABLETOGETISSUERCERT: unable to get issuer certificate\n#      3 - X509VERRUNABLETOGETCRL: unable to get certificate CRL\n#      4 - X509VERRUNABLETODECRYPTCERTSIGNATURE: unable to decrypt certificate's signature\n#      5 - X509VERRUNABLETODECRYPTCRLSIGNATURE: unable to decrypt CRL's signature\n#      6 - X509VERRUNABLETODECODEISSUERPUBLICKEY: unable to decode issuer public key\n#      7 - X509VERRCERTSIGNATUREFAILURE: certificate signature failure\n#      8 - X509VERRCRLSIGNATUREFAILURE: CRL signature failure\n#      9 - X509VERRCERTNOTYETVALID: certificate is not yet valid\n#     10 - X509VERRCERTHASEXPIRED: certificate has expired\n#     11 - X509VERRCRLNOTYETVALID: CRL is not yet valid\n#     12 - X509VERRCRLHASEXPIRED: CRL has expired\n#     13 - X509VERRERRORINCERTNOTBEFOREFIELD: format error in certificate's notBefore field\n#     14 - X509VERRERRORINCERTNOTAFTERFIELD: format error in certificate's notAfter field\n#     15 - X509VERRERRORINCRLLASTUPDATEFIELD: format error in CRL's lastUpdate field\n#     16 - X509VERRERRORINCRLNEXTUPDATEFIELD: format error in CRL's nextUpdate field\n#     17 - X509VERROUTOFMEM: out of memory\n#     18 - X509VERRDEPTHZEROSELFSIGNEDCERT: self signed certificate\n#     19 - X509VERRSELFSIGNEDCERTINCHAIN: self signed certificate in certificate chain\n#     20 - X509VERRUNABLETOGETISSUERCERTLOCALLY: unable to get local issuer certificate\n#     21 - X509VERRUNABLETOVERIFYLEAFSIGNATURE: unable to verify the first certificate\n#     22 - X509VERRCERTCHAINTOOLONG: certificate chain too long\n#     23 - X509VERRCERTREVOKED: certificate revoked\n#     24 - X509VERRINVALIDCA: invalid CA certificate\n#     25 - X509VERRPATHLENGTHEXCEEDED: path length constraint exceeded\n#     26 - X509VERRINVALIDPURPOSE: unsupported certificate purpose\n#     27 - X509VERRCERTUNTRUSTED: certificate not trusted\n#     28 - X509VERRCERTREJECTED: certificate rejected\n#     29 - X509VERRSUBJECTISSUERMISMATCH: subject issuer mismatch\n#     30 - X509VERRAKIDSKIDMISMATCH: authority and subject key identifier mismatch\n#     31 - X509VERRAKIDISSUERSERIALMISMATCH: authority and issuer serial number mismatch\n#     32 - X509VERRKEYUSAGENOCERTSIGN:key usage does not include certificate signing\n#     50 - X509VERRAPPLICATIONVERIFICATION: application verification failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetverifyresult.html>\n\n*   setverifyresult\n\nOverride result of peer certificate verification.\n\nNet::SSLeay::setverifyresult($ssl, $v);\n# $ssl - value corresponding to openssl's SSL structure\n# $v - (integer) result value\n#\n# returns: no return value\n\nFor more info about valid return values see \"getverifyresult\"\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetverifyresult.html>\n\n*   getwbio\n\nGet 'write' BIO linked to an SSL object $ssl.\n\nmy $rv = Net::SSLeay::getwbio($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLgetrbio.html>\n\n*   loadclientCAfile\n\nLoad X509 certificates from file (PEM formatted).\n\nmy $rv = Net::SSLeay::loadclientCAfile($file);\n# $file - (string) file name\n#\n# returns: value corresponding to openssl's STACKOF(X509NAME) structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLloadclientCAfile.html>\n\n*   clearnumrenegotiations\n\nExecutes SSLCTRLCLEARNUMRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::clearnumrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   needtmpRSA\n\nExecutes SSLCTRLNEEDTMPRSA command on $ssl.\n\nmy $rv = Net::SSLeay::needtmpRSA($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\nNot available with OpenSSL 1.1 and later.\n\n*   numrenegotiations\n\nExecutes SSLCTRLGETNUMRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::numrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   totalrenegotiations\n\nExecutes SSLCTRLGETTOTALRENEGOTIATIONS command on $ssl.\n\nmy $rv = Net::SSLeay::totalrenegotiations($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: command result\n\n*   peek\n\nCopies $max bytes from the specified $ssl into the returned value. In contrast to the\n\"Net::SSLeay::read()\" function, the data in the SSL buffer is unmodified after the\nSSLpeek() operation.\n\nNet::SSLeay::peek($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to peek (integer) - default is 32768\n#\n# in scalar context: data read from the TLS/SSL connection, undef on error\n# in list context:   two-item array consisting of data read (undef on error),\n#                      and return code from SSLpeek().\n\n*   peekex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nCopies $max bytes from the specified $ssl into the returned value. In contrast to the\n\"Net::SSLeay::readex()\" function, the data in the SSL buffer is unmodified after the\nSSLpeekex() operation.\n\nmy($got, $rv) = Net::SSLeay::peekex($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to peek (integer) - default is 32768\n#\n# returns a list: two-item list consisting of data read (undef on error),\n#                 and return code from SSLpeekex().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLpeekex.html>\n\n*   pending\n\nObtain number of readable bytes buffered in $ssl object.\n\nmy $rv = Net::SSLeay::pending($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: the number of bytes pending\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLpending.html>\n\n*   haspending\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns 1 if $ssl has buffered data (whether processed or unprocessed) and 0 otherwise.\n\nmy $rv = Net::SSLeay::haspending($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) 1 or 0\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLhaspending.html>\n\n*   read\n\nTries to read $max bytes from the specified $ssl.\n\nmy $got = Net::SSLeay::read($ssl, $max);\nmy($got, $rv) = Net::SSLeay::read($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to read (integer) - default is 32768\n#\n# returns:\n# in scalar context: data read from the TLS/SSL connection, undef on error\n# in list context:   two-item array consisting of data read (undef on error),\n#                      and return code from SSLread().\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLread.html>\n\n*   readex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nTries to read $max bytes from the specified $ssl.\n\nmy($got, $rv) = Net::SSLeay::readex($ssl, $max);\n# $ssl - value corresponding to openssl's SSL structure\n# $max - [optional] max bytes to read (integer) - default is 32768\n#\n# returns a list: two-item list consisting of data read (undef on error),\n#                 and return code from SSLreadex().\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLreadex.html>\n\n*   renegotiate\n\nTurn on flags for renegotiation so that renegotiation will happen\n\nmy $rv = Net::SSLeay::renegotiate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   rstatestring\n\nReturns a 2 letter string indicating the current read state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::rstatestring($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 2-letter string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLrstatestring.html>\n\n*   rstatestringlong\n\nReturns a string indicating the current read state of the SSL object ssl.\n\nmy $rv = Net::SSLeay::rstatestringlong($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: string with current state\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLrstatestring.html>\n\n*   sessionreused\n\nQuery whether a reused session was negotiated during handshake.\n\nmy $rv = Net::SSLeay::sessionreused($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 0 - new session was negotiated; 1 - session was reused.\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsessionreused.html>\n\n*   set1param\n\nCOMPATIBILITY: requires at least OpenSSL 1.0.0-beta3\n\nApplies X509 verification parameters $vpm on $ssl\n\nmy $rv = Net::SSLeay::set1param($ssl, $vpm);\n# $ssl - value corresponding to openssl's SSL structure\n# $vpm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   setacceptstate\n\nSets $ssl to work in server mode.\n\nNet::SSLeay::setacceptstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetconnectstate.html>\n\n*   setbio\n\nConnects the BIOs $rbio and $wbio for the read and write operations of the TLS/SSL\n(encrypted) side of $ssl.\n\nNet::SSLeay::setbio($ssl, $rbio, $wbio);\n# $ssl - value corresponding to openssl's SSL structure\n# $rbio - value corresponding to openssl's BIO structure\n# $wbio - value corresponding to openssl's BIO structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetbio.html>\n\n*   setcipherlist\n\nSets the list of ciphers only for ssl.\n\nmy $rv = Net::SSLeay::setcipherlist($ssl, $str);\n# $ssl - value corresponding to openssl's SSL structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcipherlist.html>\n\n*   setciphersuites\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nConfigure the available TLSv1.3 ciphersuites.\n\nmy $rv = Net::SSLeay::setciphersuites($ssl, $str);\n# $ssl  - value corresponding to openssl's SSL structure\n# $str  - colon (\":\") separated list of TLSv1.3 ciphersuite names in order of preference\n#\n# returns: (integer) 1 if the requested ciphersuite list was configured, and 0 otherwise\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLsetciphersuites.html>\n\n*   setclientCAlist\n\nSets the list of CAs sent to the client when requesting a client certificate for the chosen\n$ssl, overriding the setting valid for $ssl's SSLCTX object.\n\nmy $rv = Net::SSLeay::setclientCAlist($ssl, $list);\n# $ssl - value corresponding to openssl's SSL structure\n# $list - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetclientCAlist.html>\n\n*   setconnectstate\n\nSets $ssl to work in client mode.\n\nNet::SSLeay::setconnectstate($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetconnectstate.html>\n\n*   setfd\n\nSets the file descriptor $fd as the input/output facility for the TLS/SSL (encrypted) side\nof $ssl, $fd will typically be the socket file descriptor of a network connection.\n\nmy $rv = Net::SSLeay::setfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setpskclientcallback\n\nSets the psk client callback.\n\nNet::SSLeay::setpskclientcallback($ssl, sub { my $hint = shift; return ($identity, $key) } );\n# $ssl - value corresponding to openssl's SSL structure\n# $hint - PSK identity hint send by the server\n# $identity - PSK identity\n# $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetpskclientcallback.html>\n\n*   setrfd\n\nSets the file descriptor $fd as the input (read) facility for the TLS/SSL (encrypted) side\nof $ssl.\n\nmy $rv = Net::SSLeay::setrfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setwfd\n\nmy $rv = Net::SSLeay::setwfd($ssl, $fd);\n# $ssl - value corresponding to openssl's SSL structure\n# $fd - (integer) file handle (got via perl's fileno)\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetfd.html>\n\n*   setinfocallback\n\nSets the callback function, that can be used to obtain state information for $ssl during\nconnection setup and use. When callback is undef, the callback setting currently valid for\nctx is used.\n\nNet::SSLeay::setinfocallback($ssl, $cb, [$data]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($ssl,$where,$ret,$data) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetinfocallback.html>\n\n*   CTXsetinfocallback\n\nSets the callback function on ctx, that can be used to obtain state information during ssl\nconnection setup and use. When callback is undef, an existing callback will be disabled.\n\nNet::SSLeay::CTXsetinfocallback($ssl, $cb, [$data]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($ssl,$where,$ret,$data) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetinfocallback.html>\n\n*   setmsgcallback\n\nSets the callback function, that can be used to obtain protocol messages information for\n$ssl during connection setup and use. When callback is undef, the callback setting currently\nvalid for ctx is used. Note that setmsgcallbackarg is not provided as there is no need to\nexplicitly set $arg, this is handled by setmsgcallback.\n\nNet::SSLeay::setmsgcallback($ssl, $cb, [$arg]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($writep,$version,$contenttype,$buf,$len,$ssl,$arg) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/SSLsetmsgcallback.html>\n\n*   CTXsetmsgcallback\n\nSets the callback function on ctx, that can be used to obtain protocol messages information\nfor ssl connection setup and use. When callback is undef, the existing callback will be\ndisabled. Note that CTXsetmsgcallbackarg is not provided as there is no need to\nexplicitly set $arg, this is handled by CTXsetmsgcallback.\n\nNet::SSLeay::CTXsetmsgcallback($ssl, $cb, [$arg]);\n# $ssl - value corresponding to openssl's SSL structure\n# $cb - sub { my ($writep,$version,$contenttype,$buf,$len,$ssl,$arg) = @; ... }\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/SSLCTXsetmsgcallback.html>\n\n*   setprefcipher\n\nSets the list of available ciphers for $ssl using the control string $str.\n\nmy $rv = Net::SSLeay::setprefcipher($ssl, $str);\n# $ssl - value corresponding to openssl's SSL structure\n# $str - (string) cipher list e.g. '3DES:+RSA'\n#\n# returns: 1 if any cipher could be selected and 0 on complete failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetcipherlist.html>\n\n*   CTXsetpskclientcallback\n\nSets the psk client callback.\n\nNet::SSLeay::CTXsetpskclientcallback($ssl, sub { my $hint = shift; return ($identity, $key) } );\n# $ssl - value corresponding to openssl's SSL structure\n# $hint - PSK identity hint send by the server\n# $identity - PSK identity\n# $key - PSK key, hex string without the leading '0x', e.g. 'deadbeef'\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetpskclientcallback.html>\n\n*   setpurpose\n\nmy $rv = Net::SSLeay::setpurpose($ssl, $purpose);\n# $ssl - value corresponding to openssl's SSL structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more info about available $purpose identifiers see \"CTXsetpurpose\".\n\n*   setquietshutdown\n\nSets the 'quiet shutdown' flag for $ssl to be $mode.\n\nNet::SSLeay::setquietshutdown($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - 0 or 1\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetquietshutdown.html>\n\n*   setsession\n\nSet a TLS/SSL session to be used during TLS/SSL connect.\n\nmy $rv = Net::SSLeay::setsession($to, $ses);\n# $to - value corresponding to openssl's SSL structure\n# $ses - value corresponding to openssl's SSLSESSION structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetsession.html>\n\n*   setsessionidcontext\n\nSets the context $sidctx of length $sidctxlen within which a session can be reused for\nthe $ssl object.\n\nmy $rv = Net::SSLeay::setsessionidcontext($ssl, $sidctx, $sidctxlen);\n# $ssl - value corresponding to openssl's SSL structure\n# $sidctx - data buffer\n# $sidctxlen - length of data in $sidctx\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsessionidcontext.html>\n\n*   setsessionsecretcb\n\nSetup pre-shared secret session resumption function.\n\nNet::SSLeay::setsessionsecretcb($ssl, $func, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ncallbackfunction($secret, $ciphers, $prefcipher, $data);\n# $secret is the current master session key, usually all 0s at the beginning of a session\n# $ciphers is ref to an array of peer cipher names\n# $prefcipher is a ref to an index into the list of cipher names of\n#  the preferred cipher. Set it if you want to specify a preferred cipher\n# $data is the data passed to setsessionsecretcb\n\nThe callback function should return 1 if it likes the suggested cipher (or has selected an\nalternative by setting prefcipher), else it should return 0 (in which case OpenSSL will\nselect its own preferred cipher).\n\nWith OpenSSL 1.1 and later, callbackfunction can change the master key for the session by\naltering $secret and returning 1.\n\n*   CTXsettlsextticketgetkeycb\n\nSetup encryption for TLS session tickets (stateless session reuse).\n\nNet::SSLeay::CTXsettlsextticketgetkeycb($ctx, $func, $data);\n# $ctx  - value corresponding to openssl's SSLCTX structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetkey($data,[$keyname]) -> ($key,$currentkeyname)\n# $data is the data passed to setsessionsecretcb\n# $keyname is the name of the key OpenSSL has extracted from the session ticket\n# $key is the requested key for ticket encryption + HMAC\n# $currentkeyname is the name for the currently valid key\n\nOpenSSL will call the function without a key name if it generates a new ticket. It then\nneeds the callback to return the encryption+HMAC key and an identifier (key name) for this\nkey.\n\nWhen OpenSSL gets a session ticket from the client it extracts the key name and calls the\ncallback with this name as argument. It then expects the callback to return the\nencryption+HMAC key matching the requested key name and and also the key name which should\nbe used at the moment. If the requested key name and the returned key name differ it means\nthat this session ticket was created with an expired key and need to be renewed. In this\ncase OpenSSL will call the callback again with no key name to create a new session ticket\nbased on the old one.\n\nThe key must be at least 32 byte of random data which can be created with RANDbytes.\nInternally the first 16 byte are used as key in AES-128 encryption while the next 16 byte\nare used for the SHA-256 HMAC. The key name are binary data and must be exactly 16 byte\nlong.\n\nExample:\n\nNet::SSLeay::RANDbytes(my $oldkey,32);\nNet::SSLeay::RANDbytes(my $newkey,32);\nmy $oldkeyname = pack(\"a16\",'oldsecret');\nmy $newkeyname = pack(\"a16\",'newsecret');\n\nmy @keys = (\n[ $newkeyname, $newkey ], # current active key\n[ $oldkeyname, $oldkey ], # already expired\n);\n\nNet::SSLeay::CTXsettlsextticketgetkeycb($server2->ctx, sub {\nmy ($mykeys,$name) = @;\n\n# return (currentkey, currentkeyname) if no name given\nreturn ($mykeys->[0][1],$mykeys->[0][0]) if ! $name;\n\n# return (matchingkey, currentkeyname) if we find a key matching\n# the given name\nfor(my $i = 0; $i<@$mykeys; $i++) {\nnext if $name ne $mykeys->[$i][0];\nreturn ($mykeys->[$i][1],$mykeys->[0][0]);\n}\n\n# no matching key found\nreturn;\n},\\@keys);\n\nThis function is based on the OpenSSL function SSLCTXsettlsextticketkeycb but provides\na simpler to use interface. For more information see\n<http://www.openssl.org/docs/ssl/SSLCTXsettlsextticketkeycb.html>\n\n*   setsessionticketextcb\n\nSetup callback for TLS session tickets (stateless session reuse).\n\nNet::SSLeay::setsessionticketextcb($ssl, $func, $data);\n# $ssl  - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n# $data - [optional] data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetticket($ssl,$ticket,$data) -> $returnvalue\n# $ssl is a value corresponding to openssl's SSL structure\n# $ticket is a value of received TLS session ticket (can also be empty)\n# $data is the data passed to setsessionticketextcb\n# $returnvalue is either 0 (failure) or 1 (success)\n\nThis function is based on the OpenSSL function SSLsetsessionticketextcb.\n\n*   setsessionticketext\n\nSet TLS session ticket (stateless session reuse).\n\nNet::SSLeay::setsessionticketext($ssl, $ticket);\n# $ssl    - value corresponding to openssl's SSL structure\n# $ticket - is a value of TLS session ticket which client will send (can also be empty string)\n#\n# returns: no return value\n\nThe callback function will be called like:\n\ngetticket($ssl,$ticket,$data) -> $returnvalue\n# $ssl is a value corresponding to openssl's SSL structure\n# $ticket is a value of received TLS session ticket (can also be empty)\n# $data is the data passed to setsessionticketextcb\n# $returnvalue is either 0 (failure) or 1 (success)\n\nThis function is based on the OpenSSL function SSLsetsessionticketextcb.\n\n*   setshutdown\n\nSets the shutdown state of $ssl to $mode.\n\nNet::SSLeay::setshutdown($ssl, $mode);\n# $ssl - value corresponding to openssl's SSL structure\n# $mode - (integer) shutdown mode:\n#         0 - No shutdown\n#         1 - SSLSENTSHUTDOWN\n#         2 - SSLRECEIVEDSHUTDOWN\n#         3 - SSLRECEIVEDSHUTDOWN+SSLSENTSHUTDOWN\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLsetshutdown.html>\n\n*   setsslmethod\n\nSets a new TLS/SSL method for a particular $ssl object.\n\nmy $rv = Net::SSLeay::setsslmethod($ssl, $method);\n# $ssl - value corresponding to openssl's SSL structure\n# $method - value corresponding to openssl's SSLMETHOD structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetsslversion.html>\n\n*   settmpdh\n\nSets DH parameters to be used to be $dh.\n\nmy $rv = Net::SSLeay::settmpdh($ssl, $dh);\n# $ssl - value corresponding to openssl's SSL structure\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   settmpdhcallback\n\nSets the callback function for $ssl to be used when a DH parameters are required to $dhcb.\n\n??? (does this function really work?)\n\nNet::SSLeay::settmpdhcallback($ssl, $dh);\n# $ssl - value corresponding to openssl's SSL structure\n# $dhcb - pointer to function ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmpdhcallback.html>\n\n*   settmprsa\n\nSets the temporary/ephemeral RSA key to be used in $ssl to be $rsa.\n\nmy $rv = Net::SSLeay::settmprsa($ssl, $rsa);\n# $ssl - value corresponding to openssl's SSL structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, 0 on failure\n\nExample:\n\n$rsakey = Net::SSLeay::RSAgeneratekey();\nNet::SSLeay::settmprsa($ssl, $rsakey);\nNet::SSLeay::RSAfree($rsakey);\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\n*   settmprsacallback\n\nSets the callback function for $ssl to be used when a temporary/ephemeral RSA key is\nrequired to $tmprsacallback.\n\n??? (does this function really work?)\n\nNet::SSLeay::settmprsacallback($ssl, $tmprsacallback);\n# $ssl - value corresponding to openssl's SSL structure\n# $tmprsacallback - (function pointer) ???\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsettmprsacallback.html>\n\n*   settrust\n\nmy $rv = Net::SSLeay::settrust($ssl, $trust);\n# $ssl - value corresponding to openssl's SSL structure\n# $trust - (integer) trust identifier\n#\n# returns: the original value\n\nFor more details about $trust values see \"CTXsettrust\".\n\n*   shutdown\n\nShuts down an active TLS/SSL connection. It sends the 'close notify' shutdown alert to the\npeer.\n\nmy $rv = Net::SSLeay::shutdown($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 1 - shutdown was successfully completed\n#          0 - shutdown is not yet finished,\n#         -1 - shutdown was not successful\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLshutdown.html>\n\n*   statestring\n\nReturns a 6 letter string indicating the current state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::statestring($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: 6-letter string\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLstatestring.html>\n\n*   statestringlong\n\nReturns a string indicating the current state of the SSL object $ssl.\n\nmy $rv = Net::SSLeay::statestringlong($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: state strings\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLstatestring.html>\n\n*   setdefaultpasswdcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0f. Not needed with LibreSSL.\n\nSets the default password callback called when loading/storing a PEM certificate with\nencryption for $ssl.\n\nNet::SSLeay::setdefaultpasswdcb($ssl, $func);\n# $ssl - value corresponding to openssl's SSL structure\n# $func - perl reference to callback function\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   setdefaultpasswdcbuserdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.1.0f. Not needed with LibreSSL.\n\nSets a pointer to userdata which will be provided to the password callback of $ssl on\ninvocation.\n\nNet::SSLeay::setdefaultpasswdcbuserdata($ssl, $userdata);\n# $ssl - value corresponding to openssl's SSL structure\n# $userdata - data that will be passed to callback function when invoked\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXsetdefaultpasswdcb.html>\n\n*   usePrivateKey\n\nAdds $pkey as private key to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKey($ssl, $pkey);\n# $ssl - value corresponding to openssl's SSL structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usePrivateKeyASN1\n\nAdds the private key of type $pk stored in $data to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKeyASN1($pk, $ssl, $d, $len);\n# $pk - (integer) key type, NID of corresponding algorithm\n# $ssl - value corresponding to openssl's SSL structure\n# $data - key data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usePrivateKeyfile\n\nAdds the first private key found in $file to $ssl.\n\nmy $rv = Net::SSLeay::usePrivateKeyfile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKey\n\nAdds $rsa as RSA private key to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKey($ssl, $rsa);\n# $ssl - value corresponding to openssl's SSL structure\n# $rsa - value corresponding to openssl's RSA structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKeyASN1\n\nAdds RSA private key stored in $data to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKeyASN1($ssl, $data, $len);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - key data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   useRSAPrivateKeyfile\n\nAdds the first RSA private key found in $file to $ssl.\n\nmy $rv = Net::SSLeay::useRSAPrivateKeyfile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificate\n\nLoads the certificate $x into $ssl.\n\nmy $rv = Net::SSLeay::usecertificate($ssl, $x);\n# $ssl - value corresponding to openssl's SSL structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificateASN1\n\nLoads the ASN1 encoded certificate from $data to $ssl.\n\nmy $rv = Net::SSLeay::usecertificateASN1($ssl, $data, $len);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - certificate data (binary)\n# $len - length of $data\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificatechainfile\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL 1.1.0\n\nLoads a certificate chain from $file into $ssl. The certificates must be in PEM format and\nmust be sorted starting with the subject's certificate (actual client or server\ncertificate), followed by intermediate CA certificates if applicable, and ending at the\nhighest level (root) CA.\n\nmy $rv = Net::SSLeay::usecertificatechainfile($ssl, $file);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   usecertificatefile\n\nLoads the first certificate stored in $file into $ssl.\n\nmy $rv = Net::SSLeay::usecertificatefile($ssl, $file, $type);\n# $ssl - value corresponding to openssl's SSL structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, otherwise check out the error stack to find out the reason\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCTXusecertificate.html>\n\n*   getversion\n\nReturns SSL/TLS protocol name\n\nmy $rv = Net::SSLeay::getversion($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) protocol name, see OpenSSL manual for the full list\n#          TLSv1\n#          TLSv1.3\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLgetversion.html>\n\n*   version\n\nReturns SSL/TLS protocol version\n\nmy $rv = Net::SSLeay::version($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) protocol version, see OpenSSL manual for the full list\n#          0x0301 - TLS1VERSION  (TLSv1)\n#          0xFEFF - DTLS1VERSION (DTLSv1)\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLversion.html>\n\n*   clientversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nReturns TLS protocol version used by the client when initiating the connection\n\nmy $rv = Net::SSLeay::clientversion($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) protocol version, see OpenSSL manual for the full list\n#          0x0301 - TLS1VERSION  (TLSv1)\n#          0xFEFF - DTLS1VERSION (DTLSv1)\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLclientversion.html>\n\n*   isdtls\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.0,\nnot in LibreSSL\n\nmy $rv = Net::SSLeay::isdtls($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) zero or one\n#          0 - connection is not using DTLS\n#          1 - connection is using DTLS\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLisdtls.html>\n\n*   want\n\nReturns state information for the SSL object $ssl.\n\nmy $rv = Net::SSLeay::want($ssl);\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: state\n#          1 - SSLNOTHING\n#          2 - SSLWRITING\n#          3 - SSLREADING\n#          4 - SSLX509LOOKUP\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLwant.html>\n\n*   write\n\nWrites data from the buffer $data into the specified $ssl connection.\n\nmy $rv = Net::SSLeay::write($ssl, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - data to be written\n#\n# returns: >0 - (success) number of bytes actually written to the TLS/SSL connection\n#           0 - write not successful, probably the underlying connection was closed\n#          <0 - error\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLwrite.html>\n\n*   writeex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nWrites data from the buffer $data into the specified $ssl connection.\n\nmy ($len, $rv) = Net::SSLeay::writeex($ssl, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $data - data to be written\n#\n# returns a list: two-item list consisting of number of bytes written,\n#                 and return code from SSLwriteex()\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/SSLwriteex.html>\n\n*   writepartial\n\nNOTE: Does not exactly correspond to any low level API function\n\nWrites a fragment of data in $data from the buffer $data into the specified $ssl connection.\nThis is a non-blocking function like Net::SSLeay::write().\n\nmy $rv = Net::SSLeay::writepartial($ssl, $from, $count, $data);\n# $ssl - value corresponding to openssl's SSL structure\n# $from - (integer) offset from the beginning of $data\n# $count - (integer) length of data to be written\n# $data - data buffer\n#\n# returns: >0 - (success) number of bytes actually written to the TLS/SSL connection\n#           0 - write not successful, probably the underlying connection was closed\n#          <0 - error\n\n*   settlsexthostname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.8f\n\nSets TLS servername extension on SLL object $ssl to value $name.\n\nmy $rv = settlsexthostname($ssl, $name);\n# $ssl - value corresponding to openssl's SSL structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: RAND* related functions\nCheck openssl doc related to RAND stuff <http://www.openssl.org/docs/crypto/rand.html>\n\n*   RANDadd\n\nMixes the $num bytes at $buf into the PRNG state.\n\nNet::SSLeay::RANDadd($buf, $num, $entropy);\n# $buf - buffer with data to be mixed into the PRNG state\n# $num - number of bytes in $buf\n# $entropy - estimate of how much randomness is contained in $buf (in bytes)\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDseed\n\nEquivalent to \"RANDadd\" when $num == $entropy.\n\nNet::SSLeay::RANDseed($buf);   # Perlishly figures out buf size\n# $buf - buffer with data to be mixed into the PRNG state\n# $num - number of bytes in $buf\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDstatus\n\nGives PRNG status (seeded enough or not).\n\nmy $rv = Net::SSLeay::RANDstatus();\n#returns: 1 if the PRNG has been seeded with enough data, 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDadd.html>\n\n*   RANDbytes\n\nPuts $num cryptographically strong pseudo-random bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDbytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/RANDbytes.html>\n\n*   RANDprivbytes\n\nCOMPATIBILITY: not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1,\nnot in LibreSSL\n\nPuts $num cryptographically strong pseudo-random bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDprivbytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 on success, -1 if not supported by the current RAND method, or 0 on other failure\n\nRANDprivbytes has the same semantics as RANDbytes, but see see the documentation for more\ninformation.\n\nCheck openssl doc <http://www.openssl.org/docs/manmaster/man3/RANDprivbytes.html>\n\n*   RANDpseudobytes\n\nPuts $num pseudo-random (not necessarily unpredictable) bytes into $buf.\n\nmy $rv = Net::SSLeay::RANDpseudobytes($buf, $num);\n# $buf - buffer where the random data will be stored\n# $num - the size (in bytes) of requested random data\n#\n# returns: 1 if the bytes generated are cryptographically strong, 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDbytes.html>\n\n*   RANDcleanup\n\nErase the PRNG state.\n\nNet::SSLeay::RANDcleanup();\n# no args, no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDcleanup.html>\n\n*   RANDegdbytes\n\nQueries the entropy gathering daemon EGD on socket $path for $bytes bytes.\n\nmy $rv = Net::SSLeay::RANDegdbytes($path, $bytes);\n# $path - path to a socket of entropy gathering daemon EGD\n# $bytes - number of bytes we want from EGD\n#\n# returns: the number of bytes read from the daemon on success, and -1 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDegd.html>\n\n*   RANDfilename\n\nGenerates a default path for the random seed file.\n\nmy $file = Net::SSLeay::RANDfilename($num);\n# $num - maximum size of returned file name\n#\n# returns: string with file name on success, '' (empty string) or undef on failure\n\nLibreSSL and OpenSSL 1.1.0a and later return undef when, for example, $num is not large\nenough to hold the filename.\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDloadfile\n\nCOMPATIBILITY: Is no longer functional on LibreSSL\n\nReads $maxbytes of bytes from $filename and adds them to the PRNG.\n\nmy $rv = Net::SSLeay::RANDloadfile($filename, $maxbytes);\n# $filename - the name of file\n# $maxbytes - bytes to read from $filename; -1 => the complete file is read\n#\n# returns: the number of bytes read\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDwritefile\n\nWrites 1024 random bytes to $filename which can be used to initialize the PRNG by calling\n\"RANDloadfile\" in a later session.\n\nmy $rv = Net::SSLeay::RANDwritefile($filename);\n# $filename - the name of file\n#\n# returns: the number of bytes written, and -1 if the bytes written were generated without appropriate seed\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RANDloadfile.html>\n\n*   RANDpoll\n\nCollects some entropy from operating system and adds it to the PRNG.\n\nmy $rv = Net::SSLeay::RANDpoll();\n# returns: 1 on success, 0 on failure (unable to gather reasonable entropy)\n\nLow level API: OBJ* related functions\n*   OBJcmp\n\nCompares ASN1OBJECT $a to ASN1OBJECT $b.\n\nmy $rv = Net::SSLeay::OBJcmp($a, $b);\n# $a - value corresponding to openssl's ASN1OBJECT structure\n# $b - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: if the two are identical 0 is returned\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJdup\n\nReturns a copy/duplicate of $o.\n\nmy $rv = Net::SSLeay::OBJdup($o);\n# $o - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJnid2ln\n\nReturns long name for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2ln($n);\n# $n - (integer) NID\n#\n# returns: (string) long name e.g. 'commonName'\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJln2nid\n\nReturns NID corresponding to given long name $n.\n\nmy $rv = Net::SSLeay::OBJln2nid($s);\n# $s - (string) long name e.g. 'commonName'\n#\n# returns: (integer) NID\n\n*   OBJnid2sn\n\nReturns short name for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2sn($n);\n# $n - (integer) NID\n#\n# returns: (string) short name e.g. 'CN'\n\nExample:\n\nprint Net::SSLeay::OBJnid2sn(&Net::SSLeay::NIDcommonName);\n\n*   OBJsn2nid\n\nReturns NID corresponding to given short name $s.\n\nmy $rv = Net::SSLeay::OBJsn2nid($s);\n# $s - (string) short name e.g. 'CN'\n#\n# returns: (integer) NID\n\nExample:\n\nprint \"NIDcommonName constant=\", &Net::SSLeay::NIDcommonName;\nprint \"OBJsn2nid('CN')=\", Net::SSLeay::OBJsn2nid('CN');\n\n*   OBJnid2obj\n\nReturns ASN1OBJECT for given NID $n.\n\nmy $rv = Net::SSLeay::OBJnid2obj($n);\n# $n - (integer) NID\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJobj2nid\n\nReturns NID corresponding to given ASN1OBJECT $o.\n\nmy $rv = Net::SSLeay::OBJobj2nid($o);\n# $o - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: (integer) NID\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJtxt2obj\n\nConverts the text string s into an ASN1OBJECT structure. If $noname is 0 then long names\n(e.g. 'commonName') and short names (e.g. 'CN') will be interpreted as well as numerical\nforms (e.g. '2.5.4.3'). If $noname is 1 only the numerical form is acceptable.\n\nmy $rv = Net::SSLeay::OBJtxt2obj($s, $noname);\n# $s - text string to be converted\n# $noname - (integer) 0 or 1\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJobj2txt\n\nConverts the ASN1OBJECT a into a textual representation.\n\nNet::SSLeay::OBJobj2txt($a, $noname);\n# $a - value corresponding to openssl's ASN1OBJECT structure\n# $noname - (integer) 0 or 1\n#\n# returns: textual representation e.g. 'commonName' ($noname=0), '2.5.4.3' ($noname=1)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\n*   OBJtxt2nid\n\nReturns NID corresponding to text string $s which can be a long name, a short name or the\nnumerical representation of an object.\n\nmy $rv = Net::SSLeay::OBJtxt2nid($s);\n# $s - (string) e.g. 'commonName' or 'CN' or '2.5.4.3'\n#\n# returns: (integer) NID\n\nExample:\n\nmy $nid = Net::SSLeay::OBJtxt2nid('2.5.4.3');\nNet::SSLeay::OBJnid2sn($n);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/OBJnid2obj.html>\n\nLow level API: ASN1INTEGER* related functions\n*   ASN1INTEGERnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new ASN1INTEGER structure.\n\nmy $rv = Net::SSLeay::ASN1INTEGERnew();\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\n*   ASN1INTEGERfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated ASN1INTEGER structure.\n\nNet::SSLeay::ASN1INTEGERfree($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: no return value\n\n*   ASN1INTEGERget\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns integer value of given ASN1INTEGER object.\n\nBEWARE: If the value stored in ASN1INTEGER is greater than max. integer that can be stored\nin 'long' type (usually 32bit but may vary according to platform) then this function will\nreturn -1. For getting large ASN1INTEGER values consider using \"PASN1INTEGERgetdec\" or\n\"PASN1INTEGERgethex\".\n\nmy $rv = Net::SSLeay::ASN1INTEGERget($a);\n# $a - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: integer value of ASN1INTEGER object in $a\n\n*   ASN1INTEGERset\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val\n\nBEWARE: $val has max. limit (= max. integer that can be stored in 'long' type). For setting\nlarge ASN1INTEGER values consider using \"PASN1INTEGERsetdec\" or\n\"PASN1INTEGERsethex\".\n\nmy $rv = Net::SSLeay::ASN1INTEGERset($i, $val);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $val - integer value\n#\n# returns: 1 on success, 0 on failure\n\n*   PASN1INTEGERgetdec\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string with decimal representation of integer value of given ASN1INTEGER object.\n\nNet::SSLeay::PASN1INTEGERgetdec($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: string with decimal representation\n\n*   PASN1INTEGERgethex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string with hexadecimal representation of integer value of given ASN1INTEGER\nobject.\n\nNet::SSLeay::PASN1INTEGERgethex($i);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: string with hexadecimal representation\n\n*   PASN1INTEGERsetdec\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val (decimal string, suitable for large\nintegers)\n\nNet::SSLeay::PASN1INTEGERsetdec($i, $str);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $str - string with decimal representation\n#\n# returns: 1 on success, 0 on failure\n\n*   PASN1INTEGERsethex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets value of given ASN1INTEGER object to value $val (hexadecimal string, suitable for\nlarge integers)\n\nNet::SSLeay::PASN1INTEGERsethex($i, $str);\n# $i - value corresponding to openssl's ASN1INTEGER structure\n# $str - string with hexadecimal representation\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: ASN1STRING* related functions\n*   PASN1STRINGget\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string value of given ASN1STRING object.\n\nNet::SSLeay::PASN1STRINGget($s, $utf8decode);\n# $s - value corresponding to openssl's ASN1STRING structure\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: string\n\n$string = Net::SSLeay::PASN1STRINGget($s);\n#is the same as:\n$string = Net::SSLeay::PASN1STRINGget($s, 0);\n\nLow level API: ASN1TIME* related functions\n*   ASN1TIMEnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $time = ASN1TIMEnew();\n# returns: value corresponding to openssl's ASN1TIME structure\n\n*   ASN1TIMEfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nASN1TIMEfree($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n\n*   ASN1TIMEset\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nASN1TIMEset($time, $t);\n# $time - value corresponding to openssl's ASN1TIME structure\n# $t - time value in seconds since 1.1.1970\n\nBEWARE: It is platform dependent how this function will handle dates after 2038. Although\nperl's integer is large enough the internal implementation of this function is dependent on\nthe size of timet structure (32bit timet has problem with 2038).\n\nIf you want to safely set date and time after 2038 use function \"PASN1TIMEsetisotime\".\n\n*   PASN1TIMEgetisotime\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e\n\nNOTE: Does not exactly correspond to any low level API function\n\nGives ISO-8601 string representation of ASN1TIME structure.\n\nmy $datetimestring = PASN1TIMEgetisotime($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n#\n# returns: datetime string like '2033-05-16T20:39:37Z' or '' on failure\n\nThe output format is compatible with module DateTime::Format::RFC3339\n\n*   PASN1TIMEsetisotime\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7e\n\nNOTE: Does not exactly correspond to any low level API function\n\nSets time and date value of ANS1time structure.\n\nmy $rv = PASN1TIMEsetisotime($time, $string);\n# $time - value corresponding to openssl's ASN1TIME structure\n# $string - ISO-8601 timedate string like '2033-05-16T20:39:37Z'\n#\n# returns: 1 on success, 0 on failure\n\nThe $string parameter has to be in full form like \"2012-03-22T23:55:33\" or\n\"2012-03-22T23:55:33Z\" or \"2012-03-22T23:55:33CET\". Short forms like \"2012-03-22T23:55\" or\n\"2012-03-22\" are not supported.\n\n*   PASN1TIMEput2string\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before, has bugs with openssl-0.9.8i\n\nNOTE: Does not exactly correspond to any low level API function\n\nGives string representation of ASN1TIME structure.\n\nmy $str = PASN1TIMEput2string($time);\n# $time - value corresponding to openssl's ASN1TIME structure\n#\n# returns: datetime string like 'May 16 20:39:37 2033 GMT'\n\n*   PASN1UTCTIMEput2string\n\nNOTE: deprecated function, only for backward compatibility, just an alias for\n\"PASN1TIMEput2string\"\n\nLow level API: X509* related functions\n*   X509new\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAllocates and initializes a X509 structure.\n\nmy $rv = Net::SSLeay::X509new();\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509new.html>\n\n*   X509free\n\nFrees up the X509 structure.\n\nNet::SSLeay::X509free($a);\n# $a - value corresponding to openssl's X509 structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509new.html>\n\n*   X509checkhost\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\nX509CHECKFLAGNEVERCHECKSUBJECT requires OpenSSL 1.1.0.\n\nChecks if the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches\nthe specified host name.\n\nmy $rv = Net::SSLeay::X509checkhost($cert, $name, $flags, $peername);\n# $cert - value corresponding to openssl's X509 structure\n# $name - host name to check\n# $flags (optional, default: 0) - can be the bitwise OR of:\n#   &Net::SSLeay::X509CHECKFLAGALWAYSCHECKSUBJECT\n#   &Net::SSLeay::X509CHECKFLAGNOWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGNOPARTIALWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGMULTILABELWILDCARDS\n#   &Net::SSLeay::X509CHECKFLAGSINGLELABELSUBDOMAINS\n#   &Net::SSLeay::X509CHECKFLAGNEVERCHECKSUBJECT\n# $peername (optional) - If not omitted and $host matches $cert,\n#                        a copy of the matching SAN or CN from\n#                        the peer certificate is stored in $peername.\n#\n# returns:\n#   1 for a successful match\n#   0 for a failed match\n#  -1 for an internal error\n#  -2 if the input is malformed\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkhost.html>.\n\n*   X509checkemail\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified email address.\n\nmy $rv = Net::SSLeay::X509checkemail($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - email address to check\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkemail.html>.\n\n*   X509checkip\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified IPv4 or IPv6 address.\n\nmy $rv = Net::SSLeay::X509checkip($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - IP address to check in binary format, in network byte order\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkip.html>.\n\n*   X509checkipasc\n\nCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.\n\nChecks if the certificate matches the specified IPv4 or IPv6 address.\n\nmy $rv = Net::SSLeay::X509checkipasc($cert, $address, $flags);\n# $cert - value corresponding to openssl's X509 structure\n# $address - IP address to check in text representation\n# $flags (optional, default: 0) - see X509checkhost()\n#\n# returns: see X509checkhost()\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509checkipasc.html>.\n\n*   X509certificatetype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns bitmask with type of certificate $x.\n\nmy $rv = Net::SSLeay::X509certificatetype($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: (integer) bitmask with certificate type\n\n#to decode bitmask returned by this function use these constants:\n&Net::SSLeay::EVPPKSDSA\n&Net::SSLeay::EVPPKSEC\n&Net::SSLeay::EVPPKSRSA\n&Net::SSLeay::EVPPKTENC\n&Net::SSLeay::EVPPKTEXCH\n&Net::SSLeay::EVPPKTEXP\n&Net::SSLeay::EVPPKTSIGN\n&Net::SSLeay::EVPPKDH\n&Net::SSLeay::EVPPKDSA\n&Net::SSLeay::EVPPKEC\n&Net::SSLeay::EVPPKRSA\n\n*   X509digest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509 $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509digest($data, $type);\n# $data - value corresponding to openssl's X509 structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509issuerandserialhash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of issuer name and serial number of X509 certificate $x. The result is\nnot a full hash (e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long'\n(32 bits). The resulting value might differ across different openssl versions for the same\nX509 certificate.\n\nmy $rv = Net::SSLeay::X509issuerandserialhash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509issuernamehash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of issuer name of X509 certificate $x. The result is not a full hash\n(e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The\nresulting value might differ across different openssl versions for the same X509\ncertificate.\n\nmy $rv = Net::SSLeay::X509issuernamehash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509subjectnamehash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSort of a checksum of subject name of X509 certificate $x. The result is not a full hash\n(e.g. sha-1), it is kind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The\nresulting value might differ across different openssl versions for the same X509\ncertificate.\n\nmy $rv = Net::SSLeay::X509subjectnamehash($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: number representing checksum\n\n*   X509pubkeydigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nComputes digest/fingerprint of public key from X509 certificate $data using $type hash\nfunction.\n\nmy $digestvalue = Net::SSLeay::X509pubkeydigest($data, $type);\n# $data - value corresponding to openssl's X509 structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509setissuername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets issuer of X509 certificate $x to $name.\n\nmy $rv = Net::SSLeay::X509setissuername($x, $name);\n# $x - value corresponding to openssl's X509 structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets public key of X509 certificate $x to $pkey.\n\nmy $rv = Net::SSLeay::X509setpubkey($x, $pkey);\n# $x - value corresponding to openssl's X509 structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setserialNumber\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets serial number of X509 certificate $x to $serial.\n\nmy $rv = Net::SSLeay::X509setserialNumber($x, $serial);\n# $x - value corresponding to openssl's X509 structure\n# $serial - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: 1 on success, 0 on failure\n\n#to create $serial value use one of these:\n$serial = Net::SSLeay::PASN1INTEGERsethex('45ad6f');\n$serial = Net::SSLeay::PASN1INTEGERsetdec('7896541238529631478');\n$serial = Net::SSLeay::ASN1INTEGERset(45896);\n\n*   X509setsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets subject of X509 certificate $x to $name.\n\nmy $rv = Net::SSLeay::X509setsubjectname($x, $name);\n# $x - value corresponding to openssl's X509 structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509setversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSet 'version' value for X509 certificate $ to $version.\n\nmy $rv = Net::SSLeay::X509setversion($x, $version);\n# $x - value corresponding to openssl's X509 structure\n# $version - (integer) version number\n#\n# returns: 1 on success, 0 on failure\n\n*   X509sign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509 certificate $x with private key $pkey (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509sign($x, $pkey, $md);\n# $x - value corresponding to openssl's X509 structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509verify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509 object $a using public key $r (pubkey of issuing CA).\n\nmy $rv = Net::SSLeay::X509verify($x, $r);\n# $x - value corresponding to openssl's X509 structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   X509getextcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of extensions in X509 object $x.\n\nmy $rv = Net::SSLeay::X509getextcount($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: count of extensions\n\n*   X509getpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns public key corresponding to given X509 object $x.\n\nmy $rv = Net::SSLeay::X509getpubkey($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\nNOTE: This method returns only the public key's key bits, without the algorithm or\nparameters. Use \"X509getX509PUBKEY()\" to return the full public key (SPKI) instead.\n\n*   X509getX509PUBKEY\n\nCOMPATIBILITY: not available in Net-SSLeay-1.72 and before\n\nReturns the full public key (SPKI) of given X509 certificate $x.\n\nNet::SSLeay::X509getX509PUBKEY($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: public key data in DER format (binary)\n\n*   X509getserialNumber\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns serial number of X509 certificate $x.\n\nmy $rv = Net::SSLeay::X509getserialNumber($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\nSee \"PASN1INTEGERgetdec\", \"PASN1INTEGERgethex\" or \"ASN1INTEGERget\" to decode\nASN1INTEGER object.\n\n*   X509get0serialNumber\n\nCOMPATIBILITY: available in Net-SSLeay-1.86 onwards\n\nX509get0serialNumber() is the same as X509getserialNumber() except it accepts a const\nparameter and returns a const result.\n\n*   X509getversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value of given X509 certificate $x.\n\nmy $rv = Net::SSLeay::X509getversion($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: (integer) version\n\n*   X509getext\n\nReturns X509EXTENSION from $x509 based on given position/index.\n\nmy $rv = Net::SSLeay::X509getext($x509, $index);\n# $x509 - value corresponding to openssl's X509 structure\n# $index - (integer) position/index of extension within $x509\n#\n# returns: value corresponding to openssl's X509EXTENSION structure (0 on failure)\n\n*   X509getextbyNID\n\nReturns X509EXTENSION from $x509 based on given NID.\n\nmy $rv = Net::SSLeay::X509getextbyNID($x509, $nid, $loc);\n# $x509 - value corresponding to openssl's X509 structure\n# $nid - (integer) NID value\n# $loc - (integer) position to start lookup at\n#\n# returns: position/index of extension, negative value on error\n#          call Net::SSLeay::X509getext($x509, $rv) to get the actual extension\n\n*   X509getfingerprint\n\nReturns fingerprint of certificate $cert.\n\nNOTE: Does not exactly correspond to any low level API function. The implementation is based\non openssl's \"X509digest()\".\n\nNet::SSLeay::X509getfingerprint($x509, $type);\n# $x509 - value corresponding to openssl's X509 structure\n# $type - (string) digest type, currently supported values:\n#         \"md5\"\n#         \"sha1\"\n#         \"sha256\"\n#         \"ripemd160\"\n#\n# returns: certificate digest - hexadecimal string (NOT binary data!)\n\n*   X509getissuername\n\nReturn an X509NAME object representing the issuer of the certificate $cert.\n\nmy $rv = Net::SSLeay::X509getissuername($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509getnotAfter\n\nReturn an object giving the time after which the certificate $cert is not valid.\n\nmy $rv = Net::SSLeay::X509getnotAfter($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nTo get human readable/printable form the return value you can use:\n\nmy $time = Net::SSLeay::X509getnotAfter($cert);\nprint \"notAfter=\", Net::SSLeay::PASN1TIMEgetisotime($time), \"\\n\";\n\n*   X509getnotBefore\n\nReturn an object giving the time before which the certificate $cert is not valid\n\nmy $rv = Net::SSLeay::X509getnotBefore($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nTo get human readable/printable form the return value you can use:\n\nmy $time = Net::SSLeay::X509getnotBefore($cert);\nprint \"notBefore=\", Net::SSLeay::PASN1TIMEgetisotime($time), \"\\n\";\n\n*   X509getsubjectAltNames\n\nNOTE: Does not exactly correspond to any low level API function.\n\nReturns the list of alternative subject names from X509 certificate $cert.\n\nmy @rv = Net::SSLeay::X509getsubjectAltNames($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list containing pairs - nametype (integer), namevalue (string)\n#          where nametype can be:\n#          0 - GENOTHERNAME\n#          1 - GENEMAIL\n#          2 - GENDNS\n#          3 - GENX400\n#          4 - GENDIRNAME\n#          5 - GENEDIPARTY\n#          6 - GENURI\n#          7 - GENIPADD\n#          8 - GENRID\n\nNote: type 7 - GENIPADD contains the IP address as a packed binary address. GENRID is\navailable in Net-SSLeay-1.90 and later. Maximum length for returned RID string is currently\n2500. Invalid and overly long RID values are skipped and not returned. GENX400 and\nGENEDIPARTY are not supported and will not be returned even when present in the\ncertificate.\n\n*   X509getsubjectname\n\nReturns the subject of the certificate $cert.\n\nmy $rv = Net::SSLeay::X509getsubjectname($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509gmtimeadj\n\nAdjust th ASN1TIME object to the timestamp (in GMT).\n\nmy $rv = Net::SSLeay::X509gmtimeadj($s, $adj);\n# $s - value corresponding to openssl's ASN1TIME structure\n# $adj - timestamp (seconds since 1.1.1970)\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\nBEWARE: this function may fail for dates after 2038 as it is dependent on timet size on\nyour system (32bit timet does not work after 2038). Consider using\n\"PASN1TIMEsetisotime\" instead).\n\n*   X509loadcertcrlfile\n\nTakes PEM file and loads all X509 certificates and X509 CRLs from that file into X509LOOKUP\nstructure.\n\nmy $rv = Net::SSLeay::X509loadcertcrlfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#                          if not FILETYPEPEM then behaves as Net::SSLeay::X509loadcertfile()\n#\n# returns: 1 on success, 0 on failure\n\n*   X509loadcertfile\n\nLoads/adds X509 certificate from $file to X509LOOKUP structure\n\nmy $rv = Net::SSLeay::X509loadcertfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, 0 on failure\n\n*   X509loadcrlfile\n\nLoads/adds X509 CRL from $file to X509LOOKUP structure\n\nmy $rv = Net::SSLeay::X509loadcrlfile($ctx, $file, $type);\n# $ctx - value corresponding to openssl's X509LOOKUP structure\n# $file - (string) file name\n# $type - (integer) type - use constants &Net::SSLeay::FILETYPEPEM or &Net::SSLeay::FILETYPEASN1\n#\n# returns: 1 on success, 0 on failure\n\n*   X509policylevelget0node\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policylevelget0node($level, $i);\n# $level - value corresponding to openssl's X509POLICYLEVEL structure\n# $i - (integer) index/position\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policylevelnodecount\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policylevelnodecount($level);\n# $level - value corresponding to openssl's X509POLICYLEVEL structure\n#\n# returns: (integer) node count\n\n*   X509policynodeget0parent\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0parent($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policynodeget0policy\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0policy($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\n*   X509policynodeget0qualifiers\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policynodeget0qualifiers($node);\n# $node - value corresponding to openssl's X509POLICYNODE structure\n#\n# returns: value corresponding to openssl's STACKOF(POLICYQUALINFO) structure (0 on failure)\n\n*   X509policytreefree\n\n??? (more info needed)\n\nNet::SSLeay::X509policytreefree($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: no return value\n\n*   X509policytreeget0level\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0level($tree, $i);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n# $i - (integer) level index\n#\n# returns: value corresponding to openssl's X509POLICYLEVEL structure (0 on failure)\n\n*   X509policytreeget0policies\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0policies($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policytreeget0userpolicies\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreeget0userpolicies($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: value corresponding to openssl's X509POLICYNODE structure (0 on failure)\n\n*   X509policytreelevelcount\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509policytreelevelcount($tree);\n# $tree - value corresponding to openssl's X509POLICYTREE structure\n#\n# returns: (integer) count\n\n*   X509verifycerterrorstring\n\nReturns a human readable error string for verification error $n.\n\nmy $rv = Net::SSLeay::X509verifycerterrorstring($n);\n# $n - (long) numeric error code\n#\n# returns: error string\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   PX509addextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds one or more X509 extensions to X509 object $x.\n\nmy $rv = Net::SSLeay::PX509addextensions($x, $cacert, $nid, $value);\n# $x - value corresponding to openssl's X509 structure\n# $cacert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NIDauthoritykeyidentifier)\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nYou can set more extensions at once:\n\nmy $rv = Net::SSLeay::PX509addextensions($x509, $cacert,\n&Net::SSLeay::NIDkeyusage => 'digitalSignature,keyEncipherment',\n&Net::SSLeay::NIDsubjectkeyidentifier => 'hash',\n&Net::SSLeay::NIDauthoritykeyidentifier => 'keyid',\n&Net::SSLeay::NIDauthoritykeyidentifier => 'issuer',\n&Net::SSLeay::NIDbasicconstraints => 'CA:FALSE',\n&Net::SSLeay::NIDextkeyusage => 'serverAuth,clientAuth',\n&Net::SSLeay::NIDnetscapecerttype => 'server',\n&Net::SSLeay::NIDsubjectaltname => 'DNS:s1.dom.com,DNS:s2.dom.com,DNS:s3.dom.com',\n);\n\n*   PX509copyextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCopies X509 extensions from X509REQ object to X509 object - handy when you need to turn\nX509REQ into X509 certificate.\n\nNet::SSLeay::PX509copyextensions($x509req, $x509, $override);\n# $x509req - value corresponding to openssl's X509REQ structure\n# $x509 - value corresponding to openssl's X509 structure\n# $override - (integer) flag indication whether to override already existing items in $x509 (default 1)\n#\n# returns: 1 on success, 0 on failure\n\n*   PX509getcrldistributionpoints\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nGet the list of CRL distribution points from X509 certificate.\n\nmy @cdp = Net::SSLeay::PX509getcrldistributionpoints($x509);\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: list of distribution points (usually URLs)\n\n*   PX509getextkeyusage\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nGets the list of extended key usage of given X509 certificate $cert.\n\nmy @extusage = Net::SSLeay::PX509getextkeyusage($cert, $format);\n# $cert - value corresponding to openssl's X509 structure\n# $format - choose type of return values: 0=OIDs, 1=NIDs, 2=shortnames, 3=longnames\n#\n# returns: list of values\n\nExamples:\n\nmy @extkeyusageoid = Net::SSLeay::PX509getextkeyusage($x509,0);\n# returns for example: (\"1.3.6.1.5.5.7.3.1\", \"1.3.6.1.5.5.7.3.2\")\n\nmy @extkeyusagenid = Net::SSLeay::PX509getextkeyusage($x509,1);\n# returns for example: (129, 130)\n\nmy @extkeyusagesn  = Net::SSLeay::PX509getextkeyusage($x509,2);\n# returns for example: (\"serverAuth\", \"clientAuth\")\n\nmy @extkeyusageln  = Net::SSLeay::PX509getextkeyusage($x509,3);\n# returns for example: (\"TLS Web Server Authentication\",  \"TLS Web Client Authentication\")\n\n*   PX509getkeyusage\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nGets the list of key usage of given X509 certificate $cert.\n\nmy @keyusage = Net::SSLeay::PX509getkeyusage($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list of key usage values which can be none, one or more from the following list:\n#          \"digitalSignature\"\n#          \"nonRepudiation\"\n#          \"keyEncipherment\"\n#          \"dataEncipherment\"\n#          \"keyAgreement\"\n#          \"keyCertSign\"\n#          \"cRLSign\"\n#          \"encipherOnly\"\n#          \"decipherOnly\"\n\n*   PX509getnetscapecerttype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nGets the list of Netscape cert types of given X509 certificate $cert.\n\nNet::SSLeay::PX509getnetscapecerttype($cert);\n# $cert - value corresponding to openssl's X509 structure\n#\n# returns: list of Netscape type values which can be none, one or more from the following list:\n#          \"client\"\n#          \"server\"\n#          \"email\"\n#          \"objsign\"\n#          \"reserved\"\n#          \"sslCA\"\n#          \"emailCA\"\n#          \"objCA\"\n\n*   PX509getpubkeyalg\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns ASN1OBJECT corresponding to X509 certificate public key algorithm.\n\nmy $rv = Net::SSLeay::PX509getpubkeyalg($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nTo get textual representation use:\n\nmy $alg = Net::SSLeay::OBJobj2txt(Net::SSLeay::PX509getpubkeyalg($x509));\n# returns for example: \"rsaEncryption\"\n\n*   PX509getsignaturealg\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns ASN1OBJECT corresponding to X509 signarite key algorithm.\n\nmy $rv = Net::SSLeay::PX509getsignaturealg($x);\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nTo get textual representation use:\n\nmy $alg = Net::SSLeay::OBJobj2txt(Net::SSLeay::PX509getsignaturealg($x509))\n# returns for example: \"sha1WithRSAEncryption\"\n\n*   skX509newnull\n\nReturns a new, empty, STACKOF(X509) structure.\n\nmy $rv = Net::SSLeay::skX509newnull();\n#\n# returns: value corresponding to openssl's STACKOF(X509) structure\n\n*   skX509push\n\nPushes an X509 structure onto a STACKOF(X509) structure.\n\nmy $rv = Net::SSLeay::skX509push($skx509, $x509);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: total number of elements after the operation, 0 on failure\n\n*   skX509pop\n\nPops an single X509 structure from a STACKOF(X509) structure.\n\nmy $x509 = NetSSLeay::skX509pop($skx509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEpop.html>\n\n*   skX509shift\n\nShifts an single X509 structure onto a STACKOF(X509) structure.\n\nmy $x509 = NetSSLeay::skX509shift($skx509, $x509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEshift.html>\n\n*   skX509unshift\n\nUnshifts an single X509 structure from a STACKOF(X509) structure.\n\nmy $rv = NetSSLeay::skX509unshift($skx509)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: total number of elements after the operation, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEunshift.html>\n\n*   skX509insert\n\nInserts a single X509 structure into a STACKOF(X509) at the specified index.\n\nmy $rv = Net::SSLeay::skX509insert($skx509, $x509, index);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# $x509 - value corresponding to openssl's X509 structure\n# index - integer - 0 based index\n#\n# returns: total number of elements after the operation, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEinsert.html>\n\n*   skX509delete\n\nDelete a single X509 structure from a STACKOF(X509) at the specified index.\n\nmy $x509 = Net::SSLeay::skX509delete($skx509, index);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# index - integer - 0 based index\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEdelete.html>\n\n*   skX509value\n\nReturn a single X509 structure from a STACKOF(X509) at the specified index.\n\nmy $x509 = Net::SSLeay::skX509value($skx509, index)\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n# index - integer - 0 based index\n#\n# returns: a pointer to an X509 structure, undef on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEvalue.html>\n\n*   skX509num\n\nReturn the number of X509 elements in a STACKOF(X509).\n\nmy $num = Net::SSLeay::skX509num($skx509);\n# $skx509 - value corresponding to openssl's STACKOF(X509) structure\n#\n# returns: the number of elements in the stack, -1 if the passed stack is NULL\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/skTYPEnum.html>\n\nLow level API: X509REQ* related functions\n*   X509REQnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new X509REQ structure.\n\nmy $rv = Net::SSLeay::X509REQnew();\n#\n# returns: value corresponding to openssl's X509REQ structure (0 on failure)\n\n*   X509REQfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated X509REQ structure.\n\nNet::SSLeay::X509REQfree($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: no return value\n\n*   X509REQadd1attrbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds an attribute whose name is defined by a NID $nid. The field value to be added is in\n$bytes.\n\nmy $rv = Net::SSLeay::X509REQadd1attrbyNID($req, $nid, $type, $bytes);\n# $req - value corresponding to openssl's X509REQ structure\n# $nid - (integer) NID value\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n#\n# returns: 1 on success, 0 on failure\n\n# values for $type - use constants:\n&Net::SSLeay::MBSTRINGUTF8     - $bytes contains utf8 encoded data\n&Net::SSLeay::MBSTRINGASC      - $bytes contains ASCII data\n\n*   X509REQdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509REQ $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509REQdigest($data, $type);\n# $data - value corresponding to openssl's X509REQ structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509REQgetattrbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieve the next index matching $nid after $lastpos ($lastpos should initially be set to\n-1).\n\nmy $rv = Net::SSLeay::X509REQgetattrbyNID($req, $nid, $lastpos=-1);\n# $req - value corresponding to openssl's X509REQ structure\n# $nid - (integer) NID value\n# $lastpos - [optional] (integer) index where to start search (default -1)\n#\n# returns: index (-1 if there are no more entries)\n\nNote: use \"PX509REQgetattr\" to get the actual attribute value - e.g.\n\nmy $index = Net::SSLeay::X509REQgetattrbyNID($req, $nid);\nmy @attrvalues = Net::SSLeay::PX509REQgetattr($req, $index);\n\n*   X509REQgetattrbyOBJ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieve the next index matching $obj after $lastpos ($lastpos should initially be set to\n-1).\n\nmy $rv = Net::SSLeay::X509REQgetattrbyOBJ($req, $obj, $lastpos=-1);\n# $req - value corresponding to openssl's X509REQ structure\n# $obj - value corresponding to openssl's ASN1OBJECT structure\n# $lastpos - [optional] (integer) index where to start search (default -1)\n#\n# returns: index (-1 if there are no more entries)\n\nNote: use \"PX509REQgetattr\" to get the actual attribute value - e.g.\n\nmy $index = Net::SSLeay::X509REQgetattrbyNID($req, $nid);\nmy @attrvalues = Net::SSLeay::PX509REQgetattr($req, $index);\n\n*   X509REQgetattrcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of attributes in $req.\n\nmy $rv = Net::SSLeay::X509REQgetattrcount($req);\n# $req - value corresponding to openssl's X509REQ structure\n#\n# returns: (integer) items count\n\n*   X509REQgetpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns public key corresponding to given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetpubkey($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: value corresponding to openssl's EVPPKEY structure (0 on failure)\n\n*   X509REQgetsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns X509NAME object corresponding to subject name of given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetsubjectname($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509REQgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value for given X509REQ object $x.\n\nmy $rv = Net::SSLeay::X509REQgetversion($x);\n# $x - value corresponding to openssl's X509REQ structure\n#\n# returns: (integer) version e.g. 0 = \"version 1\"\n\n*   X509REQsetpubkey\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets public key of given X509REQ object $x to $pkey.\n\nmy $rv = Net::SSLeay::X509REQsetpubkey($x, $pkey);\n# $x - value corresponding to openssl's X509REQ structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsetsubjectname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets subject name of given X509REQ object $x to X509NAME object $name.\n\nmy $rv = Net::SSLeay::X509REQsetsubjectname($x, $name);\n# $x - value corresponding to openssl's X509REQ structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSets 'version' of given X509REQ object $x to $version.\n\nmy $rv = Net::SSLeay::X509REQsetversion($x, $version);\n# $x - value corresponding to openssl's X509REQ structure\n# $version - (integer) e.g. 0 = \"version 1\"\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQsign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509REQ object $x with private key $pk (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509REQsign($x, $pk, $md);\n# $x - value corresponding to openssl's X509REQ structure\n# $pk - value corresponding to openssl's EVPPKEY structure (requestor's private key)\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509REQverify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509REQ object $x using public key $r (pubkey of requesting party).\n\nmy $rv = Net::SSLeay::X509REQverify($x, $r);\n# $x - value corresponding to openssl's X509REQ structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   PX509REQaddextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nAdds one or more X509 extensions to X509REQ object $x.\n\nmy $rv = Net::SSLeay::PX509REQaddextensions($x, $nid, $value);\n# $x - value corresponding to openssl's X509REQ structure\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nYou can set more extensions at once:\n\nmy $rv = Net::SSLeay::PX509REQaddextensions($x509req,\n&Net::SSLeay::NIDkeyusage => 'digitalSignature,keyEncipherment',\n&Net::SSLeay::NIDbasicconstraints => 'CA:FALSE',\n&Net::SSLeay::NIDextkeyusage => 'serverAuth,clientAuth',\n&Net::SSLeay::NIDnetscapecerttype => 'server',\n&Net::SSLeay::NIDsubjectaltname => 'DNS:s1.com,DNS:s2.com',\n&Net::SSLeay::NIDcrldistributionpoints => 'URI:http://pki.com/crl1,URI:http://pki.com/crl2',\n);\n\n*   PX509REQgetattr\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nReturns attribute value for X509REQ's attribute at index $n.\n\nNet::SSLeay::PX509REQgetattr($req, $n);\n# $req - value corresponding to openssl's X509REQ structure\n# $n - (integer) attribute index\n#\n# returns: value corresponding to openssl's ASN1STRING structure\n\nLow level API: X509CRL* related functions\n*   X509CRLnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCreates a new X509CRL structure.\n\nmy $rv = Net::SSLeay::X509CRLnew();\n#\n# returns: value corresponding to openssl's X509CRL structure (0 on failure)\n\n*   X509CRLfree\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nFree an allocated X509CRL structure.\n\nNet::SSLeay::X509CRLfree($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: no return value\n\n*   X509CRLdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509CRL $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509CRLdigest($data, $type);\n# $data - value corresponding to openssl's X509CRL structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\nExample:\n\nmy $x509crl\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\");\nmy $digestvalue = Net::SSLeay::X509CRLdigest($x509crl, $md);\n#to get printable (hex) value of digest use:\nprint \"digest=\", unpack('H*', $digestvalue), \"\\n\";\n\n*   X509CRLgetext\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns X509EXTENSION from $x509 based on given position/index.\n\nmy $rv = Net::SSLeay::X509CRLgetext($x509, $index);\n# $x509 - value corresponding to openssl's X509CRL structure\n# $index - (integer) position/index of extension within $x509\n#\n# returns: value corresponding to openssl's X509EXTENSION structure (0 on failure)\n\n*   X509CRLgetextbyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns X509EXTENSION from $x509 based on given NID.\n\nmy $rv = Net::SSLeay::X509CRLgetextbyNID($x509, $nid, $loc);\n# $x509 - value corresponding to openssl's X509CRL structure\n# $nid - (integer) NID value\n# $loc - (integer) position to start lookup at\n#\n# returns: position/index of extension, negative value on error\n#          call Net::SSLeay::X509CRLgetext($x509, $rv) to get the actual extension\n\n*   X509CRLgetextcount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.54 and before\n\nReturns the total number of extensions in X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetextcount($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: count of extensions\n\n*   X509CRLgetissuer\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns X509NAME object corresponding to the issuer of X509CRL $x.\n\nmy $rv = Net::SSLeay::X509CRLgetissuer($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\nSee other \"X509NAME*\" functions to get more info from X509NAME structure.\n\n*   X509CRLgetlastUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'lastUpdate' date-time value of X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetlastUpdate($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\n*   X509CRLgetnextUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'nextUpdate' date-time value of X509CRL object $x.\n\nmy $rv = Net::SSLeay::X509CRLgetnextUpdate($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1TIME structure (0 on failure)\n\n*   X509CRLgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'version' value of given X509CRL structure $x.\n\nmy $rv = Net::SSLeay::X509CRLgetversion($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: (integer) version\n\n*   X509CRLsetissuername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets the issuer of X509CRL object $x to X509NAME object $name.\n\nmy $rv = Net::SSLeay::X509CRLsetissuername($x, $name);\n# $x - value corresponding to openssl's X509CRL structure\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetlastUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'lastUpdate' value of X509CRL object $x to $tm.\n\nmy $rv = Net::SSLeay::X509CRLsetlastUpdate($x, $tm);\n# $x - value corresponding to openssl's X509CRL structure\n# $tm - value corresponding to openssl's ASN1TIME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetnextUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'nextUpdate' value of X509CRL object $x to $tm.\n\nmy $rv = Net::SSLeay::X509CRLsetnextUpdate($x, $tm);\n# $x - value corresponding to openssl's X509CRL structure\n# $tm - value corresponding to openssl's ASN1TIME structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets 'version' value of given X509CRL structure $x to $version.\n\nmy $rv = Net::SSLeay::X509CRLsetversion($x, $version);\n# $x - value corresponding to openssl's X509CRL structure\n# $version - (integer) version number (1 = version 2 CRL)\n#\n# returns: 1 on success, 0 on failure\n\nNote that if you want to use any X509CRL extension you need to set \"version 2 CRL\" -\n\"Net::SSLeay::X509CRLsetversion($x, 1)\".\n\n*   X509CRLsign\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nSign X509CRL object $x with private key $pkey (using digest algorithm $md).\n\nmy $rv = Net::SSLeay::X509CRLsign($x, $pkey, $md);\n# $x - value corresponding to openssl's X509CRL structure\n# $pkey - value corresponding to openssl's EVPPKEY structure\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLsort\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSorts the data of X509CRL object so it will be written in serial number order.\n\nmy $rv = Net::SSLeay::X509CRLsort($x);\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509CRLverify\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nVerifies X509CRL object $a using public key $r (pubkey of issuing CA).\n\nmy $rv = Net::SSLeay::X509CRLverify($a, $r);\n# $a - value corresponding to openssl's X509CRL structure\n# $r - value corresponding to openssl's EVPPKEY structure\n#\n# returns: 0 - verify failure, 1 - verify OK, <0 - error\n\n*   PX509CRLaddrevokedserialhex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nAdds given serial number $serialhex to X509CRL object $crl.\n\nNet::SSLeay::PX509CRLaddrevokedserialhex($crl, $serialhex, $revtime, $reasoncode, $comptime);\n# $crl - value corresponding to openssl's X509CRL structure\n# $serialhex - string (hexadecimal) representation of serial number\n# $revtime - (revocation time) value corresponding to openssl's ASN1TIME structure\n# $reasoncode - [optional] (integer) reason code (see below) - default 0\n# $comptime - [optional] (compromise time) value corresponding to openssl's ASN1TIME structure\n#\n# returns: no return value\n\nreason codes:\n0 - unspecified\n1 - keyCompromise\n2 - CACompromise\n3 - affiliationChanged\n4 - superseded\n5 - cessationOfOperation\n6 - certificateHold\n7 - removeFromCRL\n\n*   PX509CRLgetserial\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nReturns serial number of X509CRL object.\n\nmy $rv = Net::SSLeay::PX509CRLgetserial($crl);\n# $crl - value corresponding to openssl's X509CRL structure\n#\n# returns: value corresponding to openssl's ASN1INTEGER structure (0 on failure)\n\n*   PX509CRLsetserial\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.7\n\nSets serial number of X509CRL object to $crlnumber.\n\nmy $rv = Net::SSLeay::PX509CRLsetserial($crl, $crlnumber);\n# $crl - value corresponding to openssl's X509CRL structure\n# $crlnumber - value corresponding to openssl's ASN1INTEGER structure\n#\n# returns: 1 on success, 0 on failure\n\n*   PX509CRLaddextensions\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nAdds one or more X509 extensions to X509 CRL object $x.\n\nmy $rv = Net::SSLeay::PX509CRLaddextensions($x, $cacert, $nid, $value);\n# $x - value corresponding to openssl's X509 CRL structure\n# $cacert - value corresponding to openssl's X509 structure (issuer's cert - necessary for sertting NIDauthoritykeyidentifier)\n# $nid - NID identifying extension to be set\n# $value - extension value\n#\n# returns: 1 on success, 0 on failure\n\nFor more details see \"PX509addextensions\".\n\nLow level API: X509EXTENSION* related functions\n*   X509EXTENSIONgetcritical\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns 'critical' flag of given X509EXTENSION object $ex.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetcritical($ex);\n# $ex - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: (integer) 1 - critical, 0 - noncritical\n\n*   X509EXTENSIONgetdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns value (raw data) of X509EXTENSION object $ne.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetdata($ne);\n# $ne - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: value corresponding to openssl's ASN1OCTETSTRING structure (0 on failure)\n\nNote: you can use \"PASN1STRINGget\" to convert ASN1OCTETSTRING into perl scalar\nvariable.\n\n*   X509EXTENSIONgetobject\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns OID (ASN1OBJECT) of X509EXTENSION object $ne.\n\nmy $rv = Net::SSLeay::X509EXTENSIONgetobject($ex);\n# $ex - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\n*   X509V3EXTprint\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns string representation of given X509EXTENSION object $ext.\n\nNet::SSLeay::X509V3EXTprint($ext, $flags, $utf8decode);\n# $ext - value corresponding to openssl's X509EXTENSION structure\n# $flags - [optional] (integer) Currently the flag argument is unused and should be set to 0\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: no return value\n\n*   X509V3EXTd2i\n\nParses an extension and returns its internal structure.\n\nmy $rv = Net::SSLeay::X509V3EXTd2i($ext);\n# $ext - value corresponding to openssl's X509EXTENSION structure\n#\n# returns: pointer ???\n\nLow level API: X509NAME* related functions\n*   X509NAMEENTRYgetdata\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the field value of $ne in and ASN1STRING structure.\n\nmy $rv = Net::SSLeay::X509NAMEENTRYgetdata($ne);\n# $ne - value corresponding to openssl's X509NAMEENTRY structure\n#\n# returns: value corresponding to openssl's ASN1STRING structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEENTRYgetobject.html>\n\n*   X509NAMEENTRYgetobject\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the field name of $ne in and ASN1OBJECT structure.\n\nmy $rv = Net::SSLeay::X509NAMEENTRYgetobject($ne);\n# $ne - value corresponding to openssl's X509NAMEENTRY structure\n#\n# returns: value corresponding to openssl's ASN1OBJECT structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEENTRYgetobject.html>\n\n*   X509NAMEnew\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5\n\nCreates a new X509NAME structure. Adds a field whose name is defined by a string $field.\nThe field value to be added is in $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEnew();\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   X509NAMEhash\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-0.9.5\n\nSort of a checksum of issuer name $name. The result is not a full hash (e.g. sha-1), it is\nkind-of-a-hash truncated to the size of 'unsigned long' (32 bits). The resulting value might\ndiffer across different openssl versions for the same X509 certificate.\n\nmy $rv = Net::SSLeay::X509NAMEhash($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: number representing checksum\n\n*   X509NAMEaddentrybytxt\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a string $field. The field value to be added is in\n$bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybytxt($name, $field, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $field - (string) field definition (name) - e.g. \"organizationName\"\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\n# values for $type - use constants:\n&Net::SSLeay::MBSTRINGUTF8     - $bytes contains utf8 encoded data\n&Net::SSLeay::MBSTRINGASC      - $bytes contains ASCII data\n\nUnicode note: when passing non-ascii (unicode) string in $bytes do not forget to set \"$flags\n= &Net::SSLeay::MBSTRINGUTF8\" and encode the perl $string via \"$bytes = encode('utf-8',\n$string)\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEaddentrybyNID\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a NID $nid. The field value to be added is in $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybyNID($name, $nid, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $nid - (integer) field definition - NID value\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEaddentrybyOBJ\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-0.9.5\n\nAdds a field whose name is defined by a object (OID) $obj . The field value to be added is\nin $bytes.\n\nmy $rv = Net::SSLeay::X509NAMEaddentrybyOBJ($name, $obj, $type, $bytes, $len, $loc, $set);\n# $name - value corresponding to openssl's X509NAME structure\n# $obj - field definition - value corresponding to openssl's ASN1OBJECT structure\n# $type - (integer) type of data in $bytes (see below)\n# $bytes - data to be set\n# $loc - [optional] (integer) index where the new entry is inserted: if it is -1 (default) it is appended\n# $set - [optional] (integer) determines how the new type is added. If it is 0 (default) a new RDN is created\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEaddentrybytxt.html>\n\n*   X509NAMEcmp\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nCompares two X509NAME obejcts.\n\nmy $rv = Net::SSLeay::X509NAMEcmp($a, $b);\n# $a - value corresponding to openssl's X509NAME structure\n# $b - value corresponding to openssl's X509NAME structure\n#\n# returns: 0 if $a matches $b; non zero otherwise\n\n*   X509NAMEdigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nComputes digest/fingerprint of X509NAME $data using $type hash function.\n\nmy $digestvalue = Net::SSLeay::X509NAMEdigest($data, $type);\n# $data - value corresponding to openssl's X509NAME structure\n# $type - value corresponding to openssl's EVPMD structure - e.g. got via EVPgetdigestbyname()\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   X509NAMEentrycount\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns the total number of entries in $name.\n\nmy $rv = Net::SSLeay::X509NAMEentrycount($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: (integer) entries count\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEgetentry\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nRetrieves the X509NAMEENTRY from $name corresponding to index $loc. Acceptable values for\n$loc run from 0 to \"Net::SSLeay::X509NAMEentrycount($name)- 1\". The value returned is an\ninternal pointer which must not be freed.\n\nmy $rv = Net::SSLeay::X509NAMEgetentry($name, $loc);\n# $name - value corresponding to openssl's X509NAME structure\n# $loc - (integer) index of wanted entry\n#\n# returns: value corresponding to openssl's X509NAMEENTRY structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEprintex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns a string with human readable version of $name.\n\nNet::SSLeay::X509NAMEprintex($name, $flags, $utf8decode);\n# $name - value corresponding to openssl's X509NAME structure\n# $flags - [optional] conversion flags (default XNFLAGRFC2253) - see below\n# $utf8decode - [optional] 0 or 1 whether the returned value should be utf8 decoded (default=0)\n#\n# returns: string representation of $name\n\n#available conversion flags - use constants:\n&Net::SSLeay::XNFLAGCOMPAT\n&Net::SSLeay::XNFLAGDNREV\n&Net::SSLeay::XNFLAGDUMPUNKNOWNFIELDS\n&Net::SSLeay::XNFLAGFNALIGN\n&Net::SSLeay::XNFLAGFNLN\n&Net::SSLeay::XNFLAGFNMASK\n&Net::SSLeay::XNFLAGFNNONE\n&Net::SSLeay::XNFLAGFNOID\n&Net::SSLeay::XNFLAGFNSN\n&Net::SSLeay::XNFLAGMULTILINE\n&Net::SSLeay::XNFLAGONELINE\n&Net::SSLeay::XNFLAGRFC2253\n&Net::SSLeay::XNFLAGSEPCOMMAPLUS\n&Net::SSLeay::XNFLAGSEPCPLUSSPC\n&Net::SSLeay::XNFLAGSEPMASK\n&Net::SSLeay::XNFLAGSEPMULTILINE\n&Net::SSLeay::XNFLAGSEPSPLUSSPC\n&Net::SSLeay::XNFLAGSPCEQ\n\nMost likely you will be fine with default:\n\nNet::SSLeay::X509NAMEprintex($name, &Net::SSLeay::XNFLAGRFC2253);\n\nOr you might want RFC2253-like output without utf8 chars escaping:\n\nuse Net::SSLeay qw/XNFLAGRFC2253 ASN1STRFLGSESCMSB/;\nmy $flagrfc22536utf8 = (XNFLAGRFC2253) & (~ ASN1STRFLGSESCMSB);\nmy $result = Net::SSLeay::X509NAMEprintex($name, $flagrfc22536utf8, 1);\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEprintex.html>\n\n*   X509NAMEgettextbyNID\n\nRetrieves the text from the first entry in name which matches $nid, if no such entry exists\n-1 is returned.\n\nopenssl note: this is a legacy function which has various limitations which makes it of\nminimal use in practice. It can only find the first matching entry and will copy the\ncontents of the field verbatim: this can be highly confusing if the target is a\nmulticharacter string type like a BMPString or a UTF8String.\n\nNet::SSLeay::X509NAMEgettextbyNID($name, $nid);\n# $name - value corresponding to openssl's X509NAME structure\n# $nid - NID value (integer)\n#\n# returns: text value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEgetindexbyNID.html>\n\n*   X509NAMEoneline\n\nReturn an ASCII version of $name.\n\nNet::SSLeay::X509NAMEoneline($name);\n# $name - value corresponding to openssl's X509NAME structure\n#\n# returns: (string) ASCII version of $name\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509NAMEprintex.html>\n\n*   skX509NAMEfree\n\nFree an allocated STACKOF(X509NAME) structure.\n\nNet::SSLeay::skX509NAMEfree($sk);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: no return value\n\n*   skX509NAMEnum\n\nReturn number of items in STACKOF(X509NAME)\n\nmy $rv = Net::SSLeay::skX509NAMEnum($sk);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n#\n# returns: number of items\n\n*   skX509NAMEvalue\n\nReturns X509NAME from position $index in STACKOF(X509NAME)\n\nmy $rv = Net::SSLeay::skX509NAMEvalue($sk, $i);\n# $sk - value corresponding to openssl's STACKOF(X509NAME) structure\n# $i - (integer) index/position\n#\n# returns: value corresponding to openssl's X509NAME structure (0 on failure)\n\n*   addfilecertsubjectstostack\n\nAdd a file of certs to a stack. All certs in $file that are not already in the $stackCAs\nwill be added.\n\nmy $rv = Net::SSLeay::addfilecertsubjectstostack($stackCAs, $file);\n# $stackCAs - value corresponding to openssl's STACKOF(X509NAME) structure\n# $file - (string) filename\n#\n# returns: 1 on success, 0 on failure\n\n*   adddircertsubjectstostack\n\nAdd a directory of certs to a stack. All certs in $dir that are not already in the $stackCAs\nwill be added.\n\nmy $rv = Net::SSLeay::adddircertsubjectstostack($stackCAs, $dir);\n# $stackCAs - value corresponding to openssl's STACKOF(X509NAME) structure\n# $dir - (string) the directory to append from. All files in this directory will be examined as potential certs. Any that are acceptable to SSLadddircertsubjectstostack() that are not already in the stack will be included.\n#\n# returns: 1 on success, 0 on failure\n\nLow level API: X509STORE* related functions\n*   X509STORECTXnew\n\nreturns a newly initialised X509STORECTX structure.\n\n*   X509STORECTXinit\n\nX509STORECTXinit() sets up an X509STORECTX for a subsequent verification operation. It\nmust be called before each call to X509verifycert().\n\nmy $rv = Net::SSLeay::X509STORECTXinit($x509storectx, $x509store, $x509, $chain);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure (required)\n# $x509store - value corresponding to openssl's X509STORE structure (optional)\n# $x509 - value corresponding to openssl's X509 structure (optional)\n# $chain - value corresponding to openssl's STACKOF(X509) structure (optional)\n#\n# returns: 1 on success, 0 on failure\n#\n# Note: returns nothing with Net::SSLeay 1.90 and earlier.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509STORECTXinit.html>\n\n*   X509STORECTXfree\n\nFrees an X509STORECTX structure.\n\nNet::SSLeay::X509STORECTXfree($x509storectx);\n\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n\n*   X509verifycert\n\nThe X509verifycert() function attempts to discover and validate a certificate chain based\non parameters in ctx. A complete description of the process is contained in the verify(1)\nmanual page.\n\nIf this function returns 0, use X509STORECTXgeterror to get additional error\ninformation.\n\nmy $rv = Net::SSLeay::X509verifycert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: 1 if a complete chain can be built and validated, otherwise 0\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509verifycert.html>\n\n*   X509STORECTXgetcurrentcert\n\nReturns the certificate in ctx which caused the error or 0 if no certificate is relevant.\n\nmy $rv = Net::SSLeay::X509STORECTXgetcurrentcert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's X509 structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXget0cert\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before; requires at least OpenSSL\n1.1.0pre6 or LibreSSL 2.7.0\n\nReturns an internal pointer to the certificate being verified by the ctx.\n\nmy $x509 = Net::SSLeay::X509STORECTXget0cert($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's X509 structure\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/X509STORECTXget0cert.html>\n\n*   X509STORECTXget1chain\n\nReturns a returns a complete validate chain if a previous call to X509verifycert() is\nsuccessful.\n\nmy $rv = Net::SSLeay::X509STORECTXget1chain($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: value corresponding to openssl's STACKOF(X509) structure\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/X509STORECTXget1chain.html>\n\n*   X509STORECTXgeterror\n\nReturns the error code of $ctx.\n\nmy $rv = Net::SSLeay::X509STORECTXgeterror($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: (integer) error code\n\nFor more info about erro code values check function \"getverifyresult\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXgeterrordepth\n\nReturns the depth of the error. This is a non-negative integer representing where in the\ncertificate chain the error occurred. If it is zero it occurred in the end entity\ncertificate, one if it is the certificate which signed the end entity certificate and so on.\n\nmy $rv = Net::SSLeay::X509STORECTXgeterrordepth($x509storectx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n#\n# returns: (integer) depth\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STORECTXgetexdata\n\nIs used to retrieve the information for $idx from $x509storectx.\n\nmy $rv = Net::SSLeay::X509STORECTXgetexdata($x509storectx, $idx);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $idx - (integer) index for application specific data\n#\n# returns: pointer to ???\n\n*   X509STORECTXsetexdata\n\nIs used to store application data at arg for idx into $x509storectx.\n\nmy $rv = Net::SSLeay::X509STORECTXsetexdata($x509storectx, $idx, $data);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $idx - (integer) ???\n# $data - (pointer) ???\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STORECTXsetcert\n\nSets the certificate to be verified in $x509storectx to $x.\n\nNet::SSLeay::X509STORECTXsetcert($x509storectx, $x);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXnew.html>\n\n*   X509STOREnew\n\nReturns a newly initialized X509STORE structure.\n\nmy $rv = Net::SSLeay::X509STOREnew();\n#\n# returns: value corresponding to openssl's X509STORE structure (0 on failure)\n\n*   X509STOREfree\n\nFrees an X509STORE structure\n\nNet::SSLeay::X509STOREfree($x509store);\n# $x509store - value corresponding to openssl's X509STORE structure\n\n*   X509STOREaddlookup\n\nAdds a lookup to an X509STORE for a given lookup method.\n\nmy $method = &Net::SSLeay::X509LOOKUPhashdir;\nmy $rv = Net::SSLeay::X509STOREaddlookup($x509store, $method);\n# $method - value corresponding to openssl's X509LOOKUPMETHOD structure\n# $x509store - value corresponding to openssl's X509STORE structure\n#\n# returns: value corresponding to openssl's X509LOOKUP structure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/X509STOREaddlookup.html>\n\n*   X509STORECTXseterror\n\nSets the error code of $ctx to $s. For example it might be used in a verification callback\nto set an error based on additional checks.\n\nNet::SSLeay::X509STORECTXseterror($x509storectx, $s);\n# $x509storectx - value corresponding to openssl's X509STORECTX structure\n# $s - (integer) error id\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509STORECTXgeterror.html>\n\n*   X509STOREaddcert\n\nAdds X509 certificate $x into the X509STORE $store.\n\nmy $rv = Net::SSLeay::X509STOREaddcert($store, $x);\n# $store - value corresponding to openssl's X509STORE structure\n# $x - value corresponding to openssl's X509 structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STOREaddcrl\n\nAdds X509 CRL $x into the X509STORE $store.\n\nmy $rv = Net::SSLeay::X509STOREaddcrl($store, $x);\n# $store - value corresponding to openssl's X509STORE structure\n# $x - value corresponding to openssl's X509CRL structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509STOREset1param\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509STOREset1param($store, $pm);\n# $store - value corresponding to openssl's X509STORE structure\n# $pm - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509LOOKUPhashdir\n\nReturns an X509LOOKUP structure that instructs an X509STORE to load files from a directory\ncontaining certificates with filenames in the format *hash.N* or crls with filenames in the\nformat *hash.*r*N*\n\nmy $rv = Net::SSLeay::X509LOOKUPhashdir();\n#\n# returns: value corresponding to openssl's X509LOOKUPMETHOD structure, with the hashed directory method\n\nCheck openssl doc <https://www.openssl.org/docs/man1.1.1/man3/X509loadcrlfile.html>\n\n*   X509LOOKUPadddir\n\nAdd a directory to an X509LOOKUP structure, usually obtained from X509STOREaddlookup.\n\nmy $method = &Net::SSLeay::X509LOOKUPhashdir;\nmy $lookup = Net::SSLeay::X509STOREaddlookup($x509store, $method);\nmy $type = &Net::SSLeay::X509FILETYPEPEM;\nNet::SSLeay::X509LOOKUPadddir($lookup, $dir, $type);\n# $lookup - value corresponding to openssl's X509LOOKUP structure\n# $dir - string path to a directory\n# $type - constant corresponding to the type of file in the directory - can be X509FILETYPEPEM, X509FILETYPEDEFAULT, or X509FILETYPEASN1\n\n*   X509STOREsetflags\n\nNet::SSLeay::X509STOREsetflags($ctx, $flags);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: no return value\n\n#to create $flags value use corresponding constants like\n$flags = Net::SSLeay::X509VFLAGCRLCHECK();\n\nFor more details about $flags bitmask see \"X509VERIFYPARAMsetflags\".\n\n*   X509STOREsetpurpose\n\nNet::SSLeay::X509STOREsetpurpose($ctx, $purpose);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $purpose - (integer) purpose identifier\n#\n# returns: no return value\n\nFor more details about $purpose identifier check \"CTXsetpurpose\".\n\n*   X509STOREsettrust\n\nNet::SSLeay::X509STOREsettrust($ctx, $trust);\n# $ctx - value corresponding to openssl's X509STORE structure\n# $trust - (integer) trust identifier\n#\n# returns: no return value\n\nFor more details about $trust identifier check \"CTXsettrust\".\n\nLow Level API: X509INFO related functions\n*   skX509INFOnum\n\nReturns the number of values in a STACKOF(X509INFO) structure.\n\nmy $rv = Net::SSLeay::skX509INFOnum($skx509info);\n# $skx509info - value corresponding to openssl's STACKOF(X509INFO) structure\n#\n# returns: number of values in $skX509info\n\n*   skX509INFOvalue\n\nReturns the value of a STACKOF(X509INFO) structure at a given index.\n\nmy $rv = Net::SSLeay::skX509INFOvalue($skx509info, $index);\n# $skx509info - value corresponding to openssl's STACKOF(X509INFO) structure\n# $index - index into the stack\n#\n# returns: value corresponding to openssl's X509INFO structure at the given index\n\n*   PX509INFOgetx509\n\nReturns the X509 structure stored in an X509INFO structure.\n\nmy $rv = Net::SSLeay::PX509INFOgetx509($x509info);\n# $x509info - value corresponding to openssl's X509INFO structure\n#\n# returns: value corresponding to openssl's X509 structure\n\nLow level API: X509VERIFYPARAM* related functions\n*   X509VERIFYPARAMadd0policy\n\nEnables policy checking (it is disabled by default) and adds $policy to the acceptable\npolicy set.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd0policy($param, $policy);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $policy - value corresponding to openssl's ASN1OBJECT structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMadd0table\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd0table($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMadd1host\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nAdds an additional reference identifier that can match the peer's certificate.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMadd1host($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nSee also OpenSSL docs, \"X509VERIFYPARAMset1host\" and \"X509VERIFYPARAMsethostflags\"\nfor more information, including wildcard matching.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMclearflags\n\nClears the flags $flags in param.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMclearflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $flags bitmask see \"X509VERIFYPARAMsetflags\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMfree\n\nFrees up the X509VERIFYPARAM structure.\n\nNet::SSLeay::X509VERIFYPARAMfree($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: no return value\n\n*   X509VERIFYPARAMget0peername\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nReturns the DNS hostname or subject CommonName from the peer certificate that matched one of\nthe reference identifiers.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMget0peername($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (string) name e.g. '*.example.com' or undef\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMgetdepth\n\nReturns the current verification depth.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMgetdepth($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (ineger) depth\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMgetflags\n\nReturns the current verification flags.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMgetflags($param);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: (unsigned long) flags to be set (bitmask)\n\nFor more details about returned flags bitmask see \"X509VERIFYPARAMsetflags\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetflags\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsetflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned long) flags to be set (bitmask)\n#\n# returns: 1 on success, 0 on failure\n\n#to create $flags value use corresponding constants like\n$flags = Net::SSLeay::X509VFLAGCRLCHECK();\n\nFor more details about $flags bitmask, see the OpenSSL docs below.\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMinherit\n\n??? (more info needed)\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMinherit($to, $from);\n# $to - value corresponding to openssl's X509VERIFYPARAM structure\n# $from - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMlookup\n\nFinds X509VERIFYPARAM by name.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMlookup($name);\n# $name - (string) name we want to find\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure (0 on failure)\n\n*   X509VERIFYPARAMnew\n\nCreates a new X509VERIFYPARAM structure.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMnew();\n#\n# returns: value corresponding to openssl's X509VERIFYPARAM structure (0 on failure)\n\n*   X509VERIFYPARAMset1\n\nSets the name of X509VERIFYPARAM structure $to to the same value as the name of\nX509VERIFYPARAM structure $from.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1($to, $from);\n# $to - value corresponding to openssl's X509VERIFYPARAM structure\n# $from - value corresponding to openssl's X509VERIFYPARAM structure\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMset1email\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected RFC822 email address to email.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1email($param, $email);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $email - (string) email to be set\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1host\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected DNS hostname to name clearing any previously specified host name or names.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1host($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\nSee also OpenSSL docs, \"X509VERIFYPARAMadd1host\" and \"X509VERIFYPARAMsethostflags\"\nfor more information, including wildcard matching.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1ip\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected IP address to ip.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1ip($param, $ip);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $ip - (binary) 4 octet IPv4 or 16 octet IPv6 address\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1ipasc\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta1 or LibreSSL 2.7.0\n\nSets the expected IP address to ipasc.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1asc($param, $ipasc);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $ip - (string) IPv4 or IPv6 address\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMset1name\n\nSets the name of X509VERIFYPARAM structure $param to $name.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1name($param, $name);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $name - (string) name to be set\n#\n# returns: 1 on success, 0 on failure\n\n*   X509VERIFYPARAMset1policies\n\nEnables policy checking (it is disabled by default) and sets the acceptable policy set to\npolicies. Any existing policy set is cleared. The policies parameter can be 0 to clear an\nexisting policy set.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMset1policies($param, $policies);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $policies - value corresponding to openssl's STACKOF(ASN1OBJECT) structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetdepth\n\nSets the maximum verification depth to depth. That is the maximum number of untrusted CA\ncertificates that can appear in a chain.\n\nNet::SSLeay::X509VERIFYPARAMsetdepth($param, $depth);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $depth - (integer) depth to be set\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsethostflags\n\nCOMPATIBILITY: not available in Net-SSLeay-1.82 and before; requires at least OpenSSL\n1.0.2-beta2 or LibreSSL 2.7.0\n\nNet::SSLeay::X509VERIFYPARAMsethostflags($param, $flags);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $flags - (unsigned int) flags to be set (bitmask)\n#\n# returns: no return value\n\nSee also OpenSSL docs, \"X509VERIFYPARAMadd1host\" and \"X509VERIFYPARAMset1host\" for\nmore information. The flags for controlling wildcard checks and other features are defined\nin OpenSSL docs.\n\nCheck openssl doc <https://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsetpurpose\n\nSets the verification purpose in $param to $purpose. This determines the acceptable purpose\nof the certificate chain, for example SSL client or SSL server.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsetpurpose($param, $purpose);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $purpose - (integer) purpose identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $purpose identifier check \"CTXsetpurpose\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsettime\n\nSets the verification time in $param to $t. Normally the current time is used.\n\nNet::SSLeay::X509VERIFYPARAMsettime($param, $t);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $t - (timet) time in seconds since 1.1.1970\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMsettrust\n\nSets the trust setting in $param to $trust.\n\nmy $rv = Net::SSLeay::X509VERIFYPARAMsettrust($param, $trust);\n# $param - value corresponding to openssl's X509VERIFYPARAM structure\n# $trust - (integer) trust identifier\n#\n# returns: 1 on success, 0 on failure\n\nFor more details about $trust identifier check \"CTXsettrust\".\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/X509VERIFYPARAMsetflags.html>\n\n*   X509VERIFYPARAMtablecleanup\n\n??? (more info needed)\n\nNet::SSLeay::X509VERIFYPARAMtablecleanup();\n#\n# returns: no return value\n\nLow level API: Cipher (EVPCIPHER*) related functions\n*   EVPgetcipherbyname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before\n\nReturns an EVPCIPHER structure when passed a cipher name.\n\nmy $rv = Net::SSLeay::EVPgetcipherbyname($name);\n# $name - (string) cipher name e.g. 'aes-128-cbc', 'camellia-256-ecb', 'des-ede', ...\n#\n# returns: value corresponding to openssl's EVPCIPHER structure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/EVPEncryptInit.html>\n\nLow level API: Digest (EVPMD*) related functions\n*   OpenSSLaddalldigests\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nNet::SSLeay::OpenSSLaddalldigests();\n# no args, no return value\n\nhttp://www.openssl.org/docs/crypto/OpenSSLaddallalgorithms.html\n\n*   PEVPMDlistall\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-1.0.0\n\nNOTE: Does not exactly correspond to any low level API function\n\nmy $rv = Net::SSLeay::PEVPMDlistall();\n#\n# returns: arrayref - list of available digest names\n\nThe returned digest names correspond to values expected by \"EVPgetdigestbyname\".\n\nNote that some of the digests are available by default and some only after calling\n\"OpenSSLaddalldigests\".\n\n*   EVPgetdigestbyname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPgetdigestbyname($name);\n# $name - string with digest name\n#\n# returns: value corresponding to openssl's EVPMD structure\n\nThe $name param can be:\n\nmd2\nmd4\nmd5\nmdc2\nripemd160\nsha\nsha1\nsha224\nsha256\nsha512\nwhirlpool\n\nOr better check the supported digests by calling \"PEVPMDlistall\".\n\n*   EVPMDtype\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPMDtype($md);\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: the NID (integer) of the OBJECT IDENTIFIER representing the given message digest\n\n*   EVPMDsize\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $rv = Net::SSLeay::EVPMDsize($md);\n# $md - value corresponding to openssl's EVPMD structure\n#\n# returns: the size of the message digest in bytes (e.g. 20 for SHA1)\n\n*   EVPMDCTXmd\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nNet::SSLeay::EVPMDCTXmd($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPMDCTXcreate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nAllocates, initializes and returns a digest context.\n\nmy $rv = Net::SSLeay::EVPMDCTXcreate();\n#\n# returns: value corresponding to openssl's EVPMDCTX structure\n\nThe complete idea behind EVPMDCTX looks like this example:\n\nNet::SSLeay::OpenSSLaddalldigests();\n\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\");\nmy $ctx = Net::SSLeay::EVPMDCTXcreate();\nNet::SSLeay::EVPDigestInit($ctx, $md);\n\nwhile(my $chunk = getpieceofdata()) {\nNet::SSLeay::EVPDigestUpdate($ctx,$chunk);\n}\n\nmy $result = Net::SSLeay::EVPDigestFinal($ctx);\nNet::SSLeay::EVPMDCTXdestroy($ctx);\n\nprint \"digest=\", unpack('H*', $result), \"\\n\"; #print hex value\n\n*   EVPDigestInitex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nSets up digest context $ctx to use a digest $type from ENGINE $impl, $ctx must be\ninitialized before calling this function, type will typically be supplied by a function such\nas \"EVPgetdigestbyname\". If $impl is 0 then the default implementation of digest $type is\nused.\n\nmy $rv = Net::SSLeay::EVPDigestInitex($ctx, $type, $impl);\n# $ctx  - value corresponding to openssl's EVPMDCTX structure\n# $type - value corresponding to openssl's EVPMD structure\n# $impl - value corresponding to openssl's ENGINE structure\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPDigestInit\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nBehaves in the same way as \"EVPDigestInitex\" except the passed context $ctx does not have\nto be initialized, and it always uses the default digest implementation.\n\nmy $rv = Net::SSLeay::EVPDigestInit($ctx, $type);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n# $type - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPMDCTXdestroy\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nCleans up digest context $ctx and frees up the space allocated to it, it should be called\nonly on a context created using \"EVPMDCTXcreate\".\n\nNet::SSLeay::EVPMDCTXdestroy($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: no return value\n\n*   EVPDigestUpdate\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nmy $rv = Net::SSLeay::EVPDigestUpdate($ctx, $data);\n# $ctx  - value corresponding to openssl's EVPMDCTX structure\n# $data - data to be hashed\n#\n# returns: 1 for success and 0 for failure\n\n*   EVPDigestFinalex\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nRetrieves the digest value from $ctx. After calling \"EVPDigestFinalex\" no additional calls\nto \"EVPDigestUpdate\" can be made, but \"EVPDigestInitex\" can be called to initialize a new\ndigest operation.\n\nmy $digestvalue = Net::SSLeay::EVPDigestFinalex($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   EVPDigestFinal\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nSimilar to \"EVPDigestFinalex\" except the digest context ctx is automatically cleaned up.\n\nmy $rv = Net::SSLeay::EVPDigestFinal($ctx);\n# $ctx - value corresponding to openssl's EVPMDCTX structure\n#\n# returns: hash value (binary)\n\n#to get printable (hex) value of digest use:\nprint unpack('H*', $digestvalue);\n\n*   MD2\n\nCOMPATIBILITY: no supported by default in openssl-1.0.0\n\nComputes MD2 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD2($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   MD4\n\nComputes MD4 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD4($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   MD5\n\nComputes MD5 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::MD5($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   RIPEMD160\n\nComputes RIPEMD160 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::RIPEMD160($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA1\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nComputes SHA1 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA1($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA256\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nComputes SHA256 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA256($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   SHA512\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nComputes SHA512 from given $data (all data needs to be loaded into memory)\n\nmy $digest = Net::SSLeay::SHA512($data);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   EVPDigest\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.7\n\nComputes \"any\" digest from given $data (all data needs to be loaded into memory)\n\nmy $md = Net::SSLeay::EVPgetdigestbyname(\"sha1\"); #or any other algorithm\nmy $digest = Net::SSLeay::EVPDigest($data, $md);\nprint \"digest(hexadecimal)=\", unpack('H*', $digest);\n\n*   EVPsha1\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nmy $md = Net::SSLeay::EVPsha1();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPsha256\n\nCOMPATIBILITY: requires at least openssl-0.9.8\n\nmy $md = Net::SSLeay::EVPsha256();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPsha512\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before; requires at least openssl-0.9.8\n\nmy $md = Net::SSLeay::EVPsha512();\n#\n# returns: value corresponding to openssl's EVPMD structure\n\n*   EVPadddigest\n\nmy $rv = Net::SSLeay::EVPadddigest($digest);\n# $digest - value corresponding to openssl's EVPMD structure\n#\n# returns: 1 on success, 0 otherwise\n\nLow level API: CIPHER* related functions\n*   CIPHERgetname\n\nCOMPATIBILITY: not available in Net-SSLeay-1.42 and before\n\nReturns name of the cipher used.\n\nmy $rv = Net::SSLeay::CIPHERgetname($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher name e.g. 'DHE-RSA-AES256-SHA', '(NONE)' if $cipher is undefined.\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetname.html>\n\nExample:\n\nmy $sslcipher = Net::SSLeay::getcurrentcipher($ssl);\nmy $ciphername = Net::SSLeay::CIPHERgetname($sslcipher);\n\n*   CIPHERdescription\n\nCOMPATIBILITY: doesn't work correctly in Net-SSLeay-1.88 and before\n\nReturns a textual description of the cipher used.\n\nmy $rv = Net::SSLeay::CIPHERdescription($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher description e.g. 'DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1'\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERdescription.html>\n\n*   CIPHERgetbits\n\nCOMPATIBILITY: $algbits doesn't work correctly in Net-SSLeay-1.88 and before\n\nReturns the number of secret bits used for cipher.\n\nmy $rv = Net::SSLeay::CIPHERgetbits($cipher, $algbits);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n# $algbits - [optional] empty scalar for storing additional return value\n#\n# returns: (integer) number of secret bits, 0 on error\n#          (integer) in $algbits for bits processed by the chosen algorithm\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetbits.html>\n\nExample:\n\n# bits and algbits are not equal for e.g., TLSECDHERSAWITH3DESEDECBCSHA,\n# RFC 8422 name TLSECDHERSAWITH3DESEDECBCSHA\nmy $algbits;\nmy $bits = Net::SSLeay::CIPHERgetbits($cipher, $algbits);\n#my $bits = Net::SSLeay::CIPHERgetbits($cipher);\nprint \"bits: $bits, algbits: $algbits\\n\";\n\n*   CIPHERgetversion\n\nCOMPATIBILITY: not available in Net-SSLeay-1.88 and before\n\nReturns version of SSL/TLS protocol that first defined the cipher\n\nmy $rv = Net::SSLeay::CIPHERgetversion($cipher);\n# $cipher - value corresponding to openssl's SSLCIPHER structure\n#\n# returns: (string) cipher name e.g. 'TLSv1/SSLv3' with some libraries, 'TLSv1.0' or 'TLSv1.3', '(NONE)' if $cipher is undefined.\n\nCheck openssl doc <https://www.openssl.org/docs/ssl/SSLCIPHERgetversion.html>\n\nLow level API: RSA* related functions\n*   RSAgeneratekey\n\nGenerates a key pair and returns it in a newly allocated RSA structure. The pseudo-random\nnumber generator must be seeded prior to calling RSAgeneratekey.\n\nmy $rv = Net::SSLeay::RSAgeneratekey($bits, $e, $perlcb, $perlcbarg);\n# $bits - (integer) modulus size in bits e.g. 512, 1024, 2048\n# $e - (integer) public exponent, an odd number, typically 3, 17 or 65537\n# $perlcb - [optional] reference to perl callback function\n# $perlcbarg - [optional] data that will be passed to callback function when invoked\n#\n# returns: value corresponding to openssl's RSA structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RSAgeneratekey.html>\n\n*   RSAfree\n\nFrees the RSA structure and its components. The key is erased before the memory is returned\nto the system.\n\nNet::SSLeay::RSAfree($r);\n# $r - value corresponding to openssl's RSA structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/RSAnew.html>\n\n*   RSAgetkeyparameters\n\nReturns a list of pointers to BIGNUMs representing the parameters of the key in this order:\n(n, e, d, p, q, dmp1, dmq1, iqmp)\n\nCaution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as\nCrypt::OpenSSL::Bignum for further use\n\nmy (@params) = RSAgetkeyparameters($r);\n\nLow level API: BIO* related functions\n*   BIOeof\n\nReturns 1 if the BIO has read EOF, the precise meaning of 'EOF' varies according to the BIO\ntype.\n\nmy $rv = Net::SSLeay::BIOeof($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: 1 if EOF has been reached 0 otherwise\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOfssl\n\nReturns the SSL BIO method. This is a filter BIO which is a wrapper round the OpenSSL SSL\nroutines adding a BIO 'flavour' to SSL I/O.\n\nmy $rv = Net::SSLeay::BIOfssl();\n#\n# returns: value corresponding to openssl's BIOMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOfree\n\nFrees up a single BIO.\n\nmy $rv = Net::SSLeay::BIOfree($bio;);\n# $bio; - value corresponding to openssl's BIO structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOnew.html>\n\n*   BIOnew\n\nReturns a new BIO using method $type\n\nmy $rv = Net::SSLeay::BIOnew($type);\n# $type - value corresponding to openssl's BIOMETHOD structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOnew.html>\n\n*   BIOnewbuffersslconnect\n\nCreates a new BIO chain consisting of a buffering BIO, an SSL BIO (using ctx) and a connect\nBIO.\n\nmy $rv = Net::SSLeay::BIOnewbuffersslconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOnewfile\n\nCreates a new file BIO with mode $mode the meaning of mode is the same as the stdio function\nfopen(). The BIOCLOSE flag is set on the returned BIO.\n\nmy $rv = Net::SSLeay::BIOnewfile($filename, $mode);\n# $filename - (string) filename\n# $mode - (string) opening mode (as mode by stdio function fopen)\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOsfile.html>\n\n*   BIOnewssl\n\nAllocates an SSL BIO using SSLCTX ctx and using client mode if client is non zero.\n\nmy $rv = Net::SSLeay::BIOnewssl($ctx, $client);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $client - (integer) 0 or 1 - indicates ssl client mode\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOnewsslconnect\n\nCreates a new BIO chain consisting of an SSL BIO (using ctx) followed by a connect BIO.\n\nmy $rv = Net::SSLeay::BIOnewsslconnect($ctx);\n# $ctx - value corresponding to openssl's SSLCTX structure\n#\n# returns: value corresponding to openssl's BIO structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOpending\n\nReturn the number of pending characters in the BIOs read buffers.\n\nmy $rv = Net::SSLeay::BIOpending($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: the amount of pending data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOwpending\n\nReturn the number of pending characters in the BIOs write buffers.\n\nmy $rv = Net::SSLeay::BIOwpending($s);\n# $s - value corresponding to openssl's BIO structure\n#\n# returns: the amount of pending data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOctrl.html>\n\n*   BIOread\n\nRead the underlying descriptor.\n\nNet::SSLeay::BIOread($s, $max);\n# $s - value corresponding to openssl's BIO structure\n# $max - [optional] max. bytes to read (if not specified, the value 32768 is used)\n#\n# returns: data\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOread.html>\n\n*   BIOwrite\n\nAttempts to write data from $buffer to BIO $b.\n\nmy $rv = Net::SSLeay::BIOwrite($b, $buffer);\n# $b - value corresponding to openssl's BIO structure\n# $buffer - data\n#\n# returns: amount of data successfully written\n#          or that no data was successfully read or written if the result is 0 or -1\n#          or -2 when the operation is not implemented in the specific BIO type\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOread.html>\n\n*   BIOsmem\n\nReturn the memory BIO method function.\n\nmy $rv = Net::SSLeay::BIOsmem();\n#\n# returns: value corresponding to openssl's BIOMETHOD structure (0 on failure)\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOsmem.html>\n\n*   BIOsslcopysessionid\n\nCopies an SSL session id between BIO chains from and to. It does this by locating the SSL\nBIOs in each chain and calling SSLcopysessionid() on the internal SSL pointer.\n\nmy $rv = Net::SSLeay::BIOsslcopysessionid($to, $from);\n# $to - value corresponding to openssl's BIO structure\n# $from - value corresponding to openssl's BIO structure\n#\n# returns: 1 on success, 0 on failure\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\n*   BIOsslshutdown\n\nCloses down an SSL connection on BIO chain bio. It does this by locating the SSL BIO in the\nchain and calling SSLshutdown() on its internal SSL pointer.\n\nNet::SSLeay::BIOsslshutdown($sslbio);\n# $sslbio - value corresponding to openssl's BIO structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/BIOfssl.html>\n\nLow level API: Server side Server Name Indication (SNI) support\n*   settlsexthostname\n\nTBA\n\n*   getservername\n\nTBA\n\n*   getservernametype\n\nTBA\n\n*   CTXsettlsextservernamecallback\n\nCOMPATIBILITY: requires at least OpenSSL 0.9.8f\n\nThis function is used in a server to support Server side Server Name Indication (SNI).\n\nNet::SSLeay::CTXsettlsextservernamecallback($ctx, $code)\n# $ctx - SSL context\n# $code - reference to a subroutine that will be called when a new connection is being initiated\n#\n# returns: no return value\n\nOn the client side: use settlsexthostname($ssl, $servername) before initiating the SSL\nconnection.\n\nOn the server side: Set up an additional SSLCTX() for each different certificate;\n\nAdd a servername callback to each SSLCTX() using CTXsettlsextservernamecallback();\n\nThe callback function is required to retrieve the client-supplied servername with\ngetservername(ssl). Figure out the right SSLCTX to go with that host name, then switch the\nSSL object to that SSLCTX with setSSLCTX().\n\nExample:\n\n# set callback\nNet::SSLeay::CTXsettlsextservernamecallback($ctx,\nsub {\nmy $ssl = shift;\nmy $h = Net::SSLeay::getservername($ssl);\nNet::SSLeay::setSSLCTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};\n} );\n\nMore complete example:\n\n# ... initialize Net::SSLeay\n\nmy %hostnames = (\n'sni1' => { cert=>'sni1.pem', key=>'sni1.key' },\n'sni2' => { cert=>'sni2.pem', key=>'sni2.key' },\n);\n\n# create a new context for each certificate/key pair\nfor my $name (keys %hostnames) {\n$hostnames{$name}->{ctx} = Net::SSLeay::CTXnew or die;\nNet::SSLeay::CTXsetcipherlist($hostnames{$name}->{ctx}, 'ALL');\nNet::SSLeay::setcertandkey($hostnames{$name}->{ctx},\n$hostnames{$name}->{cert}, $hostnames{$name}->{key}) or die;\n}\n\n# create default context\nmy $ctx = Net::SSLeay::CTXnew or die;\nNet::SSLeay::CTXsetcipherlist($ctx, 'ALL');\nNet::SSLeay::setcertandkey($ctx, 'cert.pem','key.pem') or die;\n\n# set callback\nNet::SSLeay::CTXsettlsextservernamecallback($ctx, sub {\nmy $ssl = shift;\nmy $h = Net::SSLeay::getservername($ssl);\nNet::SSLeay::setSSLCTX($ssl, $hostnames{$h}->{ctx}) if exists $hostnames{$h};\n} );\n\n# ... later\n\n$s = Net::SSLeay::new($ctx);\nNet::SSLeay::setfd($s, fileno($acceptedsocket));\nNet::SSLeay::accept($s);\n\nLow level API: NPN (next protocol negotiation) related functions\nNPN is being replaced with ALPN, a more recent TLS extension for application protocol\nnegotiation that's in process of being adopted by IETF. Please look below for APLN API\ndescription.\n\nSimple approach for using NPN support looks like this:\n\n### client side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::CTXsetnextprotoselectcb($ctx, ['http1.1','spdy/2']);\nmy $ssl = Net::SSLeay::new($ctx) or die;\nNet::SSLeay::setfd($ssl, fileno($sock)) or die;\nNet::SSLeay::connect($ssl);\n\nwarn \"client:negotiated=\",Net::SSLeay::Pnextprotonegotiated($ssl), \"\\n\";\nwarn \"client:laststatus=\", Net::SSLeay::Pnextprotolaststatus($ssl), \"\\n\";\n\n### server side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::setcertandkey($ctx, \"cert.pem\", \"key.pem\");\nNet::SSLeay::CTXsetnextprotosadvertisedcb($ctx, ['spdy/2','http1.1']);\nmy $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;\n\nwhile (1) {\nmy $ssl = Net::SSLeay::new($ctx);\nwarn(\"server:waiting for incoming connection...\\n\");\nmy $fd = $sock->accept();\nNet::SSLeay::setfd($ssl, $fd->fileno);\nNet::SSLeay::accept($ssl);\nwarn \"server:negotiated=\",Net::SSLeay::Pnextprotonegotiated($ssl),\"\\n\";\nmy $got = Net::SSLeay::read($ssl);\nNet::SSLeay::sslwriteall($ssl, \"length=\".length($got));\nNet::SSLeay::free($ssl);\n$fd->close();\n}\n# check with: openssl sclient -connect localhost:5443 -nextprotoneg http/1.1,spdy/2\n\nPlease note that the selection (negotiation) is performed by client side, the server side simply\nadvertise the list of supported protocols.\n\nAdvanced approach allows you to implement your own negotiation algorithm.\n\n#see below documentation for:\nNet::SSleay::CTXsetnextprotoselectcb($ctx, $perlcallbackfunction, $callbackdata);\nNet::SSleay::CTXsetnextprotosadvertisedcb($ctx, $perlcallbackfunction, $callbackdata);\n\nDetection of NPN support (works even in older Net::SSLeay versions):\n\nuse Net::SSLeay;\n\nif (exists &Net::SSLeay::Pnextprotonegotiated) {\n# do NPN stuff\n}\n\n*   CTXsetnextprotoselectcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nNOTE: You need CTXsetnextprotoselectcb on client side of SSL connection.\n\nSimple usage - in this case a \"common\" negotiation algorithm (as implemented by openssl's\nfunction SSLselectnextproto) is used.\n\n$rv = Net::SSleay::CTXsetnextprotoselectcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of accepted protocols - e.g. ['http1.0', 'http1.1']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetnextprotoselectcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub npnadvertisedcbinvoke {\nmy ($ssl, $arrayrefprotolistadvertisedbyserver, $callbackdata) = @;\nmy $status;\n# ...\n$status = 1;   #status can be:\n# 0 - OPENSSLNPNUNSUPPORTED\n# 1 - OPENSSLNPNNEGOTIATED\n# 2 - OPENSSLNPNNOOVERLAP\nreturn $status, ['http1.1','spdy/2']; # the callback has to return 2 values\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetnextprotoselectcb($ctx, undef);\n\n*   CTXsetnextprotosadvertisedcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nNOTE: You need CTXsetnextprotoselectcb on server side of SSL connection.\n\nSimple usage:\n\n$rv = Net::SSleay::CTXsetnextprotosadvertisedcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of advertised protocols - e.g. ['http1.0', 'http1.1']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetnextprotosadvertisedcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub npnadvertisedcbinvoke {\nmy ($ssl, $callbackdata) = @;\n# ...\nreturn ['http1.1','spdy/2']; # the callback has to return arrayref\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetnextprotosadvertisedcb($ctx, undef);\n\n*   Pnextprotonegotiated\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nReturns the name of negotiated protocol for given SSL connection $ssl.\n\n$rv = Net::SSLeay::Pnextprotonegotiated($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)\n\n*   Pnextprotolaststatus\n\nCOMPATIBILITY: not available in Net-SSLeay-1.45 and before; requires at least openssl-1.0.1\n\nReturns the result of the last negotiation for given SSL connection $ssl.\n\n$rv = Net::SSLeay::Pnextprotolaststatus($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (integer) negotiation status\n#          0 - OPENSSLNPNUNSUPPORTED\n#          1 - OPENSSLNPNNEGOTIATED\n#          2 - OPENSSLNPNNOOVERLAP\n\nLow level API: ALPN (application layer protocol negotiation) related functions\nApplication protocol can be negotiated via two different mechanisms employing two different TLS\nextensions: NPN (obsolete) and ALPN (recommended).\n\nThe API is rather similar, with slight differences reflecting protocol specifics. In particular,\nwith ALPN the protocol negotiation takes place on server, while with NPN the client implements\nthe protocol negotiation logic.\n\nWith ALPN, the most basic implementation looks like this:\n\n### client side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $sock = IO::Socket::INET->new(PeerAddr=>'encrypted.google.com:443') or die;\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::CTXsetalpnprotos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\nmy $ssl = Net::SSLeay::new($ctx) or die;\nNet::SSLeay::setfd($ssl, fileno($sock)) or die;\nNet::SSLeay::connect($ssl);\n\nwarn \"client:selected=\",Net::SSLeay::Palpnselected($ssl), \"\\n\";\n\n### server side\nuse Net::SSLeay;\nuse IO::Socket::INET;\n\nNet::SSLeay::initialize();\nmy $ctx = Net::SSLeay::CTXtlsv1new() or die;\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL);\nNet::SSLeay::setcertandkey($ctx, \"cert.pem\", \"key.pem\");\nNet::SSLeay::CTXsetalpnselectcb($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\nmy $sock = IO::Socket::INET->new(LocalAddr=>'localhost', LocalPort=>5443, Proto=>'tcp', Listen=>20) or die;\n\nwhile (1) {\nmy $ssl = Net::SSLeay::new($ctx);\nwarn(\"server:waiting for incoming connection...\\n\");\nmy $fd = $sock->accept();\nNet::SSLeay::setfd($ssl, $fd->fileno);\nNet::SSLeay::accept($ssl);\nwarn \"server:selected=\",Net::SSLeay::Palpnselected($ssl),\"\\n\";\nmy $got = Net::SSLeay::read($ssl);\nNet::SSLeay::sslwriteall($ssl, \"length=\".length($got));\nNet::SSLeay::free($ssl);\n$fd->close();\n}\n# check with: openssl sclient -connect localhost:5443 -alpn spdy/3,http/1.1\n\nAdvanced approach allows you to implement your own negotiation algorithm.\n\n#see below documentation for:\nNet::SSleay::CTXsetalpnselectcb($ctx, $perlcallbackfunction, $callbackdata);\n\nDetection of ALPN support (works even in older Net::SSLeay versions):\n\nuse Net::SSLeay;\n\nif (exists &Net::SSLeay::Palpnselected) {\n# do ALPN stuff\n}\n\n*   CTXsetalpnselectcb\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need CTXsetalpnselectcb on server side of TLS connection.\n\nSimple usage - in this case a \"common\" negotiation algorithm (as implemented by openssl's\nfunction SSLselectnextproto) is used.\n\n$rv = Net::SSleay::CTXsetalpnselectcb($ctx, $arrayref);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $arrayref - list of accepted protocols - e.g. ['http/2.0', 'http/1.1', 'spdy/3']\n#\n# returns: 0 on success, 1 on failure\n\nAdvanced usage (you probably do not need this):\n\n$rv = Net::SSleay::CTXsetalpnselectcb($ctx, $perlcallbackfunction, $callbackdata);\n# $ctx - value corresponding to openssl's SSLCTX structure\n# $perlcallbackfunction - reference to perl function\n# $callbackdata - [optional] data to passed to callback function when invoked\n#\n# returns: 0 on success, 1 on failure\n\n# where callback function looks like\nsub alpnselectcbinvoke {\nmy ($ssl, $arrayrefprotolistadvertisedbyclient, $callbackdata) = @;\n# ...\nif ($negotiated) {\nreturn 'http/2.0';\n} else {\nreturn undef;\n}\n}\n\nTo undefine/clear this callback use:\n\nNet::SSleay::CTXsetalpnselectcb($ctx, undef);\n\n*   setalpnprotos\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need setalpnprotos on client side of TLS connection.\n\nThis adds list of supported application layer protocols to ClientHello message sent by a\nclient. It advertises the enumeration of supported protocols:\n\nNet::SSLeay::setalpnprotos($ssl, ['http/1.1', 'http/2.0', 'spdy/3]);\n# returns 0 on success\n\n*   CTXsetalpnprotos\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nNOTE: You need CTXsetalpnprotos on client side of TLS connection.\n\nThis adds list of supported application layer protocols to ClientHello message sent by a\nclient. It advertises the enumeration of supported protocols:\n\nNet::SSLeay::CTXsetalpnprotos($ctx, ['http/1.1', 'http/2.0', 'spdy/3]);\n# returns 0 on success\n\n*   Palpnselected\n\nCOMPATIBILITY: not available in Net-SSLeay-1.55 and before; requires at least openssl-1.0.2\n\nReturns the name of negotiated protocol for given TLS connection $ssl.\n\n$rv = Net::SSLeay::Palpnselected($ssl)\n# $ssl - value corresponding to openssl's SSL structure\n#\n# returns: (string) negotiated protocol name (or undef if no negotiation was done or failed with fatal error)\n\nLow level API: DANE Support\nOpenSSL version 1.0.2 adds preliminary support RFC6698 Domain Authentication of Named Entities\n(DANE) Transport Layer Association within OpenSSL\n\n*   SSLgettlsarecordbyname\n\nCOMPATIBILITY: DELETED from net-ssleay, since it is not supported by OpenSSL\n\nIn order to facilitate DANE there is additional interface, SSLgettlsarecordbyname,\naccepting hostname, port and socket type that returns packed TLSA record. In order to make\nit even easier there is additional SSLctrl function that calls SSLgettlsarecordbyname\nfor you. Latter is recommended for programmers that wish to maintain broader binary\ncompatibility, e.g. make application work with both 1.0.2 and prior version (in which case\ncall to SSLctrl with new code returning error would have to be ignored when running with\nprior version).\n\nNet::SSLeay::gettlsarecordbyname($name, $port, $type);\n\nLow level API: Other functions\n*   COMPaddcompressionmethod\n\nAdds the compression method cm with the identifier id to the list of available compression\nmethods. This list is globally maintained for all SSL operations within this application. It\ncannot be set for specific SSLCTX or SSL objects.\n\nmy $rv = Net::SSLeay::COMPaddcompressionmethod($id, $cm);\n# $id - (integer) compression method id\n#       0 to 63:    methods defined by the IETF\n#       64 to 192:  external party methods assigned by IANA\n#       193 to 255: reserved for private use\n#\n# $cm - value corresponding to openssl's COMPMETHOD structure\n#\n# returns: 0 on success, 1 on failure (check the error queue to find out the reason)\n\nCheck openssl doc <http://www.openssl.org/docs/ssl/SSLCOMPaddcompressionmethod.html>\n\n*   DHfree\n\nFrees the DH structure and its components. The values are erased before the memory is\nreturned to the system.\n\nNet::SSLeay::DHfree($dh);\n# $dh - value corresponding to openssl's DH structure\n#\n# returns: no return value\n\nCheck openssl doc <http://www.openssl.org/docs/crypto/DHnew.html>\n\n*   FIPSmodeset\n\nEnable or disable FIPS mode in a FIPS capable OpenSSL.\n\nNet::SSLeay:: FIPSmodeset($enable);\n# $enable - (integer) 1 to enable, 0 to disable\n\nLow level API: EC related functions\n*   CTXsettmpecdh\n\nTBA\n\n*   ECKEYfree\n\nTBA\n\n*   ECKEYnewbycurvename\n\nTBA\n\n*   ECKEYgeneratekey\n\nGenerates a EC key and returns it in a newly allocated ECKEY structure. The EC key then can\nbe used to create a PKEY which can be used in calls like X509setpubkey.\n\nmy $key = Net::SSLeay::EVPPKEYnew();\nmy $ec  = Net::SSLeay::ECKEYgeneratekey($curve);\nNet::SSLeay::EVPPKEYassignECKEY($key,$ec);\n\n# $curve - curve name like 'secp521r1' or the matching Id (integer) of the curve\n#\n# returns: value corresponding to openssl's ECKEY structure (0 on failure)\n\nThis function has no equivalent in OpenSSL but combines multiple OpenSSL functions for an\neasier interface.\n\n*   CTXsetecdhauto, setecdhauto\n\nThese functions enable or disable the automatic curve selection on the server side by\ncalling SSLCTXsetecdhauto or SSLsetecdhauto respectively. If enabled the highest\npreference curve is automatically used for ECDH temporary keys used during key exchange.\nThis function is no longer available for OpenSSL 1.1.0 or higher.\n\nNet::SSLeay::CTXsetecdhauto($ctx,1);\nNet::SSLeay::setecdhauto($ssl,1);\n\n*   CTXset1curveslist, set1curveslist\n\nThese functions set the supported curves (in order of preference) by calling\nSSLCTXset1curveslist or SSLset1curveslist respectively. For a TLS client these curves\nare offered to the server in the supported curves extension while on the server side these\nare used to determine the shared curve. These functions are only available since OpenSSL\n1.1.0.\n\nNet::SSLeay::CTXset1curveslist($ctx,\"P-521:P-384:P-256\");\nNet::SSLeay::set1curveslist($ssl,\"P-521:P-384:P-256\");\n\n*   CTXset1groupslist, set1groupslist\n\nThese functions set the supported groups (in order of preference) by calling\nSSLCTXset1groupslist or SSLset1groupslist respectively. This is practically the same\nas CTXset1curveslist and set1curveslist except that all DH groups can be given as\nsupported by TLS 1.3. These functions are only available since OpenSSL 1.1.1.\n\nNet::SSLeay::CTXset1groupslist($ctx,\"P-521:P-384:P-256\");\nNet::SSLeay::set1groupslist($ssl,\"P-521:P-384:P-256\");\n\nLow level API: OSSLLIBCTX and OSSLPROVIDER related functions\n*   OSSLLIBCTXget0globaldefault\n\nReturns a concrete (non NULL) reference to the global default library context.\n\nmy $libctx = Net::SSLeay::OSSLLIBCTXget0globaldefault();\n# returns: a value corresponding to OSSLLIBCTX structure or false on failure\n\nTypically it's simpler to use undef with functions that take an OSSLLIBCTX argument when\nglobal default library context is needed.\n\nCheck openssl doc\n<https://www.openssl.org/docs/manmaster/man3/OSSLLIBCTXget0globaldefault.html>\n\n*   OSSLPROVIDERload\n\nLoads and initializes a provider\n\nmy $provider = Net::SSLeay::OSSLPROVIDERload($libctx, $name);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n#\n# returns: a value corresponding to OSSLPROVIDER or false on failure\n\nUsing undef loads the provider within the global default library context.\n\nmy $provider = Net::SSLeay::OSSLPROVIDERload(undef, 'legacy');\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERload.html>\n\n*   OSSLPROVIDERtryload\n\nLoads and initializes a provider similar to OSSLPROVIDERload with additional fallback\ncontrol.\n\nmy $provider = Net::SSLeay::OSSLPROVIDERtryload($libctx, $name, $retainfallbacks);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n# $retainfallbacks - (integer) 0 or 1\n#\n# returns: a value corresponding to OSSLPROVIDER or false on failure\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERtryload.html>\n\n*   OSSLPROVIDERunload\n\nUnloads the given provider.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERunload($provider);\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (integer) 1 on success, 0 on error\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERunload.html>\n\n*   OSSLPROVIDERavailable\n\nChecks if a named provider is available for use.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERavailable($libctx, $name);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $name - (string) provider name, e.g., 'legacy'\n#\n# returns: (integer) 1 if the named provider is available, otherwise 0.\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERavailable.html>\n\n*   OSSLPROVIDERdoall\n\nIterates over all loaded providers. A callback is called for each provider.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERdoall($libctx, $cb, $cbdata);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $cb - reference to a perl callback function\n$ $cbdata - data that will be passed to callback function\n#\n# returns: (integer) 1 if all callbacks returned 1, 0 the first time a callback returns 0.\n\nExample:\n\nsub doallcb {\nmy ($provider, $cbdata) = @;\n\nmy $name = Net::SSLeay::OSSLPROVIDERget0name($provider);\nprint \"Callback for provider: '$name', cbdata: '$cbdata'\\n\";\nreturn 1;\n}\nmy $dataforcb = 'Hello';\n\n# Triggers default provider automatic loading.\nNet::SSLeay::OSSLPROVIDERavailable(undef, 'default') || die 'default provider not available';\nNet::SSLeay::OSSLPROVIDERload(undef, 'legacy') || die 'load legacy';\nNet::SSLeay::OSSLPROVIDERload(undef, 'null')   || die 'load null';\nNet::SSLeay::OSSLPROVIDERdoall(undef, \\&doallcb, $dataforcb) || die 'a callback failed';\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERdoall.html>\n\n*   OSSLPROVIDERget0name\n\nReturns the name of the given provider.\n\nmy $name = Net::SSLeay::OSSLPROVIDERget0name($provider);\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (string) provider name, e.g., 'legacy'\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERget0name.html>\n\n*   OSSLPROVIDERselftest\n\nRuns the provider's self tests.\n\nmy $rv = Net::SSLeay::OSSLPROVIDERselftest($provider);\n# $libctx - value corresponding to OSSLLIBCTX structure or undef\n# $provider - a value corresponding to OSSLPROVIDER\n#\n# returns: (integer) returns 1 if the self tests pass, 0 on error\n\nCheck openssl doc <https://www.openssl.org/docs/manmaster/man3/OSSLPROVIDERselftest.html>\n"
                    },
                    {
                        "name": "Constants",
                        "content": "There are many openssl constants available in Net::SSLeay. You can use them like this:\n\nuse Net::SSLeay;\nprint &Net::SSLeay::NIDcommonName;\n#or\nprint Net::SSLeay::NIDcommonName();\n\nOr you can import them and use:\n\nuse Net::SSLeay qw/NIDcommonName/;\nprint &NIDcommonName;\n#or\nprint NIDcommonName();\n#or\nprint NIDcommonName;\n\nThe constants names are derived from openssl constants, however constants starting with \"SSL\"\nprefix have name with \"SSL\" part stripped - e.g. openssl's constant \"SSLOPALL\" is available\nas \"Net::SSleay::OPALL\"\n\nThe list of all available constant names:\n\nASN1STRFLGSESCCTRL                   OPENSSLVERSIONSTRING\nASN1STRFLGSESCMSB                    OPALL\nASN1STRFLGSESCQUOTE                  OPALLOWNODHEKEX\nASN1STRFLGSRFC2253                    OPALLOWUNSAFELEGACYRENEGOTIATION\nCBACCEPTEXIT                          OPCIPHERSERVERPREFERENCE\nCBACCEPTLOOP                          OPCISCOANYCONNECT\nCBALERT                                OPCOOKIEEXCHANGE\nCBCONNECTEXIT                         OPCRYPTOPROTLSEXTBUG\nCBCONNECTLOOP                         OPDONTINSERTEMPTYFRAGMENTS\nCBEXIT                                 OPENABLEMIDDLEBOXCOMPAT\nCBHANDSHAKEDONE                       OPEPHEMERALRSA\nCBHANDSHAKESTART                      OPLEGACYSERVERCONNECT\nCBLOOP                                 OPMICROSOFTBIGSSLV3BUFFER\nCBREAD                                 OPMICROSOFTSESSIDBUG\nCBREADALERT                           OPMSIESSLV2RSAPADDING\nCBWRITE                                OPNETSCAPECADNBUG\nCBWRITEALERT                          OPNETSCAPECHALLENGEBUG\nERRORNONE                              OPNETSCAPEDEMOCIPHERCHANGEBUG\nERRORSSL                               OPNETSCAPEREUSECIPHERCHANGEBUG\nERRORSYSCALL                           OPNONEXPORTFIRST\nERRORWANTACCEPT                       OPNOANTIREPLAY\nERRORWANTCONNECT                      OPNOCLIENTRENEGOTIATION\nERRORWANTREAD                         OPNOCOMPRESSION\nERRORWANTWRITE                        OPNOENCRYPTTHENMAC\nERRORWANTX509LOOKUP                  OPNOQUERYMTU\nERRORZERORETURN                       OPNORENEGOTIATION\nEVPPKSDSA                             OPNOSESSIONRESUMPTIONONRENEGOTIATION\nEVPPKSEC                              OPNOSSLMASK\nEVPPKSRSA                             OPNOSSLv2\nEVPPKTENC                             OPNOSSLv3\nEVPPKTEXCH                            OPNOTICKET\nEVPPKTEXP                             OPNOTLSv1\nEVPPKTSIGN                            OPNOTLSv11\nEVPPKDH                               OPNOTLSv12\nEVPPKDSA                              OPNOTLSv13\nEVPPKEC                               OPPKCS1CHECK1\nEVPPKRSA                              OPPKCS1CHECK2\nFILETYPEASN1                           OPPRIORITIZECHACHA\nFILETYPEPEM                            OPSAFARIECDHEECDSABUG\nFCLIENTCERTIFICATE                    OPSINGLEDHUSE\nFCLIENTHELLO                          OPSINGLEECDHUSE\nFCLIENTMASTERKEY                     OPSSLEAY080CLIENTDHBUG\nFD2ISSLSESSION                       OPSSLREF2REUSECERTTYPEBUG\nFGETCLIENTFINISHED                   OPTLSEXTPADDING\nFGETCLIENTHELLO                      OPTLSBLOCKPADDINGBUG\nFGETCLIENTMASTERKEY                 OPTLSD5BUG\nFGETSERVERFINISHED                   OPTLSROLLBACKBUG\nFGETSERVERHELLO                      READING\nFGETSERVERVERIFY                     RECEIVEDSHUTDOWN\nFI2DSSLSESSION                       RSA3\nFREADN                                RSAF4\nFREQUESTCERTIFICATE                   RBADAUTHENTICATIONTYPE\nFSERVERHELLO                          RBADCHECKSUM\nFSSLCERTNEW                          RBADMACDECODE\nFSSLGETNEWSESSION                   RBADRESPONSEARGUMENT\nFSSLNEW                               RBADSSLFILETYPE\nFSSLREAD                              RBADSSLSESSIONIDLENGTH\nFSSLRSAPRIVATEDECRYPT               RBADSTATE\nFSSLRSAPUBLICENCRYPT                RBADWRITERETRY\nFSSLSESSIONNEW                       RCHALLENGEISDIFFERENT\nFSSLSESSIONPRINTFP                  RCIPHERTABLESRCERROR\nFSSLSETFD                            RINVALIDCHALLENGELENGTH\nFSSLSETRFD                           RNOCERTIFICATESET\nFSSLSETWFD                           RNOCERTIFICATESPECIFIED\nFSSLUSECERTIFICATE                   RNOCIPHERLIST\nFSSLUSECERTIFICATEASN1              RNOCIPHERMATCH\nFSSLUSECERTIFICATEFILE              RNOPRIVATEKEY\nFSSLUSEPRIVATEKEY                    RNOPUBLICKEY\nFSSLUSEPRIVATEKEYASN1               RNULLSSLCTX\nFSSLUSEPRIVATEKEYFILE               RPEERDIDNOTRETURNACERTIFICATE\nFSSLUSERSAPRIVATEKEY                 RPEERERROR\nFSSLUSERSAPRIVATEKEYASN1            RPEERERRORCERTIFICATE\nFSSLUSERSAPRIVATEKEYFILE            RPEERERRORNOCIPHER\nFWRITEPENDING                         RPEERERRORUNSUPPORTEDCERTIFICATETYPE\nGENDIRNAME                             RPUBLICKEYENCRYPTERROR\nGENDNS                                 RPUBLICKEYISNOTRSA\nGENEDIPARTY                            RREADWRONGPACKETTYPE\nGENEMAIL                               RSHORTREAD\nGENIPADD                               RSSLSESSIONIDISDIFFERENT\nGENOTHERNAME                           RUNABLETOEXTRACTPUBLICKEY\nGENRID                                 RUNKNOWNREMOTEERRORTYPE\nGENURI                                 RUNKNOWNSTATE\nGENX400                                RX509LIB\nLIBRESSLVERSIONNUMBER                 SENTSHUTDOWN\nMBSTRINGASC                            SESSIONASN1VERSION\nMBSTRINGBMP                            SESSCACHEBOTH\nMBSTRINGFLAG                           SESSCACHECLIENT\nMBSTRINGUNIV                           SESSCACHENOAUTOCLEAR\nMBSTRINGUTF8                           SESSCACHENOINTERNAL\nMINRSAMODULUSLENGTHINBYTES         SESSCACHENOINTERNALLOOKUP\nMODEACCEPTMOVINGWRITEBUFFER         SESSCACHENOINTERNALSTORE\nMODEAUTORETRY                         SESSCACHEOFF\nMODEENABLEPARTIALWRITE               SESSCACHESERVER\nMODERELEASEBUFFERS                    SSL2MTCLIENTCERTIFICATE\nNIDOCSPsign                           SSL2MTCLIENTFINISHED\nNIDSMIMECapabilities                   SSL2MTCLIENTHELLO\nNIDX500                                SSL2MTCLIENTMASTERKEY\nNIDX509                                SSL2MTERROR\nNIDadOCSP                             SSL2MTREQUESTCERTIFICATE\nNIDadcaissuers                       SSL2MTSERVERFINISHED\nNIDalgorithm                           SSL2MTSERVERHELLO\nNIDauthoritykeyidentifier            SSL2MTSERVERVERIFY\nNIDbasicconstraints                   SSL2VERSION\nNIDbfcbc                              SSL3MTCCS\nNIDbfcfb64                            SSL3MTCERTIFICATE\nNIDbfecb                              SSL3MTCERTIFICATEREQUEST\nNIDbfofb64                            SSL3MTCERTIFICATESTATUS\nNIDcast5cbc                           SSL3MTCERTIFICATEURL\nNIDcast5cfb64                         SSL3MTCERTIFICATEVERIFY\nNIDcast5ecb                           SSL3MTCHANGECIPHERSPEC\nNIDcast5ofb64                         SSL3MTCLIENTHELLO\nNIDcertBag                             SSL3MTCLIENTKEYEXCHANGE\nNIDcertificatepolicies                SSL3MTENCRYPTEDEXTENSIONS\nNIDclientauth                         SSL3MTENDOFEARLYDATA\nNIDcodesign                           SSL3MTFINISHED\nNIDcommonName                          SSL3MTHELLOREQUEST\nNIDcountryName                         SSL3MTKEYUPDATE\nNIDcrlBag                              SSL3MTMESSAGEHASH\nNIDcrldistributionpoints             SSL3MTNEWSESSIONTICKET\nNIDcrlnumber                          SSL3MTNEXTPROTO\nNIDcrlreason                          SSL3MTSERVERDONE\nNIDdeltacrl                           SSL3MTSERVERHELLO\nNIDdescbc                             SSL3MTSERVERKEYEXCHANGE\nNIDdescfb64                           SSL3MTSUPPLEMENTALDATA\nNIDdesecb                             SSL3RTALERT\nNIDdesede                             SSL3RTAPPLICATIONDATA\nNIDdesede3                            SSL3RTCHANGECIPHERSPEC\nNIDdesede3cbc                        SSL3RTHANDSHAKE\nNIDdesede3cfb64                      SSL3RTHEADER\nNIDdesede3ofb64                      SSL3RTINNERCONTENTTYPE\nNIDdesedecbc                         SSL3VERSION\nNIDdesedecfb64                       SSLEAYBUILTON\nNIDdesedeofb64                       SSLEAYCFLAGS\nNIDdesofb64                           SSLEAYDIR\nNIDdescription                         SSLEAYPLATFORM\nNIDdesxcbc                            SSLEAYVERSION\nNIDdhKeyAgreement                      STACCEPT\nNIDdnQualifier                         STBEFORE\nNIDdsa                                 STCONNECT\nNIDdsaWithSHA                          STINIT\nNIDdsaWithSHA1                         STOK\nNIDdsaWithSHA12                       STREADBODY\nNIDdsa2                               STREADHEADER\nNIDemailprotect                       TLS11VERSION\nNIDextkeyusage                       TLS12VERSION\nNIDextreq                             TLS13VERSION\nNIDfriendlyName                        TLS1VERSION\nNIDgivenName                           TLSEXTSTATUSTYPEocsp\nNIDhmacWithSHA1                        VERIFYCLIENTONCE\nNIDidad                               VERIFYFAILIFNOPEERCERT\nNIDidce                               VERIFYNONE\nNIDidkp                               VERIFYPEER\nNIDidpbkdf2                           VERIFYPOSTHANDSHAKE\nNIDidpe                               VOCSPCERTSTATUSGOOD\nNIDidpkix                             VOCSPCERTSTATUSREVOKED\nNIDidqtcps                           VOCSPCERTSTATUSUNKNOWN\nNIDidqtunotice                       WRITING\nNIDideacbc                            X509CHECKFLAGALWAYSCHECKSUBJECT\nNIDideacfb64                          X509CHECKFLAGMULTILABELWILDCARDS\nNIDideaecb                            X509CHECKFLAGNEVERCHECKSUBJECT\nNIDideaofb64                          X509CHECKFLAGNOPARTIALWILDCARDS\nNIDinfoaccess                         X509CHECKFLAGNOWILDCARDS\nNIDinitials                            X509CHECKFLAGSINGLELABELSUBDOMAINS\nNIDinvaliditydate                     X509FILETYPEASN1\nNIDissueraltname                     X509FILETYPEDEFAULT\nNIDkeyBag                              X509FILETYPEPEM\nNIDkeyusage                           X509LOOKUP\nNIDlocalKeyID                          X509PURPOSEANY\nNIDlocalityName                        X509PURPOSECRLSIGN\nNIDmd2                                 X509PURPOSENSSSLSERVER\nNIDmd2WithRSAEncryption                X509PURPOSEOCSPHELPER\nNIDmd5                                 X509PURPOSESMIMEENCRYPT\nNIDmd5WithRSA                          X509PURPOSESMIMESIGN\nNIDmd5WithRSAEncryption                X509PURPOSESSLCLIENT\nNIDmd5sha1                            X509PURPOSESSLSERVER\nNIDmdc2                                X509PURPOSETIMESTAMPSIGN\nNIDmdc2WithRSA                         X509TRUSTCOMPAT\nNIDmscodecom                         X509TRUSTEMAIL\nNIDmscodeind                         X509TRUSTOBJECTSIGN\nNIDmsctlsign                         X509TRUSTOCSPREQUEST\nNIDmsefs                              X509TRUSTOCSPSIGN\nNIDmsextreq                          X509TRUSTSSLCLIENT\nNIDmssgc                              X509TRUSTSSLSERVER\nNIDname                                X509TRUSTTSA\nNIDnetscape                            X509VERRAKIDISSUERSERIALMISMATCH\nNIDnetscapebaseurl                   X509VERRAKIDSKIDMISMATCH\nNIDnetscapecapolicyurl              X509VERRAPPLICATIONVERIFICATION\nNIDnetscapecarevocationurl          X509VERRCAKEYTOOSMALL\nNIDnetscapecertextension             X509VERRCAMDTOOWEAK\nNIDnetscapecertsequence              X509VERRCERTCHAINTOOLONG\nNIDnetscapecerttype                  X509VERRCERTHASEXPIRED\nNIDnetscapecomment                    X509VERRCERTNOTYETVALID\nNIDnetscapedatatype                  X509VERRCERTREJECTED\nNIDnetscaperenewalurl                X509VERRCERTREVOKED\nNIDnetscaperevocationurl             X509VERRCERTSIGNATUREFAILURE\nNIDnetscapesslservername            X509VERRCERTUNTRUSTED\nNIDnssgc                              X509VERRCRLHASEXPIRED\nNIDorganizationName                    X509VERRCRLNOTYETVALID\nNIDorganizationalUnitName              X509VERRCRLPATHVALIDATIONERROR\nNIDpbeWithMD2AndDESCBC                X509VERRCRLSIGNATUREFAILURE\nNIDpbeWithMD2AndRC2CBC                X509VERRDANENOMATCH\nNIDpbeWithMD5AndCast5CBC              X509VERRDEPTHZEROSELFSIGNEDCERT\nNIDpbeWithMD5AndDESCBC                X509VERRDIFFERENTCRLSCOPE\nNIDpbeWithMD5AndRC2CBC                X509VERREEKEYTOOSMALL\nNIDpbeWithSHA1AndDESCBC               X509VERREMAILMISMATCH\nNIDpbeWithSHA1AndRC2CBC               X509VERRERRORINCERTNOTAFTERFIELD\nNIDpbeWithSHA1And128BitRC2CBC        X509VERRERRORINCERTNOTBEFOREFIELD\nNIDpbeWithSHA1And128BitRC4            X509VERRERRORINCRLLASTUPDATEFIELD\nNIDpbeWithSHA1And2KeyTripleDESCBC  X509VERRERRORINCRLNEXTUPDATEFIELD\nNIDpbeWithSHA1And3KeyTripleDESCBC  X509VERREXCLUDEDVIOLATION\nNIDpbeWithSHA1And40BitRC2CBC         X509VERRHOSTNAMEMISMATCH\nNIDpbeWithSHA1And40BitRC4             X509VERRINVALIDCA\nNIDpbes2                               X509VERRINVALIDCALL\nNIDpbmac1                              X509VERRINVALIDEXTENSION\nNIDpkcs                                X509VERRINVALIDNONCA\nNIDpkcs3                               X509VERRINVALIDPOLICYEXTENSION\nNIDpkcs7                               X509VERRINVALIDPURPOSE\nNIDpkcs7data                          X509VERRIPADDRESSMISMATCH\nNIDpkcs7digest                        X509VERRKEYUSAGENOCERTSIGN\nNIDpkcs7encrypted                     X509VERRKEYUSAGENOCRLSIGN\nNIDpkcs7enveloped                     X509VERRKEYUSAGENODIGITALSIGNATURE\nNIDpkcs7signed                        X509VERRNOEXPLICITPOLICY\nNIDpkcs7signedAndEnveloped            X509VERRNOVALIDSCTS\nNIDpkcs8ShroudedKeyBag                 X509VERROCSPCERTUNKNOWN\nNIDpkcs9                               X509VERROCSPVERIFYFAILED\nNIDpkcs9challengePassword             X509VERROCSPVERIFYNEEDED\nNIDpkcs9contentType                   X509VERROUTOFMEM\nNIDpkcs9countersignature              X509VERRPATHLENGTHEXCEEDED\nNIDpkcs9emailAddress                  X509VERRPATHLOOP\nNIDpkcs9extCertAttributes             X509VERRPERMITTEDVIOLATION\nNIDpkcs9messageDigest                 X509VERRPROXYCERTIFICATESNOTALLOWED\nNIDpkcs9signingTime                   X509VERRPROXYPATHLENGTHEXCEEDED\nNIDpkcs9unstructuredAddress           X509VERRPROXYSUBJECTNAMEVIOLATION\nNIDpkcs9unstructuredName              X509VERRSELFSIGNEDCERTINCHAIN\nNIDprivatekeyusageperiod            X509VERRSTORELOOKUP\nNIDrc240cbc                          X509VERRSUBJECTISSUERMISMATCH\nNIDrc264cbc                          X509VERRSUBTREEMINMAX\nNIDrc2cbc                             X509VERRSUITEBCANNOTSIGNP384WITHP256\nNIDrc2cfb64                           X509VERRSUITEBINVALIDALGORITHM\nNIDrc2ecb                             X509VERRSUITEBINVALIDCURVE\nNIDrc2ofb64                           X509VERRSUITEBINVALIDSIGNATUREALGORITHM\nNIDrc4                                 X509VERRSUITEBINVALIDVERSION\nNIDrc440                              X509VERRSUITEBLOSNOTALLOWED\nNIDrc5cbc                             X509VERRUNABLETODECODEISSUERPUBLICKEY\nNIDrc5cfb64                           X509VERRUNABLETODECRYPTCERTSIGNATURE\nNIDrc5ecb                             X509VERRUNABLETODECRYPTCRLSIGNATURE\nNIDrc5ofb64                           X509VERRUNABLETOGETCRL\nNIDripemd160                           X509VERRUNABLETOGETCRLISSUER\nNIDripemd160WithRSA                    X509VERRUNABLETOGETISSUERCERT\nNIDrlecompression                     X509VERRUNABLETOGETISSUERCERTLOCALLY\nNIDrsa                                 X509VERRUNABLETOVERIFYLEAFSIGNATURE\nNIDrsaEncryption                       X509VERRUNHANDLEDCRITICALCRLEXTENSION\nNIDrsadsi                              X509VERRUNHANDLEDCRITICALEXTENSION\nNIDsafeContentsBag                     X509VERRUNNESTEDRESOURCE\nNIDsdsiCertificate                     X509VERRUNSPECIFIED\nNIDsecretBag                           X509VERRUNSUPPORTEDCONSTRAINTSYNTAX\nNIDserialNumber                        X509VERRUNSUPPORTEDCONSTRAINTTYPE\nNIDserverauth                         X509VERRUNSUPPORTEDEXTENSIONFEATURE\nNIDsha                                 X509VERRUNSUPPORTEDNAMESYNTAX\nNIDsha1                                X509VFLAGALLOWPROXYCERTS\nNIDsha1WithRSA                         X509VFLAGCBISSUERCHECK\nNIDsha1WithRSAEncryption               X509VFLAGCHECKSSSIGNATURE\nNIDshaWithRSAEncryption                X509VFLAGCRLCHECK\nNIDstateOrProvinceName                 X509VFLAGCRLCHECKALL\nNIDsubjectaltname                    X509VFLAGEXPLICITPOLICY\nNIDsubjectkeyidentifier              X509VFLAGEXTENDEDCRLSUPPORT\nNIDsurname                             X509VFLAGIGNORECRITICAL\nNIDsxnet                               X509VFLAGINHIBITANY\nNIDtimestamp                          X509VFLAGINHIBITMAP\nNIDtitle                               X509VFLAGLEGACYVERIFY\nNIDundef                               X509VFLAGNOTIFYPOLICY\nNIDuniqueIdentifier                    X509VFLAGNOALTCHAINS\nNIDx509Certificate                     X509VFLAGNOCHECKTIME\nNIDx509Crl                             X509VFLAGPARTIALCHAIN\nNIDzlibcompression                    X509VFLAGPOLICYCHECK\nNOTHING                                 X509VFLAGPOLICYMASK\nOCSPRESPONSESTATUSINTERNALERROR      X509VFLAGSUITEB128LOS\nOCSPRESPONSESTATUSMALFORMEDREQUEST   X509VFLAGSUITEB128LOSONLY\nOCSPRESPONSESTATUSSIGREQUIRED        X509VFLAGSUITEB192LOS\nOCSPRESPONSESTATUSSUCCESSFUL         X509VFLAGTRUSTEDFIRST\nOCSPRESPONSESTATUSTRYLATER           X509VFLAGUSECHECKTIME\nOCSPRESPONSESTATUSUNAUTHORIZED       X509VFLAGUSEDELTAS\nOPENSSLBUILTON                        X509VFLAGX509STRICT\nOPENSSLCFLAGS                          X509VOK\nOPENSSLCPUINFO                        XNFLAGCOMPAT\nOPENSSLDIR                             XNFLAGDNREV\nOPENSSLENGINESDIR                     XNFLAGDUMPUNKNOWNFIELDS\nOPENSSLFULLVERSIONSTRING             XNFLAGFNALIGN\nOPENSSLINFOCONFIGDIR                 XNFLAGFNLN\nOPENSSLINFOCPUSETTINGS               XNFLAGFNMASK\nOPENSSLINFODIRFILENAMESEPARATOR     XNFLAGFNNONE\nOPENSSLINFODSOEXTENSION              XNFLAGFNOID\nOPENSSLINFOENGINESDIR                XNFLAGFNSN\nOPENSSLINFOLISTSEPARATOR             XNFLAGMULTILINE\nOPENSSLINFOMODULESDIR                XNFLAGONELINE\nOPENSSLINFOSEEDSOURCE                XNFLAGRFC2253\nOPENSSLMODULESDIR                     XNFLAGSEPCOMMAPLUS\nOPENSSLPLATFORM                        XNFLAGSEPCPLUSSPC\nOPENSSLVERSION                         XNFLAGSEPMASK\nOPENSSLVERSIONMAJOR                   XNFLAGSEPMULTILINE\nOPENSSLVERSIONMINOR                   XNFLAGSEPSPLUSSPC\nOPENSSLVERSIONNUMBER                  XNFLAGSPCEQ\nOPENSSLVERSIONPATCH\n\nINTERNAL ONLY functions (do not use these)\nThe following functions are not intended for use from outside of Net::SSLeay module. They might\nbe removed, renamed or changed without prior notice in future version.\n\nSimply DO NOT USE THEM!\n\n*   hello\n\n*   blength\n\n*   constant\n"
                    }
                ]
            },
            "EXAMPLES": {
                "content": "One very good example to look at is the implementation of \"sslcat()\" in the \"SSLeay.pm\" file.\n\nThe following is a simple SSLeay client (with too little error checking :-(\n\n#!/usr/bin/perl\nuse Socket;\nuse Net::SSLeay qw(dienow dieifsslerror) ;\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\n($destserv, $port, $msg) = @ARGV;      # Read command line\n$port = getservbyname ($port, 'tcp') unless $port =~ /^\\d+$/;\n$destip = gethostbyname ($destserv);\n$destservparams  = sockaddrin($port, $destip);\n\nsocket  (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";\nconnect (S, $destservparams)          or die \"connect: $!\";\nselect  (S); $| = 1; select (STDOUT);   # Eliminate STDIO buffering\n\n# The network connection is now open, lets fire up SSL\n\n$ctx = Net::SSLeay::CTXnew() or dienow(\"Failed to create SSLCTX $!\");\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n$ssl = Net::SSLeay::new($ctx) or dienow(\"Failed to create SSL $!\");\nNet::SSLeay::setfd($ssl, fileno(S));   # Must use fileno\n$res = Net::SSLeay::connect($ssl) and dieifsslerror(\"ssl connect\");\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n# Exchange data\n\n$res = Net::SSLeay::write($ssl, $msg);  # Perl knows how long $msg is\ndieifsslerror(\"ssl write\");\nCORE::shutdown S, 1;  # Half close --> No more output, sends EOF to server\n$got = Net::SSLeay::read($ssl);         # Perl returns undef on failure\ndieifsslerror(\"ssl read\");\nprint $got;\n\nNet::SSLeay::free ($ssl);               # Tear down connection\nNet::SSLeay::CTXfree ($ctx);\nclose S;\n\nThe following is a simple SSLeay echo server (non forking):\n\n#!/usr/bin/perl -w\nuse Socket;\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\n$ourip = \"\\0\\0\\0\\0\"; # Bind to all interfaces\n$port = 1235;\n$sockaddrtemplate = 'S n a4 x8';\n$ourservparams = pack ($sockaddrtemplate, &AFINET, $port, $ourip);\n\nsocket (S, &AFINET, &SOCKSTREAM, 0)  or die \"socket: $!\";\nbind (S, $ourservparams)             or die \"bind:   $!\";\nlisten (S, 5)                          or die \"listen: $!\";\n$ctx = Net::SSLeay::CTXnew ()         or dienow(\"CTXnew ($ctx): $!\");\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n\n# Following will ask password unless private key is not encrypted\nNet::SSLeay::CTXuseRSAPrivateKeyfile ($ctx, 'plain-rsa.pem',\n&Net::SSLeay::FILETYPEPEM);\ndieifsslerror(\"private key\");\nNet::SSLeay::CTXusecertificatefile ($ctx, 'plain-cert.pem',\n&Net::SSLeay::FILETYPEPEM);\ndieifsslerror(\"certificate\");\n\nwhile (1) {\nprint \"Accepting connections...\\n\";\n($addr = accept (NS, S))           or die \"accept: $!\";\nselect (NS); $| = 1; select (STDOUT);  # Piping hot!\n\n($af,$clientport,$clientip) = unpack($sockaddrtemplate,$addr);\n@inetaddr = unpack('C4',$clientip);\nprint \"$af connection from \" .\njoin ('.', @inetaddr) . \":$clientport\\n\";\n\n# We now have a network connection, lets fire up SSLeay...\n\n$ssl = Net::SSLeay::new($ctx)      or dienow(\"SSLnew ($ssl): $!\");\nNet::SSLeay::setfd($ssl, fileno(NS));\n\n$err = Net::SSLeay::accept($ssl) and dieifsslerror('ssl accept');\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n# Connected. Exchange some data.\n\n$got = Net::SSLeay::read($ssl);     # Returns undef on fail\ndieifsslerror(\"ssl read\");\nprint \"Got `$got' (\" . length ($got) . \" chars)\\n\";\n\nNet::SSLeay::write ($ssl, uc ($got)) or die \"write: $!\";\ndieifsslerror(\"ssl write\");\n\nNet::SSLeay::free ($ssl);           # Tear down connection\nclose NS;\n}\n\nYet another echo server. This one runs from \"/etc/inetd.conf\" so it avoids all the socket code\noverhead. Only caveat is opening an rsa key file - it had better be without any encryption or\nelse it will not know where to ask for the password. Note how \"STDIN\" and \"STDOUT\" are wired to\nSSL.\n\n#!/usr/bin/perl\n# /etc/inetd.conf\n#    ssltst stream tcp nowait root /path/to/server.pl server.pl\n# /etc/services\n#    ssltst         1234/tcp\n\nuse Net::SSLeay qw(dienow dieifsslerror);\nNet::SSLeay::loaderrorstrings();\nNet::SSLeay::SSLeayaddsslalgorithms();\nNet::SSLeay::randomize();\n\nchdir '/key/dir' or die \"chdir: $!\";\n$| = 1;  # Piping hot!\nopen LOG, \">>/dev/console\" or die \"Can't open log file $!\";\nselect LOG; print \"server.pl started\\n\";\n\n$ctx = Net::SSLeay::CTXnew()     or dienow \"CTXnew ($ctx) ($!)\";\n$ssl = Net::SSLeay::new($ctx)     or dienow \"new ($ssl) ($!)\";\nNet::SSLeay::setoptions($ssl, &Net::SSLeay::OPALL)\nand dieifsslerror(\"ssl set options\");\n\n# We get already open network connection from inetd, now we just\n# need to attach SSLeay to STDIN and STDOUT\nNet::SSLeay::setrfd($ssl, fileno(STDIN));\nNet::SSLeay::setwfd($ssl, fileno(STDOUT));\n\nNet::SSLeay::useRSAPrivateKeyfile ($ssl, 'plain-rsa.pem',\nNet::SSLeay::FILETYPEPEM);\ndieifsslerror(\"private key\");\nNet::SSLeay::usecertificatefile ($ssl, 'plain-cert.pem',\nNet::SSLeay::FILETYPEPEM);\ndieifsslerror(\"certificate\");\n\nNet::SSLeay::accept($ssl) and dieifsslerr(\"ssl accept: $!\");\nprint \"Cipher `\" . Net::SSLeay::getcipher($ssl) . \"'\\n\";\n\n$got = Net::SSLeay::read($ssl);\ndieifsslerror(\"ssl read\");\nprint \"Got `$got' (\" . length ($got) . \" chars)\\n\";\n\nNet::SSLeay::write ($ssl, uc($got)) or die \"write: $!\";\ndieifsslerror(\"ssl write\");\n\nNet::SSLeay::free ($ssl);         # Tear down the connection\nNet::SSLeay::CTXfree ($ctx);\nclose LOG;\n\nThere are also a number of example/test programs in the examples directory:\n\nsslecho.pl   -  A simple server, not unlike the one above\nminicli.pl   -  Implements a client using low level SSLeay routines\nsslcat.pl    -  Demonstrates using high level sslcat utility function\ngetpage.pl  -  Is a utility for getting html pages from secure servers\ncallback.pl  -  Demonstrates certificate verification and callback usage\nstdiobulk.pl       - Does SSL over Unix pipes\nssl-inetd-serv.pl   - SSL server that can be invoked from inetd.conf\nhttpd-proxy-snif.pl - Utility that allows you to see how a browser\nsends https request to given server and what reply\nit gets back (very educative :-)\nmakecert.pl  -  Creates a self signed cert (does not use this module)\n",
                "subsections": []
            },
            "INSTALLATION": {
                "content": "See README and README.* in the distribution directory for installation guidance on a variety of\nplatforms.\n",
                "subsections": []
            },
            "LIMITATIONS": {
                "content": "\"Net::SSLeay::read()\" uses an internal buffer of 32KB, thus no single read will return more. In\npractice one read returns much less, usually as much as fits in one network packet. To work\naround this, you should use a loop like this:\n\n$reply = '';\nwhile ($got = Net::SSLeay::read($ssl)) {\nlast if printerrs('SSLread');\n$reply .= $got;\n}\n\nAlthough there is no built-in limit in \"Net::SSLeay::write()\", the network packet size\nlimitation applies here as well, thus use:\n\n$written = 0;\n\nwhile ($written < length($message)) {\n$written += Net::SSLeay::write($ssl, substr($message, $written));\nlast if printerrs('SSLwrite');\n}\n\nOr alternatively you can just use the following convenience functions:\n\nNet::SSLeay::sslwriteall($ssl, $message) or die \"ssl write failure\";\n$got = Net::SSLeay::sslreadall($ssl) or die \"ssl read failure\";\n",
                "subsections": []
            },
            "KNOWN BUGS AND CAVEATS": {
                "content": "LibreSSL versions in the 3.1 - 3.3 series contain a TLS 1.3 implementation that is not fully\ncompatible with the libssl API, but is still advertised during protocol auto-negotiation. If you\nencounter problems or unexpected behaviour with SSL or SSLCTX objects whose protocol version\nwas automatically negotiated and libssl is provided by any of these versions of LibreSSL, it\ncould be because the peers negotiated to use TLS 1.3 - try setting the maximum protocol version\nto TLS 1.2 (via \"Net::SSLeay::setmaxprotoversion()\" or\n\"Net::SSLeay::CTXsetmaxprotoversion()\") before establishing the connection. The first stable\nLibreSSL version with a fully libssl-compatible TLS 1.3 implementation is 3.4.1.\n\nAn OpenSSL bug CVE-2015-0290 \"OpenSSL Multiblock Corrupted Pointer Issue\" can cause POST\nrequests of over 90kB to fail or crash. This bug is reported to be fixed in OpenSSL 1.0.2a.\n\nAutoloader emits a\n\nArgument \"xxx\" isn't numeric in entersub at blib/lib/Net/SSLeay.pm'\n\nwarning if dieifsslerror is made autoloadable. If you figure out why, drop me a line.\n\nCallback set using \"SSLsetverify()\" does not appear to work. This may well be an openssl\nproblem (e.g. see \"ssl/ssllib.c\" line 1029). Try using \"SSLCTXsetverify()\" instead and do\nnot be surprised if even this stops working in future versions.\n\nCallback and certificate verification stuff is generally too little tested.\n\nRandom numbers are not initialized randomly enough, especially if you do not have \"/dev/random\"\nand/or \"/dev/urandom\" (such as in Solaris platforms - but it's been suggested that cryptorand\ndaemon from the SUNski package solves this). In this case you should investigate third party\nsoftware that can emulate these devices, e.g. by way of a named pipe to some program.\n\nAnother gotcha with random number initialization is randomness depletion. This phenomenon, which\nhas been extensively discussed in OpenSSL, Apache-SSL, and Apache-modssl forums, can cause your\nscript to block if you use \"/dev/random\" or to operate insecurely if you use \"/dev/urandom\".\nWhat happens is that when too much randomness is drawn from the operating system's randomness\npool then randomness can temporarily be unavailable. \"/dev/random\" solves this problem by\nwaiting until enough randomness can be gathered - and this can take a long time since blocking\nreduces activity in the machine and less activity provides less random events: a vicious circle.\n\"/dev/urandom\" solves this dilemma more pragmatically by simply returning predictable \"random\"\nnumbers. Some\" /dev/urandom\" emulation software however actually seems to implement\n\"/dev/random\" semantics. Caveat emptor.\n\nI've been pointed to two such daemons by Mik Firestone <mik@@speed.stdio.com> who has used them\non Solaris 8:\n\n1   Entropy Gathering Daemon (EGD) at <http://www.lothar.com/tech/crypto/>\n\n2   Pseudo-random number generating daemon (PRNGD) at\n<http://www.aet.tu-cottbus.de/personen/jaenicke/postfixtls/prngd.html>\n\nIf you are using the low level API functions to communicate with other SSL implementations, you\nwould do well to call\n\nNet::SSLeay::CTXsetoptions($ctx, &Net::SSLeay::OPALL)\nor dieifsslerror(\"ssl ctx set options\");\n\nto cope with some well know bugs in some other SSL implementations. The high level API functions\nalways set all known compatibility options.\n\nSometimes \"sslcat()\" (and the high level HTTPS functions that build on it) is too fast in\nsignaling the EOF to legacy HTTPS servers. This causes the server to return empty page. To work\naround this problem you can set the global variable\n\n$Net::SSLeay::slowly = 1;   # Add sleep so broken servers can keep up\n\nHTTP/1.1 is not supported. Specifically this module does not know to issue or serve multiple\nhttp requests per connection. This is a serious shortcoming, but using the SSL session cache on\nyour server helps to alleviate the CPU load somewhat.\n\nAs of version 1.09 many newer OpenSSL auxiliary functions were added (from\n\"REMAUTOMATICALLYGENERATED109\" onwards in \"SSLeay.xs\"). Unfortunately I have not had any\nopportunity to test these. Some of them are trivial enough that I believe they \"just work\", but\nothers have rather complex interfaces with function pointers and all. In these cases you should\nproceed wit great caution.\n\nThis module defaults to using OpenSSL automatic protocol negotiation code for automatically\ndetecting the version of the SSL/TLS protocol that the other end talks. With most web servers\nthis works just fine, but once in a while I get complaints from people that the module does not\nwork with some web servers. Usually this can be solved by explicitly setting the protocol\nversion, e.g.\n\n$Net::SSLeay::sslversion = 2;  # Insist on SSLv2\n$Net::SSLeay::sslversion = 3;  # Insist on SSLv3\n$Net::SSLeay::sslversion = 10; # Insist on TLSv1\n$Net::SSLeay::sslversion = 11; # Insist on TLSv1.1\n$Net::SSLeay::sslversion = 12; # Insist on TLSv1.2\n$Net::SSLeay::sslversion = 13; # Insist on TLSv1.3\n\nAlthough the autonegotiation is nice to have, the SSL standards do not formally specify any such\nmechanism. Most of the world has accepted the SSLeay/OpenSSL way of doing it as the de facto\nstandard. But for the few that think differently, you have to explicitly speak the correct\nversion. This is not really a bug, but rather a deficiency in the standards. If a site refuses\nto respond or sends back some nonsensical error codes (at the SSL handshake level), try this\noption before mailing me.\n\nOn some systems, OpenSSL may be compiled without support for SSLv2. If this is the case,\nNet::SSLeay will warn if sslversion has been set to 2.\n\nThe high level API returns the certificate of the peer, thus allowing one to check what\ncertificate was supplied. However, you will only be able to check the certificate after the\nfact, i.e. you already sent your form data by the time you find out that you did not trust them,\noops.\n\nSo, while being able to know the certificate after the fact is surely useful, the security\nminded would still choose to do the connection and certificate verification first and only then\nexchange data with the site. Currently none of the high level API functions do this, thus you\nwould have to program it using the low level API. A good place to start is to see how the\n\"Net::SSLeay::httpcat()\" function is implemented.\n\nThe high level API functions use a global file handle \"SSLCATS\" internally. This really should\nnot be a problem because there is no way to interleave the high level API functions, unless you\nuse threads (but threads are not very well supported in perl anyway). However, you may run into\nproblems if you call undocumented internal functions in an interleaved fashion. The best\nsolution is to \"require Net::SSLeay\" in one thread after all the threads have been created.\n",
                "subsections": []
            },
            "DIAGNOSTICS": {
                "content": "Random number generator not seeded!!!\n(W) This warning indicates that \"randomize()\" was not able to read \"/dev/random\" or\n\"/dev/urandom\", possibly because your system does not have them or they are differently\nnamed. You can still use SSL, but the encryption will not be as strong.\n\nopentcpconnection: destination host not found:`server' (port 123) ($!)\nName lookup for host named \"server\" failed.\n\nopentcpconnection: failed `server', 123 ($!)\nThe name was resolved, but establishing the TCP connection failed.\n\nmsg 123: 1 - error:140770F8:SSL routines:SSL23GETSERVERHELLO:unknown proto\nSSLeay error string. The first number (123) is the PID, the second number (1) indicates the\nposition of the error message in SSLeay error stack. You often see a pile of these messages\nas errors cascade.\n\nmsg 123: 1 - error:02001002::lib(2) :func(1) :reason(2)\nThe same as above, but you didn't call loaderrorstrings() so SSLeay couldn't verbosely\nexplain the error. You can still find out what it means with this command:\n\n/usr/local/ssl/bin/ssleay errstr 02001002\n\nPassword is being asked for private key\nThis is normal behaviour if your private key is encrypted. Either you have to supply the\npassword or you have to use an unencrypted private key. Scan OpenSSL.org for the FAQ that\nexplains how to do this (or just study examples/makecert.pl which is used during \"make test\"\nto do just that).\n",
                "subsections": []
            },
            "SECURITY": {
                "content": "You can mitigate some of the security vulnerabilities that might be present in your SSL/TLS\napplication:\n\nBEAST Attack\nhttp://blogs.cisco.com/security/beat-the-beast-with-tls/\nhttps://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls\nhttp://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html\n\nThe BEAST attack relies on a weakness in the way CBC mode is used in SSL/TLS. In OpenSSL\nversions 0.9.6d and later, the protocol-level mitigation is enabled by default, thus making it\nnot vulnerable to the BEAST attack.\n\nSolutions:\n\n*   Compile with OpenSSL versions 0.9.6d or later, which enables SSLOPALL by default\n\n*   Ensure SSLOPDONTINSERTEMPTYFRAGMENTS is not enabled (its not enabled by default)\n\n*   Don't support SSLv2, SSLv3\n\n*   Actively control the ciphers your server supports with setcipherlist:\n\nNet::SSLeay::setcipherlist($ssl, 'RC4-SHA:HIGH:!ADH');\n",
                "subsections": [
                    {
                        "name": "Session Resumption",
                        "content": "http://www.openssl.org/docs/ssl/SSLCTXsetoptions.html\n\nThe SSL Labs vulnerability test on your SSL server might report in red:\n\nSession resumption No (IDs assigned but not accepted)\n\nThis report is not really bug or a vulnerability, since the server will not accept session\nresumption requests. However, you can prevent this noise in the report by disabling the session\ncache altogether: Net::SSLeay::CTXsetsessioncachemode($sslctx,\nNet::SSLeay::SESSCACHEOFF()); Use 0 if you don't have SESSCACHEOFF constant.\n"
                    },
                    {
                        "name": "Secure Renegotiation and DoS Attack",
                        "content": "https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-servi\nce-attacks\n\nThis is not a \"security flaw,\" it is more of a DoS vulnerability.\n\nSolutions:\n\n*   Do not support SSLv2\n\n*   Do not set the SSLOPALLOWUNSAFELEGACYRENEGOTIATION option\n\n*   Compile with OpenSSL 0.9.8m or later\n"
                    }
                ]
            },
            "BUGS": {
                "content": "If you encounter a problem with this module that you believe is a bug, please create a new issue\n<https://github.com/radiator-software/p5-net-ssleay/issues/new> in the Net-SSLeay GitHub\nrepository. Please make sure your bug report includes the following information:\n\n*   the code you are trying to run;\n\n*   your operating system name and version;\n\n*   the output of \"perl -V\";\n\n*   the version of OpenSSL or LibreSSL you are using.\n",
                "subsections": []
            },
            "AUTHOR": {
                "content": "Originally written by Sampo Kellomäki.\n\nMaintained by Florian Ragwitz between November 2005 and January 2010.\n\nMaintained by Mike McCauley between November 2005 and June 2018.\n\nMaintained by Chris Novakovic, Tuure Vartiainen and Heikki Vatiainen since June 2018.\n",
                "subsections": []
            },
            "COPYRIGHT": {
                "content": "Copyright (c) 1996-2003 Sampo Kellomäki <sampo@iki.fi>\n\nCopyright (c) 2005-2010 Florian Ragwitz <rafl@debian.org>\n\nCopyright (c) 2005-2018 Mike McCauley <mikem@airspayce.com>\n\nCopyright (c) 2018- Chris Novakovic <chris@chrisn.me.uk>\n\nCopyright (c) 2018- Tuure Vartiainen <vartiait@radiatorsoftware.com>\n\nCopyright (c) 2018- Heikki Vatiainen <hvn@radiatorsoftware.com>\n\nAll rights reserved.\n",
                "subsections": []
            },
            "LICENSE": {
                "content": "This module is released under the terms of the Artistic License 2.0. For details, see the\n\"LICENSE\" file distributed with Net-SSLeay's source code.\n",
                "subsections": []
            },
            "SEE ALSO": {
                "content": "Net::SSLeay::Handle                      - File handle interface\n./examples                               - Example servers and a clients\n<http://www.openssl.org/>                - OpenSSL source, documentation, etc\nopenssl-users-request@openssl.org        - General OpenSSL mailing list\n<http://www.ietf.org/rfc/rfc2246.txt>    - TLS 1.0 specification\n<http://www.w3c.org>                     - HTTP specifications\n<http://www.ietf.org/rfc/rfc2617.txt>    - How to send password\n<http://www.lothar.com/tech/crypto/>     - Entropy Gathering Daemon (EGD)\n<http://www.aet.tu-cottbus.de/personen/jaenicke/postfixtls/prngd.html>\n- pseudo-random number generating daemon (PRNGD)\nperl(1)\nperlref(1)\nperllol(1)\nperldoc ~openssl/doc/ssl/SSLCTXsetverify.pod\n",
                "subsections": []
            }
        }
    }
}