(This quick reference list was contributed by anton@genua.de. Thanks, --Sampo)

Net::SSLeay - useful function prototypes


#----------------------------------
# Import frequently used functions
#----------------------------------

use Net::SSLeay qw(die_now die_if_ssl_error);

$errs = die_if_ssl_error($msg);
	Program dies with $msg if print_errs() was able to find and print 
	some errors.
	$errs is 0 if no error occurred.

die_now($msg);
	Program dies unconditionally! print_errs($msg) is used to print out 
	errors before dying.


#--------------------------
# Unsorted prototypes  
#--------------------------

$count = Net::SSLeay::print_errs($msg);
	Prints SSLeay-error stack with included $msg via 'warn'. Number of 
	printed	errors is returned (->$count).

void Net::SSLeay::randomize($seed_file,$seed_string);
void Net::SSLeay::randomize();
	Load random bytes from $seed_file and from string $seed_string.
	Also uses $Net::SSLeay::random_device and $Net::SSLeay::how_random 
	(Bits!) if used	without parameters.

void Net::SSLeay::RAND_seed($seed_string);
	Seeds randomgenerator with $seed_string.

$bytes_read = Net::SSLeay::RAND_load_file($file_name, $how_much);
	Loads $how_much bytes randomness from file $file_name.

$bytes_written = Net::SSLeay::RAND_write_file($file_name);
	Writes randomness to $file_name.

void Net::SSLeay::load_error_strings();
	Load SSL error messages to make error output more informative.

void Net::SSLeay::ERR_load_crypto_strings();
	Load crypto-API related error messages.
 
void Net::SSLeay::SSLeay_add_ssl_algorithms();
	Add support for supported ciphers.

void Net::SSLeay::ENGINE_load_builtin_engines
	Load any built-in SSL engines suported by the underlybing OpenSSL

void Net::SSLeay::ENGINE_register_all_complete
	Register any built-in SSL engines

$ctx = Net::SSLeay::CTX_new();
	Creates SSL-context. 

int Net::SSLeay::CTX_set_default_verify_paths($ctx);
	Load default location where to find certificates to verify
	remote certificates. This value is precompiled in SSLeay-Toolkit.

int Net::SSLeay::CTX_load_verify_locations($ctx, $cert_file, $cert_dir);
	Set verify location. File with certificates or hashed directory.

void Net::SSLeay::CTX_set_verify($ctx, $mode , \&verify_cb);
	Set mode and callback what to do with remote certificates.
	$mode:	
		&Net::SSLeay::VERIFY_NONE
		&Net::SSLeay::VERIFY_PEER
		&Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT
		&Net::SSLeay::VERIFY_CLIENT_ONCE
	\&verify_cb: 
		$ok = verify_cb($ok,$x509_store_ctx);
		Callback gets info if SSL-toolkit verified certificate ($ok) 
		and certificate store location.
	
void Net::SSLeay::CTX_set_default_passwd_cb($ctx,\&passwd_cb);
	If our RSA private key is passphrase protected and this callback is
	defined, then do not ask on the terminal but call the function.
	\&passwd_cb:
		$passwd = verify_cb($verify);
		If $verify is true, then the callback is supposed to make sure
		the returned password has been verified.

$bool = Net::SSLeay::CTX_use_certificate_file($ctx,$cert,$type);
$bool = Net::SSLeay::CTX_use_PrivateKey_file($ctx,$key,$type);
	Functions to load cert/key from filename ($cert/$key) with filetype 
	$type into SSL-context. 
	Filetypes are:
		&Net::SSLeay::FILETYPE_PEM

$ssl = Net::SSLeay::new($ctx)
	Creates a SSL-session in context $ctx. Returns 0 on failure.

$bool = Net::SSLeay::use_certificate_file($ssl,$cert,$type);
$bool = Net::SSLeay::use_RSAPrivateKey_file($ssl,$key,$type);
	Functions to load cert/key from filename ($cert/$key) with filetype 
	$type into SSL-session. 
	Filetypes are:
		&Net::SSLeay::FILETYPE_PEM

$bool = Net::SSLeay::set_fd($ssl, fileno(S));
	Connect SSL-Toolkit with TCP-connection.
	$ssl	SSL-Session
	S	open socket
	$bool	0-failure 1-success
	
$bool = Net::SSLeay::accept($ssl);
	Make SSL-handshake on hot connection. I am server!
	$ssl	SSL-session
	$bool	0-failure 1-success

$bool = Net::SSLeay::connect($ssl);
	Make SSL-handshake on hot connection. I am client!
	$ssl	SSL-session
	$bool	0-failure 1-success

$x509 = Net::SSLeay::get_peer_certificate($ssl);
	Get X509 certificate from SSL_session.

$x509 = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx)
	Extract current certificate from cert-store. Cert-store is
	used in callbacks!

$asn1_utctime = Net::SSLeay::X509_get_notBefore($x509);
$asn1_utctime = Net::SSLeay::X509_get_notAfter($x509);
$x509_name = Net::SSLeay::X509_get_subject_name($x509);
$x509_name = Net::SSLeay::X509_get_issuer_name($x509);
($type1, $subject1, $type2, $subject2, ...) = Net::SSLeay::X509_get_subjectAltNames($x509)
	 subjectAltName types as per x509v3.h GEN_* for example:
	 GEN_DNS == 2
	 GEN_IPADD == 7
	Return information from a certificate.

$string = Net::SSLeay::P_ASN1_UTCTIME_put2string($asn1_utctime);
	Convert a asn1_utctime structure to a printable string.

$string = Net::SSLeay::X509_NAME_oneline($x509_name);
	Convert a x509_name structure to a printable string.	

$string = Net::SSLeay::get_cipher($ssl)
	Return the active cipher from SSL-session $ssl.

$string = Net::SSLeay::dump_peer_certificate($ssl)
	Return Subject/Issuer from peer-certificate in printable string.

$string = Net::SSLeay::PEM_get_string_X509($x509);
	Returns a printable string containing the X509 certificate PEM encoded
	from $x509.

$mode = Net::SSLeay::CTX_get_verify_mode($ctx)
	Return verify-mode previously set with CTX_set_verify in SSL-context.
	
$mode = Net::SSLeay::get_verify_mode($ssl)
	Return verify-mode in SSL-session.

$written_bytes = Net::SSLeay::ssl_write_all($ssl,$string);
	Write $string to SSL-session. This call returns undef if write failed.
	The whole string gets written!

$written_bytes = $Net::SSLeay::write($ssl,$string);
	Write $string to SSL-session. This call returns immediately. SSL maybe
	wrote the string not completely - check yourself or use ssl_write_all!

$string = Net::SSLeay::ssl_read_all($ssl,$how_much);
	Read everything available from the SSL-session and return it. Read a 
	maximum	of $how_much Bytes (default: 2000000000).

$string = Net::SSLeay::read($ssl);
	Read one bunch of data from the SSL-session and return.

void Net::SSLeay::free ($ssl);
	Free ressources from the SSL-session.

void Net::SSLeay::CTX_free ($ctx);
	Free ressources from the SSL-context.


#----------------------
# MD5 - hashfunction
#----------------------

$hash = Net::SSLeay:MD5($data);
	Computes md5 hash over $data. $hash is a binary string! Convert it to
	a printable with $string = unpack("H32",Net::SSLeay::MD5($data));


#----------------------
# TCP-Connection hints
#----------------------

# Make socket unbuffered after connect succeeded.
#
select(S); $| = 1; select(STDOUT);

# Close connection by half... from client to server. This signals EOF to
# server. (Clear some buffers, too...??)
# Use this if finished with sending data to remote side.
shutdown S, 1;

# Finally close connection. Do this after reading everything availlable!
#
close S;


#------------------
# TCP Client
#------------------

# #!/usr/bin/perl -w
use strict;
use Socket;
my ($remote,$port, $iaddr, $paddr, $proto, $line);

$remote  = shift || 'localhost';
$port    = shift || 3000;  # random port
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
die "No port" unless $port;
$iaddr   = inet_aton($remote)               || die "no host: $remote";
$paddr   = sockaddr_in($port, $iaddr);

$proto   = getprotobyname('tcp');
socket(SOCK, PF_INET, SOCK_STREAM, $proto)  || die "socket: $!";
connect(SOCK, $paddr)    || die "connect: $!";
while (defined($line = <SOCK>)) {
    print $line;
}

close (SOCK)            || die "close: $!";
exit;


#--------------------
# TCP Server
#--------------------

# #!/usr/bin/perl -Tw
use strict;
BEGIN { $ENV{PATH} = '/usr/ucb:/bin' }
use Socket;
use Carp;

sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" }

my $EOL = "\015\012";

my $port = shift || 3000;
my $proto = getprotobyname('tcp');
$port = $1 if $port =~ /(\d+)/; # untaint port number

socket(Server, PF_INET, SOCK_STREAM, $proto)        || die "socket: $!";
setsockopt(Server, SOL_SOCKET, SO_REUSEADDR,
                                    pack("l", 1))   || die "setsockopt: $!";

bind(Server, sockaddr_in($port, INADDR_ANY))        || die "bind: $!";
listen(Server,SOMAXCONN)                            || die "listen: $!";

logmsg "server started on port $port";

my $paddr;

for ( ; $paddr = accept(Client,Server); close Client) {
    my($port,$iaddr) = sockaddr_in($paddr);
    my $name = gethostbyaddr($iaddr,AF_INET);

    logmsg "connection from $name [",
            inet_ntoa($iaddr), "]
            at port $port";

    print Client "Hello there, $name, it's now ",
                    scalar localtime, $EOL;
}