Index: doc/tls.html
==================================================================
--- doc/tls.html
+++ doc/tls.html
@@ -1,6 +1,6 @@
-
+
- - NAME
+ - NAME
+
- tls - binding to OpenSSL toolkit.
- SYNOPSIS
@@ -225,89 +226,102 @@
the handshake was successful. If the handshake failed
this routine will throw an error.
-
- tls::status
?-local? channel
- - Returns the current certificate status of an SSL channel. The
- result is a list of key-value pairs describing the
- connected peer. If the result is an empty list then the
- SSL handshake has not yet completed.
- If -local is given, then the certificate information
- is the one used locally.
-
+ - Returns the current status of the certificate for an SSL
+ channel. The result is a list of key-value pairs describing
+ the certificate. If the result is an empty list then the
+ SSL handshake has not yet completed. If -local is
+ specified, then the local certificate is used.
+
+ SSL Status
+
+ - alpn protocol
+ - The protocol selected after Application-Layer Protocol
+ Negotiation (ALPN).
+ - cipher cipher
+ - The current cipher in use between the client and
+ server channels.
+ - peername name
+ - The peername from the certificate.
+ - protocol version
+ - The protocol version used for the connection:
+ SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.
+ - sbits n
+ - The number of bits used for the session key.
+ - signatureHashAlgorithm algorithm
+ - The signature hash algorithm.
+ - signature_type type
+ - The signature type value.
+ - verification result
+ - Certificate verification result.
+ - ca_names list
+ - List of the Certificate Authorities used to create the certificate.
+
+
+ Certificate Status
- all string
- - Dump of all certificate data.
+ - Dump of all certificate info.
+
- version value
- - The certification version
- - signatureAlgorithm algorithm
+ - The certificate version.
+ - serialNumber n
+ - The serial number of the certificate as hex string.
+ - signature algorithm
- Cipher algorithm used for certificate signature.
- - digest version
- - Certificate signature digest.
- - publicKeyAlgorithm algorithm
- - Certificate signature public key algorithm.
- - publicKey string
- - Certificate signature public key.
- - bits n
- - Number of bits used for certificate signature key
- - self_signed boolean
- - Is certificate signature self signed.
- - sha1_hash hash
- - The SHA1 hash of the certificate.
- - sha256_hash hash
- - The SHA256 hash of the certificate.
- - subject dn
- - The distinguished name (DN) of the certificate subject.
- issuer dn
- The distinguished name (DN) of the certificate issuer.
- notBefore date
- The begin date for the validity of the certificate.
- notAfter date
- - The expiry date for the certificate.
- - serialNumber n
- - The serial number of the certificate.
- - certificate cert
- - The PEM encoded certificate.
+ - The expiration date for the certificate.
+ - subject dn
+ - The distinguished name (DN) of the certificate subject.
+ Fields include: Common Name (CN), Organization (O), Locality
+ or City (L), State or Province (S), and Country Name (C).
+
- num_extensions n
- Number of certificate extensions.
- extensions list
- List of certificate extension names.
- - peername name
- - The peername from the certificate.
- - sbits n
- - The number of bits used for the session key.
- - cipher cipher
- - The current cipher in use between the client and
- server channels.
- - verificationresult
- - Certificate verification result.
- - alpn protocol
- - The protocol selected after Application-Layer Protocol
- Negotiation (ALPN).
- - protocol value
- - The protocol version used for the connection:
- SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, or unknown
- - signatureHashAlgorithm string
- - The signature hash algorithm.
- - signature_type type
- - The signature type value.
+ - subjectKeyIdentifier string
+ - Hash of the public key inside the certificate.
- subjectAltName list
- List of all of the alternative domain names, sub domains,
and IP addresses that are secured by the certificate.
- - ca_names list
- - List of the Certificate Authorities used to create the certificate.
+
+ - certificate cert
+ - The PEM encoded certificate.
+
+ - signatureDigest version
+ - Certificate signing digest.
+ - publicKeyAlgorithm algorithm
+ - Certificate signature public key algorithm.
+ - publicKey string
+ - Certificate signature public key as hex string.
+ - bits n
+ - Number of bits used for certificate signature key
+ - self_signed boolean
+ - Is certificate signature self signed.
+
+ - sha1_hash hash
+ - The SHA1 hash of the certificate as hex string.
+ - sha256_hash hash
+ - The SHA256 hash of the certificate as hex string.
- tls::connection
channel
- Returns the current connection status of an SSL channel. The
result is a list of key-value pairs describing the
connected peer.
-
+ SSL Status
- state state
- State of the connection.
- servername name
- The name of the connected to server.
@@ -320,10 +334,19 @@
- The security level used for selection of ciphers, key size, etc.
- session_reused boolean
- Whether the session has been reused or not.
- is_server boolean
- Whether the connection configured as a server or client (false).
+ - compression mode
+ - Compression method.
+ - expansion mode
+ - Expansion method.
+
+
+
+ Cipher Info
+
- cipher cipher
- The current cipher in use for the connection.
- standard_name name
- The standard RFC name of cipher.
- bits n
@@ -334,10 +357,15 @@
- The minimum protocol version for cipher.
- id id
- The OpenSSL cipher id.
- description string
- A text description of the cipher.
+
+
+
+ Session Info
+
- alpn protocol
- The protocol selected after Application-Layer Protocol
Negotiation (ALPN).
- resumable boolean
- Can the session be resumed or not.
@@ -353,20 +381,16 @@
- Unique session ticket for use in resuming the session.
- ticket_app_data string
- Unique session ticket application data.
- master_key binary_string
- Unique session master key.
- - compression mode
- - Compression method.
- - expansion mode
- - Expansion method.
- session_cache_mode mode
- Server cache mode (client, server, or both).
- - tls::ciphers
+
- tls::ciphers
protocol ?verbose? ?supported?
- Returns a list of supported ciphers available for protocol,
where protocol must be one of ssl2, ssl3, tls1, tls1.1,
tls1.2, or tls1.3. If verbose is specified as
true then a verbose, human readable list is returned with
@@ -413,12 +437,12 @@
-
alpn protocol
-
For servers, this form of callback is invoked when the client ALPN
- header is received and the first -alpn specified protocol common to
- the both the client and server is selected. If none, the first
+ header is received and the first -alpn specified protocol common
+ to the both the client and server is selected. If none, the first
client specified protocol is used.