13. Protocols
13.1. HTTP
Module Protocols.HTTP
- Constantresponse_codes
constant
Protocols.HTTP.response_codes
- Description
Mapping from
StatusCode
to descriptive string.- See also
StatusCode
- Methoddelete_url
.Query
delete_url(string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Sends a HTTP DELETE request to the server in the URL and returns the created and initialized
Query
object.0
is returned upon failure. If a query object havingrequest_headers->Connection=="Keep-Alive"
from a previous request is provided and the already established server connection can be used for the next request, you may gain some performance.
- Methoddo_async_method
void
do_async_method(string
method
,string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,Protocols.HTTP.Query
con
,void
|string
data
)- Description
Low level asynchronous HTTP call method.
- Parameter
method
The HTTP method to use, e.g.
"GET"
.- Parameter
url
The URL to perform
method
on. Should be a complete URL, including protocol, e.g."https://pike.lysator.liu.se/"
.- Parameter
query_variables
Calls
http_encode_query
and appends the result to the URL.- Parameter
request_headers
The HTTP headers to be added to the request. By default the headers User-agent, Host and, if needed by the url, Authorization will be added, with generated contents. Providing these headers will override the default. Setting the value to 0 will remove that header from the request.
- Parameter
con
Previously initialized connection object. In particular the callbacks must have been set (
Query.set_callbacks()
).- Parameter
data
Data payload to be transmitted in the request.
- See also
do_method()
,Query.set_callbacks()
- Methoddo_async_proxied_method
void
do_async_proxied_method(string
|Standards.URI
proxy
,string
user
,string
password
,string
method
,string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,Protocols.HTTP.Query
con
,void
|string
data
)- Description
Low level asynchronous proxied HTTP call method.
Makes an HTTP request through a proxy.
- Parameter
proxy
URL for the proxy.
- Parameter
user
- Parameter
password
Proxy authentication credentials.
- Parameter
method
The HTTP method to use, e.g.
"GET"
.- Parameter
url
The URL to perform
method
on. Should be a complete URL, including protocol, e.g."https://pike.lysator.liu.se/"
.- Parameter
query_variables
Calls
http_encode_query
and appends the result to the URL.- Parameter
request_headers
The HTTP headers to be added to the request. By default the headers User-agent, Host and, if needed by the url, Authorization will be added, with generated contents. Providing these headers will override the default. Setting the value to 0 will remove that header from the request.
- Parameter
con
Previously initialized connection object. In particular the callbacks must have been set (
Query.set_callbacks()
).- Parameter
data
Data payload to be transmitted in the request.
- See also
do_async_method()
,do_proxied_method()
,Query.set_callbacks()
- Methoddo_method
.Query
|zero
do_method(string
method
,string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
,void
|string
data
)- Description
Low level HTTP call method.
- Parameter
method
The HTTP method to use, e.g.
"GET"
.- Parameter
url
The URL to perform
method
on. Should be a complete URL, including protocol, e.g."https://pike.lysator.liu.se/"
.- Parameter
query_variables
Calls
http_encode_query
and appends the result to the URL.- Parameter
request_headers
The HTTP headers to be added to the request. By default the headers User-agent, Host and, if needed by the url, Authorization will be added, with generated contents. Providing these headers will override the default. Setting the value to 0 will remove that header from the request.
- Parameter
con
Old connection object.
- Parameter
data
Data payload to be transmitted in the request.
- See also
do_sync_method()
- Methoddo_proxied_method
.Query
do_proxied_method(string
|Standards.URI
proxy
,string
user
,string
password
,string
method
,string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
,void
|string
data
)- Description
Makes an HTTP request through a proxy.
- Parameter
proxy
URL for the proxy.
- Parameter
user
- Parameter
password
Proxy authentication credentials.
- Parameter
method
- Parameter
url
- Parameter
query_variables
- Parameter
request_headers
- Parameter
con
- Parameter
data
The remaining arguments are identical to
do_method()
.- See also
do_method()
,do_async_proxied_method()
- Methodget_url
.Query
get_url(string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Sends a HTTP GET request to the server in the URL and returns the created and initialized
Query
object.0
is returned upon failure. If a query object havingrequest_headers->Connection=="Keep-Alive"
from a previous request is provided and the already established server connection can be used for the next request, you may gain some performance.
- Methodget_url_data
string
get_url_data(string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Returns the returned data after calling the requested server for information through HTTP GET.
0
is returned upon failure. Redirects (HTTP 302) are automatically followed.
- Methodget_url_nice
array
(string
)|zero
get_url_nice(string
|Standards.URI
url
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Returns an array of
({content_type, data})
after calling the requested server for the information.0
is returned upon failure. Redirects (HTTP 302) are automatically followed.
- Methodhttp_encode_query
string
http_encode_query(mapping
(string
:int
|string
|array
(string
))variables
)- Description
Encodes a query mapping to a string; this protects odd - in http perspective - characters like '&' and '#' and control characters, and packs the result together in a HTTP query string.
Example:
> Protocols.HTTP.http_encode_query( (["anna":"eva","lilith":"blue"]) ); Result: "lilith=blue&anna=eva" > Protocols.HTTP.http_encode_query( (["&":"&","'=\"":"\0\0\0\u0434"]) ); Result: "%27%3D%22=%00%00%00%D0%B4&%26amp%3B=%26"
- Methodiri_encode
string
iri_encode(string
s
)- Description
Encodes the given string using %XX encoding to be used as a component part in an IRI (Internationalized Resource Identifier, see RFC 3987). This means that all chars outside the IRI iunreserved set are encoded, i.e. this function encodes equivalently to
uri_encode
except that all 8-bit and wider characters are left as-is.- Bugs
This function currently does not encode chars in the Unicode private ranges, although that is strictly speaking required in some but not all IRI components. That could change if it turns out to be a problem.
- See also
percent_decode
,uri_encode
- Methodpercent_decode
string
percent_decode(string
s
)- Description
Decodes URI-style %XX encoded chars in the given string.
- See also
percent_encode
,uri_decode
- Bugs
This function currently does not accept wide string input, which is necessary to work as the reverse of
iri_encode
.
- Methodpercent_encode
string
percent_encode(string
s
)- Description
Encodes the given string using %XX encoding, except that URI unreserved chars are not encoded. The unreserved chars are A-Z, a-z, 0-9, -, ., _, and ~ (see RFC 2396 section 2.3).
8-bit chars are encoded straight, and wider chars are not allowed. That means this encoding is applicable if
s
is a binary octet string. If it is a character string thenuri_encode
should be used instead.It is also slightly faster than
uri_encode
ifs
is known to contain only US-ASCII.
- Methodpost_url
.Query
post_url(string
|Standards.URI
url
,mapping
(string
:int
|string
|array
(string
))|string
query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Similar to
get_url
, except that query variables is sent as a POST request instead of a GET request. If query_variables is a simple string, it is assumed to contain the verbatim body of the POST request; Content-Type must be properly specified manually, in this case.
- Methodpost_url_data
string
post_url_data(string
|Standards.URI
url
,mapping
(string
:int
|string
|array
(string
))|string
query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Similar to
get_url_data
, except that query variables is sent as a POST request instead of a GET request.
- Methodpost_url_nice
array
(string
) post_url_nice(string
|Standards.URI
url
,mapping
(string
:int
|string
|array
(string
))|string
query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Similar to
get_url_nice
, except that query variables is sent as a POST request instead of a GET request.
- Methodput_url
.Query
put_url(string
|Standards.URI
url
,void
|string
file
,void
|mapping
(string
:int
|string
|array
(string
))query_variables
,void
|mapping
(string
:string
|array
(string
)|int
)request_headers
,void
|Protocols.HTTP.Query
con
)- Description
Sends a HTTP PUT request to the server in the URL and returns the created and initialized
Query
object.0
is returned upon failure. If a query object havingrequest_headers->Connection=="Keep-Alive"
from a previous request is provided and the already established server connection can be used for the next request, you may gain some performance.
- Methodquoted_string_decode
string
quoted_string_decode(string
s
)- Description
Decodes the given string which has been encoded as a quoted-string according to RFC 2616 section 2.2.
s
is assumed to not include the surrounding " chars.- See also
quoted_string_encode
- Methodquoted_string_encode
string
quoted_string_encode(string
s
)- Description
Encodes the given string quoted to be used as content inside a quoted-string according to RFC 2616 section 2.2. The returned string does not include the surrounding " chars.
- Note
The quoted-string quoting rules in RFC 2616 have several problems:
Quoting is inconsistent since " is quoted as \", but \ does not need to be quoted. This is resolved in the HTTP bis update to mandate quoting of \ too, which this function performs.
Many characters are not quoted sufficiently to make the result safe to use in an HTTP header, so this quoting is not enough if
s
contains NUL, CR, LF, or any 8-bit or wider character.
- See also
quoted_string_decode
- Methoduri_decode
string
uri_decode(string
s
)- Description
Decodes URI-style %XX encoded chars in the given string, and then UTF-8 decodes the result. This is the reverse of
uri_encode
anduri_encode_invalids
.- See also
uri_encode
,uri_encode_invalids
- Methoduri_encode
string
uri_encode(string
s
)- Description
Encodes the given string using %XX encoding to be used as a component part in a URI. This means that all URI reserved and excluded characters are encoded, i.e. everything except A-Z, a-z, 0-9, -, ., _, and ~ (see RFC 2396 section 2.3).
8-bit chars and wider are encoded using UTF-8 followed by percent-encoding. This follows RFC 3986 section 2.5, the IRI-to-URI conversion method in the IRI standard (RFC 3987) and appendix B.2 in the HTML 4.01 standard. It should work regardless of the charset used in the XML document the URI might be inserted into.
- See also
uri_decode
,uri_encode_invalids
,iri_encode
- Methoduri_encode_invalids
string
uri_encode_invalids(string
s
)- Description
Encodes all "dangerous" chars in the given string using %XX encoding, so that it can be included as a URI in an HTTP message or header field. This includes control chars, space and various delimiter chars except those in the URI reserved set (RFC 2396 section 2.2).
Since this function doesn't touch the URI reserved chars nor the escape char %, it can be used on a complete formatted URI or IRI.
8-bit chars and wider are encoded using UTF-8 followed by percent-encoding. This follows RFC 3986 section 2.5, the IRI standard (RFC 3987) and appendix B.2 in the HTML 4.01 standard.
- Note
The characters in the URI reserved set are: :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =. In addition, this function doesn't touch the escape char %.
- See also
uri_decode
,uri_encode
Enum Protocols.HTTP.StatusCode
- Description
HTTP Status codes.
- See also
response_codes
, https://www.iana.org/assignments/http-status-codes/http-status-codes.txt
- ConstantDAV_ALREADY_REPORTED
constant
Protocols.HTTP.DAV_ALREADY_REPORTED
- Description
RFC 5842 section 7.1: 208 Already Reported
- ConstantDAV_FAILED_DEP
constant
Protocols.HTTP.DAV_FAILED_DEP
- Description
RFC 2518 section 10.5: 424 Failed Dependency
- ConstantDAV_LOCKED
constant
Protocols.HTTP.DAV_LOCKED
- Description
RFC 2518 section 10.4: 423 Locked
- ConstantDAV_LOOP_DETECTED
constant
Protocols.HTTP.DAV_LOOP_DETECTED
- Description
RFC 5842 section 7.2: 508 Loop Detected
- ConstantDAV_MULTISTATUS
constant
Protocols.HTTP.DAV_MULTISTATUS
- Description
RFC 2518 section 10.2: 207 Multi-Status
- ConstantDAV_PROCESSING
constant
Protocols.HTTP.DAV_PROCESSING
- Description
RFC 2518 section 10.1: 102 Processing
- ConstantDAV_STORAGE_FULL
constant
Protocols.HTTP.DAV_STORAGE_FULL
- Description
RFC 2518 section 10.6: 507 Insufficient Storage
- ConstantDAV_UNPROCESSABLE
constant
Protocols.HTTP.DAV_UNPROCESSABLE
- Description
RFC 2518 section 10.3: 422 Unprocessable Entry
- ConstantDELTA_HTTP_IM_USED
constant
Protocols.HTTP.DELTA_HTTP_IM_USED
- Description
RFC 3229 section 10.4.1: 226 IM Used
- ConstantHTCPCP_TEAPOT
constant
Protocols.HTTP.HTCPCP_TEAPOT
- Description
RFC 2324 section 2.3.2: 418 I'm a teapot
- ConstantHTTP_ACCEPTED
constant
Protocols.HTTP.HTTP_ACCEPTED
- Description
RFC 2616 section 10.2.3: 202 Accepted
- ConstantHTTP_BAD
constant
Protocols.HTTP.HTTP_BAD
- Description
RFC 2616 section 10.4.1: 400 Bad Request
- ConstantHTTP_BAD_GW
constant
Protocols.HTTP.HTTP_BAD_GW
- Description
RFC 2616 section 10.5.3: 502 Bad Gateway
- ConstantHTTP_BAD_RANGE
constant
Protocols.HTTP.HTTP_BAD_RANGE
- Description
RFC 2616 section 10.4.17: 416 Requested Range Not Satisfiable
- ConstantHTTP_CONFLICT
constant
Protocols.HTTP.HTTP_CONFLICT
- Description
RFC 2616 section 10.4.10: 409 Conflict
- ConstantHTTP_CONTINUE
constant
Protocols.HTTP.HTTP_CONTINUE
- Description
RFC 2616 section 10.1.1: 100 Continue
- ConstantHTTP_CREATED
constant
Protocols.HTTP.HTTP_CREATED
- Description
RFC 2616 section 10.2.2: 201 Created
- ConstantHTTP_EARLY_HINTS
constant
Protocols.HTTP.HTTP_EARLY_HINTS
- Description
RFC 8297 section 2: 103 Early Hints
- ConstantHTTP_EXPECT_FAILED
constant
Protocols.HTTP.HTTP_EXPECT_FAILED
- Description
RFC 2616 section 10.4.18: 417 Expectation Failed
- ConstantHTTP_FORBIDDEN
constant
Protocols.HTTP.HTTP_FORBIDDEN
- Description
RFC 2616 section 10.4.4: 403 Forbidden
- ConstantHTTP_FOUND
constant
Protocols.HTTP.HTTP_FOUND
- Description
RFC 2616 section 10.3.3: 302 Found
- ConstantHTTP_GONE
constant
Protocols.HTTP.HTTP_GONE
- Description
RFC 2616 section 10.4.11: 410 Gone
- ConstantHTTP_GW_TIMEOUT
constant
Protocols.HTTP.HTTP_GW_TIMEOUT
- Description
RFC 2616 section 10.5.5: 504 Gateway Timeout
- ConstantHTTP_HEADERS_TOO_LARGE
constant
Protocols.HTTP.HTTP_HEADERS_TOO_LARGE
- Description
RFC 6585 section 5: 431 Request Header Fields Too Large
- ConstantHTTP_INTERNAL_ERR
constant
Protocols.HTTP.HTTP_INTERNAL_ERR
- Description
RFC 2616 section 10.5.1: 500 Internal Server Error
- ConstantHTTP_LEGALLY_RESTRICTED
constant
Protocols.HTTP.HTTP_LEGALLY_RESTRICTED
- Description
RFC 7725 section 3: 451 Unavailable For Legal Reasons
- ConstantHTTP_LENGTH_REQ
constant
Protocols.HTTP.HTTP_LENGTH_REQ
- Description
RFC 2616 section 10.4.12: 411 Length Required
- ConstantHTTP_METHOD_INVALID
constant
Protocols.HTTP.HTTP_METHOD_INVALID
- Description
RFC 2616 section 10.4.6: 405 Method Not Allowed
- ConstantHTTP_MISDIRECTED_REQ
constant
Protocols.HTTP.HTTP_MISDIRECTED_REQ
- Description
RFC 7540 section 9.1.2: 421 Misdirected Request
- ConstantHTTP_MOVED_PERM
constant
Protocols.HTTP.HTTP_MOVED_PERM
- Description
RFC 2616 section 10.3.2: 301 Moved Permanently
- ConstantHTTP_MULTIPLE
constant
Protocols.HTTP.HTTP_MULTIPLE
- Description
RFC 2616 section 10.3.1: 300 Multiple Choices
- ConstantHTTP_NET_AUTH_REQUIRED
constant
Protocols.HTTP.HTTP_NET_AUTH_REQUIRED
- Description
RFC 6585 section 6: 511 Network Authentication Required
- ConstantHTTP_NONAUTHORATIVE
constant
Protocols.HTTP.HTTP_NONAUTHORATIVE
- Description
RFC 2616 section 10.2.4: 203 Non-Authorative Information
- ConstantHTTP_NOT_ACCEPTABLE
constant
Protocols.HTTP.HTTP_NOT_ACCEPTABLE
- Description
RFC 2616 section 10.4.7: 406 Not Acceptable
- ConstantHTTP_NOT_EXTENDED
constant
Protocols.HTTP.HTTP_NOT_EXTENDED
- Description
RFC 2774 section 7: 510 Not Extended (obsolete)
- ConstantHTTP_NOT_FOUND
constant
Protocols.HTTP.HTTP_NOT_FOUND
- Description
RFC 2616 section 10.4.5: 404 Not Found
- ConstantHTTP_NOT_IMPL
constant
Protocols.HTTP.HTTP_NOT_IMPL
- Description
RFC 2616 section 10.5.2: 501 Not Implemented
- ConstantHTTP_NOT_MODIFIED
constant
Protocols.HTTP.HTTP_NOT_MODIFIED
- Description
RFC 2616 section 10.3.5: 304 Not Modified
- ConstantHTTP_NO_CONTENT
constant
Protocols.HTTP.HTTP_NO_CONTENT
- Description
RFC 2616 section 10.2.5: 204 No Content
- ConstantHTTP_OK
constant
Protocols.HTTP.HTTP_OK
- Description
RFC 2616 section 10.2.1: 200 OK
- ConstantHTTP_PARTIAL_CONTENT
constant
Protocols.HTTP.HTTP_PARTIAL_CONTENT
- Description
RFC 2616 section 10.2.7: 206 Partial Content
- ConstantHTTP_PAY
constant
Protocols.HTTP.HTTP_PAY
- Description
RFC 2616 section 10.4.3: 402 Payment Required
- ConstantHTTP_PERM_REDIRECT
constant
Protocols.HTTP.HTTP_PERM_REDIRECT
- Description
RFC 7538 section 3: 308 Permanent Redirect
- ConstantHTTP_PRECOND_FAILED
constant
Protocols.HTTP.HTTP_PRECOND_FAILED
- Description
RFC 2616 section 10.4.13: 412 Precondition Failed
- ConstantHTTP_PRECOND_REQUIRED
constant
Protocols.HTTP.HTTP_PRECOND_REQUIRED
- Description
RFC 6585 section 3: 428 Precondition required
- ConstantHTTP_PROXY_AUTH_REQ
constant
Protocols.HTTP.HTTP_PROXY_AUTH_REQ
- Description
RFC 2616 section 10.4.8: 407 Proxy Authentication Required
- ConstantHTTP_REQ_TOO_LARGE
constant
Protocols.HTTP.HTTP_REQ_TOO_LARGE
- Description
RFC 2616 section 10.4.14: 413 Request Entity Too Large
- ConstantHTTP_RESET_CONTENT
constant
Protocols.HTTP.HTTP_RESET_CONTENT
- Description
RFC 2616 section 10.2.6: 205 Reset Content
- ConstantHTTP_SEE_OTHER
constant
Protocols.HTTP.HTTP_SEE_OTHER
- Description
RFC 2616 section 10.3.4: 303 See Other
- ConstantHTTP_SWITCH_PROT
constant
Protocols.HTTP.HTTP_SWITCH_PROT
- Description
RFC 2616 section 10.1.2: 101 Switching protocols
- ConstantHTTP_TEMP_REDIRECT
constant
Protocols.HTTP.HTTP_TEMP_REDIRECT
- Description
RFC 2616 section 10.3.8: 307 Temporary Redirect
- ConstantHTTP_TIMEOUT
constant
Protocols.HTTP.HTTP_TIMEOUT
- Description
RFC 2616 section 10.4.9: 408 Request Timeout
- ConstantHTTP_TOO_MANY_REQUESTS
constant
Protocols.HTTP.HTTP_TOO_MANY_REQUESTS
- Description
RFC 6585 section 4: 429 Too Many Requests
- ConstantHTTP_UNAUTH
constant
Protocols.HTTP.HTTP_UNAUTH
- Description
RFC 2616 section 10.4.2: 401 Unauthorized
- ConstantHTTP_UNAVAIL
constant
Protocols.HTTP.HTTP_UNAVAIL
- Description
RFC 2616 section 10.5.4: 503 Service Unavailable
- ConstantHTTP_UNSUPP_MEDIA
constant
Protocols.HTTP.HTTP_UNSUPP_MEDIA
- Description
RFC 2616 section 10.4.16: 415 Unsupported Media Type
- ConstantHTTP_UNSUPP_VERSION
constant
Protocols.HTTP.HTTP_UNSUPP_VERSION
- Description
RFC 2616 section 10.5.6: 505 HTTP Version Not Supported
- ConstantHTTP_URI_TOO_LONG
constant
Protocols.HTTP.HTTP_URI_TOO_LONG
- Description
RFC 2616 section 10.4.15: 414 Request-URI Too Long
- ConstantHTTP_USE_PROXY
constant
Protocols.HTTP.HTTP_USE_PROXY
- Description
RFC 2616 section 10.3.6: 305 Use Proxy
- ConstantTCN_VARIANT_NEGOTIATES
constant
Protocols.HTTP.TCN_VARIANT_NEGOTIATES
- Description
RFC 2295 section 8.1: 506 Variant Also Negotiates
- ConstantTLS_TOO_EARLY
constant
Protocols.HTTP.TLS_TOO_EARLY
- Description
RFC 8470 section 5.2: 425 Too Early
- ConstantTLS_UPGRADE_REQUIRED
constant
Protocols.HTTP.TLS_UPGRADE_REQUIRED
- Description
RFC 2817 section 4.2: 426 Upgrade Required
Class Protocols.HTTP.Query
- Description
Open and execute an HTTP query.
- Example
HTTP.Query o=HTTP.Query();
void ok() { write("ok...\n"); write("%O\n", o->headers); exit(0); }
void fail() { write("fail\n"); exit(0); }
int main() { o->set_callbacks(ok, fail); o->async_request("pike.lysator.liu.se", 80, "HEAD / HTTP/1.0"); return -1; }
- Variableerrno
int
Protocols.HTTP.Query.errno- Description
Errno copied from the connection or simulated for async operations.
- Note
In Pike 7.8 and earlier hardcoded Linux values were used in async operations, 110 instead of
System.ETIMEDOUT
and 113 instead ofSystem.EHOSTUNREACH
.
- Variableheaders
mapping
Protocols.HTTP.Query.headers- Description
Headers as a mapping. All header names are in lower case, for convinience.
- Variablehost
Variablereal_host
Variableport string
Protocols.HTTP.Query.hoststring
Protocols.HTTP.Query.real_hostint
Protocols.HTTP.Query.port- Description
Connected host and port.
Used to detect whether keep-alive can be used.
- Variablehostname_cache
mapping
(string
:array
(string
)) Protocols.HTTP.Query.hostname_cache- Description
Set this to a global mapping if you want to use a cache, prior of calling *request().
- Variabletimeout
Variablemaxtime int
Protocols.HTTP.Query.timeoutint
Protocols.HTTP.Query.maxtime- Description
timeout
is the time to wait in seconds on connection and/or data. If data is fetched asynchronously the watchdog will be reset every time data is received. Defaults to 120 seconds.maxtime
is the time the entire operation is allowed to take, no matter if the connection and data fetching is successful. This is by default indefinitely.- Note
These values only have effect in asynchroneous calls
- Variablestatus
Variablestatus_desc int
Protocols.HTTP.Query.statusstring
Protocols.HTTP.Query.status_desc- Description
Status number and description (eg
200
and"ok"
).
- Method`()
int
res =Protocols.HTTP.Query()
()- Description
Wait for connection to complete.
- Returns
Returns
1
on successfull connection,0
on failure.
- Methodasync_fetch
void
async_fetch(function
(:void
)callback
,mixed
...extra
)- Description
Fetch all data in background.
- See also
timed_async_fetch()
,async_request()
,set_callbacks()
- Methodset_callbacks
Methodasync_request Protocols.HTTP.Query
set_callbacks(function
(:void
)|zero
request_ok
,function
(:void
)|zero
request_fail
,mixed
...extra
)Protocols.HTTP.Query
async_request(string
server
,int
port
,string
query
)Protocols.HTTP.Query
async_request(string
server
,int
port
,string
query
,mapping
headers
,string
|void
data
)- Description
Setup and run an asynchronous request, otherwise similar to
thread_request()
.request_ok
(Protocols.HTTP.Query httpquery,...extra args) will be called when connection is complete, and headers are parsed.request_fail
(Protocols.HTTP.Query httpquery,...extra args) is called if the connection fails.- Returns
Returns the called object
- Methodcast
(
array
)Protocols.HTTP.Query()- Returns
Array mapping
0
Headers
string
1
Data
string
2
Protocol
int
3
Status
string
4
Status description
- Methodcast
(
mapping
)Protocols.HTTP.Query()- Returns
The header mapping ORed with the following mapping.
"protocol"
:string
The protocol.
"status"
:int
The status code.
"status_desc"
:string
The status description.
"data"
:string
The returned data.
- Methoddatafile
Protocols.HTTP.Query.PseudoFile
datafile()- Description
Gives back a pseudo-file object, with the methods
read()
andclose()
. This could be used to copy the file to disc at a proper tempo.datafile()
doesn't give the complete request, just the data.- See also
file()
- Methodfile
Protocols.HTTP.Query.PseudoFile
file()Protocols.HTTP.Query.PseudoFile
file(mapping
newheaders
,void
|mapping
removeheaders
)- Description
Gives back a pseudo-file object, with the methods
read()
andclose()
. This could be used to copy the file to disc at a proper tempo.newheaders
,removeheaders
is applied as:(oldheaders|newheaders))-removeheaders
Make sure all new and remove-header indices are lower case.- See also
datafile()
- Methodthread_request
Protocols.HTTP.Query
thread_request(string
server
,int
port
,string
query
)Protocols.HTTP.Query
thread_request(string
server
,int
port
,string
query
,mapping
headers
,void
|string
data
)- Description
Create a new query object and begin the query.
The query is executed in a background thread; call
`()
in the object to wait for the request to complete.query
is the first line sent to the HTTP server; for instance"GET /index.html HTTP/1.1"
.headers
will be encoded and sent after the first line, anddata
will be sent after the headers.- Returns
Returns the called object.
- Methodtimed_async_fetch
void
timed_async_fetch(function
(this_program
,__unknown__
... :void
)ok_callback
,function
(this_program
,__unknown__
... :void
)fail_callback
,mixed
...extra
)- Description
Like
async_fetch()
, except with a timeout and a corresponding fail callback function.- See also
async_fetch()
,async_request()
,set_callbacks()
- Methodtotal_bytes
int
total_bytes()- Description
Gives back the size of a file if a content-length header is present and parsed at the time of evaluation. Otherwise returns -1.
- Methodunicode_data
string
unicode_data()- Description
Gives back data, but decoded according to the content-type character set.
- See also
data
Class Protocols.HTTP.Query.PseudoFile
- Description
Minimal simulation of a
Stdio.File
object.Objects of this class are returned by
file()
anddatafile()
.- Note
Do not attempt further queries using this
Query
object before having read all data.
Class Protocols.HTTP.Session
- TypedefURL
typedef
string
|Standards.URI
|SessionURL
Protocols.HTTP.Session.URL
- Description
A URL which is either a string a
Standards.URI
or aSessionURL
.
- Variabledefault_headers
mapping
Protocols.HTTP.Session.default_headers- Description
Default HTTP headers.
- Variablefollow_redirects
int
Protocols.HTTP.Session.follow_redirects- Description
The number of redirects to follow, if any. This is the default to the created Request objects.
A redirect automatically turns into a GET request, and all header, query, post or put information is dropped.
Default is 20 redirects. A negative number will mean infinity.
- Bugs
Loops will currently not be detected, only the limit works to stop loops.
- See also
Request.follow_redirects
- Variablehostname_cache
mapping
Protocols.HTTP.Session.hostname_cache- Description
Cache of hostname to IP lookups. Given to and used by the
Query
objects.
- Variablemaximum_connection_reuse
int
Protocols.HTTP.Session.maximum_connection_reuse- Description
Maximum times a connection is reused. Defaults to 1000000. <2 means no reuse at all.
- Variablemaximum_connections_per_server
int
Protocols.HTTP.Session.maximum_connections_per_server- Description
Maximum number of connections to the same server. Used only by async requests. Defaults to 10 connections.
- Variablemaximum_total_connections
int
Protocols.HTTP.Session.maximum_total_connections- Description
Maximum total number of connections. Limits only async requests, and the number of kept-alive connections (live connections + kept-alive connections <= this number) Defaults to 50 connections.
- Variabletime_to_keep_unused_connections
int
|float
Protocols.HTTP.Session.time_to_keep_unused_connections- Description
The time to keep unused connections in seconds. Set to zero to never save any kept-alive connections. (Might be good in a for instance totaly synchroneous script that keeps the backend thread busy and never will get call_outs.) Defaults to 10 seconds.
- Methodasync_get_url
Methodasync_put_url
Methodasync_delete_url
Methodasync_post_url Request
async_get_url(URL
url
,void
|mapping
query_variables
,function
(:void
)|zero
callback_headers_ok
,function
(:void
)|zero
callback_data_ok
,function
(:void
)|zero
callback_fail
,mixed
...callback_arguments
)Request
async_put_url(URL
url
,void
|string
file
,void
|mapping
query_variables
,function
(:void
)|zero
callback_headers_ok
,function
(:void
)|zero
callback_data_ok
,function
(:void
)|zero
callback_fail
,mixed
...callback_arguments
)Request
async_delete_url(URL
url
,void
|mapping
query_variables
,function
(:void
)|zero
callback_headers_ok
,function
(:void
)|zero
callback_data_ok
,function
(:void
)|zero
callback_fail
,mixed
...callback_arguments
)Request
async_post_url(URL
url
,mapping
query_variables
,function
(:void
)|zero
callback_headers_ok
,function
(:void
)|zero
callback_data_ok
,function
(:void
)|zero
callback_fail
,mixed
...callback_arguments
)- Description
Sends a HTTP GET, POST, PUT or DELETE request to the server in the URL asynchroneously, and call the corresponding callbacks when result arrives (or not). The callbacks will receive the created Request object as first argument, then the given
callback_arguments
, if any.callback_headers_ok
is called when the HTTP request has received headers.callback_data_ok
is called when the HTTP request has been received completely, data and all.callback_fail
is called when the HTTP request has failed, on a TCP/IP or DNS level, or has received a forced timeout.The created Request object is returned.
- Methodencode_cookies
Methoddecode_cookies string
encode_cookies()void
decode_cookies(string
data
,void
no_clear
)- Description
Dump all cookies to a string and read them back. This is useful to store cookies in between sessions (on disk, for instance).
decode_cookies
will throw an error upon parse failures. Also note,decode_cookies
will clear out any previously learned cookies from theSession
object, unless no_clear is given and true.
- Methodget_url
Methodpost_url
Methodput_url
Methoddelete_url Request
get_url(URL
url
,void
|mapping
query_variables
)Request
post_url(URL
url
,mapping
|string
query_variables
)Request
put_url(URL
url
,string
file
,void
|mapping
query_variables
)Request
delete_url(URL
url
,void
|mapping
query_variables
)- Description
Sends a HTTP GET, POST, PUT or DELETE request to the server in the URL and returns the created and initialized
Request
object. 0 is returned upon failure.
- Methodget_cookies
array
(string
) get_cookies(Standards.URI
|SessionURL
for_url
,void
|bool
no_delete
)- Description
Get the cookies that we should send to this server, for this url. They are presented in the form suitable for HTTP headers (as an array). This will also take in count expiration of cookies, and delete expired cookies from the
Session
unlessno_delete
is true.
- Methodget_url_nice
Methodget_url_data
Methodpost_url_nice
Methodpost_url_data array
(string
) get_url_nice(URL
url
,mapping
query_variables
)string
get_url_data(URL
url
,mapping
query_variables
)array
(string
) post_url_nice(URL
url
,mapping
|string
query_variables
)string
post_url_data(URL
url
,mapping
|string
query_variables
)- Description
Returns an array of
({content_type,data})
and just the data string respective, after calling the requested server for the information.0
is returned upon failure.post* is similar to the
get_url()
class of functions, except that the query variables is sent as a POST request instead of as a GET.
- Methodgive_me_connection
Query
give_me_connection(Standards.URI
url
)- Description
Request a
Query
object suitable to use for the given URL. This may be a reused object from a keep-alive connection.
- Methodreturn_connection
void
return_connection(Standards.URI
url
,Query
query
)- Description
Return a previously used Query object to the keep-alive storage. This function will determine if the given object is suitable to keep or not by checking status and headers.
- Methodset_cookie
void
set_cookie(Cookie
cookie
,Standards.URI
|zero
who
)- Description
Set a cookie. The cookie will be checked against current security levels et al, using the parameter
who
. Ifwho
is zero, no security checks will be performed.
- Methodset_http_cookie
void
set_http_cookie(string
cookie
,Standards.URI
at
)- Description
Parse and set a cookie received in the HTTP protocol. The cookie will be checked against current security levels et al.
Class Protocols.HTTP.Session.Request
- Description
Request
- Variablecookie_encountered
function
(string
,Standards.URI
:mixed
|void
) Protocols.HTTP.Session.Request.cookie_encountered- Description
Cookie callback. When a request is performed, the result is checked for cookie changes and additions. If a cookie is encountered, this function is called. Default is to call
set_http_cookie
in theSession
object.
- Variablefollow_redirects
int
Protocols.HTTP.Session.Request.follow_redirects- Description
Number of redirects to follow; the request will perform another request if the HTTP answer is a 3xx redirect. Default from the parent
Session.follow_redirects
.A redirect automatically turns into a GET request, and all header, query, post or put information is dropped.
- Bugs
Loops will currently not be detected, only the limit works to stop loops.
- Variableurl_requested
Standards.URI
Protocols.HTTP.Session.Request.url_requested- Description
URL requested (set by prepare_method). This will update according to followed redirects.
- Methoddestroy
void
destroy()- Description
But since this clears the HTTP connection from the Request object, it can also be used to reuse a
Request
object.
- Methoddo_async
Request
do_async(array
(string
|int
|mapping
)args
)- Description
Start a request asyncroneously. It will perform in the background using callbacks (make sure the backend thread is free). Call
set_callbacks
to setup the callbacks. Get arguments fromprepare_method
.- Returns
The called object.
- See also
set_callbacks
,prepare_method
,do_sync
,do_thread
- Methoddo_sync
Request
|zero
do_sync(array
(string
|int
|mapping
)args
)- Description
Perform a request synchronously. Get arguments from
prepare_method
.- Returns
0 upon failure, this object upon success
- See also
prepare_method
,do_async
,do_thread
- Methoddo_thread
Request
do_thread(array
(string
|int
|mapping
)args
)- Description
Start a request in the background, using a thread. Call
wait
to wait for the thread to finish. Get arguments fromprepare_method
.- Returns
The called object.
- See also
prepare_method
,do_sync
,do_async
,wait
- Note
do_thread
does not rerun redirections automatically
- Methodprepare_method
array
(string
|int
|mapping
) prepare_method(string
method
,URL
url
,void
|mapping
query_variables
,void
|mapping
extra_headers
,void
|string
data
)- Description
Prepares the HTTP Query object for the connection, and returns the parameters to use with
do_sync
,do_async
ordo_thread
.This method will also use cookie information from the parent
Session
, and may reuse connections (keep-alive).
- Methodset_callbacks
void
set_callbacks(function
(mixed
... :mixed
)|zero
headers
,function
(mixed
... :mixed
)|zero
data
,function
(mixed
... :mixed
)|zero
fail
,mixed
...callback_arguments
)- Description
Setup callbacks for async mode,
headers
will be called when the request got connected, and got data headers;data
will be called when the request got the amount of data it's supposed to get andfail
is called whenever the request failed.Note here that an error message from the server isn't considered a failure, only a failed TCP connection.
Class Protocols.HTTP.Session.SessionURL
- Description
Class to store URL+referer
- TypedefURL
Module Protocols.HTTP.Authentication
- Description
This module contains various HTTP Authentication implementations for both server and client use. A Client implementation would typically call the
make_authenticator
method with the incoming WWW-Authenticate header to get aClient
object. For each HTTP request the auth() method of the object can be called to get an appropriate Authorization header.Server code should create an authentication class and inherit the concrete authentication scheme implementation. To add an actual user lookup, overload
get_password
orget_hashed_password
. Hashed passwords must be hashed with the scheme appropriate digest.- Example
class Auth { inherit Protocols.HTTP.Authentication.DigestMD5Server; Concurrent.Future get_password(string user) { Promise p = Concurrent.Promise(); if( user == "bob" ) return p->success("builder"); return p->failure(sprintf("No user %O", user)); } }
Auth auth = Auth("apps@pike.org"); Concurrent.Future authenticate(Protocols.HTTP.Server.Request req) { Concurrent.Future authenticated = Concurrent.Promise(); auth->auth(req->request_headers->authorization, req->request_method, request->not_query) ->then(lambda(string user) { authenticated->success(user); }, lambda(string reason) { authenticated->failure(reason); string c = auth->challenge(); request->response_and_finish( ([ "error":401, "extra_heads" : ([ "WWW-Authenticate":c, ]) ]) ); }); return authenticated; }
- Methodmake_authenticator
Client
make_authenticator(string
|array
(string
)hdrs
,string
user
,string
password
,void
|string
realm
)- Description
Create an authenticator for a server responding with the given HTTP authentication header. Currently only works for one realm.
- Parameter
hdrs
The WWW-Authenticate HTTP header or headers.
- Parameter
user
The username to use.
- Parameter
password
The plaintext password.
- Parameter
realm
Optionally the realm the user and password is valid in. If omitted, the authentication will happen in whatever realm the server is presenting.
- Methodsplit_header
mapping
(string
:string
) split_header(string
hdr
)- Description
Split client generated Authorization header into its parts.
Class Protocols.HTTP.Authentication.BasicClient
- Description
HTTP Basic authentication client.
Class Protocols.HTTP.Authentication.Client
- Description
Abstract Client class.
Class Protocols.HTTP.Authentication.DigestClient
- Description
Abstract HTTP Digest authentication client.
Class Protocols.HTTP.Authentication.DigestMD5Client
- Description
HTTP Digest authentication client using MD5.
Class Protocols.HTTP.Authentication.DigestMD5Server
- Description
HTTP Digest server implementation using MD5.
Class Protocols.HTTP.Authentication.DigestMD5sessServer
- Description
Implements the session version "MD5-sess" of the MD5 HTTP Digest authentication. Used identically to
DigestMD5Server
.
Class Protocols.HTTP.Authentication.DigestSHA256Client
- Description
HTTP Digest authentication client using SHA256.
Class Protocols.HTTP.Authentication.DigestSHA256Server
- Description
HTTP Digest server implementation using SHA256.
Class Protocols.HTTP.Authentication.DigestSHA256sessServer
- Description
Implements the session version "SHA256-sess" of the SHA256 HTTP Digest authentication. Used identically to
DigestSHA256Server
.
Class Protocols.HTTP.Authentication.DigestSHA512256Client
- Description
HTTP Digest authentication client using SHA512/256.
Class Protocols.HTTP.Authentication.DigestSHA512256Server
- Description
HTTP Digest server implementation using SHA512/256.
Class Protocols.HTTP.Authentication.DigestSHA512256sessServer
- Description
Implements the session version "SHA-512-256-sess" of the SHA512/256 HTTP Digest authentication. Used identically to
DigestSHA512256Server
.
Class Protocols.HTTP.Authentication.DigestServer
- Description
Abstract HTTP Digest implementation.
- Variablerealm
string
Protocols.HTTP.Authentication.DigestServer.realm- Description
The current realm of the authentication.
- Methodauth
Concurrent.Future
auth(string
hdr
,string
method
,string
path
)- Description
Authenticate a request.
- Parameter
hdr
The value of the Authorization header. Zero is acceptable, but will produce an unconditional rejection.
- Parameter
method
This is the HTTP method used, typically "GET" or "POST".
- Parameter
path
This is the path of the request.
- Methodchallenge
string(7bit)
challenge()- Description
Creates a challenge header value for the WWW-Authenticate header in 401 responses.
- Methodcreate
Protocols.HTTP.Authentication.DigestServerProtocols.HTTP.Authentication.DigestServer(
void
|string(8bit)
realm
,void
|string(8bit)
key
)- Parameter
realm
The realm to be authenticated.
- Parameter
key
If this key is set all challanges are verified against signature using this key. The key can be any 8-bit string, but should be the same across multiple instances on the same domain, and over time.
- Methodget_hashed_password
Concurrent.Future
get_hashed_password(string
user
)- Description
Function intended to be overloaded that returns a future that will resolved to the given users hashed password. Overloading this function will prevent
get_password
from being called.
Module Protocols.HTTP.Promise
- Description
This HTTP client module utilises the
Concurrent.Promise
andConcurrent.Future
classes and only does asynchronous calls.- Example
Protocols.HTTP.Promise.Arguments a1, a2; a1 =Protocols.HTTP.Promise.Arguments((["extra_args":({"Extra arg for Roxen request"}),"headers":(["User-Agent":"My Special HTTP Client"])])); a2 =Protocols.HTTP.Promise.Arguments((["variables":(["q":"Pike programming language"]),"maxtime": 10 ]));Concurrent.Future q1 =Protocols.HTTP.Promise.get_url("http://www.roxen.com", a1);Concurrent.Future q2 =Protocols.HTTP.Promise.get_url("http://www.google.com", a2);array(Concurrent.Future) all =({ q1, q2 });/* To get a callback for each of the requests */ all->on_success(lambda(Protocols.HTTP.Promise.Result ok_resp){ werror("Got successful response for %O\n", ok_resp->host);}); all->on_failure(lambda(Protocols.HTTP.Promise.Result failed_resp){ werror("Request for %O failed!\n", failed_resp->host);});/* To get a callback when all of the requests are done. In this case on_failure will be called if any of the request fails. */Concurrent.Future all2 =Concurrent.results(all); all2->on_success(lambda(array(Protocols.HTTP.Promise.Result) ok_resp){ werror("All request were successful: %O\n", ok_resp);}); all->on_failure(lambda(Protocols.HTTP.Promise.Result failed_resp){ werror("The request to %O failed.\n", failed_resp->host);});
- Methodget_url
Methodpost_url
Methodput_url
Methoddelete_url Concurrent.Future
get_url(Protocols.HTTP.Session.URL
url
,void
|Arguments
args
)Concurrent.Future
post_url(Protocols.HTTP.Session.URL
url
,void
|Arguments
args
)Concurrent.Future
put_url(Protocols.HTTP.Session.URL
url
,void
|Arguments
args
)Concurrent.Future
delete_url(Protocols.HTTP.Session.URL
url
,void
|Arguments
args
)- Description
Sends a GET, POST, PUT or DELETE request to
url
asynchronously. AConcurrent.Future
object is returned on which you can register callbacks viaConcurrent.Future->on_success()
andConcurrent.Future.on_failure()
which will get aResult
object as argument.For an example of usage see
Protocols.HTTP.Promise
- Methoddo_method
Concurrent.Future
do_method(string
http_method
,Protocols.HTTP.Session.URL
url
,void
|Arguments
args
)- Description
Fetch an URL with the
http_method
method.
- Methodset_timeout
Methodset_maxtime void
set_timeout(int
t
)void
set_maxtime(int
t
)- Description
set_timeout()
sets the default timeout for connecting and data fetching. The watchdog will be reset each time data is fetched.set_maxtime()
sets the timeout for the entire operation. If this is set to 30 seconds for instance, the request will be aborted after 30 seconds event if data is still being received. By default this is indefinitely.t
is the timeout in seconds.- See also
Arguments
Class Protocols.HTTP.Promise.Arguments
- Description
Class representing the arguments to give to
get_url()
,post_url()
put_url()
,delete_url()
anddo_method()
.
- Variableextra_args
array
(mixed
) Protocols.HTTP.Promise.Arguments.extra_args- Description
Extra arguments that will end up in the
Result
object
- Variablefollow_redirects
bool
Protocols.HTTP.Promise.Arguments.follow_redirects- Description
Should redirects be followed. Default is true.
- Variableheaders
mapping
(string
:string
) Protocols.HTTP.Promise.Arguments.headers- Description
Additional request headers
- Variablevariables
mapping
(string
:mixed
) Protocols.HTTP.Promise.Arguments.variables- Description
Query variables
Class Protocols.HTTP.Promise.Result
- Description
HTTP result class.
A class representing a request and its response. An instance of this class will be given as argument to the
Concurrent.Future()->on_success()
andConcurrent.Future()->on_failure()
callbacks registered on the returnedConcurrent.Future
object fromget_url()
,post_url()
,delete_url()
,put_url()
ordo_method()
.
- Variablecharset
string
|zero
Protocols.HTTP.Promise.Result.charset- Description
Returns the charset of the requested document, if given by the response headers.
- Note
Read only
- Variablecontent_encoding
string
Protocols.HTTP.Promise.Result.content_encoding- Description
Returns the content encoding of the response if set by the remote server.
- Note
Read only
- Variablecontent_type
string
Protocols.HTTP.Promise.Result.content_type- Description
Returns the content type of the requested document
- Note
Read only
- Variabledata
string
Protocols.HTTP.Promise.Result.data- Description
Raw data body of the request
- See also
get()
- Variableextra_args
array
(mixed
) Protocols.HTTP.Promise.Result.extra_args- Description
Extra arguments set in the
Arguments
object.
- Variablehost
string
Protocols.HTTP.Promise.Result.host- Description
The host that was called in the request
- Variablelength
int
Protocols.HTTP.Promise.Result.length- Description
Returns the value of the content-length header.
- Note
Read only
- Variablestatus
int
Protocols.HTTP.Promise.Result.status- Description
The HTTP status of the response, e.g 200, 201, 404 and so on.
- Variablestatus_description
string
Protocols.HTTP.Promise.Result.status_description- Description
The textual representation of
status
.
Module Protocols.HTTP.Server
- Methodextension_to_type
string
extension_to_type(string
extension
)- Description
Looks up the file extension in a table to return a suitable MIME type.
- Methodfilename_to_extension
string
filename_to_extension(string
filename
)- Description
Determine the extension for a given filename.
- Methodfilename_to_type
string
filename_to_type(string
filename
)- Description
Looks up the file extension in a table to return a suitable MIME type.
- Methodhttp_date
string
http_date(int
time
)- Description
Makes a time notification suitable for the HTTP protocol.
- Parameter
time
The time in seconds since the 00:00:00 UTC, January 1, 1970
- Returns
The date in the HTTP standard date format. Example : Thu, 03 Aug 2000 05:40:39 GMT
- Methodhttp_decode_date
int
http_decode_date(string
data
)- Description
Decode a HTTP date to seconds since 1970 (UTC)
- Returns
zero (UNDEFINED) if the given string isn't a HTTP date
- Methodhttp_decode_urlencoded_query
mapping
(string
:string
|array
(string
)) http_decode_urlencoded_query(string
query
,void
|mapping
dest
)- Description
Decodes an URL-encoded query into a mapping.
Class Protocols.HTTP.Server.Port
- Description
The simplest server possible. Binds a port and calls a callback with
request_program
objects.
Class Protocols.HTTP.Server.Request
- Description
This class represents a connection from a client to the server.
There are three different read callbacks that can be active, which have the following call graphs.
read_cb
is the default read callback, installed byattach_fd
.| (Incoming data) v read_cb | When complete headers are read v parse_request v parse_variables | If callback isn't changed to read_cb_chunked or read_cb_post v finalize
| (Incoming data) v read_cb_post | When enough data has been received v finalize
| (Incoming data) v read_cb_chunked | If all data chunked transfer-encoding needs v finalize
- Variablebody_raw
string
Protocols.HTTP.Server.Request.body_raw- Description
raw unparsed body of the request (
raw
minus request line and headers)
- Variableconnection_timeout_delay
int
Protocols.HTTP.Server.Request.connection_timeout_delay- Description
connection timeout, delay until connection is closed while waiting for the correct headers:
- Variablecookies
mapping
(string
:string
) Protocols.HTTP.Server.Request.cookies- Description
cookies set by client
- Variablefull_query
string
Protocols.HTTP.Server.Request.full_query- Description
full resource requested, including attached GET query
- Variablemy_fd
Stdio.NonblockingStream
Protocols.HTTP.Server.Request.my_fd- Description
The socket that this request came in on.
- Variablenot_query
string
Protocols.HTTP.Server.Request.not_query- Description
resource requested minus any attached query
- Variableprotocol
string
Protocols.HTTP.Server.Request.protocol- Description
request protocol and version, eg. HTTP/1.0
- Variablequery
string
Protocols.HTTP.Server.Request.query- Description
query portion of requested resource, starting after the first "?"
- Variableraw
string
Protocols.HTTP.Server.Request.raw- Description
raw unparsed full request (headers and body)
- Variablerequest_headers
mapping
(string
:string
|array
(string
)) Protocols.HTTP.Server.Request.request_headers- Description
all headers included as part of the HTTP request, ie content-type.
- Variablerequest_raw
string
Protocols.HTTP.Server.Request.request_raw- Description
full request line (
request_type
+full_query
+protocol
)
- Variablerequest_type
string
Protocols.HTTP.Server.Request.request_type- Description
HTTP request method, eg. POST, GET, etc.
- Variableresponse
mapping
Protocols.HTTP.Server.Request.response- Description
the response sent to the client (for use in the log_cb)
- Variablesend_timeout_delay
int
Protocols.HTTP.Server.Request.send_timeout_delay- Description
send timeout (no activity for this period with data in send buffer) in seconds, default is 180
- Variablevariables
mapping
(string
:string
|array
(string
)) Protocols.HTTP.Server.Request.variables- Description
all variables included as part of a GET or POST request.
- Methodfinish
void
finish(int
clean
)- Description
Finishes this request, as in removing timeouts, calling the logging callback etc. If
clean
is given, then the processing of this request went fine and all data was sent properly, in which case the connection will be reused if keep-alive was negotiated. Otherwise the connection will be closed and destructed.
- Methodget_ip
string
|zero
get_ip()- Description
Return the IP address that originated the request, or 0 if the IP address could not be determined. In the event of an error,
my_fd
->errno() will be set.
- Methodopportunistic_tls
void
opportunistic_tls(string
s
)- Description
Called when the client is attempting opportunistic TLS on this HTTP port. Overload to handle, i.e. send the data to a TLS port. By default the connection is simply closed.
- Methodresponse_and_finish
void
response_and_finish(mapping
m
,function
(:void
)|void
_log_cb
)- Description
Return a properly formatted response to the HTTP client
- Parameter
m
Contains elements for generating a response to the client.
"data"
:string
|array
(string
|object
)Data to be returned to the client. Can be an array of objects which are concatenated and sent to the client.
"file"
:object
File object, the contents of which will be returned to the client.
"error"
:int
HTTP error code
"size"
:int
Length of content to be returned. If file is provided, size bytes will be returned to client.
"modified"
:string
Contains optional modification date.
"type"
:string
Contains optional content-type
"extra_heads"
:mapping
Contains a mapping of additional headers to be returned to client.
"server"
:string
Contains the server identification header.
- Methodset_mode
void
set_mode(int
mode
)- Parameter
mode
A number of integer flags bitwise ored together to determine the mode of operation.
SHUFFLER
: Use the Shuffler to send out the data.
Enum Protocols.HTTP.Server.Request.ChunkedState
- ConstantREAD_SIZE
ConstantREAD_CHUNK
ConstantREAD_POSTNL
ConstantREAD_TRAILER
ConstantFINISHED constant
Protocols.HTTP.Server.Request.READ_SIZE
constant
Protocols.HTTP.Server.Request.READ_CHUNK
constant
Protocols.HTTP.Server.Request.READ_POSTNL
constant
Protocols.HTTP.Server.Request.READ_TRAILER
constant
Protocols.HTTP.Server.Request.FINISHED
- ConstantREAD_SIZE
Class Protocols.HTTP.Server.SSLPort
- Description
A very simple SSL server. Binds a port and calls a callback with
request_program
objects.
- Methodcreate
Protocols.HTTP.Server.SSLPortProtocols.HTTP.Server.SSLPort(
function
(Request
:void
)callback
,int(1..)
|void
port
,void
|string
interface
,void
|string
|Crypto.Sign.State
key
,void
|string
|array
(string
)certificate
,void
|int
reuse_port
)- Description
Create a HTTPS (HTTP over SSL) server.
- Parameter
callback
The function run when a request is received. takes one argument of type
Request
.- Parameter
port
The port number to bind to, defaults to 443.
- Parameter
interface
The interface address to bind to.
- Parameter
key
An optional SSL secret key, provided in binary format, such as that created by
Standards.PKCS.RSA.private_key()
.- Parameter
certificate
An optional SSL certificate or chain of certificates with the host certificate first, provided in binary format.
- Parameter
reuse_port
If true, enable SO_REUSEPORT if the OS supports it. See
Stdio.Port.bind
for more information
- Methodextension_to_type
- Constantresponse_codes
13.2. TLS/SSL
Module SSL
- Description
Secure Socket Layer (SSL) version 3.0 and Transport Layer Security (TLS) versions 1.0 - 1.2.
RFC 2246 (TLS 1.0): "The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications."
The classes that typical users need to use are
This is an object that attempts to behave as a
Stdio.File
as much as possible.This is an object that attempts to behave as a
Stdio.Port
as much as possible, withPort()->accept()
returningFile
objects.The configurated context for the
File
.A class for keeping track of certificate chains and their private keys.
File
Port
Context
Constants.CertificatePair
The
Constants
module also contains lots of constants that are used by the various APIs, as well as functions for formatting the constants for output.- See also
File
,Port
,Context
,Constants.CertificatePair
,Constants
Class SSL.Alert
- Description
Alert packet.
Class SSL.Buffer
- Description
String buffer with the possibility to read and write data as they would be formatted in structs.
- Methodadd_int_array
this_program
add_int_array(array
(int
)data
,int(8bit)
item_size
,int(0..)
len
)- Description
Appends an array of unsigned integers of width
item_size
to the buffer, preceded with an unsigned integerlen
declaring the size of the array in bytes.
- Methodadd_string_array
this_program
add_string_array(array
(string(8bit)
)data
,int(0..)
item_size
,int(0..)
len
)- Description
Appends an array of variable length strings with
item_size
bytes hollerith coding, prefixed by alen
bytes large integer declaring the total size of the array in bytes.
- Methodcreate
SSL.BufferSSL.Buffer(
void
|string(8bit)
|Stdio.Buffer
s
)- Description
Create a new buffer, optionally initialized with the value
s
.
- Methodread_int_array
array
(int
) read_int_array(int(8bit)
item_size
,int(0..)
len
)- Description
Reads an array of integers as written by
add_int_array
from the buffer.
Class SSL.ClientConnection
- Description
Client-side connection state.
- Variableclient_cert_types
Variableclient_cert_distinguished_names array
(int
)|zero
SSL.ClientConnection.client_cert_typesarray
(string(8bit)
)|zero
SSL.ClientConnection.client_cert_distinguished_names- Description
A few storage variables for client certificate handling on the client side.
- Methodcreate
SSL.ClientConnectionSSL.ClientConnection(
Context
ctx
,string(8bit)
|void
server_name
,Session
|void
session
)- Description
Initialize a new
ClientConnection
.- Parameter
ctx
Context
to use.- Parameter
server_name
Optional host name of the server.
- Parameter
session
Optional
Session
to resume.
- Methodhandle_handshake
int(-1..1)
handle_handshake(int
type
,Buffer
input
,Stdio.Buffer
raw
)- Description
Do handshake processing.
- Parameter
type
One of HANDSHAKE_*.
- Parameter
input
The contents of the packet.
- Parameter
raw
The raw packet received (needed for supporting SSLv2 hello messages).
- Returns
This function returns:
0
If handshaking is in progress.
1
If handshaking has completed.
-1
If a fatal error occurred.
It uses the
send_packet()
function to transmit packets.
Class SSL.Connection
- Description
SSL.Connection keeps the state relevant for a single SSL connection. This includes the
Context
object (which doesn't change), various buffers, theSession
object (reused or created as appropriate), and pending read and write states being negotiated.Each connection will have two sets of read and write
State
s: The current read and write states used for encryption, and pending read and write states to be taken into use when the current keyexchange handshake is finished.This object is also responsible for managing incoming and outgoing packets. Outgoing packets are stored in queue objects and sent in priority order.
- Note
This class should never be created directly, instead one of the classes that inherits it should be used (ie either
ClientConnection
orServerConnection
) depending on whether this is to be a client-side or server-side connection. These in turn are typically created byFile()->create()
.- See also
ClientConnection
,ServerConnection
,Context
,Session
,File
,State
- Constantwindow_size
private
constantint
SSL.Connection.window_size
- Description
Number of passed sequence numbers to keep track of. RFC 4347 section 4.1.2.5: A minimum window size of 32 MUST be supported, but a window size of 64 is preferred and SHOULD be employed as the default. Another window size (larger than the minimum) MAY be chosen by the receiver.
- Variableapplication_protocol
string(8bit)
|zero
SSL.Connection.application_protocol- Description
Selected ALPN (RFC 7301) protocol (if any).
- Note
Note that this is a connection property, and needs to be renegotiated on session resumption.
- Variableclient_random
Variableserver_random string(8bit)
|zero
SSL.Connection.client_randomstring(8bit)
|zero
SSL.Connection.server_random- Description
Random cookies, sent and received with the hello-messages.
- Variableke
.Cipher.KeyExchange
|zero
SSL.Connection.ke- Description
The active
Cipher.KeyExchange
(if any).
- Variablesequence_mask
private
int
SSL.Connection.sequence_mask- Description
Bitmask representing sequence numbers for accepted received packets in the interval [
next_seq_num-window_size
..next_seq_num-2
].- Note
The packet with seqence number
next_seq_num-1
is implicitly known to have been received.
- Variablestate
ConnectionState
SSL.Connection.state- Description
Bitfield with the current connection state.
- Methodcreate
SSL.ConnectionSSL.Connection(
Context
ctx
)- Description
Initialize the connection state.
- Parameter
ctx
The context for the connection.
- Methodderive_master_secret
void
derive_master_secret(string(8bit)
premaster_secret
)- Description
Derive the master secret from the premaster_secret and the random seeds, and configure the keys.
- Methoddescribe_state
string
describe_state()- Description
Returns a string describing the current connection state.
- Methodgot_data
string(8bit)
|int(-1..1)
got_data(string(8bit)
data
)- Description
Main receive handler.
- Parameter
data
String of data received from the peer.
- Returns
Returns one of:
string(0)
Returns an empty string if there's neither application data nor errors (eg during the initial handshake).
string(8bit)
Returns a string of received application data.
int(1)
Returns
1
if the peer has closed the connection.int(-1)
Returns
-1
if an error has occurred.These are the main cases of errors:
There was a low-level protocol communications failure (the data didn't look like an SSL packet), in which case the alert_callback will be called with the raw packet data. This can eg be used to detect HTTP clients connecting to an HTTPS server and similar.
The peer has sent an
Alert
packet, andhandle_alert()
for it has returned -1.The peer has sent an unsupported/illegal sequence of packets, in which case a suitable
Alert
will have been generated and queued for sending to the peer.
This function is intended to be called from an i/o read callback.
- Methodhandle_alert
int(-1..1)
handle_alert(int
level
,int
description
)- Description
Handle an alert received from the peer.
- Parameter
level
Alert level; either
ALERT_warning
orALERT_fatal
.- Parameter
description
Alert description code; one of
indices(SSL.Constants.ALERT_descriptions)
.- Returns
-1
A Fatal error occurred and processing should stop.
0
Processing can continue.
1
Connection should close.
- Methodhandle_handshake
int(-1..1)
handle_handshake(int
type
,Buffer
input
,Stdio.Buffer
raw
)- Description
Do handshake processing. Type is one of HANDSHAKE_*, data is the contents of the packet, and raw is the raw packet received (needed for supporting SSLv2 hello messages).
This function returns 0 if handshake is in progress, 1 if handshake is finished, and -1 if a fatal error occurred. It uses the send_packet() function to transmit packets.
- Methodmark_seq_num
void
mark_seq_num(int
num
)- Description
Mark seqence number
num
as seen and accepted.This will cause
valid_seq_nump()
to return0
for it if it shows up again.
- Methodquery_write_queue_size
int
query_write_queue_size()- Description
Returns the number of packets queued for writing.
- Returns
Returns the number of times
to_write()
can be called before it stops returning non-empty strings.
- Methodrecv_packet
protected
Packet
|zero
recv_packet()- Description
Low-level receive handler. Returns a packet, an alert, or zero if more data is needed to get a complete packet.
- Methodsend_packet
void
send_packet(Packet
packet
,int
|void
priority
)- Description
Queues a packet for write. Handshake and and change cipher must use the same priority, so must application data and close_notifies.
- Methodsend_streaming_data
int
send_streaming_data(string(8bit)
data
)- Description
Send an application data packet. If the data block is too large then as much as possible of the beginning of it is sent. The size of the sent data is returned.
- Methodset_alert_callback
void
set_alert_callback(function
(object
,int
|object
,string
:void
)callback
)- Description
Called with alert object, sequence number of bad packet, and raw data as arguments, if a bad packet is received.
Can be used to support a fallback redirect https->http.
- Methodto_write
int(-1..2)
to_write(Stdio.Buffer
output
)- Description
Extracts data from the packet queues. Returns 2 if data has been written, 0 if there are no pending packets, 1 of the connection is being closed politely, and -1 if the connection died unexpectedly.
This function is intended to be called from an i/o write callback.
- See also
query_write_queue_size()
,send_streaming_data()
.
- Methodvalid_seq_nump
int
valid_seq_nump(int
num
)- Description
Check whether
num
is a valid seqence number for a new packet.
Class SSL.Context
- Description
Keeps the state that is shared by all SSL-connections on a client, or for one port on a server. It includes policy configuration, the server or client certificate(s), the corresponding private key(s), etc. It also includes the session cache.
The defaults are usually suitable for a client, but for a server some configuration is necessary.
Typical use is to:
Call
add_cert()
with the certificates belonging to the server or client. Note that clients often don't have or need any certificates, and also that certificate-less server operation is possible, albeit discouraged and not enabled by default.Suitable self-signed certificates can be created with
Standards.X509.make_selfsigned_certificate()
.Optionally call
get_suites()
to get a set of cipher_suites to assign topreferred_suites
. This is only needed if the default set of suites fromget_suites(128, 1)
isn't satisfactory.
The initialized
Context
object is then passed toFile()->create()
or used as is embedded inPort
.- See also
File
,Port
,Standards.X509
- Variableadvertised_protocols
array
(string(8bit)
)|zero
SSL.Context.advertised_protocols- Description
List of advertised protocols using using TLS application level protocol negotiation.
- Variableauth_level
int
SSL.Context.auth_level- Description
Policy for client authentication. One of
SSL.Constants.AUTHLEVEL_none
,SSL.Constants.AUTHLEVEL_verify
,SSL.Constants.AUTHLEVEL_ask
andSSL.Constants.AUTHLEVEL_require
.Defaults to SSL.Constants.AUTHLEVEL_none.
- Variableclient_auth_methods
array
(int
) SSL.Context.client_auth_methods- Description
The possible client authentication methods. Used only if auth_level is AUTH_ask or AUTH_require. Generated by
set_authorities
.
- Variableecc_curves
array
(int
) SSL.Context.ecc_curves- Description
Supported elliptical curve cipher curves in order of preference. Defaults to all supported curves, ordered with the largest curves first.
- Variableenable_renegotiation
bool
SSL.Context.enable_renegotiation- Description
If set enable SSL/TLS protocol renegotiation.
Defaults to
1
(enabled).- Note
RFC 7540 section 9.2.1 requires this to be turned off after
Protocols.HTTP2
communication has started.
- Variableencrypt_then_mac
bool
SSL.Context.encrypt_then_mac- Description
Attempt to enable encrypt-then-mac mode. Defaults to
1
.- Deprecated
Replaced by
extensions
.
- Variableextensions
multiset
(int
) SSL.Context.extensions- Description
A list of all extensions that will be considered in the handshake process. Extensions not listed will not be sent, and will be ignored if received.
The following values are included by default.
Constants.EXTENSION_renegotiation_info
Protection against renegotiation attack (RFC 5746).
Constants.EXTENSION_max_fragment_length
Allows negotiation of the maximum fragment size (RFC 6066 section 4).
Constants.EXTENSION_encrypt_then_mac
Attempts to address attacks against block ciphers (RFC 7366).
Constants.EXTENSION_application_layer_protocol_negotiation
Required to support more than one protocol on the same TLS port (RFC 7639).
Constants.EXTENSION_signature_algorithms
Required to select which out of several certificates to use (RFC 5246 section 7.4.1.4.1).
Constants.EXTENSION_ec_point_formats
Required for elliptic curve key exchange (RFC 4492 section 5.1.2).
Constants.EXTENSION_elliptic_curves
Required for elliptic curve key exchange (RFC 4492 section 5.1.1).
Constants.EXTENSION_server_name
Allows the client to select which of several domains hosted on the same server it wants to connect to. Required by many websites (RFC 6066 section 3).
Constants.EXTENSION_session_ticket
Support session resumption without server-side state (RFC 4507 and RFC 5077).
Constants.EXTENSION_next_protocol_negotiation
Not supported by Pike. The server side will just check that the client packets are correctly formatted.
Constants.EXTENSION_signed_certificate_timestamp
Not supported by Pike. The server side will just check that the client packets are correctly formatted.
Constants.EXTENSION_early_data
Needed for TLS 1.3 0-RTT handshake. EXPERIMENTAL.
Constants.EXTENSION_padding
This extension is required to avoid a bug in some f5 SSL terminators for certain sizes of client handshake messages.
The following supported values are not included by default.
Constants.EXTENSION_truncated_hmac
This extension allows for the HMAC to be truncated for a small win in payload size. Not widely implemented and may be a security risk (RFC 6066 section 7).
Constants.EXTENSION_heartbeat
This extension allows the client and server to send heartbeats over the connection. Intended to keep TCP connections alive. Required to be set to use
heartbleed_probe
(RFC 6520).Constants.EXTENSION_extended_master_secret
Binds the master secret to important session parameters to protect against man in the middle attacks (RFC 7627).
- See also
- Variableffdhe_groups
array
(int
) SSL.Context.ffdhe_groups- Description
Supported FFDHE groups for DHE key exchanges, in order of preference, most preferred first.
Defaults to the full set of supported FFDHE groups from the FFDHE draft, in order of size with the smallest group (2048 bits) first.
Server-side the first group in the list that satisfies the NIST guide lines for key strength (NIST SP800-57 5.6.1) (if any) for the selected cipher suite will be selected, and otherwise the largest group.
Client-side the list will be reversed (as a precaution if the server actually follows the clients preferences).
- Variableheartbleed_probe
bool
SSL.Context.heartbleed_probe- Description
If set, the other peer will be probed for the heartbleed bug during handshake. If heartbleed is found the connection is closed with insufficient security fatal error. Requires
Constants.EXTENSION_heartbeat
to be set inextensions
.
- Variablemax_sessions
int
SSL.Context.max_sessions- Description
Maximum number of sessions to keep in the cache.
- Variablemin_version
Variablemax_version int
SSL.Context.min_versionint
SSL.Context.max_version- Description
The accepted range of versions for the client/server. List specific versions in
supported_versions
instead.- Deprecated
Replaced by
supported_versions
.
- Variablepacket_max_size
int
SSL.Context.packet_max_size- Description
The maximum amount of data that is sent in each SSL packet by
File
. A value between 1 andConstants.PACKET_MAX_SIZE
.
- Variablepreferred_compressors
array
(int
) SSL.Context.preferred_compressors- Description
Lists the supported compression algorithms in order of preference.
Defaults to
({ COMPRESSION_null })
due to SSL attacks that target compression.
- Variablepreferred_suites
array
(int
)|zero
SSL.Context.preferred_suites- Description
Cipher suites we want to support, in order of preference, best first. By default set to all suites with at least 128 bits cipher key length, excluding RC4, and ephemeral and non-ephemeral certificate based key exchange.
- Variableprivate_ffdhe_groups
mapping
(int(508..511)
:Crypto.DH.Parameters
) SSL.Context.private_ffdhe_groups- Description
DHE parameter lookup for the FFDHE private range.
Add any custom FFDHE-groups here.
Defaults to the empty mapping.
- Note
If you add any groups here, you will also need to update
ffdhe_groups
accordingly.
- Variablerandom
function
(int(0..)
:string(8bit)
) SSL.Context.random- Description
Used to generate random cookies for the hello-message. If we use the RSA keyexchange method, and this is a server, this random number generator is not used for generating the master_secret. By default set to
random_string
.
- Variablerequire_trust
int
SSL.Context.require_trust- Description
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be provided, or no connections will be accepted.
- Deprecated
Replaced by
auth_level
.
- Variablesession_lifetime
int
SSL.Context.session_lifetime- Description
Sessions are removed from the cache when they have been inactive more than this number of seconds. Sessions are also removed from the cache if a connection using the session dies unexpectedly.
- Variablesignature_algorithms
array
(int
) SSL.Context.signature_algorithms- Description
The set of <hash, signature> combinations to use by us.
Only used with TLS 1.2 and later.
Defaults to all combinations supported by Pike except for MD5.
This list is typically filtered by
get_signature_algorithms()
to get rid of combinations not supported by the runtime.- Note
According to RFC 5246 section 7.4.2 all certificates need to be signed by any of the supported signature algorithms. To be forward compatible this list needs to be limited to the combinations that have existing PKCS identifiers.
- See also
get_signature_algorithms()
- Variablesupported_versions
array
(ProtocolVersion
) SSL.Context.supported_versions- Description
List of supported versions, in order of preference. Defaults to
PROTOCOL_TLS_1_2
,PROTOCOL_TLS_1_1
andPROTOCOL_TLS_1_0
.
- Variabletrusted_issuers_cache
mapping
(string(8bit)
:array
(Standards.X509.Verifier
)) SSL.Context.trusted_issuers_cache- Description
Mapping from DER-encoded issuer to
Standards.X509.Verifier
s compatible with egStandards.X509.verify_certificate()
andStandards.X509.load_authorities()
.- See also
get_trusted_issuers()
,set_trusted_issuers()
- Variableverifier_algorithms
mapping
(Standards.ASN1.Types.Identifier
:Crypto.Hash
) SSL.Context.verifier_algorithms- Description
Mapping of supported verifier algorithms to hash implementation.
- See also
Standards.X509.get_algorithms()
- Variableverify_certificates
int
SSL.Context.verify_certificates- Description
Determines whether certificates presented by the peer are verified, or just accepted as being valid.
- Deprecated
Replaced by
auth_level
.
- Methodadd_cert
void
add_cert(Crypto.Sign.State
key
,array
(string(8bit)
)certs
,array
(string(8bit)
)|void
extra_name_globs
)variant
void
add_cert(string(8bit)
key
,array
(string(8bit)
)certs
,array
(string(8bit)
)|void
extra_name_globs
)variant
void
add_cert(CertificatePair
cp
)- Description
Add a certificate.
This function is used on both servers and clients to add a key and chain of certificates to the set of certificate candidates to use in
find_cert()
.On a server these are used in the normal initial handshake, while on a client they are only used if a server requests client certificate authentication.
- Parameter
key
Private key matching the first certificate in
certs
.Supported key types are currently:
Crypto.RSA.State
Rivest-Shamir-Adelman.
Crypto.DSA.State
Digital Signing Algorithm.
Crypto.ECC.Curve.ECDSA
Elliptic Curve Digital Signing Algorithm.
This key MUST match the public key in the first certificate in
certs
.- Parameter
certs
A chain of X509.v1 or X509.v3 certificates, with the local certificate first and root-most certificate last.
- Parameter
extra_name_globs
Further SNI globs (than the ones in the first certificate), that this certificate should be selected for. Typically used to set the default certificate(s) by specifying
({ "*" })
.The SNI globs are only relevant for server-side certificates.
- Parameter
cp
An alternative is to send an initialized
CertificatePair
.- Throws
The function performs various validations of the
key
andcerts
, and throws errors if the validation fails.- See also
find_cert()
- Methodalert_factory
Alert
alert_factory(SSL.Connection
con
,int
level
,int
description
,ProtocolVersion
version
,string
|void
message
,mixed
|void
trace
)- Description
Alert factory.
This function may be overloaded to eg obtain logging of generated alerts.
- Parameter
con
Connection which caused the alert.
- Parameter
level
Level of alert.
- Parameter
description
Description code for the alert.
- Parameter
message
Optional log message for the alert.
- Note
Not all alerts are fatal, and some (eg
ALERT_close_notify
) are used during normal operation.
- Methodconfigure_suite_b
void
configure_suite_b(int(128..)
|void
min_keylength
,int(0..)
|void
strictness_level
)- Description
Configure the context for Suite B compliant operation.
This restricts the context to the cipher suites specified by RFC 6460 in strict mode.
Additional suites may be enabled, but they will only be selected if a Suite B suite isn't available.
- Parameter
min_keylength
Minimum supported key length in bits. Either
128
or192
.- Parameter
strictness_level
Allow additional suites.
(2..)
Strict mode.
Allow only the Suite B suites from RFC 6460 and TLS 1.2.
1
Transitional mode.
Also allow the transitional suites from RFC 5430 for use with TLS 1.0 and 1.1.
0
Permissive mode (default).
Also allow other suites that conform to the minimum key length.
- Note
This function is only present when Suite B compliant operation is possible (ie both elliptic curves and GCM are available).
- Note
Note also that for Suite B server operation compliant certificates need to be added with
add_cert()
.- See also
get_suites()
- Methoddecode_ticket
Session
|zero
decode_ticket(string(8bit)
ticket
)- Description
Decode a session ticket and return the corresponding session if valid or zero if invalid.
- Note
The default implementation just calls
lookup_session()
.Override this function (and
encode_ticket()
) to implement server-side state-less session resumption.- See also
encode_ticket()
,lookup_session()
- Methodencode_ticket
array
(string(8bit)
|int
)|zero
encode_ticket(Session
session
)- Description
Generate a session ticket for a session.
- Note
The default implementation just generates a random ticket and calls
record_session()
to store it.Over-ride this function (and
decode_ticket()
) to implement server-side state-less session resumption.- Returns
Array string(8bit)
0
Non-empty string with the ticket.
int
1
Lifetime hint for the ticket.
- Note
If the context signals that it does offer tickets via
offers_tickets()
, this function must offer an encoded ticket for the session as the connection may have signalled to the client that a ticket will be offered. However, tickets are not guaranteed to be actually usable, so if you cannot offer a ticket when you must,"INVALID"
might be an option...- See also
decode_ticket()
,record_session()
, RFC 4507 section 3.3
- Methodfilter_weak_suites
void
filter_weak_suites(int
min_keylength
)- Description
Filter cipher suites from
preferred_suites
that don't have a key with an effective length of at leastmin_keylength
bits.
- Methodfind_cert_domain
array
(CertificatePair
)|zero
find_cert_domain(string(8bit)
domain
)- Description
Look up a suitable set of certificates for the specified domain.
UNDEFINED
if no certificate was found. Called only by the Server.
- Methodfind_cert_issuer
array
(CertificatePair
)|zero
find_cert_issuer(array
(string
)ders
)- Description
Look up a suitable set of certificates for the specified issuer.
UNDEFIEND
if no certificate was found. Called only by the ClientConnection as a response to a certificate request.
- Methodget_authorities
array
(string
) get_authorities()- Description
Get the list of allowed authorities. See
set_authorities
.
- Methodget_certificates
array
(CertificatePair
) get_certificates()- Description
Returns a list of all server certificates added with
add_cert
.
- Methodget_export_rsa_key
Crypto.RSA
get_export_rsa_key()- Description
Called by the KeyExchangeExportRSA during KE_rsa_export key exchanges to get the weak RSA key. By default a new 512 bit key is generated for each key exchange. This method can be overloaded to provide caching or alternative means to generate keys.
- Methodget_psk
optional
string(8bit)
get_psk(string(8bit)
id
)- Description
A context created for PSK use must implement a get_psk method, which will be called with the key id, and should return the key to be used for the connection. If the id is not valid, 0 should be returned.
- Methodget_psk_hint
optional
string(8bit)
get_psk_hint()- Description
A context created for server side PSK use can optionally implement get_psk_hint to return a hint string to be sent to the client. If not implemented, or returning 0, no PSK hint will be sent.
- Methodget_psk_id
optional
string(8bit)
get_psk_id(string(8bit)
hint
)- Description
A context created for client side PSK use must implement a get_psk_id method, which will be called with the server provided hint, or 0 if no hint was sent. Note that while there is an API difference between no hint and a zero length hint, some PSK modes are unable to send no hints.
The method should return a key id for the PSK, which will be sent to the server. If the hint is not valid, 0 should be returned.
- Methodget_signature_algorithms
array
(int
) get_signature_algorithms(array
(int
)|void
signature_algorithms
)- Description
Get the (filtered) set of locally supported signature algorithms.
- See also
signature_algorithms
- Methodget_suites
array
(int
) get_suites(int(-1..)
|void
min_keylength
,int(0..2)
|void
ke_mode
,multiset
(int
)|void
blacklisted_ciphers
,multiset
(KeyExchangeType
)|void
blacklisted_kes
,multiset
(HashAlgorithm
)|void
blacklisted_hashes
,multiset
(CipherModes
)|void
blacklisted_ciphermodes
)- Description
Get the prioritized list of supported cipher suites that satisfy the requirements.
- Parameter
min_keylength
Minimum supported effective keylength in bits. Defaults to
128
. Specify-1
to enable null ciphers.- Parameter
ke_mode
Level of protection for the key exchange.
0
Require forward secrecy (ephemeral keys).
1
Also allow certificate based key exchanges.
2
Also allow anonymous server key exchange. Note that this allows for man in the middle attacks.
- Parameter
blacklisted_ciphers
Multiset of ciphers that are NOT to be used. By default RC4, DES and export ciphers are blacklisted. An empty multiset needs to be given to unlock these.
- Parameter
blacklisted_kes
Multiset of key exchange methods that are NOT to be used.
- Parameter
blacklisted_hashes
Multiset of hash algoriths that are NOT to be used.
- Parameter
blacklisted_ciphermodes
Multiset of cipher modes that are NOT to be used.
- Note
The list of suites is also filtered on the current settings of
supported_versions
.- Note
Note that the effective keylength may differ from the actual keylength for old ciphers where there are known attacks.
- Methodget_trusted_issuers
array
(array
(string(8bit)
)) get_trusted_issuers()- Description
Get the list of trusted issuers. See
set_trusted_issuers
.
- Methodget_versions
array
(ProtocolVersion
) get_versions(ProtocolVersion
client
)- Description
Returns a list of possible versions to use, given the version in the client hello header.
- Methodlookup_session
Session
|zero
lookup_session(string
id
)- Description
Lookup a session identifier in the cache. Returns the corresponding session, or zero if it is not found or caching is disabled.
- Methodoffers_tickets
bool
offers_tickets()- Description
Signals if the context will offer a session ticket via
encode_ticket()
.
- Methodpurge_session
void
purge_session(Session
s
)- Description
Invalidate a session for resumption and remove it from the cache.
- Methodrecord_session
void
record_session(Session
s
)- Description
Add a session to the cache (if caching is enabled).
- Methodset_authorities
void
set_authorities(array
(string
)a
)- Description
Array of authorities that are accepted for client certificates. The server will only accept connections from clients whose certificate is signed by one of these authorities. The string is a DER-encoded certificate, which typically must be decoded using
MIME.decode_base64
orStandards.PEM.Messages
first.Note that it is presumed that the issuer will also be trusted by the server. See
trusted_issuers
for details on specifying trusted issuers.If empty, the server will accept any client certificate whose issuer is trusted by the server.
- Methodset_trusted_issuers
void
set_trusted_issuers(array
(array
(string(8bit)
))issuers
)- Description
Sets the list of trusted certificate issuers.
- Parameter
issuers
An array of certificate chains whose root is self signed (ie a root issuer), and whose final certificate is an issuer that we trust. The root of the certificate should be first certificate in the chain. The string is a DER-encoded certificate, which typically must be decoded using
MIME.decode_base64
orStandards.PEM.Messages
first.If this array is left empty, and the context is set to verify certificates, a certificate chain must have a root that is self signed.
- Methodsort_suites
array
(int
) sort_suites(array
(int
)suites
)- Description
Sort a set of cipher suites according to our preferences.
- Returns
Returns the array sorted with the most preferrable (aka "best") cipher suite first.
- Note
The original array (
suites
) is modified destructively, but is not the same array as the result.
Class SSL.File
- Description
Interface similar to
Stdio.File
.Handles blocking and nonblocking mode.
Handles callback mode in an arbitrary backend (also in blocking mode).
Read and write operations may each do both reading and writing. In callback mode that means that installing either a read or a write callback may install both internally.
In Pike 8.0 and later, blocking read and write in concurrent threads is supported.
Callback changing operations like
set_blocking
andset_nonblocking
aren't atomic.Apart from the above, thread safety/atomicity characteristics are retained.
Blocking characterstics are retained for all functions.
is_open
, connection init (create
) and close (close
) can do both reading and writing._destruct
attempts to close the stream properly by sending the close packet, but since it can't do blocking I/O it's not certain that it will succeed. The stream should therefore always be closed with an explicitclose
call.Abrupt remote close without the proper handshake gets the errno
System.EPIPE
.Objects do not contain cyclic references, so they are closed and destructed timely when dropped.
- Variableapplication_protocol
string
SSL.File.application_protocol- Description
The application protocol chosen by the client during application layer protocol negotiation (ALPN).
- Note
Read only
- Variablefragment_max_size
protected
int
SSL.File.fragment_max_size- Description
The max amount of data to send in each packet. Initialized from the context when the object is created.
- Method_destruct
protected
void
_destruct()- Description
Try to close down the connection properly since it's customary to close files just by dropping them. No guarantee can be made that the close packet gets sent successfully though, because we can't risk blocking I/O here. You should call
close
explicitly.- See also
close
- Methodaccept
bool
accept(string
|void
pending_data
)- Description
Configure as server and set up the connection.
- Parameter
pending_data
Any data that has already been read from the stream. This is typically used with protocols that use START TLS or similar, where there's a risk that "too much" data (ie part of the TLS ClientHello) has been read from the stream before deciding that the connection is to enter TLS-mode.
- Returns
Returns
0
on handshaking failure in blocking mode, and otherwise1
.- See also
connect()
- Methodbackend_once
protected
int(0)
|float
backend_once(int
|void
nonwaiting_mode
)- Description
Run one pass of the backend.
- Methodclose
int
close(void
|string
how
,void
|int
clean_close
,void
|int
dont_throw
)- Description
Close the connection. Both the read and write ends are always closed
- Parameter
how
This argument is only for
Stdio.File
compatibility and must be either"rw"
or0
.- Parameter
clean_close
If set then close messages are exchanged to shut down the SSL connection but not the underlying stream. It may then continue to be used for other communication afterwards. The default is to send a close message and then close the stream without waiting for a response.
- Parameter
dont_throw
I/O errors are normally thrown, but that can be turned off with
dont_throw
. In that caseerrno
is set instead and0
is returned.1
is always returned otherwise. It's not an error to close an already closed connection.- Note
If a clean close is requested in nonblocking mode then the stream is most likely not closed right away, and the backend is then still needed for a while afterwards to exchange the close packets.
is_open
returns 2 in that time window.- Note
I/O errors from both reading and writing might occur in blocking mode.
- Note
If a clean close is requested and data following the close message is received at the same time, then this object will read it and has no way to undo that. That data can be retrieved with
read
afterwards.- See also
shutdown
- Methodconnect
SSL.Session
|zero
connect(string
|void
dest_addr
,SSL.Session
|void
session
)- Description
Configure as client and set up the connection.
- Parameter
dest_addr
Optional name of the server that we are connected to.
- Parameter
session
Session to resume (if any).
- Returns
Returns
0
on handshaking failure in blocking mode, and otherwise theSession
object for the connection.- Throws
Throws an error if a connection already has been established.
- See also
accept()
- Methodcreate
SSL.FileSSL.File(
Stdio.File
stream
,SSL.Context
ctx
)- Description
Create an SSL connection over an open
stream
.- Parameter
stream
Open socket or pipe to create the connection over.
- Parameter
ctx
The SSL context.
The backend used by
stream
is taken over and restored after the connection is closed (seeclose
andshutdown
). The callbacks and id instream
are overwritten.- Note
The operation mode defaults to nonblocking mode.
- See also
accept()
,connect()
- Methoderrno
int
errno()- Returns
Returns the current error number for the connection. Notable values are:
0
No error
System.EPIPE
Connection closed by other end.
- Methodget_peer_certificate_info
mapping
get_peer_certificate_info()- Returns
Returns peer certificate information, if any.
- Methodget_peer_certificates
array
get_peer_certificates()- Returns
Returns the peer certificate chain, if any.
- Methodget_server_name
mixed
get_server_name()- Returns
Returns the server name indication value for the connection.
- Methodinternal_poll
protected
void
internal_poll()- Description
Check whether any callbacks may need to be called.
Always run via the
real_backend
.- See also
schedule_poll()
- Methodis_open
int
is_open()- Returns
Returns nonzero if the stream currently is open, zero otherwise.
This function does nonblocking I/O to check for a close packet in the input buffer.
If a clean close has been requested in nonblocking mode, then 2 is returned until the close packet exchanged has been completed.
- Note
In Pike 7.8 and earlier, this function returned zero in the case above where it now returns 2.
- Methodquery_accept_callback
function
(void
|object
,void
|mixed
:int
)|zero
query_accept_callback()- Returns
Returns the current accept callback.
- See also
set_accept_callback
- Methodquery_address
string
query_address(int
|void
arg
)- Returns
Returns the address and port of the connection.
See
Stdio.File.query_address
for details.- See also
Stdio.File.query_address
- Methodquery_alert_callback
function
(object
,int
|object
,string
:void
)|zero
query_alert_callback()- Returns
Returns the current alert callback.
- See also
set_alert_callback
- Methodquery_application_protocol
string(8bit)
query_application_protocol()- Returns
Returns the negotiated application level protocol (ALPN) if any, and otherwise
0
(zero).- See also
Context.advertised_protocols
- Methodquery_backend
Pike.Backend
query_backend()- Description
Return the backend used for the file callbacks.
- See also
set_backend
- Methodquery_buffer_mode
array
(Stdio.Buffer
|int(0)
) query_buffer_mode()- Description
Get the active input and output buffers that have been set with
set_buffer_mode()
(if any).- Returns
Returns an array with two elements:
Array Stdio.Buffer
0
The current input buffer.
Stdio.Buffer
1
The current output buffer.
- See also
set_buffer_mode()
- Methodquery_callbacks
array
(function
(mixed
,void
|string
:int
)|zero
) query_callbacks()- Returns
Returns the currently set callbacks in the same order as the arguments to
set_callbacks
.- See also
set_callbacks
,set_nonblocking
- Methodquery_close_callback
function
(void
|mixed
:int
)|zero
query_close_callback()- Returns
Returns the current close callback.
- See also
set_close_callback
,set_nonblocking
,query_callbacks
- Methodquery_connection
.Connection
query_connection()- Description
Return the SSL connection object.
This returns the low-level
SSL.connection
object.
- Methodquery_read_callback
Stdio.read_callback_t
|zero
query_read_callback()- Returns
Returns the current read callback.
- See also
set_read_callback
,set_nonblocking
,query_callbacks
- Methodquery_stream
Stdio.File
query_stream()- Description
Return the underlying stream.
- Note
Avoid any temptation to do
destruct(file_obj->query_stream())
. That almost certainly creates more problems than it solves.You probably want to use
shutdown
.- See also
shutdown
- Methodquery_timeout
int(0)
|float
query_timeout()- Description
Get the timeout for blocking operations.
- See also
set_timeout()
- Methodquery_version
ProtocolVersion
query_version()- Description
Return the currently active SSL/TLS version.
- Methodquery_write_callback
Stdio.write_callback_t
|zero
query_write_callback()- Returns
Returns the current write callback.
- See also
set_write_callback
,set_nonblocking
,query_callbacks
- Methodread
string
read(void
|int
length
,void
|bool
not_all
)- Description
Read some (decrypted) data from the connection. Works like
Stdio.File.read
.- Note
I/O errors from both reading and writing might occur in blocking mode.
- See also
write
- Methodrenegotiate
int
renegotiate()- Description
Renegotiate the connection by starting a new handshake. Note that the accept callback will be called again when the handshake is finished.
Returns zero if there are any I/O errors.
errno()
will give the details.- Note
The read buffer is not cleared - a
read()
afterwards will return data from both before and after the renegotiation.- Bugs
Data in the write queue in nonblocking mode is not properly written before resetting the connection. Do a blocking
write("")
first to avoid problems with that.
- Methodschedule_poll
protected
void
schedule_poll()- Description
Schedule calling of any relevant callbacks the next time the
real_backend
is run.- See also
internal_poll()
- Methodset_accept_callback
void
set_accept_callback(function
(void
|object
,void
|mixed
:int
)|zero
accept
)- Description
Install a function that will be called when the handshake is finished and the connection is ready for use.
The callback function will be called with the File object and the additional id arguments (set with
set_id
).- Note
Like the read, write and close callbacks, installing this callback implies callback mode, even after the handshake is done.
- See also
set_nonblocking
,set_callbacks
,query_accept_callback
,query_callbacks
- Methodset_alert_callback
void
set_alert_callback(function
(object
,int
|object
,string
:void
)|zero
alert
)- Description
Install a function that will be called when an alert packet is about to be sent. It doesn't affect the callback mode - it's called both from backends and from within normal function calls like
read
andwrite
.This callback can be used to implement fallback to other protocols when used on the server side together with
shutdown()
.- Note
This object is part of a cyclic reference whenever this is set, just like setting any other callback.
- Note
This callback is not cleared by
set_blocking
, or settable byset_callbacks
orset_nonblocking
. It is also not part of the set returned byquery_callbacks
.- See also
query_alert_callback
- Methodset_backend
void
set_backend(Pike.Backend
backend
)- Description
Set the backend used for the file callbacks.
- See also
query_backend
- Methodset_blocking
void
set_blocking()- Description
Set the stream in blocking mode. All but the alert callback are zapped.
- Note
There might be some data still waiting to be written to the stream. That will be written in the next blocking call, regardless what it is.
- Note
This function doesn't solve the case when the connection is used nonblocking in some backend thread and another thread switches it to blocking and starts using it. To solve that, put a call out in the backend from the other thread that switches it to blocking, and then wait until that call out has run.
- Note
Prior to version 7.5.12, this function didn't clear the accept callback.
- See also
set_nonblocking
,set_blocking_keep_callbacks
,set_nonblocking_keep_callbacks
- Methodset_blocking_keep_callbacks
void
set_blocking_keep_callbacks()- Description
Set blocking mode like
set_blocking
, but don't alter any callbacks.- See also
set_blocking
,set_nonblocking
- Methodset_buffer_mode
void
set_buffer_mode(Stdio.Buffer
|int(0)
in
,Stdio.Buffer
|int(0)
out
)- Description
Toggle the file to Buffer mode.
In this mode reading and writing will be done via Buffer objects, in the directions you included buffers.
- Parameter
in
Input buffer. If this buffer is non-empty, its contents will be returned after any already received data.
- Parameter
out
Output buffer. If this buffer is non-empty, its contents will be sent after any data already queued for sending.
- See also
query_buffer_mode()
- Methodset_callbacks
void
set_callbacks(void
|Stdio.read_callback_t
read
,void
|Stdio.write_callback_t
write
,void
|function
(mixed
:int
)close
,void
|function
(mixed
,string
:int
)read_oob
,void
|function
(mixed
:int
)write_oob
,void
|function
(void
|mixed
:int
)accept
)- Description
Installs all the specified callbacks at once. Use
UNDEFINED
to keep the current setting for a callback.Like
set_nonblocking
, the callbacks are installed atomically. As opposed toset_nonblocking
, this function does not do anything with the stream, and it doesn't even have to be open.- Bugs
read_oob
andwrite_oob
are currently ignored.- See also
set_read_callback
,set_write_callback
,set_close_callback
,set_accept_callback
,query_callbacks
- Methodset_close_callback
void
set_close_callback(function
(void
|mixed
:int
)|zero
close
)- Description
Install a function to be called when the connection is closed, either normally or due to an error (use
errno
to retrieve it).- See also
query_close_callback
,set_nonblocking
,query_callbacks
- Methodset_id
void
set_id(mixed
id
)- Description
Set the value to be sent as the first argument to the callbacks installed by
set_callbacks
.- See also
query_id
- Methodset_nonblocking
void
set_nonblocking(void
|Stdio.read_callback_t
read
,void
|Stdio.write_callback_t
write
,void
|function
(void
|mixed
:int
)close
,void
|function
(void
|mixed
:int
)read_oob
,void
|function
(void
|mixed
:int
)write_oob
,void
|function
(void
|mixed
:int
)accept
)- Description
Set the stream in nonblocking mode, installing the specified callbacks. The alert callback isn't touched.
- Note
Prior to version 7.5.12, this function didn't set the accept callback.
- Bugs
read_oob
andwrite_oob
are currently ignored.- See also
set_callbacks
,query_callbacks
,set_nonblocking_keep_callbacks
,set_blocking
- Methodset_nonblocking_keep_callbacks
void
set_nonblocking_keep_callbacks()- Description
Set nonblocking mode like
set_nonblocking
, but don't alter any callbacks.- See also
set_nonblocking
,set_blocking
,set_blocking_keep_callbacks
- Methodset_read_callback
void
set_read_callback(Stdio.read_callback_t
|zero
read
)- Description
Install a function to be called when data is available.
- See also
query_read_callback
,set_nonblocking
,query_callbacks
- Methodset_timeout
void
set_timeout(int(0)
|float
seconds
)- Description
Set timeout for blocking operations.
- Parameter
seconds
Time in seconds allowed for blocking operations before triggering a timeout. Set to
0
(zero) to disable.By default there is no timeout.
- See also
query_timeout()
- Methodset_write_callback
void
set_write_callback(Stdio.write_callback_t
|zero
write
)- Description
Install a function to be called when data can be written.
- See also
query_write_callback
,set_nonblocking
,query_callbacks
- Methodshutdown
Stdio.File
shutdown()- Description
Shut down the SSL connection without sending any more packets.
If the connection is open then the underlying (still open) stream is returned.
If a nonclean (i.e. normal) close has been requested then the underlying stream is closed now if it wasn't closed already, and zero is returned.
If a clean close has been requested (see the second argument to
close
) then the behavior depends on the state of the close packet exchange: The firstshutdown
call after a successful exchange returns the (still open) underlying stream, and later calls return zero and clearserrno
. If the exchange hasn't finished then the stream is closed, zero is returned, anderrno
will returnSystem.EPIPE
.- See also
close
,set_alert_callback
- Methodwrite
int
write(string
|array
(string
)data
,mixed
...args
)- Description
Write some (unencrypted) data to the connection. Works like
Stdio.File.write
except that this function often buffers some data internally, so there's no guarantee that all the consumed data has been successfully written to the stream in nonblocking mode. It keeps the internal buffering to a minimum, however.- Note
This function returns zero if attempts are made to write data during the handshake phase and the mode is nonblocking.
- Note
I/O errors from both reading and writing might occur in blocking mode.
- See also
read
Class SSL.Packet
- Description
SSL Record Layer. Handle formatting and parsing of packets.
- Variablemarginal_size
protected
int
SSL.Packet.marginal_size- Description
The fragment max size is 2^14 (RFC 5246 6.2.1). Compressed fragments are however allowed to be 1024 bytes over (6.2.2), and Ciphertexts 2048 bytes (6.2.3). State the additional headroom in this variable.
- Methodcreate
SSL.PacketSSL.Packet(
ProtocolVersion
version
,void
|int
extra
)- Parameter
version
The version sent packets will be created for.
- Parameter
extra
Additional fragment size, over the 2^14 bytes for a plaintext TLS fragment.
- Methodrecv
int(-1..1)
recv(Stdio.Buffer
data
)- Description
Receive data read from the network.
- Parameter
data
Raw data from the network.
- Returns
Returns a
1
data if packet is complete, otherwise0
.If there's an error, an alert object is returned.
Class SSL.Port
- Description
Interface similar to
Stdio.Port
.
- Variableaccept_queue
protected
ADT.Queue
SSL.Port.accept_queue- Description
Queue of new
SSL.File
s that have been negotiated.
- Variablectx
Context
SSL.Port.ctx- Description
Context
to use for the connections.- Note
The
Context
is created (by callingcontext_factory()
) on first access to the variable.- Note
Read only
- Methodaccept
File
accept()- Description
Get the next pending
File
from theaccept_queue
.- Returns
Returns the next pending
File
if any, and0
(zero) if there are none.
- Methodbind
int
bind(int
port
,function
(mixed
|void
:int
)|void
callback
,string
|void
ip
,int
|void
reuse_port
)- Description
Bind an SSL port.
- Parameter
port
Port number to bind.
- Parameter
callback
Callback to call when an SSL connection has been negotiated.
The callback is called with the
_id
as the argument. The newSSL.File
is then typically retrieved by callingaccept()
.If the
callback
is0
(zero), then connections will not be accepted until the first call ofaccept()
, or a callback has been installed withset_accept_callback()
.- Parameter
ip
Optional IP-number to bind.
- Parameter
reuse_port
If true, enable SO_REUSEPORT if the OS supports it.
- Returns
Returns
1
if binding of the port succeeded, and0
(zero) on failure.- See also
Stdio.Port()->bind()
,File()->set_accept_callback()
,listen_fd()
- Methodcontext_factory
Context
context_factory()- Description
Function called to create the
Context
object for thisPort
.By overriding this function the setup of certificates, etc for the port can be delayed until the first access to the port.
- Returns
Returns the
Context
to be used with thisPort
.
- Methodcreate
SSL.PortSSL.Port(
Context
|void
ctx
)- Description
Create a new port for accepting SSL connections.
- Parameter
ctx
Context
to be used with thisPort
.If left out, it will be created on demand on first access by calling
context_factory()
.- See also
bind()
,listen_fd()
- Methodfinished_callback
void
finished_callback(SSL.File
f
,mixed
|void
id
)- Description
SSL connection accept callback.
- Parameter
f
The
File
that just finished negotiation.This function is installed as the
File
accept callback byssl_callback()
, and enqueues the newly negotiatedFile
on the accept queue.If there has been an
accept_callback
installed bybind()
orlisten_fd()
, it will be called with all pendingFile
s on the accept queue.If there's no
accept_callback
, then theFile
will have to be retrieved from the queue by callingaccept()
.
- Methodlisten_fd
int
listen_fd(int
fd
,function
(mixed
|void
:int
)|void
callback
)- Description
Set up listening for SSL connections on an already opened fd.
- Parameter
fd
File descriptor to listen on.
- Parameter
callback
Callback to call when the SSL connection has been negotiated.
The callback is called with an
File
as the first argument, and the id for theFile
as the second.If the
callback
is0
(zero), then negotiatedFile
s will be enqueued for later retrieval withaccept()
.- Returns
Returns
1
if listening on the fd succeeded, and0
(zero) on failure.- See also
Stdio.Port()->listen_fd()
,File()->set_accept_callback()
,bind()
- Methodset_accept_callback
void
set_accept_callback(function
(:void
)|void
accept_callback
)- Description
Set the accept callback.
- Methodsocket_accept
Stdio.File
socket_accept()- Description
Low-level accept.
- See also
Stdio.Port()->accept()
- Methodssl_callback
void
ssl_callback(mixed
id
)- Description
Connection accept callback.
This function is installed as the
Stdio.Port
callback, and accepts the connection and creates a correspondingFile
withfinished_callback()
as the accept callback.- Note
If no
accept_callback
has been installed viabind()
,listen_fd()
orset_accept_callback()
, installation of this function as theStdio.Port
callback will be delayed until the first call ofaccept()
.- See also
bind()
,finished_callback()
,set_accept_callback()
Class SSL.ServerConnection
- Description
Server-side connection state.
- Methodhandle_handshake
int(-1..1)
handle_handshake(int
type
,Buffer
input
,Stdio.Buffer
raw
)- Description
Do handshake processing. Type is one of HANDSHAKE_*, data is the contents of the packet, and raw is the raw packet received (needed for supporting SSLv2 hello messages).
This function returns 0 if handshake is in progress, 1 if handshake is finished, and -1 if a fatal error occurred. It uses the send_packet() function to transmit packets.
- Note
On entry the handshake header has been removed from
input
.
- Methodsend_renegotiate
void
send_renegotiate()- Description
Renegotiate the connection (server initiated).
Sends a
hello_request
to force a new round of handshaking.
- Methodserver_derive_master_secret
protected
bool
server_derive_master_secret(Buffer
data
)- Description
Derive the new master secret from the state of
ke
and the payloaddata
received fron the client in itsHANDSHAKE_client_key_exchange
packet.
Class SSL.Session
- Description
The most important information in a session object is a choice of encryption algorithms and a "master secret" created by keyexchange with a client. Each connection can either do a full key exchange to established a new session, or reuse a previously established session. That is why we have the session abstraction and the session cache. Each session is used by one or more connections, in sequence or simultaneously.
It is also possible to change to a new session in the middle of a connection.
- Variablecert_data
mapping
|zero
SSL.Session.cert_data- Description
Information about the certificate in use by the peer, such as issuing authority, and verification status.
- Variablecertificate_chain
array
(string(8bit)
)|zero
SSL.Session.certificate_chain- Description
Our certificate chain
- Variablecipher_spec
Cipher.CipherSpec
|zero
SSL.Session.cipher_spec- Description
Information about the encryption method derived from the cipher_suite.
- Variablecipher_suite
int
SSL.Session.cipher_suite- Description
Constant defining a choice of keyexchange, encryption and mac algorithm.
- Variablecompression_algorithm
int
|zero
SSL.Session.compression_algorithm- Description
Always COMPRESSION_null.
- Variablecurve
Crypto.ECC.Curve
|zero
SSL.Session.curve- Description
The ECC curve selected by the key exchange.
KE_ecdh_ecdsa
The curve from the server certificate.
KE_ecdh_rsa
KE_ecdhe_ecdsa
The curve selected for the ECDHE key exchange (typically the largest curve supported by both the client and the server).
KE_ecdhe_rsa
KE_ecdh_anon
- Variableecc_curves
array
(int
) SSL.Session.ecc_curves- Description
Supported elliptical curve cipher curves in order of preference.
- Variableecc_point_format
int
SSL.Session.ecc_point_format- Description
The selected elliptical curve point format.
- Note
May be
-1
to indicate that there's no supported overlap between the server and client.
- Variableencrypt_then_mac
int
SSL.Session.encrypt_then_mac- Description
Negotiated encrypt-then-mac mode.
- Variableextended_master_secret
bool
SSL.Session.extended_master_secret- Description
Indicates that the connection uses the Extended Master Secret method of deriving the master secret.
This setting is only relevant for TLS 1.2 and earlier.
- Variableffdhe_groups
array
(int
)|zero
SSL.Session.ffdhe_groups- Description
Supported finite field diffie-hellman groups in order of preference.
int(0)
Zero indicates that none have been specified.
array
(zero
)The empty array indicates that none are supported.
array
(int
)List of supported groups, with the most preferred first.
- Variableidentity
string(8bit)
|zero
SSL.Session.identity- Description
Identifies the session to the server
- Variablelast_activity
int
SSL.Session.last_activity- Description
When this session object was used last.
- Variablemaster_secret
string(8bit)
|zero
SSL.Session.master_secret- Description
48 byte secret shared between the client and the server. Used for deriving the actual keys.
- Variablemax_packet_size
int
SSL.Session.max_packet_size- Description
The max fragment size requested by the client.
- Variablepeer_certificate_chain
array
(string(8bit)
)|zero
SSL.Session.peer_certificate_chain- Description
The peer certificate chain
- Variablepeer_public_key
Crypto.Sign.State
|zero
SSL.Session.peer_public_key- Description
The peer's public key (from the certificate).
- Variableserver_name
string(8bit)
|zero
SSL.Session.server_name- Description
RFC 6066 section 3.1 (SNI)
- Variablesignature_algorithms
array
(int
) SSL.Session.signature_algorithms- Description
The set of <hash, signature> combinations supported by the peer.
Only used with TLS 1.2 and later.
Defaults to the settings from RFC 5246 section 7.4.1.4.1.
- Variableticket
string(8bit)
|zero
SSL.Session.ticket- Description
Alternative identification of the session to the server.
- See also
- Variabletruncated_hmac
bool
SSL.Session.truncated_hmac- Description
Indicates that the packet HMACs should be truncated to the first 10 bytes (80 bits). Cf RFC 3546 section 3.5.
- Methodgenerate_keys
array
(string(8bit)
) generate_keys(string(8bit)
client_random
,string(8bit)
server_random
,ProtocolVersion
version
)- Description
Generates keys appropriate for the SSL version given in
version
, based on theclient_random
andserver_random
.- Returns
Array string
0
Client write MAC secret
string
1
Server write MAC secret
string
2
Client write key
string
3
Server write key
string
4
Client write IV
string
5
Server write IV
- Methodhas_required_certificates
bool
has_required_certificates()- Description
Indicates if this session has the required server certificate keys set. No means that no or the wrong type of certificate was sent from the server.
- Methodis_supported_cert
protected
bool
is_supported_cert(CertificatePair
cp
,int
ke_mask
,int
h_max
,ProtocolVersion
version
,array
(int
)ecc_curves
)- Description
Used to filter certificates not supported by the peer.
- Parameter
cp
Candidate
CertificatePair
.- Parameter
version
Negotiated version of SSL.
- Parameter
ecc_curves
The set of ecc_curves supported by the peer.
- Methodis_supported_suite
bool
is_supported_suite(int
suite
,int
ke_mask
,ProtocolVersion
version
)- Description
Used to filter the set of cipher suites suggested by the peer based on our available certificates.
- Parameter
suite
Candidate cipher suite.
- Parameter
ke_mask
The bit mask of the key exchange algorithms supported by the set of available certificates.
- Parameter
version
The negotiated version of SSL/TLS.
- Methodnew_client_states
array
(State
) new_client_states(.Connection
con
,string(8bit)
client_random
,string(8bit)
server_random
,ProtocolVersion
version
)- Description
Computes a new set of encryption states, derived from the client_random, server_random and master_secret strings.
- Returns
Array SSL.State
read_state
Read state
SSL.State
write_state
Write state
- Methodnew_server_states
array
(State
) new_server_states(.Connection
con
,string(8bit)
client_random
,string(8bit)
server_random
,ProtocolVersion
version
)- Description
Computes a new set of encryption states, derived from the client_random, server_random and master_secret strings.
- Returns
Array SSL.State
read_state
Read state
SSL.State
write_state
Write state
- Methodreusable_as
bool
reusable_as(Session
other
)- Description
Returns true if this session object can be used in place of the session object
other
.
- Methodselect_cipher_suite
int
select_cipher_suite(array
(CertificatePair
)certs
,array
(int
)cipher_suites
,ProtocolVersion
version
)- Description
Selects an apropriate certificate, authentication method and cipher suite for the parameters provided by the client.
- Parameter
certs
The list of
CertificatePair
s that are applicable to theserver_name
of this session.- Parameter
cipher_suites
The set of cipher suites that the client and server have in common.
- Parameter
version
The SSL protocol version to use.
Typical client extensions that also are used:
The set of signature algorithm tuples that the client claims to support.
signature_algorithms
- Methodset_cipher_suite
int
set_cipher_suite(int
suite
,ProtocolVersion
version
,array
(int
)|zero
signature_algorithms
,int
max_hash_size
)- Description
Sets the proper authentication method and cipher specification for the given parameters.
- Parameter
suite
The cipher suite to use, selected from the set that the client claims to support.
- Parameter
version
The SSL protocol version to use.
- Parameter
signature_algorithms
The set of signature algorithms tuples that the client claims to support.
- Parameter
max_hash_size
- Methodset_compression_method
void
set_compression_method(int
compr
)- Description
Sets the compression method. Currently only
COMPRESSION_null
andCOMPRESSION_deflate
are supported.
Class SSL.State
- Description
The state object handles a one-way stream of packets, and operates in either decryption or encryption mode. A connection switches from one set of state objects to another, one or more times during its lifetime.
- Variablesalt
string
SSL.State.salt- Description
TLS 1.2 IV salt. This is used as a prefix for the IV for the AEAD cipher algorithms.
- Methoddecrypt_packet
Alert
|Packet
decrypt_packet(Packet
packet
)- Description
Destructively decrypts a packet (including inflating and MAC-verification, if needed). On success, returns the decrypted packet. On failure, returns an alert packet. These cases are distinguished by looking at the is_alert attribute of the returned packet.
Class SSL.https
- Description
Dummy HTTPS server/client
Module SSL.Cipher
- Description
Encryption and MAC algorithms used in SSL.
- MethodP_hash
protected
string(8bit)
P_hash(Crypto.Hash
hashfn
,string(8bit)
secret
,string(8bit)
seed
,int
len
)- Description
Hashfn is either a
Crypto.MD5
,Crypto.SHA
orCrypto.SHA256
.
- Methodlookup
CipherSpec
|zero
lookup(int
suite
,ProtocolVersion
|int
version
,array
(int
)|zero
signature_algorithms
,int
max_hash_size
)- Description
Lookup the crypto parameters for a cipher suite.
- Parameter
suite
Cipher suite to lookup.
- Parameter
version
Version of the SSL/TLS protocol to support.
- Parameter
signature_algorithms
The set of
SignatureScheme
values that are supported by the other end.- Parameter
max_hash_size
The maximum hash size supported for the signature algorithm.
- Returns
Returns
0
(zero) for unsupported combinations, otherwise returns an initializedCipherSpec
for thesuite
.
- Methodprf_sha384
string(8bit)
prf_sha384(string(8bit)
secret
,string(8bit)
label
,string(8bit)
seed
,int
len
)- Description
This Pseudo Random Function is used to derive secret keys for some ciphers suites defined after TLS 1.2.
- Methodprf_sha512
string(8bit)
prf_sha512(string(8bit)
secret
,string(8bit)
label
,string(8bit)
seed
,int
len
)- Description
This Pseudo Random Function could be used to derive secret keys for some ciphers suites defined after TLS 1.2.
- Methodprf_ssl_3_0
string(8bit)
prf_ssl_3_0(string(8bit)
secret
,string(8bit)
label
,string(8bit)
seed
,int
len
)- Description
This Pseudo Random Function is used to derive secret keys in SSL 3.0.
- Note
The argument
label
is ignored.
- Methodprf_tls_1_0
string(8bit)
prf_tls_1_0(string(8bit)
secret
,string(8bit)
label
,string(8bit)
seed
,int
len
)- Description
This Pseudo Random Function is used to derive secret keys in TLS 1.0 and 1.1.
- Methodprf_tls_1_2
string(8bit)
prf_tls_1_2(string(8bit)
secret
,string(8bit)
label
,string(8bit)
seed
,int
len
)- Description
This Pseudo Random Function is used to derive secret keys in TLS 1.2.
Class SSL.Cipher.CipherAlgorithm
- Description
Cipher algorithm interface.
Class SSL.Cipher.CipherSpec
- Description
Cipher specification.
- Variablebulk_cipher_algorithm
program
SSL.Cipher.CipherSpec.bulk_cipher_algorithm- Description
The algorithm to use for the bulk of the transfered data.
- Variableexplicit_iv_size
int
SSL.Cipher.CipherSpec.explicit_iv_size- Description
The number of bytes of explicit data needed for initialization vectors. This is used by AEAD ciphers in TLS 1.2, where there's a secret part of the iv "salt" of length
iv_size
, and an explicit part that is sent in the clear.This is usually
bulk_cipher_algorithm->iv_size() - iv_size
, but may be set to zero to just have the sequence number expanded to the same size as an implicit iv. This is used by the suites withCrypto.ChaCha20.POLY1305
.
- Variablehash
Crypto.Hash
SSL.Cipher.CipherSpec.hash- Description
The hash algorithm for signing the handshake.
Usually the same hash as is the base for the
prf
.- Note
Only used in TLS 1.2 and later.
- Variablehash_size
int
SSL.Cipher.CipherSpec.hash_size- Description
The number of bytes in the MAC hashes.
- Variableis_exportable
int
SSL.Cipher.CipherSpec.is_exportable- Description
Indication whether the combination uses strong or weak (aka exportable) crypto.
- Variableiv_size
int
SSL.Cipher.CipherSpec.iv_size- Description
The number of bytes of random data needed for initialization vectors.
- Variablekey_bits
int
SSL.Cipher.CipherSpec.key_bits- Description
The effective number of bits in
key_material
.This is typically
key_material * 8
, but for egDES
this iskey_material * 7
.
- Variablekey_material
int
SSL.Cipher.CipherSpec.key_material- Description
The number of bytes of key material used on initialization.
- Variablemac_algorithm
program
SSL.Cipher.CipherSpec.mac_algorithm- Description
The Message Authentication Code to use for the packets.
- Variablemax_bytes
int
SSL.Cipher.CipherSpec.max_bytes- Description
The number of bytes that is safe to send before we must renegotiate the keys.
- Variableprf
function
(string(8bit)
,string(8bit)
,string(8bit)
,int
:string(8bit)
) SSL.Cipher.CipherSpec.prf- Description
The Pseudo Random Function to use.
- See also
prf_ssl_3_0()
,prf_tls_1_0()
,prf_tls_1_2()
- Variablesignature_alg
SignatureAlgorithm
SSL.Cipher.CipherSpec.signature_alg- Description
The signature algorithm used for key exchange signatures.
- Variablesignature_hash
HashAlgorithm
SSL.Cipher.CipherSpec.signature_hash- Description
The hash algorithm used for key exchange signatures.
- Methodsign
Stdio.Buffer
sign(object
session
,string(8bit)
cookie
,Stdio.Buffer
struct
)- Description
The function used to sign packets.
Class SSL.Cipher.KeyExchange
- Description
KeyExchange method base class.
- Variableanonymous
int
SSL.Cipher.KeyExchange.anonymous- Description
Indicates whether a certificate isn't required.
- Variablecontext
Variablesession
Variableconnection
Variableclient_version object
SSL.Cipher.KeyExchange.contextobject
SSL.Cipher.KeyExchange.sessionobject
SSL.Cipher.KeyExchange.connectionProtocolVersion
SSL.Cipher.KeyExchange.client_version
- Variablemessage_was_bad
int
SSL.Cipher.KeyExchange.message_was_bad- Description
Indicates whether the key exchange has failed due to bad MACs.
- Method__create__
protected
local
void
__create__(object
context
,object
session
,object
connection
,ProtocolVersion
client_version
)
- Methodclient_key_exchange_packet
string(8bit)
client_key_exchange_packet(Stdio.Buffer
packet_data
,ProtocolVersion
version
)- Returns
Returns the premaster secret, and fills in the payload for a
HANDSHAKE_client_key_exchange
packet in the submitted buffer.May return
0
(zero) to generate anALERT_unexpected_message
.
- Methodcreate
SSL.Cipher.KeyExchangeSSL.Cipher.KeyExchange(
object
context
,object
session
,object
connection
,ProtocolVersion
client_version
)
- Methodgot_client_key_exchange
string(8bit)
|int(8bit)
got_client_key_exchange(Stdio.Buffer
data
,ProtocolVersion
version
)- Parameter
data
Payload from a
HANDSHAKE_client_key_exchange
.- Returns
Premaster secret or alert number.
- Note
May set
message_was_bad
and return a fake premaster secret.
- Methodgot_server_key_exchange
int
got_server_key_exchange(Stdio.Buffer
input
,string
client_random
,string
server_random
)- Parameter
input
Stdio.Buffer
with the content of aHANDSHAKE_server_key_exchange
.The default implementation calls
parse_server_key_exchange()
, and then verifies the signature.- Returns
0
Returns zero on success.
-1
Returns negative on verification failure.
- Methodinit_client
bool
init_client()- Description
Initialize for client side use.
- Returns
Returns
1
on success, and0
(zero) on failure.
- Methodinit_server
bool
init_server()- Description
Initialize for server side use.
- Returns
Returns
1
on success, and0
(zero) on failure.
- Methodmake_key_share_offer
optional
void
make_key_share_offer(Stdio.Buffer
offer
)- Description
TLS 1.3 and later.
Generate a key share offer for the configured named group (currently only implemented in
KeyShareECDHE
andKeyShareDHE
).
- Methodparse_server_key_exchange
Stdio.Buffer
parse_server_key_exchange(Stdio.Buffer
input
)- Parameter
input
Stdio.Buffer
with the content of aHANDSHAKE_server_key_exchange
.- Returns
The key exchange information should be extracted from
input
, so that it is positioned at the signature.Returns a new
Stdio.Buffer
with the unsigned payload ofinput
.
- Methodreceive_key_share_offer
optional
string(8bit)
receive_key_share_offer(string(8bit)
offer
)- Description
TLS 1.3 and later.
Receive a key share offer key exchange for the configured group (currently only implemented in
KeyShareECDHE
andKeyShareDHE
).- Note
Clears the secret state.
- Returns
Returns the shared pre-master key.
- Methodserver_key_exchange_packet
string(8bit)
|zero
server_key_exchange_packet(string
client_random
,string
server_random
)- Description
The default implementation calls
server_key_params()
to generate the base payload.- Returns
Returns the signed payload for a
HANDSHAKE_server_key_exchange
.
- Methodserver_key_params
Stdio.Buffer
server_key_params()- Returns
Returns an
Stdio.Buffer
with theHANDSHAKE_server_key_exchange
payload.
Class SSL.Cipher.KeyExchangeDH
- Description
Key exchange for
KE_dh_dss
andKE_dh_dss
.KeyExchange
that uses Diffie-Hellman with a key from a DSS certificate.
Class SSL.Cipher.KeyExchangeDHE
- Description
KeyExchange for
KE_dhe_rsa
,KE_dhe_dss
andKE_dh_anon
.KeyExchange that uses Diffie-Hellman to generate an Ephemeral key.
- Variableparameters
Crypto.DH.Parameters
SSL.Cipher.KeyExchangeDHE.parameters- Description
Finite field Diffie-Hellman parameters.
- Methodgot_client_key_exchange
string(8bit)
|int(8bit)
got_client_key_exchange(Stdio.Buffer
input
,ProtocolVersion
version
)- Returns
Premaster secret or alert number.
Class SSL.Cipher.KeyExchangeDHEPSK
- Description
Key exchange for
KE_dhe_psk
.
Class SSL.Cipher.KeyExchangeECDH
- Description
KeyExchange for
KE_ecdh_rsa
andKE_ecdh_ecdsa
.NB: The only difference between the two is whether the certificate is signed with RSA or ECDSA.
This KeyExchange uses the Elliptic Curve parameters from the ECDSA certificate on the server side, and ephemeral parameters on the client side.
- Note
Deprecated in RFC 8422 section 5.5.
Class SSL.Cipher.KeyExchangeECDHE
- Description
KeyExchange for
KE_ecdhe_rsa
,KE_ecdhe_ecdsa
andKE_ecdh_anon
.KeyExchange that uses Elliptic Curve Diffie-Hellman or Edwards Curve Diffie-Hellman to generate an Ephemeral key.
Class SSL.Cipher.KeyExchangeECDHEPSK
- Description
Key exchange for
KE_ecdhe_psk
.
Class SSL.Cipher.KeyExchangeExportRSA
- Description
Key exchange for
KE_rsa_export
.KeyExchange
that uses the Rivest Shamir Adelman algorithm, but limited to 512 bits for encryption and decryption.
Class SSL.Cipher.KeyExchangeKRB
- Description
Key exchange for
KE_krb
.KeyExchange
that uses Kerberos (RFC 2712).
Class SSL.Cipher.KeyExchangeNULL
- Description
Key exchange for
KE_null
.This is the NULL
KeyExchange
, which is only used for theSSL_null_with_null_null
cipher suite, which is usually disabled.
Class SSL.Cipher.KeyExchangePSK
- Description
Key exchange for
KE_psk
, pre shared keys.
Class SSL.Cipher.KeyExchangeRSA
- Description
Key exchange for
KE_rsa
.KeyExchange
that uses the Rivest Shamir Adelman algorithm.
Class SSL.Cipher.KeyExchangeRSAPSK
- Description
Key exchange for
KE_rsa_psk
.
Class SSL.Cipher.MACAlgorithm
- Description
Message Authentication Code interface.
- Constanthash_header_size
constant
int
SSL.Cipher.MACAlgorithm.hash_header_size
- Description
The length of the header prefixed by
hash()
.
- Methodhash
string
hash(string
data
)- Description
Creates a HMAC hash of the
data
with the underlying hash algorithm.
- Methodhash_packet
string
hash_packet(object
packet
,int
|void
adjust_len
)- Description
Generates a header and creates a HMAC hash for the given
packet
.- Parameter
packet
Packet
to generate a MAC hash for.- Parameter
adjust_len
Added to sizeof(packet) to get the packet length.
- Returns
Returns the MAC hash for the
packet
.
Class SSL.Cipher.MAChmac_md5
- Description
HMAC using MD5.
This is the MAC algorithm used by TLS 1.0 and later.
Class SSL.Cipher.MAChmac_sha
- Description
HMAC using SHA.
This is the MAC algorithm used by TLS 1.0 and later.
Class SSL.Cipher.MAChmac_sha256
- Description
HMAC using SHA256.
This is the MAC algorithm used by some cipher suites in TLS 1.2 and later.
Class SSL.Cipher.MAChmac_sha384
- Description
HMAC using SHA384.
This is a MAC algorithm used by some cipher suites in TLS 1.2 and later.
Class SSL.Cipher.MAChmac_sha512
- Description
HMAC using SHA512.
This is a MAC algorithm used by some cipher suites in TLS 1.2 and later.
Class SSL.Cipher.MACmd5
- Description
MAC using MD5.
- Note
Note: This uses the algorithm from the SSL 3.0 draft.
Class SSL.Cipher.MACsha
- Description
MAC using SHA.
- Note
Note: This uses the algorithm from the SSL 3.0 draft.
Module SSL.Constants
- Description
Protocol constants
- ConstantAUTHLEVEL_ask
constant
int
SSL.Constants.AUTHLEVEL_ask
- Description
As a server, request a certificate, but don't require a response. This AUTHLEVEL is not relevant for clients.
- ConstantAUTHLEVEL_none
constant
int
SSL.Constants.AUTHLEVEL_none
- Description
Don't request nor check any certificate.
- ConstantAUTHLEVEL_require
constant
int
SSL.Constants.AUTHLEVEL_require
- Description
Require other party to send a valid certificate.
- ConstantAUTHLEVEL_verify
constant
int
SSL.Constants.AUTHLEVEL_verify
- Description
Don't request, but verify any certificate.
- ConstantCIPHER_SUITES
constant
SSL.Constants.CIPHER_SUITES
- Description
A mapping from cipher suite identifier to an array defining the algorithms to be used in that suite.
Array KeyExchangeType
0
The key exchange algorithm to be used for this suite, or 0. E.g.
KE_rsa
.int
1
The cipher algorithm to be used for this suite, or 0. E.g.
CIPHER_aes
.HashAlgorithm
2
The hash algorithm to be used for this suite, or 0. E.g.
HASH_sha1
.CipherModes
3
Optionally for TLS 1.2 and later cipher suites the mode of operation. E.g.
MODE_cbc
.
- ConstantCIPHER_effective_keylengths
constant
SSL.Constants.CIPHER_effective_keylengths
- Description
Mapping from cipher algorithm to effective key length.
- ConstantECC_NAME_TO_CURVE
constant
SSL.Constants.ECC_NAME_TO_CURVE
- Description
Lookup for Pike ECC name to
NamedGroup
.
- ConstantHASH_lookup
constant
SSL.Constants.HASH_lookup
- Description
Lookup from
HashAlgorithm
to correspondingCrypto.Hash
.
- ConstantKE_Anonymous
constant
SSL.Constants.KE_Anonymous
- Description
Lists
KeyExchangeType
that doesn't require certificates.
- ConstantPROTOCOL_TLS_MAX
constant
SSL.Constants.PROTOCOL_TLS_MAX
- Description
Max supported TLS version.
- Methodfmt_cipher_suite
string
fmt_cipher_suite(int
suite
)- Description
Return a descriptive name for a cipher suite.
- Parameter
suite
Cipher suite to format.
- Methodfmt_cipher_suites
string
fmt_cipher_suites(array
(int
)s
)- Description
Pretty-print an array of cipher suites.
- Parameter
s
Array of cipher suites to format.
- Methodfmt_constant
string
fmt_constant(int
c
,string
prefix
)- Description
Return a descriptive name for a constant value.
- Parameter
c
Value to format.
- Parameter
prefix
Constant name prefix. Eg
"CONNECTION"
.
- Methodfmt_signature_pairs
string
fmt_signature_pairs(array
(int
)pairs
)- Description
Pretty-print an array of
SignatureScheme
s.- Parameter
pairs
Array of signature pairs to format.
- Methodfmt_version
string
fmt_version(ProtocolVersion
version
)- Description
Pretty-print a
ProtocolVersion
.- Parameter
version
ProtocolVersion
to format.
Enum SSL.Constants.ALPNProtocol
- Description
Application Level Protocol Negotiation protocol identifiers.
- See also
EXTENSION_application_layer_protocol_negotiation
- ConstantALPN_http_1_1
ConstantALPN_spdy_1
ConstantALPN_spdy_2
ConstantALPN_spdy_3
ConstantALPN_turn
ConstantALPN_stun
ConstantALPN_http_2
ConstantALPN_http_2_reserved constant
SSL.Constants.ALPN_http_1_1
constant
SSL.Constants.ALPN_spdy_1
constant
SSL.Constants.ALPN_spdy_2
constant
SSL.Constants.ALPN_spdy_3
constant
SSL.Constants.ALPN_turn
constant
SSL.Constants.ALPN_stun
constant
SSL.Constants.ALPN_http_2
constant
SSL.Constants.ALPN_http_2_reserved
Enum SSL.Constants.AuthzDataFormat
Enum SSL.Constants.CertificateType
Enum SSL.Constants.CipherModes
- Description
Cipher operation modes.
- ConstantMODE_ccm_8
constant
SSL.Constants.MODE_ccm_8
- Description
CCM - Counter with 8 bit CBC-MAC mode.
Enum SSL.Constants.CipherSuite
- ConstantSSL_invalid_suite
ConstantSSL_null_with_null_null
ConstantSSL_rsa_with_null_md5
ConstantSSL_rsa_with_null_sha
ConstantSSL_rsa_export_with_rc4_40_md5
ConstantSSL_rsa_with_rc4_128_md5
ConstantSSL_rsa_with_rc4_128_sha
ConstantSSL_rsa_export_with_rc2_cbc_40_md5
ConstantSSL_rsa_with_idea_cbc_sha
ConstantTLS_rsa_with_idea_cbc_sha
ConstantSSL_rsa_export_with_des40_cbc_sha
ConstantSSL_rsa_with_des_cbc_sha
ConstantTLS_rsa_with_des_cbc_sha
ConstantSSL_rsa_with_3des_ede_cbc_sha
ConstantSSL_dh_dss_export_with_des40_cbc_sha
ConstantSSL_dh_dss_with_des_cbc_sha
ConstantTLS_dh_dss_with_des_cbc_sha
ConstantSSL_dh_dss_with_3des_ede_cbc_sha
ConstantSSL_dh_rsa_export_with_des40_cbc_sha
ConstantSSL_dh_rsa_with_des_cbc_sha
ConstantTLS_dh_rsa_with_des_cbc_sha
ConstantSSL_dh_rsa_with_3des_ede_cbc_sha
ConstantSSL_dhe_dss_export_with_des40_cbc_sha
ConstantSSL_dhe_dss_with_des_cbc_sha
ConstantTLS_dhe_dss_with_des_cbc_sha
ConstantSSL_dhe_dss_with_3des_ede_cbc_sha
ConstantSSL_dhe_rsa_export_with_des40_cbc_sha
ConstantSSL_dhe_rsa_with_des_cbc_sha
ConstantTLS_dhe_rsa_with_des_cbc_sha
ConstantSSL_dhe_rsa_with_3des_ede_cbc_sha
ConstantSSL_dh_anon_export_with_rc4_40_md5
ConstantSSL_dh_anon_with_rc4_128_md5
ConstantSSL_dh_anon_export_with_des40_cbc_sha
ConstantSSL_dh_anon_with_des_cbc_sha
ConstantTLS_dh_anon_with_des_cbc_sha
ConstantSSL_dh_anon_with_3des_ede_cbc_sha constant
SSL.Constants.SSL_invalid_suite
constant
SSL.Constants.SSL_null_with_null_null
constant
SSL.Constants.SSL_rsa_with_null_md5
constant
SSL.Constants.SSL_rsa_with_null_sha
constant
SSL.Constants.SSL_rsa_export_with_rc4_40_md5
constant
SSL.Constants.SSL_rsa_with_rc4_128_md5
constant
SSL.Constants.SSL_rsa_with_rc4_128_sha
constant
SSL.Constants.SSL_rsa_export_with_rc2_cbc_40_md5
constant
SSL.Constants.SSL_rsa_with_idea_cbc_sha
constant
SSL.Constants.TLS_rsa_with_idea_cbc_sha
constant
SSL.Constants.SSL_rsa_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_rsa_with_des_cbc_sha
constant
SSL.Constants.TLS_rsa_with_des_cbc_sha
constant
SSL.Constants.SSL_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.SSL_dh_dss_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_dh_dss_with_des_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_des_cbc_sha
constant
SSL.Constants.SSL_dh_dss_with_3des_ede_cbc_sha
constant
SSL.Constants.SSL_dh_rsa_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_dh_rsa_with_des_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_des_cbc_sha
constant
SSL.Constants.SSL_dh_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.SSL_dhe_dss_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_dhe_dss_with_des_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_des_cbc_sha
constant
SSL.Constants.SSL_dhe_dss_with_3des_ede_cbc_sha
constant
SSL.Constants.SSL_dhe_rsa_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_dhe_rsa_with_des_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_des_cbc_sha
constant
SSL.Constants.SSL_dhe_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.SSL_dh_anon_export_with_rc4_40_md5
constant
SSL.Constants.SSL_dh_anon_with_rc4_128_md5
constant
SSL.Constants.SSL_dh_anon_export_with_des40_cbc_sha
constant
SSL.Constants.SSL_dh_anon_with_des_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_des_cbc_sha
constant
SSL.Constants.SSL_dh_anon_with_3des_ede_cbc_sha
- ConstantSSL_rsa_fips_with_des_cbc_sha
ConstantSSL_rsa_fips_with_3des_ede_cbc_sha constant
SSL.Constants.SSL_rsa_fips_with_des_cbc_sha
constant
SSL.Constants.SSL_rsa_fips_with_3des_ede_cbc_sha
- ConstantSSL_rsa_oldfips_with_des_cbc_sha
ConstantSSL_rsa_oldfips_with_3des_ede_cbc_sha constant
SSL.Constants.SSL_rsa_oldfips_with_des_cbc_sha
constant
SSL.Constants.SSL_rsa_oldfips_with_3des_ede_cbc_sha
- ConstantSSL_rsa_with_rc2_cbc_md5
ConstantSSL_rsa_with_idea_cbc_md5
ConstantSSL_rsa_with_des_cbc_md5
ConstantSSL_rsa_with_3des_ede_cbc_md5 constant
SSL.Constants.SSL_rsa_with_rc2_cbc_md5
constant
SSL.Constants.SSL_rsa_with_idea_cbc_md5
constant
SSL.Constants.SSL_rsa_with_des_cbc_md5
constant
SSL.Constants.SSL_rsa_with_3des_ede_cbc_md5
- ConstantTLS_aes_128_gcm_sha256
ConstantTLS_aes_256_gcm_sha384
ConstantTLS_chacha20_poly1305_sha256
ConstantTLS_aes_128_ccm_sha256
ConstantTLS_aes_128_ccm_8_sha256 constant
SSL.Constants.TLS_aes_128_gcm_sha256
constant
SSL.Constants.TLS_aes_256_gcm_sha384
constant
SSL.Constants.TLS_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_aes_128_ccm_sha256
constant
SSL.Constants.TLS_aes_128_ccm_8_sha256
- ConstantTLS_krb5_with_des_cbc_sha
ConstantTLS_krb5_with_3des_ede_cbc_sha
ConstantTLS_krb5_with_rc4_128_sha
ConstantTLS_krb5_with_idea_cbc_sha
ConstantTLS_krb5_with_des_cbc_md5
ConstantTLS_krb5_with_3des_ede_cbc_md5
ConstantTLS_krb5_with_rc4_128_md5
ConstantTLS_krb5_with_idea_cbc_md5
ConstantTLS_krb5_export_with_des_cbc_40_sha
ConstantTLS_krb5_export_with_rc2_cbc_40_sha
ConstantTLS_krb5_export_with_rc4_40_sha
ConstantTLS_krb5_export_with_des_cbc_40_md5
ConstantTLS_krb5_export_with_rc2_cbc_40_md5
ConstantTLS_krb5_export_with_rc4_40_md5
ConstantTLS_psk_with_null_sha
ConstantTLS_dhe_psk_with_null_sha
ConstantTLS_rsa_psk_with_null_sha
ConstantTLS_rsa_with_aes_128_cbc_sha
ConstantTLS_dh_dss_with_aes_128_cbc_sha
ConstantTLS_dh_rsa_with_aes_128_cbc_sha
ConstantTLS_dhe_dss_with_aes_128_cbc_sha
ConstantTLS_dhe_rsa_with_aes_128_cbc_sha
ConstantTLS_dh_anon_with_aes_128_cbc_sha
ConstantTLS_rsa_with_aes_256_cbc_sha
ConstantTLS_dh_dss_with_aes_256_cbc_sha
ConstantTLS_dh_rsa_with_aes_256_cbc_sha
ConstantTLS_dhe_dss_with_aes_256_cbc_sha
ConstantTLS_dhe_rsa_with_aes_256_cbc_sha
ConstantTLS_dh_anon_with_aes_256_cbc_sha
ConstantTLS_rsa_with_null_sha256
ConstantTLS_rsa_with_aes_128_cbc_sha256
ConstantTLS_rsa_with_aes_256_cbc_sha256
ConstantTLS_dh_dss_with_aes_128_cbc_sha256
ConstantTLS_dh_rsa_with_aes_128_cbc_sha256
ConstantTLS_dhe_dss_with_aes_128_cbc_sha256
ConstantTLS_rsa_with_camellia_128_cbc_sha
ConstantTLS_dh_dss_with_camellia_128_cbc_sha
ConstantTLS_dh_rsa_with_camellia_128_cbc_sha
ConstantTLS_dhe_dss_with_camellia_128_cbc_sha
ConstantTLS_dhe_rsa_with_camellia_128_cbc_sha
ConstantTLS_dh_anon_with_camellia_128_cbc_sha constant
SSL.Constants.TLS_krb5_with_des_cbc_sha
constant
SSL.Constants.TLS_krb5_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_krb5_with_rc4_128_sha
constant
SSL.Constants.TLS_krb5_with_idea_cbc_sha
constant
SSL.Constants.TLS_krb5_with_des_cbc_md5
constant
SSL.Constants.TLS_krb5_with_3des_ede_cbc_md5
constant
SSL.Constants.TLS_krb5_with_rc4_128_md5
constant
SSL.Constants.TLS_krb5_with_idea_cbc_md5
constant
SSL.Constants.TLS_krb5_export_with_des_cbc_40_sha
constant
SSL.Constants.TLS_krb5_export_with_rc2_cbc_40_sha
constant
SSL.Constants.TLS_krb5_export_with_rc4_40_sha
constant
SSL.Constants.TLS_krb5_export_with_des_cbc_40_md5
constant
SSL.Constants.TLS_krb5_export_with_rc2_cbc_40_md5
constant
SSL.Constants.TLS_krb5_export_with_rc4_40_md5
constant
SSL.Constants.TLS_psk_with_null_sha
constant
SSL.Constants.TLS_dhe_psk_with_null_sha
constant
SSL.Constants.TLS_rsa_psk_with_null_sha
constant
SSL.Constants.TLS_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_rsa_with_null_sha256
constant
SSL.Constants.TLS_rsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_with_aes_256_cbc_sha256
constant
SSL.Constants.TLS_dh_dss_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_dh_rsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_dss_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_with_camellia_128_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_camellia_128_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_camellia_128_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_camellia_128_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_128_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_camellia_128_cbc_sha
- ConstantTLS_dhe_rsa_with_aes_128_cbc_sha256
ConstantTLS_dh_dss_with_aes_256_cbc_sha256
ConstantTLS_dh_rsa_with_aes_256_cbc_sha256
ConstantTLS_dhe_dss_with_aes_256_cbc_sha256
ConstantTLS_dhe_rsa_with_aes_256_cbc_sha256
ConstantTLS_dh_anon_with_aes_128_cbc_sha256
ConstantTLS_dh_anon_with_aes_256_cbc_sha256 constant
SSL.Constants.TLS_dhe_rsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_dh_dss_with_aes_256_cbc_sha256
constant
SSL.Constants.TLS_dh_rsa_with_aes_256_cbc_sha256
constant
SSL.Constants.TLS_dhe_dss_with_aes_256_cbc_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_aes_256_cbc_sha256
constant
SSL.Constants.TLS_dh_anon_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_dh_anon_with_aes_256_cbc_sha256
- ConstantTLS_rsa_with_camellia_256_cbc_sha
ConstantTLS_dh_dss_with_camellia_256_cbc_sha
ConstantTLS_dh_rsa_with_camellia_256_cbc_sha
ConstantTLS_dhe_dss_with_camellia_256_cbc_sha
ConstantTLS_dhe_rsa_with_camellia_256_cbc_sha
ConstantTLS_dh_anon_with_camellia_256_cbc_sha
ConstantTLS_psk_with_rc4_128_sha
ConstantTLS_psk_with_3des_ede_cbc_sha
ConstantTLS_psk_with_aes_128_cbc_sha
ConstantTLS_psk_with_aes_256_cbc_sha
ConstantTLS_dhe_psk_with_rc4_128_sha
ConstantTLS_dhe_psk_with_3des_ede_cbc_sha
ConstantTLS_dhe_psk_with_aes_128_cbc_sha
ConstantTLS_dhe_psk_with_aes_256_cbc_sha
ConstantTLS_rsa_psk_with_rc4_128_sha
ConstantTLS_rsa_psk_with_3des_ede_cbc_sha
ConstantTLS_rsa_psk_with_aes_128_cbc_sha
ConstantTLS_rsa_psk_with_aes_256_cbc_sha
ConstantTLS_rsa_with_seed_cbc_sha
ConstantTLS_dh_dss_with_seed_cbc_sha
ConstantTLS_dh_rsa_with_seed_cbc_sha
ConstantTLS_dhe_dss_with_seed_cbc_sha
ConstantTLS_dhe_rsa_with_seed_cbc_sha
ConstantTLS_dh_anon_with_seed_cbc_sha
ConstantTLS_rsa_with_aes_128_gcm_sha256
ConstantTLS_rsa_with_aes_256_gcm_sha384
ConstantTLS_dhe_rsa_with_aes_128_gcm_sha256
ConstantTLS_dhe_rsa_with_aes_256_gcm_sha384
ConstantTLS_dh_rsa_with_aes_128_gcm_sha256
ConstantTLS_dh_rsa_with_aes_256_gcm_sha384
ConstantTLS_dhe_dss_with_aes_128_gcm_sha256
ConstantTLS_dhe_dss_with_aes_256_gcm_sha384
ConstantTLS_dh_dss_with_aes_128_gcm_sha256
ConstantTLS_dh_dss_with_aes_256_gcm_sha384
ConstantTLS_dh_anon_with_aes_128_gcm_sha256
ConstantTLS_dh_anon_with_aes_256_gcm_sha384
ConstantTLS_psk_with_aes_128_gcm_sha256
ConstantTLS_psk_with_aes_256_gcm_sha384
ConstantTLS_dhe_psk_with_aes_128_gcm_sha256
ConstantTLS_dhe_psk_with_aes_256_gcm_sha384
ConstantTLS_rsa_psk_with_aes_128_gcm_sha256
ConstantTLS_rsa_psk_with_aes_256_gcm_sha384
ConstantTLS_psk_with_aes_128_cbc_sha256
ConstantTLS_psk_with_aes_256_cbc_sha384
ConstantTLS_psk_with_null_sha256
ConstantTLS_psk_with_null_sha384
ConstantTLS_dhe_psk_with_aes_128_cbc_sha256
ConstantTLS_dhe_psk_with_aes_256_cbc_sha384
ConstantTLS_dhe_psk_with_null_sha256
ConstantTLS_dhe_psk_with_null_sha384
ConstantTLS_rsa_psk_with_aes_128_cbc_sha256
ConstantTLS_rsa_psk_with_aes_256_cbc_sha384
ConstantTLS_rsa_psk_with_null_sha256
ConstantTLS_rsa_psk_with_null_sha384
ConstantTLS_rsa_with_camellia_128_cbc_sha256
ConstantTLS_dh_dss_with_camellia_128_cbc_sha256
ConstantTLS_dh_rsa_with_camellia_128_cbc_sha256
ConstantTLS_dhe_dss_with_camellia_128_cbc_sha256
ConstantTLS_dhe_rsa_with_camellia_128_cbc_sha256
ConstantTLS_dh_anon_with_camellia_128_cbc_sha256
ConstantTLS_rsa_with_camellia_256_cbc_sha256
ConstantTLS_dh_dss_with_camellia_256_cbc_sha256
ConstantTLS_dh_rsa_with_camellia_256_cbc_sha256
ConstantTLS_dhe_dss_with_camellia_256_cbc_sha256
ConstantTLS_dhe_rsa_with_camellia_256_cbc_sha256
ConstantTLS_dh_anon_with_camellia_256_cbc_sha256
ConstantTLS_sm4_gcm_sm3
ConstantTLS_sm4_ccm_sm3 constant
SSL.Constants.TLS_rsa_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_camellia_256_cbc_sha
constant
SSL.Constants.TLS_psk_with_rc4_128_sha
constant
SSL.Constants.TLS_psk_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_psk_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_psk_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_dhe_psk_with_rc4_128_sha
constant
SSL.Constants.TLS_dhe_psk_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_dhe_psk_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_dhe_psk_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_rsa_psk_with_rc4_128_sha
constant
SSL.Constants.TLS_rsa_psk_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_rsa_psk_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_rsa_psk_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_rsa_with_seed_cbc_sha
constant
SSL.Constants.TLS_dh_dss_with_seed_cbc_sha
constant
SSL.Constants.TLS_dh_rsa_with_seed_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_with_seed_cbc_sha
constant
SSL.Constants.TLS_dhe_rsa_with_seed_cbc_sha
constant
SSL.Constants.TLS_dh_anon_with_seed_cbc_sha
constant
SSL.Constants.TLS_rsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_rsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dh_rsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dh_rsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_dss_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_dss_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dh_dss_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dh_dss_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dh_anon_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dh_anon_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_psk_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_psk_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_psk_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_psk_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_rsa_psk_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_psk_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_psk_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_psk_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_psk_with_null_sha256
constant
SSL.Constants.TLS_psk_with_null_sha384
constant
SSL.Constants.TLS_dhe_psk_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_psk_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_dhe_psk_with_null_sha256
constant
SSL.Constants.TLS_dhe_psk_with_null_sha384
constant
SSL.Constants.TLS_rsa_psk_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_psk_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_psk_with_null_sha256
constant
SSL.Constants.TLS_rsa_psk_with_null_sha384
constant
SSL.Constants.TLS_rsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dh_dss_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dh_rsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_dss_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dh_anon_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_dh_dss_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_dh_rsa_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_dhe_dss_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_dh_anon_with_camellia_256_cbc_sha256
constant
SSL.Constants.TLS_sm4_gcm_sm3
constant
SSL.Constants.TLS_sm4_ccm_sm3
- ConstantTLS_ecdh_ecdsa_with_null_sha
ConstantTLS_ecdh_ecdsa_with_rc4_128_sha
ConstantTLS_ecdh_ecdsa_with_3des_ede_cbc_sha
ConstantTLS_ecdh_ecdsa_with_aes_128_cbc_sha
ConstantTLS_ecdh_ecdsa_with_aes_256_cbc_sha
ConstantTLS_ecdhe_ecdsa_with_null_sha
ConstantTLS_ecdhe_ecdsa_with_rc4_128_sha
ConstantTLS_ecdhe_ecdsa_with_3des_ede_cbc_sha
ConstantTLS_ecdhe_ecdsa_with_aes_128_cbc_sha
ConstantTLS_ecdhe_ecdsa_with_aes_256_cbc_sha
ConstantTLS_ecdh_rsa_with_null_sha
ConstantTLS_ecdh_rsa_with_rc4_128_sha
ConstantTLS_ecdh_rsa_with_3des_ede_cbc_sha
ConstantTLS_ecdh_rsa_with_aes_128_cbc_sha
ConstantTLS_ecdh_rsa_with_aes_256_cbc_sha
ConstantTLS_ecdhe_rsa_with_null_sha
ConstantTLS_ecdhe_rsa_with_rc4_128_sha
ConstantTLS_ecdhe_rsa_with_3des_ede_cbc_sha
ConstantTLS_ecdhe_rsa_with_aes_128_cbc_sha
ConstantTLS_ecdhe_rsa_with_aes_256_cbc_sha
ConstantTLS_ecdh_anon_with_null_sha
ConstantTLS_ecdh_anon_with_rc4_128_sha
ConstantTLS_ecdh_anon_with_3des_ede_cbc_sha
ConstantTLS_ecdh_anon_with_aes_128_cbc_sha
ConstantTLS_ecdh_anon_with_aes_256_cbc_sha
ConstantTLS_srp_sha_with_3des_ede_cbc_sha
ConstantTLS_srp_sha_rsa_with_3des_ede_cbc_sha
ConstantTLS_srp_sha_dss_with_3des_ede_cbc_sha
ConstantTLS_srp_sha_with_aes_128_cbc_sha
ConstantTLS_srp_sha_rsa_with_aes_128_cbc_sha
ConstantTLS_srp_sha_dss_with_aes_128_cbc_sha
ConstantTLS_srp_sha_with_aes_256_cbc_sha
ConstantTLS_srp_sha_rsa_with_aes_256_cbc_sha
ConstantTLS_srp_sha_dss_with_aes_256_cbc_sha
ConstantTLS_ecdhe_ecdsa_with_aes_128_cbc_sha256
ConstantTLS_ecdhe_ecdsa_with_aes_256_cbc_sha384
ConstantTLS_ecdh_ecdsa_with_aes_128_cbc_sha256
ConstantTLS_ecdh_ecdsa_with_aes_256_cbc_sha384
ConstantTLS_ecdhe_rsa_with_aes_128_cbc_sha256
ConstantTLS_ecdhe_rsa_with_aes_256_cbc_sha384
ConstantTLS_ecdh_rsa_with_aes_128_cbc_sha256
ConstantTLS_ecdh_rsa_with_aes_256_cbc_sha384
ConstantTLS_ecdhe_ecdsa_with_aes_128_gcm_sha256
ConstantTLS_ecdhe_ecdsa_with_aes_256_gcm_sha384
ConstantTLS_ecdh_ecdsa_with_aes_128_gcm_sha256
ConstantTLS_ecdh_ecdsa_with_aes_256_gcm_sha384
ConstantTLS_ecdhe_rsa_with_aes_128_gcm_sha256
ConstantTLS_ecdhe_rsa_with_aes_256_gcm_sha384
ConstantTLS_ecdh_rsa_with_aes_128_gcm_sha256
ConstantTLS_ecdh_rsa_with_aes_256_gcm_sha384
ConstantTLS_ecdhe_psk_with_rc4_128_sha
ConstantTLS_ecdhe_psk_with_3des_ede_cbc_sha
ConstantTLS_ecdhe_psk_with_aes_128_cbc_sha
ConstantTLS_ecdhe_psk_with_aes_256_cbc_sha
ConstantTLS_ecdhe_psk_with_aes_128_cbc_sha256
ConstantTLS_ecdhe_psk_with_aes_256_cbc_sha384
ConstantTLS_ecdhe_psk_with_null_sha
ConstantTLS_ecdhe_psk_with_null_sha256
ConstantTLS_ecdhe_psk_with_null_sha384
ConstantTLS_rsa_with_aria_128_cbc_sha256
ConstantTLS_rsa_with_aria_256_cbc_sha384
ConstantTLS_dh_dss_with_aria_128_cbc_sha256
ConstantTLS_dh_dss_with_aria_256_cbc_sha384
ConstantTLS_dh_rsa_with_aria_128_cbc_sha256
ConstantTLS_dh_rsa_with_aria_256_cbc_sha384
ConstantTLS_dhe_dss_with_aria_128_cbc_sha256
ConstantTLS_dhe_dss_with_aria_256_cbc_sha384
ConstantTLS_dhe_rsa_with_aria_128_cbc_sha256
ConstantTLS_dhe_rsa_with_aria_256_cbc_sha384
ConstantTLS_dh_anon_with_aria_128_cbc_sha256
ConstantTLS_dh_anon_with_aria_256_cbc_sha384
ConstantTLS_ecdhe_ecdsa_with_aria_128_cbc_sha256
ConstantTLS_ecdhe_ecdsa_with_aria_256_cbc_sha384
ConstantTLS_ecdh_ecdsa_with_aria_128_cbc_sha256
ConstantTLS_ecdh_ecdsa_with_aria_256_cbc_sha384
ConstantTLS_ecdhe_rsa_with_aria_128_cbc_sha256
ConstantTLS_ecdhe_rsa_with_aria_256_cbc_sha384
ConstantTLS_ecdh_rsa_with_aria_128_cbc_sha256
ConstantTLS_ecdh_rsa_with_aria_256_cbc_sha384
ConstantTLS_rsa_with_aria_128_gcm_sha256
ConstantTLS_rsa_with_aria_256_gcm_sha384
ConstantTLS_dhe_rsa_with_aria_128_gcm_sha256
ConstantTLS_dhe_rsa_with_aria_256_gcm_sha384
ConstantTLS_dh_rsa_with_aria_128_gcm_sha256
ConstantTLS_dh_rsa_with_aria_256_gcm_sha384
ConstantTLS_dhe_dss_with_aria_128_gcm_sha256
ConstantTLS_dhe_dss_with_aria_256_gcm_sha384
ConstantTLS_dh_dss_with_aria_128_gcm_sha256
ConstantTLS_dh_dss_with_aria_256_gcm_sha384
ConstantTLS_dh_anon_with_aria_128_gcm_sha256
ConstantTLS_dh_anon_with_aria_256_gcm_sha384
ConstantTLS_ecdhe_ecdsa_with_aria_128_gcm_sha256
ConstantTLS_ecdhe_ecdsa_with_aria_256_gcm_sha384
ConstantTLS_ecdh_ecdsa_with_aria_128_gcm_sha256
ConstantTLS_ecdh_ecdsa_with_aria_256_gcm_sha384
ConstantTLS_ecdhe_rsa_with_aria_128_gcm_sha256
ConstantTLS_ecdhe_rsa_with_aria_256_gcm_sha384
ConstantTLS_ecdh_rsa_with_aria_128_gcm_sha256
ConstantTLS_ecdh_rsa_with_aria_256_gcm_sha384
ConstantTLS_psk_with_aria_128_cbc_sha256
ConstantTLS_psk_with_aria_256_cbc_sha384
ConstantTLS_dhe_psk_with_aria_128_cbc_sha256
ConstantTLS_dhe_psk_with_aria_256_cbc_sha384
ConstantTLS_rsa_psk_with_aria_128_cbc_sha256
ConstantTLS_rsa_psk_with_aria_256_cbc_sha384
ConstantTLS_psk_with_aria_128_gcm_sha256
ConstantTLS_psk_with_aria_256_gcm_sha384
ConstantTLS_dhe_psk_with_aria_128_gcm_sha256
ConstantTLS_dhe_psk_with_aria_256_gcm_sha384
ConstantTLS_rsa_psk_with_aria_128_gcm_sha256
ConstantTLS_rsa_psk_with_aria_256_gcm_sha384
ConstantTLS_ecdhe_psk_with_aria_128_cbc_sha256
ConstantTLS_ecdhe_psk_with_aria_256_cbc_sha384
ConstantTLS_ecdhe_ecdsa_with_camellia_128_cbc_sha256
ConstantTLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384
ConstantTLS_ecdh_ecdsa_with_camellia_128_cbc_sha256
ConstantTLS_ecdh_ecdsa_with_camellia_256_cbc_sha384
ConstantTLS_ecdhe_rsa_with_camellia_128_cbc_sha256
ConstantTLS_ecdhe_rsa_with_camellia_256_cbc_sha384
ConstantTLS_ecdh_rsa_with_camellia_128_cbc_sha256
ConstantTLS_ecdh_rsa_with_camellia_256_cbc_sha384
ConstantTLS_rsa_with_camellia_128_gcm_sha256
ConstantTLS_rsa_with_camellia_256_gcm_sha384
ConstantTLS_dhe_rsa_with_camellia_128_gcm_sha256
ConstantTLS_dhe_rsa_with_camellia_256_gcm_sha384
ConstantTLS_dh_rsa_with_camellia_128_gcm_sha256
ConstantTLS_dh_rsa_with_camellia_256_gcm_sha384
ConstantTLS_dhe_dss_with_camellia_128_gcm_sha256
ConstantTLS_dhe_dss_with_camellia_256_gcm_sha384
ConstantTLS_dh_dss_with_camellia_128_gcm_sha256
ConstantTLS_dh_dss_with_camellia_256_gcm_sha384
ConstantTLS_dh_anon_with_camellia_128_gcm_sha256
ConstantTLS_dh_anon_with_camellia_256_gcm_sha384
ConstantTLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256
ConstantTLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384
ConstantTLS_ecdh_ecdsa_with_camellia_128_gcm_sha256
ConstantTLS_ecdh_ecdsa_with_camellia_256_gcm_sha384
ConstantTLS_ecdhe_rsa_with_camellia_128_gcm_sha256
ConstantTLS_ecdhe_rsa_with_camellia_256_gcm_sha384
ConstantTLS_ecdh_rsa_with_camellia_128_gcm_sha256
ConstantTLS_ecdh_rsa_with_camellia_256_gcm_sha384
ConstantTLS_psk_with_camellia_128_gcm_sha256
ConstantTLS_psk_with_camellia_256_gcm_sha384
ConstantTLS_dhe_psk_with_camellia_128_gcm_sha256
ConstantTLS_dhe_psk_with_camellia_256_gcm_sha384
ConstantTLS_rsa_psk_with_camellia_128_gcm_sha256
ConstantTLS_rsa_psk_with_camellia_256_gcm_sha384
ConstantTLS_psk_with_camellia_128_cbc_sha256
ConstantTLS_psk_with_camellia_256_cbc_sha384
ConstantTLS_dhe_psk_with_camellia_128_cbc_sha256
ConstantTLS_dhe_psk_with_camellia_256_cbc_sha384
ConstantTLS_rsa_psk_with_camellia_128_cbc_sha256
ConstantTLS_rsa_psk_with_camellia_256_cbc_sha384
ConstantTLS_ecdhe_psk_with_camellia_128_cbc_sha256
ConstantTLS_ecdhe_psk_with_camellia_256_cbc_sha384
ConstantTLS_rsa_with_aes_128_ccm
ConstantTLS_rsa_with_aes_256_ccm
ConstantTLS_dhe_rsa_with_aes_128_ccm
ConstantTLS_dhe_rsa_with_aes_256_ccm
ConstantTLS_rsa_with_aes_128_ccm_8
ConstantTLS_rsa_with_aes_256_ccm_8
ConstantTLS_dhe_rsa_with_aes_128_ccm_8
ConstantTLS_dhe_rsa_with_aes_256_ccm_8
ConstantTLS_psk_with_aes_128_ccm
ConstantTLS_psk_with_aes_256_ccm
ConstantTLS_dhe_psk_with_aes_128_ccm
ConstantTLS_dhe_psk_with_aes_256_ccm
ConstantTLS_psk_with_aes_128_ccm_8
ConstantTLS_psk_with_aes_256_ccm_8
ConstantTLS_psk_dhe_with_aes_128_ccm_8
ConstantTLS_psk_dhe_with_aes_256_ccm_8
ConstantTLS_ecdhe_ecdsa_with_aes_128_ccm
ConstantTLS_ecdhe_ecdsa_with_aes_256_ccm
ConstantTLS_ecdhe_ecdsa_with_aes_128_ccm_8
ConstantTLS_ecdhe_ecdsa_with_aes_256_ccm_8
ConstantTLS_eccpwd_with_aes_128_gcm_sha256
ConstantTLS_eccpwd_with_aes_256_gcm_sha384
ConstantTLS_eccpwd_with_aes_128_ccm_sha256
ConstantTLS_eccpwd_with_aes_256_ccm_sha384 constant
SSL.Constants.TLS_ecdh_ecdsa_with_null_sha
constant
SSL.Constants.TLS_ecdh_ecdsa_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdh_ecdsa_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_null_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdh_rsa_with_null_sha
constant
SSL.Constants.TLS_ecdh_rsa_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdh_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdhe_rsa_with_null_sha
constant
SSL.Constants.TLS_ecdhe_rsa_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdhe_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdh_anon_with_null_sha
constant
SSL.Constants.TLS_ecdh_anon_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdh_anon_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdh_anon_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdh_anon_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_srp_sha_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_srp_sha_rsa_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_srp_sha_dss_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_srp_sha_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_srp_sha_rsa_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_srp_sha_dss_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_srp_sha_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_srp_sha_rsa_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_srp_sha_dss_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_psk_with_rc4_128_sha
constant
SSL.Constants.TLS_ecdhe_psk_with_3des_ede_cbc_sha
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_128_cbc_sha
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_256_cbc_sha
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_psk_with_null_sha
constant
SSL.Constants.TLS_ecdhe_psk_with_null_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_null_sha384
constant
SSL.Constants.TLS_rsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dh_dss_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dh_dss_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dh_rsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dh_rsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dhe_dss_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_dss_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dhe_rsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dh_anon_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dh_anon_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_rsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dh_rsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dh_rsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_dss_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_dss_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dh_dss_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dh_dss_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dh_anon_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dh_anon_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_psk_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_psk_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_dhe_psk_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_psk_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_psk_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_psk_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_psk_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_psk_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_psk_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_psk_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_rsa_psk_with_aria_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_psk_with_aria_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_psk_with_aria_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_aria_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dh_rsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dh_rsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_dss_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_dss_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dh_dss_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dh_dss_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dh_anon_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dh_anon_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_ecdsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_ecdsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_rsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_rsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_ecdh_rsa_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_ecdh_rsa_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_psk_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_psk_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_dhe_psk_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_dhe_psk_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_rsa_psk_with_camellia_128_gcm_sha256
constant
SSL.Constants.TLS_rsa_psk_with_camellia_256_gcm_sha384
constant
SSL.Constants.TLS_psk_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_psk_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_dhe_psk_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_dhe_psk_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_psk_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_rsa_psk_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_ecdhe_psk_with_camellia_128_cbc_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_camellia_256_cbc_sha384
constant
SSL.Constants.TLS_rsa_with_aes_128_ccm
constant
SSL.Constants.TLS_rsa_with_aes_256_ccm
constant
SSL.Constants.TLS_dhe_rsa_with_aes_128_ccm
constant
SSL.Constants.TLS_dhe_rsa_with_aes_256_ccm
constant
SSL.Constants.TLS_rsa_with_aes_128_ccm_8
constant
SSL.Constants.TLS_rsa_with_aes_256_ccm_8
constant
SSL.Constants.TLS_dhe_rsa_with_aes_128_ccm_8
constant
SSL.Constants.TLS_dhe_rsa_with_aes_256_ccm_8
constant
SSL.Constants.TLS_psk_with_aes_128_ccm
constant
SSL.Constants.TLS_psk_with_aes_256_ccm
constant
SSL.Constants.TLS_dhe_psk_with_aes_128_ccm
constant
SSL.Constants.TLS_dhe_psk_with_aes_256_ccm
constant
SSL.Constants.TLS_psk_with_aes_128_ccm_8
constant
SSL.Constants.TLS_psk_with_aes_256_ccm_8
constant
SSL.Constants.TLS_psk_dhe_with_aes_128_ccm_8
constant
SSL.Constants.TLS_psk_dhe_with_aes_256_ccm_8
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_128_ccm
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_256_ccm
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_128_ccm_8
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_aes_256_ccm_8
constant
SSL.Constants.TLS_eccpwd_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_eccpwd_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_eccpwd_with_aes_128_ccm_sha256
constant
SSL.Constants.TLS_eccpwd_with_aes_256_ccm_sha384
- ConstantTLS_rsa_export1024_with_rc4_56_md5
ConstantTLS_rsa_export1024_with_rc2_cbc_56_md5
ConstantTLS_rsa_export1024_with_des_cbc_sha
ConstantTLS_dhe_dss_export1024_with_des_cbc_sha
ConstantTLS_rsa_export1024_with_rc4_56_sha
ConstantTLS_dhe_dss_export1024_with_rc4_56_sha
ConstantTLS_dhe_dss_with_rc4_128_sha constant
SSL.Constants.TLS_rsa_export1024_with_rc4_56_md5
constant
SSL.Constants.TLS_rsa_export1024_with_rc2_cbc_56_md5
constant
SSL.Constants.TLS_rsa_export1024_with_des_cbc_sha
constant
SSL.Constants.TLS_dhe_dss_export1024_with_des_cbc_sha
constant
SSL.Constants.TLS_rsa_export1024_with_rc4_56_sha
constant
SSL.Constants.TLS_dhe_dss_export1024_with_rc4_56_sha
constant
SSL.Constants.TLS_dhe_dss_with_rc4_128_sha
- ConstantTLS_ecdhe_rsa_with_chacha20_poly1305_sha256
ConstantTLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256
ConstantTLS_dhe_rsa_with_chacha20_poly1305_sha256
ConstantTLS_psk_with_chacha20_poly1305_sha256
ConstantTLS_ecdhe_psk_with_chacha20_poly1305_sha256
ConstantTLS_dhe_psk_with_chacha20_poly1305_sha256
ConstantTLS_rsa_psk_with_chacha20_poly1305_sha256 constant
SSL.Constants.TLS_ecdhe_rsa_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_psk_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_dhe_psk_with_chacha20_poly1305_sha256
constant
SSL.Constants.TLS_rsa_psk_with_chacha20_poly1305_sha256
- ConstantTLS_ecdhe_rsa_with_oldchacha20_poly1305_sha256
ConstantTLS_ecdhe_ecdsa_with_oldchacha20_poly1305_sha256
ConstantTLS_dhe_rsa_with_oldchacha20_poly1305_sha256 constant
SSL.Constants.TLS_ecdhe_rsa_with_oldchacha20_poly1305_sha256
constant
SSL.Constants.TLS_ecdhe_ecdsa_with_oldchacha20_poly1305_sha256
constant
SSL.Constants.TLS_dhe_rsa_with_oldchacha20_poly1305_sha256
- ConstantTLS_ecdhe_psk_with_aes_128_gcm_sha256
ConstantTLS_ecdhe_psk_with_aes_256_gcm_sha384
ConstantTLS_ecdhe_psk_with_aes_128_ccm_8_sha256 constant
SSL.Constants.TLS_ecdhe_psk_with_aes_128_gcm_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_256_gcm_sha384
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_128_ccm_8_sha256
- ConstantTLS_ecdhe_psk_with_aes_128_ccm_sha256
constant
SSL.Constants.TLS_ecdhe_psk_with_aes_128_ccm_sha256
- ConstantSSL_invalid_suite
Enum SSL.Constants.CipherSuite_2_0
- ConstantSSL2_ck_rc4_128_with_md5
ConstantSSL2_ck_rc4_128_export40_with_md5
ConstantSSL2_ck_rc2_128_cbc_with_md5
ConstantSSL2_ck_rc2_128_cbc_export40_with_md5
ConstantSSL2_ck_idea_128_cbc_with_md5
ConstantSSL2_ck_des_64_cbc_with_md5
ConstantSSL2_ck_des_192_ede3_cbc_with_md5 constant
SSL.Constants.SSL2_ck_rc4_128_with_md5
constant
SSL.Constants.SSL2_ck_rc4_128_export40_with_md5
constant
SSL.Constants.SSL2_ck_rc2_128_cbc_with_md5
constant
SSL.Constants.SSL2_ck_rc2_128_cbc_export40_with_md5
constant
SSL.Constants.SSL2_ck_idea_128_cbc_with_md5
constant
SSL.Constants.SSL2_ck_des_64_cbc_with_md5
constant
SSL.Constants.SSL2_ck_des_192_ede3_cbc_with_md5
- ConstantSSL2_ck_rc4_128_with_md5
Enum SSL.Constants.CompressionType
- Description
Compression methods.
- ConstantCOMPRESSION_deflate
constant
SSL.Constants.COMPRESSION_deflate
- Description
Deflate compression. RFC 3749
- ConstantCOMPRESSION_lzs
constant
SSL.Constants.COMPRESSION_lzs
- Description
LZS compression. RFC 3943
Enum SSL.Constants.ConnectionState
- Description
Connection states.
These are the states that a [Connection] may have.
Queueing of more application data is only allowed in the states
CONNECTION_ready
andCONNECTION_handshaking
.
- ConstantCONNECTION_closing
constant
SSL.Constants.CONNECTION_closing
- Description
Connection closing mask.
- ConstantCONNECTION_failing
constant
SSL.Constants.CONNECTION_failing
- Description
Connection failing mask.
- ConstantCONNECTION_handshaking
constant
SSL.Constants.CONNECTION_handshaking
- Description
Handshaking not done.
- ConstantCONNECTION_local_closed
constant
SSL.Constants.CONNECTION_local_closed
- Description
Local close packet sent.
- ConstantCONNECTION_local_closing
constant
SSL.Constants.CONNECTION_local_closing
- Description
Local close packet pending.
- ConstantCONNECTION_local_failing
constant
SSL.Constants.CONNECTION_local_failing
- Description
Fatal alert pending.
- ConstantCONNECTION_local_fatal
constant
SSL.Constants.CONNECTION_local_fatal
- Description
Fatal alert sent.
- ConstantCONNECTION_peer_closed
constant
SSL.Constants.CONNECTION_peer_closed
- Description
Peer has closed the connection.
- ConstantCONNECTION_peer_fatal
constant
SSL.Constants.CONNECTION_peer_fatal
- Description
Peer has issued a fatal alert.
Enum SSL.Constants.CurveType
- Description
ECC curve types from RFC 4492 section 5.4 (ECCurveType).
- ConstantCURVETYPE_explicit_char2
constant
SSL.Constants.CURVETYPE_explicit_char2
- Description
Deprecated RFC 8422 section 5.4
- ConstantCURVETYPE_explicit_prime
constant
SSL.Constants.CURVETYPE_explicit_prime
- Description
Deprecated RFC 8422 section 5.4
Enum SSL.Constants.ECBasisType
Enum SSL.Constants.Extension
- Description
Client Hello extensions.
- ConstantEXTENSION_server_name
ConstantEXTENSION_max_fragment_length
ConstantEXTENSION_client_certificate_url
ConstantEXTENSION_trusted_ca_keys
ConstantEXTENSION_truncated_hmac
ConstantEXTENSION_status_request
ConstantEXTENSION_user_mapping
ConstantEXTENSION_client_authz
ConstantEXTENSION_server_authz
ConstantEXTENSION_cert_type
ConstantEXTENSION_elliptic_curves
ConstantEXTENSION_ec_point_formats
ConstantEXTENSION_srp
ConstantEXTENSION_signature_algorithms
ConstantEXTENSION_use_srtp
ConstantEXTENSION_heartbeat
ConstantEXTENSION_application_layer_protocol_negotiation
ConstantEXTENSION_status_request_v2
ConstantEXTENSION_signed_certificate_timestamp
ConstantEXTENSION_client_certificate_type
ConstantEXTENSION_server_certificate_type
ConstantEXTENSION_padding
ConstantEXTENSION_encrypt_then_mac
ConstantEXTENSION_extended_master_secret
ConstantEXTENSION_session_ticket
ConstantEXTENSION_key_share
ConstantEXTENSION_pre_shared_key
ConstantEXTENSION_early_data
ConstantEXTENSION_supported_versions
ConstantEXTENSION_cookie
ConstantEXTENSION_psk_key_exchange_modes
ConstantEXTENSION_certificate_authorities
ConstantEXTENSION_oid_filters
ConstantEXTENSION_post_handshake_auth
ConstantEXTENSION_next_protocol_negotiation
ConstantEXTENSION_origin_bound_certificates
ConstantEXTENSION_encrypted_client_certificates
ConstantEXTENSION_channel_id
ConstantEXTENSION_channel_id_new
ConstantEXTENSION_old_padding
ConstantEXTENSION_renegotiation_info
ConstantEXTENSION_draft_version constant
SSL.Constants.EXTENSION_server_name
constant
SSL.Constants.EXTENSION_max_fragment_length
constant
SSL.Constants.EXTENSION_client_certificate_url
constant
SSL.Constants.EXTENSION_trusted_ca_keys
constant
SSL.Constants.EXTENSION_truncated_hmac
constant
SSL.Constants.EXTENSION_status_request
constant
SSL.Constants.EXTENSION_user_mapping
constant
SSL.Constants.EXTENSION_client_authz
constant
SSL.Constants.EXTENSION_server_authz
constant
SSL.Constants.EXTENSION_cert_type
constant
SSL.Constants.EXTENSION_elliptic_curves
constant
SSL.Constants.EXTENSION_ec_point_formats
constant
SSL.Constants.EXTENSION_srp
constant
SSL.Constants.EXTENSION_signature_algorithms
constant
SSL.Constants.EXTENSION_use_srtp
constant
SSL.Constants.EXTENSION_heartbeat
constant
SSL.Constants.EXTENSION_application_layer_protocol_negotiation
constant
SSL.Constants.EXTENSION_status_request_v2
constant
SSL.Constants.EXTENSION_signed_certificate_timestamp
constant
SSL.Constants.EXTENSION_client_certificate_type
constant
SSL.Constants.EXTENSION_server_certificate_type
constant
SSL.Constants.EXTENSION_padding
constant
SSL.Constants.EXTENSION_encrypt_then_mac
constant
SSL.Constants.EXTENSION_extended_master_secret
constant
SSL.Constants.EXTENSION_session_ticket
constant
SSL.Constants.EXTENSION_key_share
constant
SSL.Constants.EXTENSION_pre_shared_key
constant
SSL.Constants.EXTENSION_early_data
constant
SSL.Constants.EXTENSION_supported_versions
constant
SSL.Constants.EXTENSION_cookie
constant
SSL.Constants.EXTENSION_psk_key_exchange_modes
constant
SSL.Constants.EXTENSION_certificate_authorities
constant
SSL.Constants.EXTENSION_oid_filters
constant
SSL.Constants.EXTENSION_post_handshake_auth
constant
SSL.Constants.EXTENSION_next_protocol_negotiation
constant
SSL.Constants.EXTENSION_origin_bound_certificates
constant
SSL.Constants.EXTENSION_encrypted_client_certificates
constant
SSL.Constants.EXTENSION_channel_id
constant
SSL.Constants.EXTENSION_channel_id_new
constant
SSL.Constants.EXTENSION_old_padding
constant
SSL.Constants.EXTENSION_renegotiation_info
constant
SSL.Constants.EXTENSION_draft_version
Enum SSL.Constants.FragmentLength
- Description
Fragment lengths for
EXTENSION_max_fragment_length
.
Enum SSL.Constants.HashAlgorithm
- Description
Hash algorithms as per RFC 5246 section 7.4.1.4.1.
- ConstantHASH_none
ConstantHASH_md5
ConstantHASH_sha1
ConstantHASH_sha224
ConstantHASH_sha256
ConstantHASH_sha384
ConstantHASH_sha512
ConstantHASH_intrinsic constant
SSL.Constants.HASH_none
constant
SSL.Constants.HASH_md5
constant
SSL.Constants.HASH_sha1
constant
SSL.Constants.HASH_sha224
constant
SSL.Constants.HASH_sha256
constant
SSL.Constants.HASH_sha384
constant
SSL.Constants.HASH_sha512
constant
SSL.Constants.HASH_intrinsic
Enum SSL.Constants.HeartBeatMessageType
Enum SSL.Constants.HeartBeatModeType
Enum SSL.Constants.KeyExchangeType
- Description
Key exchange methods.
- ConstantKE_ecdh_ecdsa
constant
SSL.Constants.KE_ecdh_ecdsa
- Description
Elliptic Curve DH cert signed with ECDSA
- ConstantKE_ecdh_rsa
constant
SSL.Constants.KE_ecdh_rsa
- Description
Elliptic Curve DH cert signed with RSA
- ConstantKE_ecdhe_ecdsa
constant
SSL.Constants.KE_ecdhe_ecdsa
- Description
Elliptic Curve DH Ephemeral with ECDSA
- ConstantKE_ecdhe_rsa
constant
SSL.Constants.KE_ecdhe_rsa
- Description
Elliptic Curve DH Ephemeral with RSA
- ConstantKE_rsa_fips
constant
SSL.Constants.KE_rsa_fips
- Description
Rivest-Shamir-Adelman with FIPS keys.
Enum SSL.Constants.NamedGroup
- Description
Groups used for elliptic curves DHE (ECDHE) and finite field DH (FFDHE).
- See also
RFC 4492 section 5.1.1 (NamedCurve) / TLS 1.3 7.4.2.5.2. */
- ConstantGROUP_arbitrary_explicit_char2_curves
constant
SSL.Constants.GROUP_arbitrary_explicit_char2_curves
- Description
Deprecated RFC 8422 section 5.1.1
- ConstantGROUP_arbitrary_explicit_prime_curves
constant
SSL.Constants.GROUP_arbitrary_explicit_prime_curves
- Description
Deprecated RFC 8422 section 5.1.1
Enum SSL.Constants.PointFormat
Enum SSL.Constants.ProtocolVersion
- Description
Constants for specifying the versions of SSL/TLS to use.
- See also
Context
- ConstantPROTOCOL_DTLS_1_0
constant
SSL.Constants.PROTOCOL_DTLS_1_0
- Description
DTLS 1.0 - The RFC 4347 version of DTLS. This is essentially TLS 1.1 over UDP.
- ConstantPROTOCOL_DTLS_1_2
constant
SSL.Constants.PROTOCOL_DTLS_1_2
- Description
DTLS 1.2 - The RFC 6347 version of DTLS. This is essentially TLS 1.2 over UDP.
- ConstantPROTOCOL_IN_EXTENSION
constant
SSL.Constants.PROTOCOL_IN_EXTENSION
- Description
Pike internal marker
- ConstantPROTOCOL_SSL_3_0
constant
SSL.Constants.PROTOCOL_SSL_3_0
- Description
SSL 3.0 - The original SSL3 draft version.
- ConstantPROTOCOL_TLS_1_0
constant
SSL.Constants.PROTOCOL_TLS_1_0
- Description
TLS 1.0 - The RFC 2246 version of TLS.
- ConstantPROTOCOL_TLS_1_1
constant
SSL.Constants.PROTOCOL_TLS_1_1
- Description
TLS 1.1 - The RFC 4346 version of TLS.
- ConstantPROTOCOL_TLS_1_2
constant
SSL.Constants.PROTOCOL_TLS_1_2
- Description
TLS 1.2 - The RFC 5246 version of TLS.
- ConstantPROTOCOL_TLS_1_3
constant
SSL.Constants.PROTOCOL_TLS_1_3
- Description
TLS 1.3 - The RFC 8446 version of TLS.
Enum SSL.Constants.SignatureAlgorithm
- Description
Signature algorithms from TLS 1.2.
- ConstantSIGNATURE_rsa_pss_256
constant
SSL.Constants.SIGNATURE_rsa_pss_256
- Description
RSA PSS signature with 256 bit hash.
- ConstantSIGNATURE_rsa_pss_384
constant
SSL.Constants.SIGNATURE_rsa_pss_384
- Description
RSA PSS signature with 384 bit hash.
Enum SSL.Constants.SignatureScheme
- Description
Signature algorithms from TLS 1.3
- ConstantSIGNATURE_ecdsa_secp256r1_sha256
ConstantSIGNATURE_ecdsa_secp384r1_sha384
ConstantSIGNATURE_ecdsa_secp521r1_sha512 constant
SSL.Constants.SIGNATURE_ecdsa_secp256r1_sha256
constant
SSL.Constants.SIGNATURE_ecdsa_secp384r1_sha384
constant
SSL.Constants.SIGNATURE_ecdsa_secp521r1_sha512
- ConstantSIGNATURE_rsa_pkcs1_sha1
ConstantSIGNATURE_ecdsa_sha1 constant
SSL.Constants.SIGNATURE_rsa_pkcs1_sha1
constant
SSL.Constants.SIGNATURE_ecdsa_sha1
- ConstantSIGNATURE_ed25519_intrinsic
ConstantSIGNATURE_ed448_intrinsic constant
SSL.Constants.SIGNATURE_ed25519_intrinsic
constant
SSL.Constants.SIGNATURE_ed448_intrinsic
- ConstantSIGNATURE_rsa_pkcs1_sha256
ConstantSIGNATURE_rsa_pkcs1_sha384
ConstantSIGNATURE_rsa_pkcs1_sha512 constant
SSL.Constants.SIGNATURE_rsa_pkcs1_sha256
constant
SSL.Constants.SIGNATURE_rsa_pkcs1_sha384
constant
SSL.Constants.SIGNATURE_rsa_pkcs1_sha512
Enum SSL.Constants.SupplementalDataType
- Description
Values used for supp_data_type in SupplementalDataEntry (cf RFC 4681 section 3).
Enum SSL.Constants.UserMappingType
- Description
Class SSL.Constants.CertificatePair
- Description
A chain of X509 certificates with corresponding private key.
It also contains some derived metadata.
- Variablecert_type
int
SSL.Constants.CertificatePair.cert_type- Description
Cerificate type for the leaf cert.
One of the
AUTH_*
constants.
- Variablecerts
array
(string(8bit)
) SSL.Constants.CertificatePair.certs- Description
Chain of certificates, root cert last.
- Variableglobs
array
(string(8bit)
) SSL.Constants.CertificatePair.globs- Description
Array of commonName globs from the first certificate in
certs
.
- Variableissuers
array
(string(8bit)
) SSL.Constants.CertificatePair.issuers- Description
Array of DER for the issuers matching
certs
.
- Variableke_mask
int(0..)
SSL.Constants.CertificatePair.ke_mask- Description
Bitmask of the key exchange algorithms supported by the main certificate. This is used for TLS 1.1 and earlier.
- See also
ke_mask_invariant
- Variableke_mask_invariant
int(0..)
SSL.Constants.CertificatePair.ke_mask_invariant- Description
Bitmask of the key exchange algorithms supported by the main certificate. This is the same as
ke_mask
, but unified with respect toKE_dh_dss
/KE_dh_rsa
andKE_ecdh_ecdsa
/KE_ecdh_rsa
, as supported by TLS 1.2 and later.
- Variablesign_algs
array
(SignatureScheme
) SSL.Constants.CertificatePair.sign_algs- Description
TLS 1.2-style hash and signature pairs matching the
certs
.
- Methodcreate
SSL.Constants.CertificatePairSSL.Constants.CertificatePair(
Crypto.Sign.State
key
,array
(string(8bit)
)certs
,array
(string(8bit)
)|void
extra_name_globs
)- Description
Initializa a new
CertificatePair
.- Parameter
key
Private key.
- Parameter
certs
Chain of certificates, root cert last.
- Parameter
extra_globs
The set of
globs
from the first certificate is optionally extended with these.- Note
Performs various validation checks.
13.3. DNS
Module Protocols.DNS
- ConstantFORMERR
final
constantint
Protocols.DNS.FORMERR
- Description
The name server was unable to interpret the request due to a format error.
- ConstantNOTIMP
ConstantNOTIMPL final
constantint
Protocols.DNS.NOTIMP
final
constantint
Protocols.DNS.NOTIMPL
- Description
The name server does not support the specified Opcode.
- ConstantNXDOMAIN
final
constantint
Protocols.DNS.NXDOMAIN
- Description
Some name that ought to exist, does not exist.
- ConstantNXRRSET
final
constantint
Protocols.DNS.NXRRSET
- Description
Some RRset that ought to exist, does not exist.
- ConstantREFUSED
final
constantint
Protocols.DNS.REFUSED
- Description
The name server refuses to perform the specified operation for policy or security reasons.
- ConstantSERVFAIL
final
constantint
Protocols.DNS.SERVFAIL
- Description
The name server encountered an internal failure while processing this request, for example an operating system error or a forwarding timeout.
- ConstantYXDOMAIN
final
constantint
Protocols.DNS.YXDOMAIN
- Description
Name that should not exist, does exist.
- ConstantYXRRSET
final
constantint
Protocols.DNS.YXRRSET
- Description
RRset that should not exist, does exist.
- Methodasync_get_mx
client.Request
async_get_mx(string
host
,function
(:void
)cb
,mixed
...cba
)Concurrent.Future
async_get_mx(string
host
)- Description
Calls get_mx in a global async_client created on demand.
- See also
async_client.get_mx()
- Methodasync_get_mx_all
client.Request
async_get_mx_all(string
host
,function
(:void
)cb
,mixed
...cba
)Concurrent.Future
async_get_mx_all(string
host
)- Description
Calls get_mx_all in a global async_client created on demand.
- See also
async_client.get_mx_all()
- Methodasync_host_to_ip
client.Request
async_host_to_ip(string
host
,function
(:void
)cb
,mixed
...cba
)Concurrent.Future
async_host_to_ip(string
host
)- Description
Calls host_to_ip in a global async_client created on demand.
- See also
async_client.host_to_ip()
- Methodasync_host_to_ips
client.Request
async_host_to_ips(string
host
,function
(:void
)cb
,mixed
...cba
)Concurrent.Future
async_host_to_ips(string
host
)- Description
Calls host_to_ips in a global async_client created on demand.
- See also
async_client.host_to_ips()
- Methodasync_ip_to_host
client.Request
async_ip_to_host(string
ip
,function
(:void
)cb
,mixed
...cba
)Concurrent.Future
async_ip_to_host(string
ip
)- Description
Calls ip_to_host in a global async_client created on demand.
- See also
async_client.ip_to_host()
Enum Protocols.DNS.DNSKEY_Flags
- Description
Flag bits used in
T_DNSKEY
RRs.
Enum Protocols.DNS.DNSSEC_Digests
- Description
DNSSEC Digest types.
- ConstantDNSSEC_SHA1
constant
Protocols.DNS.DNSSEC_SHA1
- Description
SHA1 digest RFC 4035 appendix A.2.
Enum Protocols.DNS.DNSSEC_Protocol
- Description
DNSSEC Protocol types.
- Note
RFC 4034 obsoleted all but
DNSSEC_DNSSEC
.
- ConstantDNSSEC_DNSSEC
constant
Protocols.DNS.DNSSEC_DNSSEC
- Description
Key for use by DNSSEC. RFC 4034 section 2.1.2.
Enum Protocols.DNS.DNSSES_Algorithm
- Description
DNSSEC Algorithm types.
- ConstantDNSSEC_DH
constant
Protocols.DNS.DNSSEC_DH
- Description
Diffie-Hellman RFC 2539.
- ConstantDNSSEC_DSA
constant
Protocols.DNS.DNSSEC_DSA
- Description
DSA/SHA1 RFC 2536.
- ConstantDNSSEC_ECC
ConstantDNSSEC_RSASHA1 constant
Protocols.DNS.DNSSEC_ECC
constant
Protocols.DNS.DNSSEC_RSASHA1
- Description
RSA/SHA1 RFC 3110.
- ConstantDNSSEC_INDIRECT
ConstantDNSSEC_PRIVATEDNS constant
Protocols.DNS.DNSSEC_INDIRECT
constant
Protocols.DNS.DNSSEC_PRIVATEDNS
- Description
Private algorithm DNS-based RFC 4035 appendix A.1.1.
- ConstantDNSSEC_PRIVATEOID
constant
Protocols.DNS.DNSSEC_PRIVATEOID
- Description
Private algorithm OID-based RFC 4035 appendix A.1.1.
- ConstantDNSSEC_RSAMD5
constant
Protocols.DNS.DNSSEC_RSAMD5
- Description
RSA/MD5 RFC 2537.
Enum Protocols.DNS.EntryType
- Description
Entry types
- ConstantT_AAAA
constant
Protocols.DNS.T_AAAA
- Description
Type - IPv6 address record (RFC 1886)
- ConstantT_AFSDB
constant
Protocols.DNS.T_AFSDB
- Description
Type - AFC database record (RFC 1183)
- ConstantT_APL
constant
Protocols.DNS.T_APL
- Description
Type - Address Prefix List (RFC 3123)
- ConstantT_ATMA
constant
Protocols.DNS.T_ATMA
- Description
Type - ATM End System Address (af-saa-0069.000)
- ConstantT_AXFR
constant
Protocols.DNS.T_AXFR
- Description
Type - Authoritative Zone Transfer (RFC 1035)
- ConstantT_CAA
constant
Protocols.DNS.T_CAA
- Description
Type - Certificate Authority Authorization (RFC 6844)
- ConstantT_CERT
constant
Protocols.DNS.T_CERT
- Description
Type - Certificate Record (RFC 4398)
- ConstantT_DHCID
constant
Protocols.DNS.T_DHCID
- Description
Type - DHCP identifier (RFC 4701)
- ConstantT_DLV
constant
Protocols.DNS.T_DLV
- Description
Type - DNSSEC Lookaside Validation Record (RFC 4431)
- ConstantT_DNAME
constant
Protocols.DNS.T_DNAME
- Description
Type - Delegation Name (RFC 2672)
- ConstantT_DNSKEY
constant
Protocols.DNS.T_DNSKEY
- Description
Type - DNS Key record (RFC 4034)
- ConstantT_DS
constant
Protocols.DNS.T_DS
- Description
Type - Delegation Signer (RFC 4034)
- ConstantT_UINFO
ConstantT_UID
ConstantT_GID
ConstantT_UNSPEC constant
Protocols.DNS.T_UINFO
constant
Protocols.DNS.T_UID
constant
Protocols.DNS.T_GID
constant
Protocols.DNS.T_UNSPEC
- ConstantT_GPOS
constant
Protocols.DNS.T_GPOS
- Description
Type - Global Position (RFC 1712 Obsolete use LOC).
- ConstantT_HIP
constant
Protocols.DNS.T_HIP
- Description
Type - Host Identity Protocol (RFC 5205)
- ConstantT_IPSECKEY
constant
Protocols.DNS.T_IPSECKEY
- Description
Type - IPsec Key (RFC 4025)
- ConstantT_ISDN
constant
Protocols.DNS.T_ISDN
- Description
Type - ISDN address (RFC 1183)
- ConstantT_IXFR
constant
Protocols.DNS.T_IXFR
- Description
Type - Incremental Zone Transfer (RFC 1996)
- ConstantT_KX
constant
Protocols.DNS.T_KX
- Description
Type - Key eXchanger record (RFC 2230)
- ConstantT_LOC
constant
Protocols.DNS.T_LOC
- Description
Type - Location Record (RFC 1876)
- ConstantT_MAILA
constant
Protocols.DNS.T_MAILA
- Description
Type - Mail Agent (both MD and MF) (Obsolete - use MX)
- ConstantT_MAILB
constant
Protocols.DNS.T_MAILB
- Description
Type - Mail Box (MB, MG or MR) (Obsolete - use MX)
- ConstantT_MINFO
constant
Protocols.DNS.T_MINFO
- Description
Type - mailbox or mail list information (Obsolete)
- ConstantT_NAPTR
constant
Protocols.DNS.T_NAPTR
- Description
Type - NAPTR (RFC 3403)
- ConstantT_NSAP
constant
Protocols.DNS.T_NSAP
- Description
Type - OSI Network Service Access Protocol (RFC 1348, RFC 1637 and RFC 1706)
- ConstantT_NSEC
constant
Protocols.DNS.T_NSEC
- Description
Type - Next-Secure record (RFC 4034)
- ConstantT_NSEC3
constant
Protocols.DNS.T_NSEC3
- Description
Type - NSEC record version 3 (RFC 5155)
- ConstantT_NSEC3PARAM
constant
Protocols.DNS.T_NSEC3PARAM
- Description
Type - NSEC3 parameters (RFC 5155)
- ConstantT_NULL
constant
Protocols.DNS.T_NULL
- Description
Type - null RR (Obsolete RFC 1035)
- ConstantT_OPT
constant
Protocols.DNS.T_OPT
- Description
Type - Option (RFC 2671)
- ConstantT_PX
constant
Protocols.DNS.T_PX
- Description
Type - Pointer to X.400 mapping information (RFC 1664)
- ConstantT_RRSIG
constant
Protocols.DNS.T_RRSIG
- Description
Type - DNSSEC signature (RFC 4034)
- ConstantT_RT
constant
Protocols.DNS.T_RT
- Description
Type - Route Through (RFC 1183)
- ConstantT_SIG
constant
Protocols.DNS.T_SIG
- Description
Type - Signature (RFC 2535)
- ConstantT_SPF
constant
Protocols.DNS.T_SPF
- Description
Type - SPF - Sender Policy Framework (RFC 4408)
- ConstantT_SRV
constant
Protocols.DNS.T_SRV
- Description
Type - Service location record (RFC 2782)
- ConstantT_SSHFP
constant
Protocols.DNS.T_SSHFP
- Description
Type - SSH Public Key Fingerprint (RFC 4255)
- ConstantT_TKEY
constant
Protocols.DNS.T_TKEY
- Description
Type - Secret key record (RFC 2930)
- ConstantT_TLSA
constant
Protocols.DNS.T_TLSA
- Description
Type - TLSA certificate association (RFC 6698)
- ConstantT_TSIG
constant
Protocols.DNS.T_TSIG
- Description
Type - Transaction Signature (RFC 2845)
- ConstantT_WKS
constant
Protocols.DNS.T_WKS
- Description
Type - well known service description (Obsolete RFC 1123 and RFC 1127)
- ConstantT_X25
constant
Protocols.DNS.T_X25
- Description
Type - X25 PSDN address (RFC 1183)
Enum Protocols.DNS.ResourceClass
- Description
Resource classes
Class Protocols.DNS.async_client
- Description
Asynchronous DNS client.
- Methodcreate
Protocols.DNS.async_clientProtocols.DNS.async_client(
void
|string
|array
(string
)server
,void
|string
|array
(string
)domain
)
- Methoddo_query
Request
do_query(string
domain
,int
cl
,int
type
,function
(string
,mapping
,__unknown__
... :void
)callback
,mixed
...args
)- Description
Enqueue a new raw DNS request.
- Returns
Returns a
Request
object.- Note
Pike versions prior to 8.0 did not return the
Request
object.
- Methodgeneric_query
void
generic_query(string
type
,string
domain
,function
(array
(string
)|zero
,__unknown__
... :void
)callback
,mixed
...restargs
)- Description
Asynchronous DNS query with multiple results and a distinction between failure and empty results.
- Parameter
type
DNS query type. Currenlty supported:
"A"
Return just IPv4 records.
"AAAA"
Return both IPv6 and IPv4 records.
"PTR"
Reverse lookup for IP addresses, it expects normal IP addresses for
domain
."TXT"
Return TXT records.
"MX"
Return MX records sorted by
preference
, lowest numbers first."MXIP"
Like querying for
MX
, except it returns IP addresses instead of the MX records themselves.- Parameter
domain
The domain name we are querying. Add a trailing dot to prohibit domain-postfix searching.
- Parameter
callback
The callback function that receives the result of the DNS query. It should be declared as follows:
void callback(array(string)|zero results, mixed ... restargs);
If the request fails it will returnzero
forresults
.- Parameter
restargs
They are passed unaltered to the
callback
function.- Note
There is a notable difference between
results
equal tozero
(= request failed and can be retried) and({})
(= request definitively answered the record does not exist; retries are pointless).- Note
This method uses the exact same heuristics as the standard DNS resolver library (regarding the use of /etc/hosts, and when to perform a domain-postfix search, and when not to (i.e. trailing dot)).
- Note
All queries sort automatically by preference (lowest numbers first).
- Methodget_mx
Request
get_mx(string
host
,function
(array
(string
),__unknown__
... :void
)callback
,mixed
...args
)- Description
Looks up the mx pointers for a host, and when done calls the function callback with the results as an array of strings. These can be host names, IP numbers, or a mix.
- Returns
Returns a
Request
object where progress can be observed from the retries variable and the request can be cancelled using thecancel
method.
- Methodget_mx
variant
Concurrent.Future
get_mx(string
host
)- Description
Looks up the mx pointers for a host. Returns a
Concurrent.Future
object that resolves into an array of strings.
- Methodget_mx_all
Request
get_mx_all(string
host
,function
(string
,array
(mapping
(string
:string
|int
)),__unknown__
... :void
)callback
,mixed
...args
)- Description
Looks up the mx pointers for a host, and when done calls the function callback with the results as an array of mappings.
- Returns
Returns a
Request
object where progress can be observed from the retries variable and the request can be cancelled using thecancel
method.
- Methodget_mx_all
variant
Concurrent.Future
get_mx_all(string
host
)- Description
Looks up the mx pointers for a host. Returns a
Concurrent.Future
object that resolves into an array of mappings.
- Methodhost_to_ip
Request
host_to_ip(string
host
,function
(string
,string
,__unknown__
... :void
)callback
,mixed
...args
)- Description
Looks up the IPv4 address for a host, and when done calls the function callback with the host name and IP number as arguments.
- Returns
Returns a
Request
object where progress can be observed from the retries variable and the request can be cancelled using thecancel
method.- See also
host_to_ips
- Methodhost_to_ip
variant
Concurrent.Future
host_to_ip(string
host
)- Description
Looks up the IPv4 address for a host. Returns a
Concurrent.Future
object that resolves into the IP number as a string, or 0 if it is missing.- See also
host_to_ips
- Methodhost_to_ips
Request
host_to_ips(string
host
,function
(string
,array
,__unknown__
... :void
)callback
,mixed
...args
)- Description
Looks up the IP number(s) for a host, and when done calls the function callback with the host name and array of IP addresses as arguments. If IPv6 and IPv4 addresses are both available, IPv6 addresses will be earlier in the array.
- Returns
Returns a
Request
object where progress can be observed from the retries variable and the request can be cancelled using thecancel
method.
- Methodhost_to_ips
variant
Concurrent.Future
host_to_ips(string
host
)- Description
Looks up the IP number for a host. Returns a
Concurrent.Future
object that resolves into an array of IP addresses as strings, or an empty array if it is missing.
- Methodip_to_host
Request
ip_to_host(string
ip
,function
(string
,string
,__unknown__
... :void
)callback
,mixed
...args
)- Description
Looks up the host name for an IP number, and when done calls the function callback with the IP number adn host name as arguments.
- Returns
Returns a
Request
object where progress can be observed from the retries variable and the request can be cancelled using thecancel
method.
- Methodip_to_host
variant
Concurrent.Future
ip_to_host(string
ip
)- Description
Looks up the host name for an IP number. Returns a
Concurrent.Future
object that resolves into the host name, or 0 if it is missing.
- Methodlow_generic_query
private
void
low_generic_query(int
restrictsearch
,string
type
,string
domain
,function
(array
(string
)|zero
,__unknown__
... :void
)callback
,mixed
...restargs
)- Parameter
restrictsearch
0
Try
/etc/hosts
first, then try all configured domain-postfixes when querying the DNS servers (default).1
Try
/etc/hosts
first, then try an unaltered query on the DNS servers.2
Just try an unaltered query on the DNS servers.
Class Protocols.DNS.async_dual_client
- Description
Both an
async_client
and anasync_tcp_client
.
Class Protocols.DNS.async_tcp_client
- Description
Asynchronous DNS client using TCP
Class Protocols.DNS.client
- Description
Synchronous DNS client.
- Methodcreate
Protocols.DNS.clientProtocols.DNS.client()
Protocols.DNS.clientProtocols.DNS.client(
void
|string
|array
server
,void
|int
|array
domain
)
- Methoddo_sync_query
mapping
|zero
do_sync_query(string
s
)- Description
Perform a synchronous DNS query.
- Parameter
s
Result of
Protocols.DNS.protocol.mkquery
- Returns
mapping containing query result or 0 on failure/timeout
- Example
// Perform a hostname lookup, results stored in r->anobject d=Protocols.DNS.client();mapping r=d->do_sync_query(d->mkquery("pike.lysator.liu.se", C_IN, T_A));
- Methodget_primary_mx
string
get_primary_mx(string
hostname
)- Description
Queries the primary mx for the host.
- Returns
Returns the hostname of the primary mail exchanger.
- Methodgethostbyaddr
array
gethostbyaddr(string
hostip
)- Description
Queries the host name or ip from the default or given DNS server. The result is an array with three elements,
- Returns
The requested data about the specified host.
Array string
hostip
The host IP.
array
(string
)ip
IP number(s).
array
(string
)aliases
DNS name(s).
- Methodgethostbyname
array
gethostbyname(string
hostname
)- Description
Queries the host name from the default or given DNS server. The result is an array with three elements,
- Returns
An array with the requested information about the specified host.
Array string
hostname
Hostname.
array
(string
)ip
IP number(s).
array
(string
)aliases
DNS name(s).
- Note
Prior to Pike 7.7 this function only returned IPv4 addresses.
- Methodgetsrvbyname
array
getsrvbyname(string
service
,string
protocol
,string
|void
name
)- Description
Queries the service record (RFC 2782) from the default or given DNS server. The result is an array of arrays with the following six elements for each record. The array is sorted according to the priority of each record.
Each element of the array returned represents a service record. Each service record contains the following:
- Returns
An array with the requested information about the specified service.
Array int
priority
Priority
int
weight
Weight in event of multiple records with same priority.
int
port
port number
string
target
target dns name
- Methodmatch_etc_hosts
array
(string
)|zero
match_etc_hosts(string
host
)- Description
Return /etc/hosts records
Class Protocols.DNS.client.Request
- Variabledomain
Variablereq
Variablecallback
Variableargs string
Protocols.DNS.client.Request.domainstring
Protocols.DNS.client.Request.reqfunction
(string
,mapping
|zero
,__unknown__
... :void
)|zero
Protocols.DNS.client.Request.callbackarray
(mixed
) Protocols.DNS.client.Request.args
- Method__create__
protected
local
void
__create__(string
domain
,string
req
,function
(string
,mapping
|zero
,__unknown__
... :void
)|zero
callback
,array
(mixed
)args
)
- Syntax
void
cancel()mixed
Protocols.DNS.client.Request.retry_co- Description
Cancel the current request.
- Variabledomain
Class Protocols.DNS.dual_client
- Description
Both a
client
and atcp_client
.
Class Protocols.DNS.dual_server
- Description
This is both a
server
andtcp_server
.
Class Protocols.DNS.protocol
- Description
Low level DNS protocol
- Methoddecode_entries
array
decode_entries(string
s
,int
num
,array
(int
)next
)- Description
Decode a set of entries from an answer.
- Parameter
s
Encoded entries.
- Parameter
num
Number of entires in
s
.- Parameter
next
Array with a single element containing the start position in
s
on entry and the continuation position on return.- Returns
Returns an array of mappings describing the decoded entires:
Array mapping
0..
Mapping describing a single entry:
"name"
:string
Name the entry concerns.
"type"
:EntryType
Type of entry.
"cl"
:ResourceClass
Resource class. Typically
C_IN
."ttl"
:int
Time to live for the entry in seconds.
"len"
:int
Length in bytes of the encoded data section.
Depending on the type of entry the mapping may contain different additional fields:
T_CNAME
"cname"
:string
T_PTR
"ptr"
:string
T_NS
"ns"
:string
T_MX
"preference"
:int
"mx"
:string
T_HINFO
"cpu"
:string
"os"
:string
T_SRV
"priority"
:int
"weight"
:int
"port"
:int
"target"
:string
"service"
:string
"proto"
:string
"name"
:string
T_A
"a"
:string
IPv4-address in dotted-decimal format.
T_AAAA
"aaaa"
:string
IPv6-address in colon-separated hexadecimal format.
T_LOC
"version"
:int
Version, currently only version
0
(zero) is supported."size"
:float
"h_perc"
:float
"v_perc"
:float
"lat"
:float
"long"
:float
"alt"
:float
T_SOA
"mname"
:string
"rname"
:string
"serial"
:int
"refresh"
:int
"retry"
:int
"expire"
:int
"minimum"
:int
Note: For historical reasons this entry is named
"minimum"
, but it contains the TTL for negative answers (RFC 2308).T_NAPTR
"order"
:int
"preference"
:int
"flags"
:string
"service"
:string
"regexp"
:string
"replacement"
:string
T_TXT
"txt"
:string
Note: For historical reasons, when receiving decoded DNS entries from a client, this will be the first string in the TXT record only.
"txta"
:string
When receiving decoded DNS data from a client, txta is the array of all strings in the record. When sending multiple strings in a TXT record in a server, please supply an array as "txt" containing the strings, txta will be ignored.
T_SPF
"spf"
:string
T_CAA
"critical"
:int
Sets the critical bit of the flag field.
"flags"
:int
"tag"
:string
Cannot be empty.
"value"
:string
- Methodmkquery
string
mkquery(string
|mapping
dnameorquery
,int
|void
cl
,int
|void
type
)- Description
create a DNS query PDU
- Parameter
dnameorquery
- Parameter
cl
record class such as Protocols.DNS.C_IN
- Parameter
type
query type such Protocols.DNS.T_A
- Returns
data suitable for use with
Protocols.DNS.client.do_sync_query
- Example
// generate a query PDU for a address lookup on the hostname pike.lysator.liu.se string q=Protocols.DNS.protocol()->mkquery("pike.lysator.liu.se", Protocols.DNS.C_IN, Protocols.DNS.T_A);
Class Protocols.DNS.server
- Description
Base class for implementing a Domain Name Service (DNS) server operating over UDP.
This class is typically used by inheriting it, and overloading
reply_query()
andhandle_response()
.- See also
dual_server
- Methodcreate
Protocols.DNS.serverProtocols.DNS.server()
Protocols.DNS.serverProtocols.DNS.server(
int
port
)Protocols.DNS.serverProtocols.DNS.server(
string
ip
)Protocols.DNS.serverProtocols.DNS.server(
string
ip
,int
port
)Protocols.DNS.serverProtocols.DNS.server(
string
ip
,int
port
,string
|int
...more
)- Description
Open one or more new DNS server ports.
- Parameter
ip
The IP to bind to. Defaults to
"::"
or0
(ie ANY) depending on whether IPv6 support is present or not.- Parameter
port
The port number to bind to. Defaults to
53
.- Parameter
more
Optional further DNS server ports to open. Must be a set of
ip
,port
argument pairs.
Class Protocols.DNS.server_base
- Description
Base class for
server
,tcp_server
.
- Methodhandle_decode_error
protected
void
handle_decode_error(mapping
err
,mapping
m
,Stdio.UDP
|object
udp
)- Description
Respond to a query that cannot be decoded.
This method exists so that servers can override the default behaviour.
- Methodhandle_query
protected
void
handle_query(mapping
q
,mapping
m
,Stdio.UDP
|object
udp
)- Description
Handle a query.
This function calls
reply_query()
, and dispatches the result tosend_reply()
.
- Methodhandle_response
protected
void
handle_response(mapping
r
,mapping
m
,Stdio.UDP
|object
udp
)- Description
Handle a query response (stub).
Overload this function to handle responses to possible recursive queries.
- Methodrec_data
protected
void
rec_data(mapping
m
,Stdio.UDP
|object
udp
)- Description
Low-level DNS-data receiver.
This function receives the raw DNS-data from the
Stdio.UDP
socket or TCP connection objectudp
, decodes it, and dispatches the decoded DNS request tohandle_query()
andhandle_response()
.
- Methodreply_query
protected
mapping
|zero
reply_query(mapping
query
,mapping
udp_data
,function
(mapping
:void
)cb
)- Description
Reply to a query (stub).
- Parameter
query
Parsed query.
- Parameter
udp_data
Raw UDP data. If the server operates in TCP mode (
tcp_server
), it will contain an additional tcp_con entry. In that case,udp_data->tcp_con->con
will contain the TCP connection the request was received on asStdio.File
object.- Parameter
cb
Callback you can call with the result instead of returning it. In that case, return
0
(zero).Overload this function to implement the proper lookup.
- Note
To indicate the default failure
cb
must be called with an argument of0
(zero), and0
(zero) be returned.- Returns
Returns
0
(zero) when thecb
callback will be used, or a result mapping if not:"rcode"
:int
0 (or omit) for success, otherwise one of the Protocols.DNS.* constants
"an"
:array
(mapping
(string
:string
|int
))|void
Answer section:
Array mapping
(string
:string
|int
)entry
"name"
:string
|array
(string
)"type"
:int
"cl"
:int
"qd"
:array
|void
Question section, same format as
an
; omit to return the original question"ns"
:array
|void
Authority section (usually NS records), same format as
an
"ar"
:array
|void
Additional section, same format as
an
"aa"
:int
Set to 1 to include the Authoritative Answer bit in the response
"tc"
:int
Set to 1 to include the TrunCated bit in the response
"rd"
:int
Set to 1 to include the Recursion Desired bit in the response
"ra"
:int
Set to 1 to include the Recursion Available bit in the response
"cd"
:int
Set to 1 to include the Checking Disabled bit in the response
"ad"
:int
Set to 1 to include the Authenticated Data bit in the response
- Methodreport_decode_error
protected
void
report_decode_error(mixed
err
,mapping
m
,Stdio.UDP
|object
udp
)- Description
Report a failure to decode a DNS request.
The default implementation writes a backtrace to stderr. This method exists so that derived servers can replace it with more appropriate error handling for their environment.
Class Protocols.DNS.tcp_client
- Description
Synchronous DNS client using TCP Can handle larger responses than
client
can.
- Methoddo_sync_query
mapping
|zero
do_sync_query(string
s
)- Description
Perform a synchronous DNS query.
- Parameter
s
Result of
Protocols.DNS.protocol.mkquery
- Returns
mapping containing query result or 0 on failure/timeout
- Example
// Perform a hostname lookup, results stored in r->anobject d=Protocols.DNS.tcp_client();mapping r=d->do_sync_query(d->mkquery("pike.lysator.liu.se", C_IN, T_A));
Class Protocols.DNS.tcp_server
- Description
Base class for implementing a Domain Name Service (DNS) server operating over TCP.
This class is typically used by inheriting it, and overloading
reply_query()
andhandle_response()
.
- Methodcreate
Protocols.DNS.tcp_serverProtocols.DNS.tcp_server()
Protocols.DNS.tcp_serverProtocols.DNS.tcp_server(
int
port
)Protocols.DNS.tcp_serverProtocols.DNS.tcp_server(
string
ip
)Protocols.DNS.tcp_serverProtocols.DNS.tcp_server(
string
ip
,int
port
)Protocols.DNS.tcp_serverProtocols.DNS.tcp_server(
string
ip
,int
port
,string
|int
...more
)- Description
Open one or more new DNS server ports.
- Parameter
ip
The IP to bind to. Defaults to
"::"
or0
(ie ANY) depending on whether IPv6 support is present or not.- Parameter
port
The port number to bind to. Defaults to
53
.- Parameter
more
Optional further DNS server ports to open. Must be a set of
ip
,port
argument pairs.
- ConstantFORMERR
13.4. LysKOM
Module Protocols.LysKOM
Class Protocols.LysKOM.Connection
- Description
This class contains nice abstractions for calls into the server. They are named "call", "async_call" or "async_cb_call", depending on how you want the call to be done.
- Variableprotocol_level
Variablesession_software
Variablesoftware_version int
Protocols.LysKOM.Connection.protocol_levelstring
Protocols.LysKOM.Connection.session_softwarestring
Protocols.LysKOM.Connection.software_version- Description
Description of the connected server.
- MethodXXX
Methodasync_XXX
Methodasync_cb_XXX mixed
XXX(mixed
...args
)object
async_XXX(mixed
...args
)object
async_cb_XXX(function
(:void
)callback
,mixed
...args
)- Description
Perform a call to the server. This actually clones a
Protocols.LysKOM.Request
object, and initializes it. XXX is to be read as one of the calls in the lyskom protocol. ('-' is replaced with '_'.) (ie, logout, async_login or async_cb_get_conf_stat.)The first variant is a synchronous call. This will send the command, wait for the server to execute it, and then return the result.
The last two are asynchronous calls, returning an initialized
Protocols.LysKOM.Request
object.
- Methodcreate
Protocols.LysKOM.ConnectionProtocols.LysKOM.Connection(
string
server
)Protocols.LysKOM.ConnectionProtocols.LysKOM.Connection(
string
server
,mapping
options
)- Description
The
options
argument is a mapping with the following members:"login"
:int
|string
login as this person number (get number from name).
"password"
:string
send this login password.
"invisible"
:bool
if set, login invisible.
"port"
:int(16bit)
server port (default is 4894).
"whoami"
:string
present as this user (default is from uid/getpwent and hostname).
Class Protocols.LysKOM.Session
- Variableuser
object
Protocols.LysKOM.Session.user- Description
This variable contains the
Protocols.LysKOM.Session.Person
that is logged in.
- Methodcreate
Protocols.LysKOM.SessionProtocols.LysKOM.Session(
string
server
)Protocols.LysKOM.SessionProtocols.LysKOM.Session(
string
server
,mapping
options
)- Description
Initializes the session object, and opens a connection to that server.
options
is a mapping of options:"login"
:int
|string
login as this person number (get number from name).
"create"
:string
create a new person and login with it.
"password"
:string
send this login password.
"invisible"
:bool
if set, login invisible.
"port"
:int(16bit)
server port (default is 4894).
"whoami"
:string
present as this user (default is from uid/getpwent and hostname).
- See also
Connection
- Methodcreate_person
object
create_person(string
name
,string
password
)- Description
Create a person, which will be logged in. returns the new person object
- Methodcreate_text
object
create_text(string
subject
,string
body
,mapping
options
)object
create_text(string
subject
,string
body
,mapping
options
,function
(:void
)callback
,mixed
...extra
)- Description
Creates a new text.
if
callback
is given, the function will be called when the text has been created, with the text as first argument. Otherwise, the new text is returned.options
is a mapping that may contain:"recpt"
:Conference
|array
(Conference
)recipient conferences.
"cc"
:Conference
|array
(Conference
)cc-recipient conferences.
"bcc"
:Conference
|array
(Conference
)bcc-recipient conferences*.
"comm_to"
:Text
|array
(Text
)The text(s) to be commented.
"foot_to"
:Text
|array
(Text
)The text(s) to be footnoted.
"anonymous"
:bool
send text anonymously.
"aux_items"
:array
(AuxItemInput
)AuxItems you want to set for the text*.
- Note
The items above marked with '*' are only available on protocol 10 servers. A LysKOM error will be thrown if the call fails.
- See also
Conference.create_text()
,Text.comment()
,Text.footnote()
- Methodlogin
object
login(int
user_no
,string
password
)object
login(int
user_no
,string
password
,int
invisible
)- Description
Performs a login. Throws a lyskom error if unsuccessful.
- Returns
The session object logged in.
- Methodregister_async_message_callback
void
register_async_message_callback(function
(int
,int
,string
:void
)cb
)
- Methodsend_message
object
|void
send_message(string
textstring
,mapping
options
)- Description
Sends a message.
options
is a mapping that may contain:"recpt"
:Conference
recipient conference.
- Methodtry_complete_person
array
(ProtocolTypes.ConfZInfo
) try_complete_person(string
orig
)- Description
Runs a LysKOM completion on the given string, returning an array of confzinfos of the match.
Class Protocols.LysKOM.Session.AuxItemInput
- FIXME
Undocumented
Class Protocols.LysKOM.Session.AuxItems
- FIXME
Undocumented
Class Protocols.LysKOM.Session.Conference
- Variableprefetch_stat
Variableno
Variableerror
Variablemsg_of_day
Variablesupervisor
Variablepermitted_submitters
Variablesuper_conf
Variablecreator
Variableaux_items
Variablename
Variabletype
Variablecreation_time
Variablelast_written
Variablenice
Variableno_of_members
Variablefirst_local_no
Variableno_of_texts
Variablepresentation mixed
Protocols.LysKOM.Session.Conference.prefetch_statint
Protocols.LysKOM.Session.Conference.noobject
Protocols.LysKOM.Session.Conference.errorText
Protocols.LysKOM.Session.Conference.msg_of_dayConference
Protocols.LysKOM.Session.Conference.supervisorConference
Protocols.LysKOM.Session.Conference.permitted_submittersConference
Protocols.LysKOM.Session.Conference.super_confPerson
Protocols.LysKOM.Session.Conference.creatormixed
Protocols.LysKOM.Session.Conference.aux_itemsmixed
Protocols.LysKOM.Session.Conference.namemixed
Protocols.LysKOM.Session.Conference.typemixed
Protocols.LysKOM.Session.Conference.creation_timemixed
Protocols.LysKOM.Session.Conference.last_writtenmixed
Protocols.LysKOM.Session.Conference.nicemixed
Protocols.LysKOM.Session.Conference.no_of_membersmixed
Protocols.LysKOM.Session.Conference.first_local_nomixed
Protocols.LysKOM.Session.Conference.no_of_textsmixed
Protocols.LysKOM.Session.Conference.presentation- FIXME
Undocumented
- Variableprefetch_stat
Class Protocols.LysKOM.Session.Membership
- Description
All variables in this class is read only.
Class Protocols.LysKOM.Session.Person
- Variableerror
Variableuser_area
Variableusername
Variableprivileges
Variableflags
Variablelast_login
Variabletotal_time_present
Variablesessions
Variablecreated_lines
Variablecreated_bytes
Variableread_texts
Variableno_of_text_fetches
Variablecreated_persons
Variablecreated_confs
Variablefirst_created_local_no
Variableno_of_created_texts
Variableno_of_marks
Variableno_of_confs
Variableunread
Variableclear_membership
Variablemembership object
Protocols.LysKOM.Session.Person.errorText
Protocols.LysKOM.Session.Person.user_areamixed
Protocols.LysKOM.Session.Person.usernamemixed
Protocols.LysKOM.Session.Person.privilegesmixed
Protocols.LysKOM.Session.Person.flagsmixed
Protocols.LysKOM.Session.Person.last_loginmixed
Protocols.LysKOM.Session.Person.total_time_presentmixed
Protocols.LysKOM.Session.Person.sessionsmixed
Protocols.LysKOM.Session.Person.created_linesmixed
Protocols.LysKOM.Session.Person.created_bytesmixed
Protocols.LysKOM.Session.Person.read_textsmixed
Protocols.LysKOM.Session.Person.no_of_text_fetchesmixed
Protocols.LysKOM.Session.Person.created_personsmixed
Protocols.LysKOM.Session.Person.created_confsmixed
Protocols.LysKOM.Session.Person.first_created_local_nomixed
Protocols.LysKOM.Session.Person.no_of_created_textsmixed
Protocols.LysKOM.Session.Person.no_of_marksmixed
Protocols.LysKOM.Session.Person.no_of_confsmixed
Protocols.LysKOM.Session.Person.unreadint(0)
Protocols.LysKOM.Session.Person.clear_membershipmixed
Protocols.LysKOM.Session.Person.membership- FIXME
Undocumented
- Variableprefetch_stat
Variableprefetch_conf
Variableprefetch_membership mixed
Protocols.LysKOM.Session.Person.prefetch_statmixed
Protocols.LysKOM.Session.Person.prefetch_confmixed
Protocols.LysKOM.Session.Person.prefetch_membership- FIXME
Undocumented
- Variableerror
Class Protocols.LysKOM.Session.Text
- Description
All variables in this class is read only.
- FIXME
Undocumented
- Variableprefetch_text
Variableprefetch_stat
Variablelines
Variablecharacters
Variableclear_stat
Variableaux_items mixed
Protocols.LysKOM.Session.Text.prefetch_textmixed
Protocols.LysKOM.Session.Text.prefetch_statmixed
Protocols.LysKOM.Session.Text.linesmixed
Protocols.LysKOM.Session.Text.charactersmixed
Protocols.LysKOM.Session.Text.clear_statmixed
Protocols.LysKOM.Session.Text.aux_items- FIXME
Undocumented
- Variablecreation_time
mixed
Protocols.LysKOM.Session.Text.creation_time- Description
The time the text was created on the server.
- Variablemisc
mixed
Protocols.LysKOM.Session.Text.misc- Description
Misc info, including what conferences the message is posted to.
- FIXME
Needs a more complete description.
- Variabletext
string
Protocols.LysKOM.Session.Text.text- Description
The actual text (or body if you wish).
- Methodcreate
Protocols.LysKOM.Session.TextProtocols.LysKOM.Session.Text(
string
textnumber
)- Description
Initializes a Text object.
- Variableuser
Module Protocols.LysKOM.ProtocolTypes
- Description
Data types as defined by the LysKOM protocol specification.
Module Protocols.LysKOM.Request
- Description
This module contains nice abstractions for calls into the server. They are named "call", "async_call" or "async_cb_call", depending on how you want the call to be done.
Class Protocols.LysKOM.Request._Request
- Description
This is the base class for lyskom requests. All lyskom request classes inherit this class.
- Variableerror
object
Protocols.LysKOM.Request._Request.error- Description
How the call failed. The call has completed if
(ok||error)
.
- Method_async
Method_sync void
_async(int
call
,mixed_data
)mixed
_sync(int
call
,mixed_data
)- Description
Initialise an asynchronous or a synchronous call, the latter is also evaluating the result. These are called by async and sync respectively.
- Method_reply
Methodreply mixed
_reply(object
|array
what
)mixed
reply(object
|array
what
)- Description
_reply()
is called as callback to evaluate the result, and callsreply()
in itself to do the real work.
13.5. Other protocols
Module Protocols
Module Protocols.Bittorrent
Class Protocols.Bittorrent.DHT
- Description
DHT implementation for bittorrent Implemented BEPs*: [X] BEP005 DHT Protocol [ ] BEP032 IPv6 extension for DHT [ ] BEP033 DHT scrape [ ] BEP042 DHT security extensions [ ] BEP043 Read-only DHT nodes [ ] BEP044 Storing arbitrary data in the DHT [ ] BEP045 Multiple-address operation for the Bittorrent DHT
*) See http://bittorrent.org/beps/bep_0000.html for a list of all BEPs
- VariableMAX_PEERS_PER_HASH
int
Protocols.Bittorrent.DHT.MAX_PEERS_PER_HASH- Description
Maximum number of peers per hash that we store.
- VariablePEER_TABLE_MAX_SIZE
int
Protocols.Bittorrent.DHT.PEER_TABLE_MAX_SIZE- Description
Maximum number hashes we store data for in this node.
- Variablecallbacks_by_txid
Variablerequest_timeouts mapping
(string
:mixed
) Protocols.Bittorrent.DHT.callbacks_by_txidmapping
(string
:mixed
) Protocols.Bittorrent.DHT.request_timeouts- Description
Keep track of callbacks by transaction id
- Variablecommand_handlers
mapping
(string
:function
(:void
)) Protocols.Bittorrent.DHT.command_handlers- Description
Mapping of query names to handlers. Allows for extensions to be implemented.
- Variableis_running
int
Protocols.Bittorrent.DHT.is_running- Description
Indicates if the DHT instance is up and running or not.
- Variablemy_node_id
protected
string
|zero
Protocols.Bittorrent.DHT.my_node_id- Description
Our global ID for this DHT router, expressed as a 20 byte hash.
- Variablepeers_by_hash
mapping
(string
:mapping
) Protocols.Bittorrent.DHT.peers_by_hash- Description
Peers we know of.
- Variableport
Stdio.UDP
|zero
Protocols.Bittorrent.DHT.port- Description
The UDP port on which we listen for messages.
- Methodadd_node
DHTNode
add_node(string
|DHTNode
n
,void
|string
ip
,void
|int
port
)- Description
Gateway into the routing table for now. This is in preparation for BEP045.
- Methodadd_peer_for_hash
void
add_peer_for_hash(Peer
n
,string
hash
,string
ip
,int
port
)- Description
Insert a peer for a hash in our table of known peers. Ignores the request if the given node is already a peer for the given hash.
- Methodannounce
void
announce(string
hash
,int
port
)- Description
Announce a hash to the world on the given port.
This is done by executing a get_peers request to the DHT and then announcing to the K closest nodes to that hash.
- Methodannounce_to
protected
void
announce_to(string
peer_ip
,int
peer_port
,string
token
,string
info_hash
,int
announced_port
,void
|int
implied_port
)- Description
This is the internal announce callback - it is called for each node that we should send an announcement to.
- Methodcreate
Protocols.Bittorrent.DHTProtocols.Bittorrent.DHT(
void
|string
my_node_id
)- Description
Create a new DHT instance with an optional predefined node id.
- Methoddistance
string
distance(string
h1
,string
h2
)- Description
Calculate the distance between two hashes using XOR. Fails unless both h1 and h2 are strings of the same length.
- Methoddistance_exp
int
distance_exp(string
h1
,string
h2
)- Description
Calculate the order of magnitude of the distance. Basically count leading zeros...
- Methodgenerate_token_for
Token
generate_token_for(string
ip
,int
port
,void
|int
dont_sha1
)- Description
Generate a token for a specific node. If it fails to generate a unique token for this request, it will return UNDEFINED, otherwise a string token is returned.
- Methodgenerate_txid
string
generate_txid()- Description
Generates suitable transaction ids making sure to not collide with existing ones.
- Methodget_node_id
string
get_node_id()- Description
Allows outsiders to examine the node id of this instance.
- Methodhandle_announce_peer
void
handle_announce_peer(mapping
data
,string
ip
,int
port
)- Description
Handles other peers announcing to us for safekeeping.
- Methodhandle_find_node
void
handle_find_node(mapping
data
,string
ip
,int
req_port
)- Description
Handles request for nodes closer to a hash.
- Methodhandle_get_peers
void
handle_get_peers(mapping
data
,string
ip
,int
port
)- Description
Returns peers to the requestor or our closest nodes if we don't know of any peers.
- Methodhandle_ping
void
handle_ping(mapping
data
,string
ip
,int
port
)- Description
Handles PONG responses to incoming PINGs.
- Methodhandle_unknown_method
void
handle_unknown_method(mapping
data
,string
ip
,int
port
)- Description
Responds to unknown methods. Currently does nothing at all.
- Methodread_callback
protected
void
read_callback(mapping
(string
:int
|string
)datagram
,mixed
...extra
)- Description
Called when we recieve a datagram on the UDP port we are listening to.
- Methodread_timeout
protected
void
read_timeout(string
txid
)- Description
Internal timeout method to ensure we don't wait forever on responses from nodes that are no longer available.
Note: The timeout is not propagated to higher levels, so callers cannot rely on the send_dht_query() callback to propagate this.
- Methodsend_dht_query
string
send_dht_query(string
to
,int
dstport
,mapping
data
,void
|function
(:void
)response_callback
,mixed
...args
)- Description
Sends a DHT query and calls the callback when a response is recieved or when a timeout occurs.
- Methodsend_dht_request
int
send_dht_request(string
to
,int
dstport
,mapping
data
)- Description
Do the actual sending part... No timeout handling or etherwise - just send the message.
Returns the TXID if the message was sent successfully and UNDEFINED if not.
- Methodsend_ping
string
send_ping(string
ip
,int
port
,function
(mapping
,string
,int
:void
)cb
)- Description
Sends a PING to a remote port and calls the callback cb if we get a response.
- Methodset_node_id
void
set_node_id(string
my_node_id
)- Description
Sets the node id of this instance. This has implications for the routing table, so we need to reinitialize it if this happens...
- Methodstop
void
stop()- Description
Stop the DHT instance. When the instance is stopped, it will close its port and therefore stop responding to queries. It will not destroy the DHT routing table or other states that could be reused if the DHT instance is started back up.
- Methodtoken_by_endpoint
Token
token_by_endpoint(string
ip
,int
port
)- Description
Returns a token object for the given ip/port if one exists.
Enum Protocols.Bittorrent.DHT.DHT_ERROR
- ConstantDHT_GENERIC_ERROR
ConstantDHT_SERVER_ERROR
ConstantDHT_PROTOCOL_ERROR
ConstantDHT_UNKNOWN_METHOD
ConstantDHT_QUERY_TIMEOUT constant
Protocols.Bittorrent.DHT.DHT_GENERIC_ERROR
constant
Protocols.Bittorrent.DHT.DHT_SERVER_ERROR
constant
Protocols.Bittorrent.DHT.DHT_PROTOCOL_ERROR
constant
Protocols.Bittorrent.DHT.DHT_UNKNOWN_METHOD
constant
Protocols.Bittorrent.DHT.DHT_QUERY_TIMEOUT
- ConstantDHT_GENERIC_ERROR
Class Protocols.Bittorrent.DHT.DHTNode
- Description
Represents a node in our routing table. These nodes also have a state compared to the Node class above along with some other fancy stuff.
- Variableage
int
Protocols.Bittorrent.DHT.DHTNode.age- Description
Time since last response seen from this node
- Note
Read only
- Methodactivity
void
activity()- Description
Call when we see activity from this node to ensure it returns to good standing. Will set the node state to DHT_ACTIVE, update last_response and set ping_fails to 0.
- Methodcancel_check_node
void
cancel_check_node()- Description
Removes any outstanding callouts to check the node.
- Methodcompact_node_info
string
compact_node_info()- Description
Returns the compact node info for this node.
- Methodnode_info
mapping
node_info()- Description
Extend the Node::node_info() method to include info relevant to a DHTNode.
- Methodnode_info_human
mapping
node_info_human()- Description
Human readable output version of the
node_info
method.
- Methodping_timeout
protected
void
ping_timeout(string
txid
)- Description
Called when a ping request to this peer times out. We set the state to DHT_BAD and leave it at that.
Class Protocols.Bittorrent.DHT.DHTOperation
- Description
Base class for operations that need to iterate over the DHT in some way like get_peers and find_node.
- Variabledesired_results
int
Protocols.Bittorrent.DHT.DHTOperation.desired_results- Description
Desired number of results before the op considers itself done
- Variabletarget_hash
Variabledone_cb
Variabledone_cb_args string
Protocols.Bittorrent.DHT.DHTOperation.target_hashfunction
(:void
)|zero
Protocols.Bittorrent.DHT.DHTOperation.done_cbarray
(mixed
) Protocols.Bittorrent.DHT.DHTOperation.done_cb_args
- Variablemax_no_requests
int
Protocols.Bittorrent.DHT.DHTOperation.max_no_requests- Description
Maximum number of requests that may be generated before bailing out.
- Variablemax_outstanding_requests
int(0..)
Protocols.Bittorrent.DHT.DHTOperation.max_outstanding_requests- Description
Maximum number of concurrent requests allowed
- Variablequery_timeout_period
float
|int
Protocols.Bittorrent.DHT.DHTOperation.query_timeout_period- Description
Timeout for the query
- Variablereqs
int
Protocols.Bittorrent.DHT.DHTOperation.reqs- Description
Number of requests generated by this query
- Variableresult
array
Protocols.Bittorrent.DHT.DHTOperation.result- Description
Result of the operation to be inspected by the done callback. Content of the result array varies depending on the concrete implementation of the operation
- Variableresult_count
int
Protocols.Bittorrent.DHT.DHTOperation.result_count- Description
Result counter - may differ from actual number of objects in the result array in some cases. For example in the get_peers query, closest nodes may be added in addition to any peers found.
- Method__create__
protected
local
void
__create__(string
target_hash
,function
(:void
)|zero
done_cb
,mixed
...done_cb_args
)
- Methodadd_node_to_query
void
add_node_to_query(Node
n
)- Description
Add a node to the list of nodes to query.
- Methodcreate
Protocols.Bittorrent.DHT.DHTOperationProtocols.Bittorrent.DHT.DHTOperation(
string
target_hash
,function
(:void
)|zero
done_cb
,mixed
...done_cb_args
)
- Methoddo_query_peer
private
void
do_query_peer(Node
peer
)- Description
Create a request to the peer info given. The peer info array is expected to contain peer hash, peer ip, peer port.
- Methoddone
protected
void
done()- Description
Internal done callback called when the operation finishes. The main purpose of this callback is to simply call the application level callback but in some cases it can also be used to modify the result before calling the application callback.
- Methodexecute
this_program
execute()- Description
Execute the DHTOperation by ensuring there are nodes in the nodes_to_query array as well as calling
run
. If this method is overridden, it should always call the parent execute methods!
- Methodgenerate_query
protected
mapping
generate_query()- Description
This method should be overridden by the actual handlers for the operation.
- Methodgot_response_cb
private
void
got_response_cb(mapping
resp
)- Description
Callback when we get responses. This is private to the DHTOperation class and should not be overridden. Instead override the got_response method declared above.
- Methodis_done
int
is_done()- Description
This method will return 1 if we consider ourselves done. This should result in the
done
method being called. Typically, we are done if there are no transactions in flight.
- Methodquery_timeout
private
void
query_timeout(string
txid
)- Description
Called when a transaction ID has been in flight for too long and we want to stop waiting for an answer. We call
run
to ensure we continue processing requests if more are needed.
- Methodrun
private
void
run()- Description
Processes the queue of nodes to query and calls
done
if we have enough results or there are no transactions in flight. This is the method called to initiate a query.
Class Protocols.Bittorrent.DHT.FindNode
- Description
FindNode implements the find_node query on the DHT.
Upon completion, the callback given at instance creation will be called and the result can be found in the results array.
For this operation, the results array will contain Node objects. In some cases these objects may also be DHTNode objects, but the callback must not expect this.
- Variabledesired_results
int
Protocols.Bittorrent.DHT.FindNode.desired_results- Description
Override the default number of desired results
- Methodexecute
this_program
execute()- Description
Execute method that also checks if we have the targets in our routing table.
Class Protocols.Bittorrent.DHT.GetPeers
- Description
The GetPeers class is used to initiate queries to the DHT where peers for a hash is desired. Upon completion, the done_db will be called with the GetPeers instance as the first argument and the done_cb_args as the following arguments.
The done_cb function is expected to examine the results array to find out what the result of the query actually contains. For this query, the result array will be an array with two elements; the first one containing any responses from nodes that knows of peers and the second one will contain the closest nodes to the target hash that we saw during the query.
- Variableclosest_nodes
array
Protocols.Bittorrent.DHT.GetPeers.closest_nodes- Description
Sorted array of the closest K nodes we've seen in the query.
- Variabledesired_results
int
Protocols.Bittorrent.DHT.GetPeers.desired_results- Description
Override the default number of desired results
Class Protocols.Bittorrent.DHT.Node
- Description
Utility class that represents a node that we learned of somehow. Node objects are not part of the DHT yet but can be used to create fullfledged DHTNode objects.
- Methodendpoint_compact
string
endpoint_compact()- Description
Returns just the IP and port as an 8-bit string.
- Methodnode_info
mapping
(string
:mixed
) node_info()- Description
Return basic info about the node as a mapping. All values are human readable.
Class Protocols.Bittorrent.DHT.Peer
- Description
Information about the peeer for a hash
Class Protocols.Bittorrent.DHT.Routingtable
- Description
Abstraction for the routing table.
- Variableallow_node_in_routing_table
function
(DHTNode
:int
) Protocols.Bittorrent.DHT.Routingtable.allow_node_in_routing_table- Description
Callback method that determines if a peer is allowed into our routing table or not. Return 1 to allow the peer or 0 to ignore it.
- Variablebucket_by_uuid
Variablebuckets mapping
(string
:Bucket
) Protocols.Bittorrent.DHT.Routingtable.bucket_by_uuidarray
(Bucket
) Protocols.Bittorrent.DHT.Routingtable.buckets- Description
Buckets in our routing table
- Variablemy_node_id
protected
string
|zero
Protocols.Bittorrent.DHT.Routingtable.my_node_id- Description
Node ID that this routing table belongs to
- Variablenodes_by_hash
Variablenodes_by_endpoint mapping
(string
:DHTNode
) Protocols.Bittorrent.DHT.Routingtable.nodes_by_hashmapping
(string
:DHTNode
) Protocols.Bittorrent.DHT.Routingtable.nodes_by_endpoint- Description
Lookup table for nodess so we can quickly find out if any given hash is already in our table somewhere.
- Methodadd_node
DHTNode
add_node(string
|DHTNode
n
,void
|string
ip
,void
|int
port
)- Description
Attepmts to add a node to our routing table. If a node with the same hash and/or endpoint already exists, that node is returned instead. If this node is inserted into the routing table, it is returned. If the node could not be inserted at all, UNDEFINED is returned.
- Methodbucket_for
Bucket
bucket_for(string
|DHTNode
n
)- Description
Calculate and return the bucket in which DHTNode n should belong to.
- Methodcopy_from
void
copy_from(this_program
rt
)- Description
Iterate over the given routingtable, copying the nodes as we go along.
- Methoddeserialize
void
deserialize(array
(mapping
)nodes
)- Description
Deserialize an array created by
serialize
.
- Methodserialize
array
serialize()- Description
Serialize the routing table into basic types so that it may be encoded for storage
- Methodsplit_bucket
int
split_bucket(Bucket
b
,void
|int
dont_promote
)- Description
Splits the given bucket into two by pushing a new bucket to the end of the bucket array. All nodes in the given bucket are removed and re-added to redistribute them. Candidate nodes are also readded and then a separate promotion pass is done. The promotion pass can be inhibited by setting dont_promote to 1.
Class Protocols.Bittorrent.DHT.Routingtable.Bucket
- Methodadd_node
int
add_node(DHTNode
n
,void
|int
dont_notify
)- Description
Attempts to add a node to the bucket either as a live node or as a candidate if the bucket is already full. Optionally supresses notifications of the new node. Returns 0 if the node was successfully added.
- Methoddetails
mapping
details()- Description
Returns a mapping with details about the bucket, including a complete list of live and candidate nodes.
- Methodevict_bad_nodes
void
evict_bad_nodes()- Description
Used to evict bad nodes from the bucket. Used by add_node() before attempting to add nodes the bucket.
- Methodlow_add_candidate
protected
int
low_add_candidate(DHTNode
n
,void
|int
dont_notify
)- Description
Adds a node to the bucket as a candidate with the option of suppressing notifications. Returns 0 on success.
- Methodlow_add_node
int
low_add_node(DHTNode
n
,void
|int
dont_notify
)- Description
Adds a node to the bucket as a live node with the option to surpress notifications. Returns 0 on success.
- Methodpromote_nodes
void
promote_nodes()- Description
Attempts to promote nodes if there is space and we have candidates. Called by add_node() before adding a node to ensure we upgrade viable candidates before adding a new node. This ensures that new nodes starts their life in the candidates section until there is space for them.
- Methodadd_node
Class Protocols.Bittorrent.DHT.Token
- Methodcreate
Protocols.Bittorrent.DHT.TokenProtocols.Bittorrent.DHT.Token(
string
ip
,int
port
,void
|int
dont_sha1
)- Description
Generate a new token for the given IP/port. Optionally don't apply SHA1 to the token for debugging purposes.
- Methodrefresh
this_program
refresh()- Description
Refreshes a token's lifetime to the configured token_lifetime value. Note: If called on an old token, this will violate recommendations in BEP005.
- Methodcreate
Class Protocols.Bittorrent.Generator
- Description
Generate a .torrent binary string from files in the filesystem
- Example
// usage: thisprogram [<file/dir>] [<file/dir>...] <target .torrent> int main(int ac,array am) { Generator g=Generator(); foreach (am[1..<1];;string f) g->add(f);
string dest=am[-1]; if (-1==search(dest,"torrent")) dest+=".torrent";
Stdio.write_file(dest,g->digest()); return 0; }
- Methodadd
this_program
add(string
path
,void
|string
base
)- Description
Add a file, or a directory tree to the torrent. This will call add_directory_tree or add_file.
- Methodadd_announce
this_program
add_announce(string
|array
(string
)announce_url
)- Description
Add one or multiple announcers (trackers). This is needed to get a valid .torrent file. If this is called more then once, more announcers (trackers) will be added with lower priority.
- Methodadd_directory_tree
this_program
add_directory_tree(string
path
,void
|string
dirbase
)- Description
Add a directory tree to the torrent. The second argument is what the directory will be called in the torrent. This will call add_file on all non-directories in the tree.
- Methodadd_file
this_program
add_file(string
path
,void
|string
filename
)- Description
Add a file to the torrent. The second argument is what the file will be called in the torrent.
- Methodbuild_sha1s
void
build_sha1s(void
|function
(int
,int
:void
)progress_callback
)- Description
Build the SHA hashes from the files.
- Methodcreate
Protocols.Bittorrent.GeneratorProtocols.Bittorrent.Generator(
void
|string
base
,void
|int
piece_size
)- Description
Create a generator.
- Parameter
base
The base filename/path in the torrent.
- Parameter
piece_size
The size of the pieces that the SHA hashes are calculated on. Default 262144 and this value should probably be 2^n.
Class Protocols.Bittorrent.Peer
- Methodconnect
void
connect()- Description
Connect to the peer; this is done async. status/mode will change from
"connecting"
to"dead"
or to"connected"
depending on result. Will throw error if already online.Upon connect, protocol will be initiated in choked mode. When the protocol is up, status will change to
"online"
(or"failed"
if the handshake failed).
- Methoddisconnect
void
disconnect()- Description
Disconnect a peer. Does nothing if we aren't online. status/mode will change to
"disconnected"
,1 if we were online.
- Methoddownloading_pieces
multiset
(int
) downloading_pieces()- Description
Returns as multiset what this peer is downloading.
- Methodis_activated
int
is_activated()- Description
Returns true if this peer is activated, as in we're downloading from it.
- Methodis_available
int
is_available()- Description
Returns true if this peer is available, as in we can use it to download stuff.
- Methodis_choked
int
is_choked()- Description
Returns true if this peer is choking, as in doesn't send more data to us.
- Methodis_completed
int
is_completed()- Description
Returns true if this peer is completed, as in has downloaded everything already - and we shouldn't need to upload to get stuff.
- Methodis_connectable
int
is_connectable()- Description
Returns true if we can connect to this peer, when new or disconnected but not fatally.
- Methodis_strangled
int
is_strangled()- Description
Returns true if this peer is strangled; as in we don't want to upload more, because we're not getting any back.
- Methodrequest
void
request(int
piece
,int
offset
,int
bytes
,function
(int
,int
,string
,object
:void
|mixed
)callback
)- Description
Called to request a chunk from this peer.
- Methodsend_have
void
send_have(int
n
)- Description
Send a have message to tell I now have piece n. Ignored if not online.
- Methodconnect
Class Protocols.Bittorrent.Port
Class Protocols.Bittorrent.Torrent
- Description
Bittorrent peer - download and share. Read more about bittorrent at http://bitconjurer.org/BitTorrent/introduction.html
- Example
The smallest usable torrent downloader. As first argument, it expects a filename to a .torrent file.
int main(int ac,array am){// initialize Torrent from file:Protocols.Bittorrent.Torrent t=Protocols.Bittorrent.Torrent(); t->load_metainfo(am[1]);// Callback when download status changes:// t->downloads_update_status=...;// Callback when pieces status change (when we get new stuff):// t->pieces_update_status=...;// Callback when peer status changes (connect, disconnect, choked...):// t->peer_update_status=...;// Callback when download is completed: t->download_completed_callback=lambda(){ call_out(exit,3600,0);// share for an hour, then exit};// Callback to print warnings (same args as sprintf):// t->warning=werror;// type of progress function used below:void progress(int n,int of){/* ... */};// Initiate targets from Torrent,// if target was created, no need to verify:if(t->fix_targets(1,0,progress)==1) t->verify_targets(progress);// Open port to listen on,// we want to do this to be able to talk to firewalled peers: t->open_port(6881);// Ok, start calling tracker to get peers,// and tell about us: t->start_update_tracker();// Finally, start the download: t->start_download();return-1;}
- Variabledo_we_strangle
function
(.Peer
,int
,int
:bool
) Protocols.Bittorrent.Torrent.do_we_strangle- Description
Function to determine if we should strangle this peer. Default is to allow 100000 bytes of data over the ratio, which is 2:1 per default; upload twice as much as we get.
Arguments are the peer, bytes in (downloaded) and bytes out (uploaded). Return 1 to strangle and 0 to allow the peer to proceed downloading again.
- Variabledownload_completed_callback
function
(:void
) Protocols.Bittorrent.Torrent.download_completed_callback- Description
If set, called when download is completed.
- Variabledownloads_update_status
function
(:void
) Protocols.Bittorrent.Torrent.downloads_update_status- Description
If set, called when we start to download another piece (no args).
- Variablepeer_update_status
function
(:void
) Protocols.Bittorrent.Torrent.peer_update_status- Description
If set, called when peer status changes.
- Variablepieces_update_status
function
(:void
) Protocols.Bittorrent.Torrent.pieces_update_status- Description
If set, called when we got another piece downloaded (no args).
- Variablewarning
function
(string
,__unknown__
... :void
|mixed
) Protocols.Bittorrent.Torrent.warning- Description
Called if there is a protocol error.
- Methodbytes_done
int
bytes_done()- Description
Calculate the bytes successfully downloaded (full pieces).
- Methodfile_got_bitfield
string
file_got_bitfield()- Description
Returns the file got field as a string bitfield (cached).
- Methodfix_targets
int
fix_targets(void
|int(-1..2)
allocate
,void
|string
base_filename
,void
|function
(int
,int
:void
)progress_callback
)- Description
Opens target datafile(s).
If all files are created, the verify info will be filled as well, but if it isn't created, a call to
verify_target()
is necessary after this call.- Parameter
allocate
Determines allocation procedure if the file doesn't exist:
0
Don't allocate.
1
Allocate virtual file size (seek, write end byte).
2
Allocate for real (will call progress_callback(pos,length)).
-1
Means never create a file, only open old files.
- Parameter
my_filename
A new base filename to substitute the metainfo base target filename with.
- Returns
1
The (a) file was already there.
2
All target files were created.
- Methodstart_update_tracker
void
start_update_tracker(void
|int
interval
)- Description
Starts to contact the tracker at regular intervals, giving it the status and recieving more peers to talk to. Will also contact these peers. The default interval is 5 minutes. If given an event, will update tracker with it.
- Methodstop_update_tracker
void
stop_update_tracker(void
|string
event
)- Description
Stops updating the tracker; will send the event as a last event, if set. It will not contact new peers.
- Methodupdate_tracker
void
update_tracker(void
|string
event
,void
|int
contact
)- Description
Contact and update the tracker with current status will fill the peer list.
- Methodverify_targets
void
verify_targets(void
|function
(int
,int
:void
)progress_callback
)- Description
Verify the file and fill file_got (necessary after load_info, but needs open_file before this call). [ progress_callback(at chunk,total chunks) ]
Class Protocols.Bittorrent.Torrent.Target
- Description
Each bittorrent has one or more target files. This represents one of those.
- Variablebase
Variablelength
Variableoffset
Variablepath string
Protocols.Bittorrent.Torrent.Target.baseint
Protocols.Bittorrent.Torrent.Target.lengthint
Protocols.Bittorrent.Torrent.Target.offsetvoid
|array
Protocols.Bittorrent.Torrent.Target.path
Class Protocols.Bittorrent.Tracker
- Variabledynamic_add_torrents
bool
Protocols.Bittorrent.Tracker.dynamic_add_torrents- Description
Allow clients to dynamically add torrents to the tracker.
- Variableinterval
int(0..)
Protocols.Bittorrent.Tracker.interval- Description
The query interval reported back to clients. Defaults to
1800
.
- Methodadd_torrent
void
add_torrent(string
id
)- Description
Add a torrent to the tracker.
- Parameter
id
The info hash of the torrent file.
- Methodannounce
string
announce(mapping
args
,string
ip
)- Description
Handles HTTP announce queries to the tracker.
- Variabledynamic_add_torrents
Module Protocols.Bittorrent.Bencoding
- Methodbits2string
string
bits2string(array
(bool
)v
)- Description
Convert an array of
int(0..1)
to a Bittorrent style bitstring. Input will be padded to even bytes.
- Methoddecode
string
|int
|array
|mapping
decode(Stdio.Buffer
buf
)- Description
Decodes a Bittorrent bencoded data chunk and ignores the remaining string. Returns
UNDEFINED
if the data is incomplete.
- Methodencode
string
encode(string
|int
|array
|mapping
data
)- Description
Encodes a Bittorrent bencoded data chunk.
- Methodstring2arr
array
(int
) string2arr(string
s
)- Description
Convert a Bittorrent style bitstring to an array of indices.
- Methodbits2string
Module Protocols.DNS_SD
Class Protocols.DNS_SD.Service
- Description
This class provides an interface to DNS Service Discovery. The functionality of DNS-SD is described at <http://www.dns-sd.org/>.
Using the Proctocols.DNS_SD.Service class a Pike program can announce services, for example a web site or a database server, to computers on the local network.
When registering a service you need to provide the service name. service type, domain and port number. You can also optionally specify a TXT record. The contents of the TXT record varies between different services; for example, a web server can announce a path to a web page, and a printer spooler is able to list printer features such as color support or two-sided printing.
The service is registered on the network for as long as the instance of the Service class is valid.
- Methodcreate
Protocols.DNS_SD.ServiceProtocols.DNS_SD.Service(
string
name
,string
service
,string
domain
,int
port
,void
|string
|array
(string
)txt
)- Description
Registers a service on the local network.
- Parameter
name
User-presentable name of the service.
- Parameter
service
Type of service on the form _type._protocol. Type is an identifier related to the service type. A list of registered service types can be found at http://http://www.dns-sd.org/ServiceTypes.html/. Protocol is normally tcp but udp is also a valid choice. For example, a web server would get a
service
of _http._tcp.- Parameter
domain
Domain name. Normally an empty string which the DNS-SD library will translate into local..
- Parameter
port
Port number for the service (e.g. 80 for a web site).
- Parameter
txt
An optional TXT record with service-specific information. It can be given as a plain string or an array of property assignment strings. The TXT record can be changed later by calling
update_txt
in the object returned when you register the service.- Example
object svc = Protocols.DNS_SD.Service( "Company Intranet Forum", // name "_http._tcp", // service type "", // domain (default) 80, // port ({ "path=/forum/" }) // TXT record );
- Methodupdate_txt
void
update_txt(string
|array
(string
)txt
)- Description
Updates the TXT record for the service.
- Parameter
txt
A TXT record with service-specific information. It can be given as a plain string or an array of property assignment strings. To remove an existing TXT record you give an empty string as the argument.
Module Protocols.HTTP2
- Description
HTTP/2 protocol.
Enum Protocols.HTTP2.Error
- ConstantERROR_no_error
ConstantERROR_protocol_error
ConstantERROR_internal_error
ConstantERROR_flow_control_error
ConstantERROR_settings_timeout
ConstantERROR_stream_closed
ConstantERROR_frame_size_error
ConstantERROR_refused_stream
ConstantERROR_cancel
ConstantERROR_compression_error
ConstantERROR_connect_error
ConstantERROR_enhance_your_calm
ConstantERROR_inadequate_security
ConstantERROR_http_1_1_required constant
Protocols.HTTP2.ERROR_no_error
constant
Protocols.HTTP2.ERROR_protocol_error
constant
Protocols.HTTP2.ERROR_internal_error
constant
Protocols.HTTP2.ERROR_flow_control_error
constant
Protocols.HTTP2.ERROR_settings_timeout
constant
Protocols.HTTP2.ERROR_stream_closed
constant
Protocols.HTTP2.ERROR_frame_size_error
constant
Protocols.HTTP2.ERROR_refused_stream
constant
Protocols.HTTP2.ERROR_cancel
constant
Protocols.HTTP2.ERROR_compression_error
constant
Protocols.HTTP2.ERROR_connect_error
constant
Protocols.HTTP2.ERROR_enhance_your_calm
constant
Protocols.HTTP2.ERROR_inadequate_security
constant
Protocols.HTTP2.ERROR_http_1_1_required
- ConstantERROR_no_error
Enum Protocols.HTTP2.Flag
Enum Protocols.HTTP2.FrameType
- ConstantFRAME_data
ConstantFRAME_headers
ConstantFRAME_priority
ConstantFRAME_rst_stream
ConstantFRAME_settings
ConstantFRAME_push_promise
ConstantFRAME_ping
ConstantFRAME_goaway
ConstantFRAME_window_update
ConstantFRAME_continuation constant
Protocols.HTTP2.FRAME_data
constant
Protocols.HTTP2.FRAME_headers
constant
Protocols.HTTP2.FRAME_priority
constant
Protocols.HTTP2.FRAME_rst_stream
constant
Protocols.HTTP2.FRAME_settings
constant
Protocols.HTTP2.FRAME_push_promise
constant
Protocols.HTTP2.FRAME_ping
constant
Protocols.HTTP2.FRAME_goaway
constant
Protocols.HTTP2.FRAME_window_update
constant
Protocols.HTTP2.FRAME_continuation
- ConstantFRAME_data
Enum Protocols.HTTP2.Setting
- ConstantSETTING_header_table_size
ConstantSETTING_enable_push
ConstantSETTING_max_concurrent_streams
ConstantSETTING_initial_window_size
ConstantSETTING_max_frame_size
ConstantSETTING_max_header_list_size constant
Protocols.HTTP2.SETTING_header_table_size
constant
Protocols.HTTP2.SETTING_enable_push
constant
Protocols.HTTP2.SETTING_max_concurrent_streams
constant
Protocols.HTTP2.SETTING_initial_window_size
constant
Protocols.HTTP2.SETTING_max_frame_size
constant
Protocols.HTTP2.SETTING_max_header_list_size
- ConstantSETTING_header_table_size
Class Protocols.HTTP2.Frame
- Description
HTTP/2 frame.
- Variableframe_type
Variableflags FrameType
Protocols.HTTP2.Frame.frame_typeFlag
Protocols.HTTP2.Frame.flags
- Variablepayload
int
|Stdio.Buffer
|array
(array
(string(8bit)
)) Protocols.HTTP2.Frame.payload- Description
Data length for received packets, and payload for packets to send.
NB: To avoid frame reordering issues with HPack, this is the set of headers for
FRAME_header
andFRAME_push_promise
.
- Variablepromised_stream_id
int
|void
Protocols.HTTP2.Frame.promised_stream_id- Description
Only used with
FRAME_push_promise
, and overridesstream_id
.
- Method__create__
protected
local
void
__create__(FrameType
frame_type
,Flag
flags
,int
|Stdio.Buffer
|array
(array
(string(8bit)
))payload
,int
|void
stream_id
,int
|void
promised_stream_id
)
Module Protocols.IMAP
- Description
IMAP (Internet Message Access Protocol) server support
Class Protocols.IMAP.imap_server
- Description
imap_server.pike
Class Protocols.IMAP.parse_line
- Description
parse_line.pike
- Methodget_atom_options
mapping
|zero
get_atom_options(int
max_depth
)- Description
Reads an atom, optionally followd by a list enclosed in square brackets. Naturally, the atom itself cannot contain any brackets.
Returns a mapping type : "atom", atom : name, raw : name[options] options : parsed options, range : ({ start, size })
- Methodget_flag_list
array
(string
)|zero
get_flag_list()- Description
Get a list of atoms. Primarily intended for use by STORE for the flags argument.
- Methodget_simple_list
mapping
|zero
get_simple_list(int
max_depth
)- Description
Parses an object that (recursivly) can contain atoms (possible with options in brackets) or lists. Note that strings are not accepted, as it is a little difficult to wait for the continuation of the request.
FIXME: This function is used to read fetch commands. This breaks rfc-2060 compliance, as the names of headers can be represented as string literals.
- Methodget_token
mapping
get_token(int
eol
,int
accept_options
)- Description
Parses an object that can be a string, an atom (possibly with options in brackets) or a list.
eol can be 0, meaning no end of line or list expected, a positive int, meaning a character (e.g. ')' or ']' that terminates the list, or -1, meaning that the list terminates at end of line.
Class Protocols.IMAP.parser
- Description
Continuation based imap parser.
Class Protocols.IMAP.server
- Description
IMAP.server
Handles the server side of the protocol.
Module Protocols.IMAP.requests
- Description
IMAP.requests
Module Protocols.IMAP.types
- Description
IMAP.types
Module Protocols.IPv6
- Methodformat_addr_short
string
format_addr_short(array
(int(16bit)
)bin_addr
)- Description
Formats an IPv6 address to the colon-separated hexadecimal form as defined in RFC 2373 section 2.2.
bin_addr
must be an 8-element array containing the 16-bit fields.The returned address is on a canonical shortest form as follows: The longest sequence of zeroes is shortened using "::". If there are several of equal length then the leftmost is shortened. All hexadecimal letters are lower-case. There are no superfluous leading zeroes in the fields.
- See also
parse_addr
- Methodnormalize_addr_basic
string
|zero
normalize_addr_basic(string
addr
)- Description
Normalizes a formatted IPv6 address to a string with eight hexadecimal numbers separated by ":".
addr
is given on the same form, or any of the shorthand varieties as specified in RFC 2373 section 2.2.All hexadecimal letters in the returned address are lower-case, and there are no superfluous leading zeroes in the fields.
Zero is returned if
addr
is incorrectly formatted.- See also
normalize_addr_short
- Methodnormalize_addr_short
string
|zero
normalize_addr_short(string
addr
)- Description
Normalizes a formatted IPv6 address to a canonical shortest form.
addr
is parsed according to the hexadecimal"x:x:x:x:x:x:x:x"
syntax or any of its shorthand varieties (see RFC 2373 section 2.2).The returned address is normalized as follows: The longest sequence of zeroes is shortened using "::". If there are several of equal length then the leftmost is shortened. All hexadecimal letters are lower-case. There are no superfluous leading zeroes in the fields.
Zero is returned if
addr
is incorrectly formatted.- See also
normalize_addr_basic
- Methodparse_addr
array
(int(16bit)
)|zero
parse_addr(string
addr
)- Description
Parses an IPv6 address on the formatted hexadecimal
"x:x:x:x:x:x:x:x"
form, or any of the shorthand varieties (see RFC 2373 section 2.2).The address is returned as an 8-element array where each element is the value of the corresponding field. Zero is returned if
addr
is incorrectly formatted.- See also
format_addr_short
- Methodformat_addr_short
Module Protocols.IRC
- Description
IRC client and connection handling.
Start with
Client
andChannel
.- Example
Protocols.IRC.client irc; class channel_notif { inherit Protocols.IRC.Channel; void not_message(object person,string msg) { if (msg == "!hello") irc->send_message(name, "Hello, "+person->nick+"!"); } } int main() { irc = Protocols.IRC.Client("irc.freenode.net", ([ "nick": "DemoBot12345", "realname": "Demo IRC bot", "channel_program": channel_notif, ])); irc->join_channel("#bot-test"); return -1; }
Class Protocols.IRC.Channel
- Description
Abstract class for an IRC channel.
Class Protocols.IRC.Client
- Methodcreate
Protocols.IRC.ClientProtocols.IRC.Client(
string
|object
server
,void
|mapping
(string
:mixed
)options
)- Parameter
server
The IRC server to connect to. If server is an object, it is assumed to be a newly established connection to the IRC server to be used. Pass
SSL.File
connections here to connect to SSL secured IRC networks.- Parameter
options
An optional mapping with additional IRC client options.
"port"
:int
Defaults to 6667.
"user"
:string
Defaults to
"unknown"
on systems withoutgetpwuid
andgetuid
and togetpwuid(getuid())[0]
on systems with."nick"
:string
Defaults to
"Unknown"
on systems withoutgetpwuid
andgetuid
and toString.capitalize(getpwuid(getuid())[0])
on systems with."pass"
:string
Server password, if any. Public servers seldom require this.
"realname"
:string
Defaults to
"Mr. Anonymous"
on systems withoutgetpwuid
andgetuid
and togetpwuid(getuid())[4]
on systems with."host"
:string
Defaults to
"localhost"
on systems withoutuname
and touname()->nodename
on systems with."ping_interval"
:int
Defaults to 120.
"ping_timeout"
:int
Defaults to 120.
"connection_lost"
:function
(void
:void
)This function is called when the connection to the IRC server is lost or when a ping isn't answered with a pong within the time set by the ping_timeout option. The default behaviour is to complain on stderr and self destruct.
"channel_program"
:program
An instance of this is created for each channel connected to via join_channel() - should be a subclass of Protocols.IRC.Channel.
"error_notify"
:function
(mixed
... :void
)This function is called when a KILL or ERROR command is recieved from the IRC server.
"system_notify"
:function
(string
,void
|string
:void
)"motd_notify"
:function
(string
,void
|string
:void
)"error_nickinuse"
:function
(string
:void
)"generic_notify"
:function
(string
,string
,string
,string
,string
:void
)The arguments are from, type, to, message and extra.
"quit_notify"
:function
(string
,string
:void
)The arguments are who and why.
"privmsg_notify"
:function
(Person
,string
,string
:void
)The arguments are originator, message and to.
"notice_notify"
:function
(Person
,string
,string
:void
)The arguments are originator, message and to.
"nick_notify"
:function
(Person
,string
:void
)The arguments are originator and to.
- Methodcreate
Module Protocols.Ident
- Description
An implementation of the IDENT protocol, specified in RFC 0931.
Module Protocols.LDAP
- ConstantGUID_USERS_CONTAINER
ConstantGUID_COMPUTERS_CONTAINER
ConstantGUID_SYSTEMS_CONTAINER
ConstantGUID_DOMAIN_CONTROLLERS_CONTAINER
ConstantGUID_INFRASTRUCTURE_CONTAINER
ConstantGUID_DELETED_OBJECTS_CONTAINER
ConstantGUID_LOSTANDFOUND_CONTAINER
ConstantGUID_FOREIGNSECURITYPRINCIPALS_CONTAINER
ConstantGUID_PROGRAM_DATA_CONTAINER
ConstantGUID_MICROSOFT_PROGRAM_DATA_CONTAINER
ConstantGUID_NTDS_QUOTAS_CONTAINER constant
string
Protocols.LDAP.GUID_USERS_CONTAINER
constant
string
Protocols.LDAP.GUID_COMPUTERS_CONTAINER
constant
string
Protocols.LDAP.GUID_SYSTEMS_CONTAINER
constant
string
Protocols.LDAP.GUID_DOMAIN_CONTROLLERS_CONTAINER
constant
string
Protocols.LDAP.GUID_INFRASTRUCTURE_CONTAINER
constant
string
Protocols.LDAP.GUID_DELETED_OBJECTS_CONTAINER
constant
string
Protocols.LDAP.GUID_LOSTANDFOUND_CONTAINER
constant
string
Protocols.LDAP.GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER
constant
string
Protocols.LDAP.GUID_PROGRAM_DATA_CONTAINER
constant
string
Protocols.LDAP.GUID_MICROSOFT_PROGRAM_DATA_CONTAINER
constant
string
Protocols.LDAP.GUID_NTDS_QUOTAS_CONTAINER
- Description
Constants for Microsoft AD Well-Known Object GUIDs. These are e.g. used in LDAP URLs:
"ldap://server/<WKGUID="+Protocols.LDAP.GUID_USERS_CONTAINER +",dc=my,dc=domain,dc=com>"
- ConstantLDAP_SUCCESS
ConstantLDAP_OPERATIONS_ERROR
ConstantLDAP_PROTOCOL_ERROR
ConstantLDAP_TIMELIMIT_EXCEEDED
ConstantLDAP_SIZELIMIT_EXCEEDED
ConstantLDAP_COMPARE_FALSE
ConstantLDAP_COMPARE_TRUE
ConstantLDAP_AUTH_METHOD_NOT_SUPPORTED
ConstantLDAP_STRONG_AUTH_NOT_SUPPORTED
ConstantLDAP_STRONG_AUTH_REQUIRED
ConstantLDAP_PARTIAL_RESULTS
ConstantLDAP_REFERRAL
ConstantLDAP_ADMINLIMIT_EXCEEDED
ConstantLDAP_UNAVAILABLE_CRITICAL_EXTENSION
ConstantLDAP_CONFIDENTIALITY_REQUIRED
ConstantLDAP_SASL_BIND_IN_PROGRESS
ConstantLDAP_NO_SUCH_ATTRIBUTE
ConstantLDAP_UNDEFINED_TYPE
ConstantLDAP_INAPPROPRIATE_MATCHING
ConstantLDAP_CONSTRAINT_VIOLATION
ConstantLDAP_TYPE_OR_VALUE_EXISTS
ConstantLDAP_INVALID_SYNTAX
ConstantLDAP_NO_SUCH_OBJECT
ConstantLDAP_ALIAS_PROBLEM
ConstantLDAP_INVALID_DN_SYNTAX
ConstantLDAP_IS_LEAF
ConstantLDAP_ALIAS_DEREF_PROBLEM
ConstantLDAP_INAPPROPRIATE_AUTH
ConstantLDAP_INVALID_CREDENTIALS
ConstantLDAP_INSUFFICIENT_ACCESS
ConstantLDAP_BUSY
ConstantLDAP_UNAVAILABLE
ConstantLDAP_UNWILLING_TO_PERFORM
ConstantLDAP_LOOP_DETECT
ConstantLDAP_SORT_CONTROL_MISSING
ConstantLDAP_NAMING_VIOLATION
ConstantLDAP_OBJECT_CLASS_VIOLATION
ConstantLDAP_NOT_ALLOWED_ON_NONLEAF
ConstantLDAP_NOT_ALLOWED_ON_RDN
ConstantLDAP_ALREADY_EXISTS
ConstantLDAP_NO_OBJECT_CLASS_MODS
ConstantLDAP_RESULTS_TOO_LARGE
ConstantLDAP_AFFECTS_MULTIPLE_DSAS
ConstantLDAP_OTHER constant
int
Protocols.LDAP.LDAP_SUCCESS
constant
int
Protocols.LDAP.LDAP_OPERATIONS_ERROR
constant
int
Protocols.LDAP.LDAP_PROTOCOL_ERROR
constant
int
Protocols.LDAP.LDAP_TIMELIMIT_EXCEEDED
constant
int
Protocols.LDAP.LDAP_SIZELIMIT_EXCEEDED
constant
int
Protocols.LDAP.LDAP_COMPARE_FALSE
constant
int
Protocols.LDAP.LDAP_COMPARE_TRUE
constant
int
Protocols.LDAP.LDAP_AUTH_METHOD_NOT_SUPPORTED
constant
Protocols.LDAP.LDAP_STRONG_AUTH_NOT_SUPPORTED
constant
int
Protocols.LDAP.LDAP_STRONG_AUTH_REQUIRED
constant
int
Protocols.LDAP.LDAP_PARTIAL_RESULTS
constant
int
Protocols.LDAP.LDAP_REFERRAL
constant
int
Protocols.LDAP.LDAP_ADMINLIMIT_EXCEEDED
constant
int
Protocols.LDAP.LDAP_UNAVAILABLE_CRITICAL_EXTENSION
constant
int
Protocols.LDAP.LDAP_CONFIDENTIALITY_REQUIRED
constant
int
Protocols.LDAP.LDAP_SASL_BIND_IN_PROGRESS
constant
int
Protocols.LDAP.LDAP_NO_SUCH_ATTRIBUTE
constant
int
Protocols.LDAP.LDAP_UNDEFINED_TYPE
constant
int
Protocols.LDAP.LDAP_INAPPROPRIATE_MATCHING
constant
int
Protocols.LDAP.LDAP_CONSTRAINT_VIOLATION
constant
int
Protocols.LDAP.LDAP_TYPE_OR_VALUE_EXISTS
constant
int
Protocols.LDAP.LDAP_INVALID_SYNTAX
constant
int
Protocols.LDAP.LDAP_NO_SUCH_OBJECT
constant
int
Protocols.LDAP.LDAP_ALIAS_PROBLEM
constant
int
Protocols.LDAP.LDAP_INVALID_DN_SYNTAX
constant
int
Protocols.LDAP.LDAP_IS_LEAF
constant
int
Protocols.LDAP.LDAP_ALIAS_DEREF_PROBLEM
constant
int
Protocols.LDAP.LDAP_INAPPROPRIATE_AUTH
constant
int
Protocols.LDAP.LDAP_INVALID_CREDENTIALS
constant
int
Protocols.LDAP.LDAP_INSUFFICIENT_ACCESS
constant
int
Protocols.LDAP.LDAP_BUSY
constant
int
Protocols.LDAP.LDAP_UNAVAILABLE
constant
int
Protocols.LDAP.LDAP_UNWILLING_TO_PERFORM
constant
int
Protocols.LDAP.LDAP_LOOP_DETECT
constant
int
Protocols.LDAP.LDAP_SORT_CONTROL_MISSING
constant
int
Protocols.LDAP.LDAP_NAMING_VIOLATION
constant
int
Protocols.LDAP.LDAP_OBJECT_CLASS_VIOLATION
constant
int
Protocols.LDAP.LDAP_NOT_ALLOWED_ON_NONLEAF
constant
int
Protocols.LDAP.LDAP_NOT_ALLOWED_ON_RDN
constant
int
Protocols.LDAP.LDAP_ALREADY_EXISTS
constant
int
Protocols.LDAP.LDAP_NO_OBJECT_CLASS_MODS
constant
int
Protocols.LDAP.LDAP_RESULTS_TOO_LARGE
constant
int
Protocols.LDAP.LDAP_AFFECTS_MULTIPLE_DSAS
constant
int
Protocols.LDAP.LDAP_OTHER
- Description
LDAP result codes.
- See also
Protocols.LDAP.client.error_number
,Protocols.LDAP.client.result.error_number
- ConstantLDAP_CONTROL_MANAGE_DSA_IT
constant
string
Protocols.LDAP.LDAP_CONTROL_MANAGE_DSA_IT
- Description
LDAP control: Manage DSA IT LDAPv3 control (RFC 3296): Control to indicate that the operation is intended to manage objects within the DSA (server) Information Tree.
- ConstantLDAP_CONTROL_VLVREQUEST
constant
string
Protocols.LDAP.LDAP_CONTROL_VLVREQUEST
- Description
LDAP control: LDAP Extensions for Scrolling View Browsing of Search Results (internet draft): Control used to request virtual list view support from the server.
- ConstantLDAP_CONTROL_VLVRESPONSE
constant
string
Protocols.LDAP.LDAP_CONTROL_VLVRESPONSE
- Description
LDAP control: LDAP Extensions for Scrolling View Browsing of Search Results (internet draft): Control used to pass virtual list view (VLV) data from the server to the client.
- ConstantLDAP_PAGED_RESULT_OID_STRING
constant
string
Protocols.LDAP.LDAP_PAGED_RESULT_OID_STRING
- Description
LDAP control: Microsoft AD: Control to instruct the server to return the results of a search request in smaller, more manageable packets rather than in one large block.
- ConstantLDAP_SERVER_ASQ_OID
constant
string
Protocols.LDAP.LDAP_SERVER_ASQ_OID
- Description
LDAP control: Microsoft AD: Control to force the query to be based on a specific DN-valued attribute.
- ConstantLDAP_SERVER_CROSSDOM_MOVE_TARGET_OID
constant
string
Protocols.LDAP.LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID
- Description
LDAP control: Microsoft AD: Control used with an extended LDAP rename function to move an LDAP object from one domain to another.
- ConstantLDAP_SERVER_DIRSYNC_OID
constant
string
Protocols.LDAP.LDAP_SERVER_DIRSYNC_OID
- Description
LDAP control: Microsoft AD: Control that enables an application to search the directory for objects changed from a previous state.
- ConstantLDAP_SERVER_DOMAIN_SCOPE_OID
constant
string
Protocols.LDAP.LDAP_SERVER_DOMAIN_SCOPE_OID
- Description
LDAP control: Microsoft AD: Control used to instruct the LDAP server not to generate any referrals when completing a request.
- ConstantLDAP_SERVER_EXTENDED_DN_OID
constant
string
Protocols.LDAP.LDAP_SERVER_EXTENDED_DN_OID
- Description
LDAP control: Microsoft AD: Control to request an extended form of an Active Directory object distinguished name.
- ConstantLDAP_SERVER_LAZY_COMMIT_OID
constant
string
Protocols.LDAP.LDAP_SERVER_LAZY_COMMIT_OID
- Description
LDAP control: Microsoft AD: Control used to instruct the server to return the results of a DS modification command, such as add, delete, or replace, after it has been completed in memory, but before it has been committed to disk.
- ConstantLDAP_SERVER_NOTIFICATION_OID
constant
string
Protocols.LDAP.LDAP_SERVER_NOTIFICATION_OID
- Description
LDAP control: Microsoft AD: Control used with an extended LDAP asynchronous search function to register the client to be notified when changes are made to an object in Active Directory.
- ConstantLDAP_SERVER_PERMISSIVE_MODIFY_OID
constant
string
Protocols.LDAP.LDAP_SERVER_PERMISSIVE_MODIFY_OID
- Description
LDAP control: Microsoft AD: An LDAP modify request will normally fail if it attempts to add an attribute that already exists, or if it attempts to delete an attribute that does not exist. With this control, as long as the attribute to be added has the same value as the existing attribute, then the modify will succeed. With this control, deletion of an attribute that does not exist will also succeed.
- ConstantLDAP_SERVER_QUOTA_CONTROL_OID
constant
string
Protocols.LDAP.LDAP_SERVER_QUOTA_CONTROL_OID
- Description
LDAP control: Microsoft AD: Control used to pass the SID of a security principal, whose quota is being queried, to the server in a LDAP search operation.
- ConstantLDAP_SERVER_RESP_SORT_OID
constant
string
Protocols.LDAP.LDAP_SERVER_RESP_SORT_OID
- Description
LDAP control: Microsoft AD: Control used by the server to indicate the results of a search function initiated using the
LDAP_SERVER_SORT_OID
control.
- ConstantLDAP_SERVER_SD_FLAGS_OID
constant
string
Protocols.LDAP.LDAP_SERVER_SD_FLAGS_OID
- Description
LDAP control: Microsoft AD: Control used to pass flags to the server to control various security descriptor results.
- ConstantLDAP_SERVER_SEARCH_OPTIONS_OID
constant
string
Protocols.LDAP.LDAP_SERVER_SEARCH_OPTIONS_OID
- Description
LDAP control: Microsoft AD: Control used to pass flags to the server to control various search behaviors.
- ConstantLDAP_SERVER_SHOW_DELETED_OID
constant
string
Protocols.LDAP.LDAP_SERVER_SHOW_DELETED_OID
- Description
LDAP control: Microsoft AD: Control used to specify that the search results include any deleted objects that match the search filter.
- ConstantLDAP_SERVER_SORT_OID
constant
string
Protocols.LDAP.LDAP_SERVER_SORT_OID
- Description
LDAP control: Microsoft AD: Control used to instruct the server to sort the search results before returning them to the client application.
- ConstantLDAP_SERVER_TREE_DELETE_OID
constant
string
Protocols.LDAP.LDAP_SERVER_TREE_DELETE_OID
- Description
LDAP control: Microsoft AD: Control used to delete an entire subtree in the directory.
- ConstantLDAP_SERVER_VERIFY_NAME_OID
constant
string
Protocols.LDAP.LDAP_SERVER_VERIFY_NAME_OID
- Description
LDAP control: Microsoft AD: Control used to instruct the DC accepting the update which DC it should verify with, the existence of any DN attribute values.
- ConstantMODIFY_ADD
ConstantMODIFY_DELETE
ConstantMODIFY_REPLACE constant
int
Protocols.LDAP.MODIFY_ADD
constant
int
Protocols.LDAP.MODIFY_DELETE
constant
int
Protocols.LDAP.MODIFY_REPLACE
- Description
Constants used in the
attropval
argument toProtocols.LDAP.client.modify
.
- ConstantSCOPE_BASE
ConstantSCOPE_ONE
ConstantSCOPE_SUB constant
int
Protocols.LDAP.SCOPE_BASE
constant
int
Protocols.LDAP.SCOPE_ONE
constant
int
Protocols.LDAP.SCOPE_SUB
- Description
Constants for the search scope used with e.g.
Protocols.LDAP.client.set_scope
.- SCOPE_BASE
Return the object specified by the DN.
- SCOPE_ONE
Return the immediate subobjects of the object specified by the DN.
- SCOPE_SUB
Return the object specified by the DN and all objects below it (on any level).
- ConstantSEARCH_LOWER_ATTRS
ConstantSEARCH_MULTIVAL_ARRAYS_ONLY
ConstantSEARCH_RETURN_DECODE_ERRORS constant
int
Protocols.LDAP.SEARCH_LOWER_ATTRS
constant
int
Protocols.LDAP.SEARCH_MULTIVAL_ARRAYS_ONLY
constant
int
Protocols.LDAP.SEARCH_RETURN_DECODE_ERRORS
- Description
Bitfield flags given to
Protocols.LDAP.client.search
:- SEARCH_LOWER_ATTRS
Lowercase all attribute values. This makes it easier to match specific attributes in the mappings returned by
Protocols.LDAP.client.result.fetch
since LDAP attribute names are case insensitive.- SEARCH_MULTIVAL_ARRAYS_ONLY
Only use arrays for attribute values where the attribute syntax specify multiple values. I.e. the values for single valued attributes are returned as strings instead of arrays containing one string element.
If no value is returned for a single valued attribute, e.g. when
attrsonly
is set in the search call, then a zero will be used as value.The special
"dn"
value is also returned as a string when this flag is set.Note that it's the attribute type descriptions that are used to decide this, not the number of values a particular attribute happens to have in the search result.
- SEARCH_RETURN_DECODE_ERRORS
Don't throw attribute value decode errors, instead return them in the result from
Protocols.LDAP.client.result.fetch
in place of the value. I.e. anywhere an attribute value string occurs, you might instead have aCharset.DecodeError
object.
- ConstantSYNTAX_AD_CASE_IGNORE_STR
ConstantSYNTAX_AD_LARGE_INT
ConstantSYNTAX_AD_OBJECT_SECURITY_DESCRIPTOR constant
string
Protocols.LDAP.SYNTAX_AD_CASE_IGNORE_STR
constant
string
Protocols.LDAP.SYNTAX_AD_LARGE_INT
constant
string
Protocols.LDAP.SYNTAX_AD_OBJECT_SECURITY_DESCRIPTOR
- Description
LDAP syntax: Microsoft AD: Additional syntaxes used in AD. C.f. <http://community.roxen.com/(all)/developers/idocs/drafts/ draft-armijo-ldap-syntax-00.html>.
- ConstantSYNTAX_ATTR_TYPE_DESCR
ConstantSYNTAX_BINARY
ConstantSYNTAX_BIT_STRING
ConstantSYNTAX_BOOLEAN
ConstantSYNTAX_CERT
ConstantSYNTAX_CERT_LIST
ConstantSYNTAX_CERT_PAIR
ConstantSYNTAX_COUNTRY_STR
ConstantSYNTAX_DN
ConstantSYNTAX_DIRECTORY_STR
ConstantSYNTAX_DIT_CONTENT_RULE_DESCR
ConstantSYNTAX_FACSIMILE_PHONE_NUM
ConstantSYNTAX_FAX
ConstantSYNTAX_GENERALIZED_TIME
ConstantSYNTAX_IA5_STR
ConstantSYNTAX_INT
ConstantSYNTAX_JPEG
ConstantSYNTAX_MATCHING_RULE_DESCR
ConstantSYNTAX_MATCHING_RULE_USE_DESCR
ConstantSYNTAX_MHS_OR_ADDR
ConstantSYNTAX_NAME_AND_OPTIONAL_UID
ConstantSYNTAX_NAME_FORM_DESCR
ConstantSYNTAX_NUMERIC_STRING
ConstantSYNTAX_OBJECT_CLASS_DESCR
ConstantSYNTAX_OID
ConstantSYNTAX_OTHER_MAILBOX
ConstantSYNTAX_POSTAL_ADDR
ConstantSYNTAX_PRESENTATION_ADDR
ConstantSYNTAX_PRINTABLE_STR
ConstantSYNTAX_PHONE_NUM
ConstantSYNTAX_UTC_TIME
ConstantSYNTAX_LDAP_SYNTAX_DESCR
ConstantSYNTAX_DIT_STRUCTURE_RULE_DESCR constant
string
Protocols.LDAP.SYNTAX_ATTR_TYPE_DESCR
constant
string
Protocols.LDAP.SYNTAX_BINARY
constant
string
Protocols.LDAP.SYNTAX_BIT_STRING
constant
string
Protocols.LDAP.SYNTAX_BOOLEAN
constant
string
Protocols.LDAP.SYNTAX_CERT
constant
string
Protocols.LDAP.SYNTAX_CERT_LIST
constant
string
Protocols.LDAP.SYNTAX_CERT_PAIR
constant
string
Protocols.LDAP.SYNTAX_COUNTRY_STR
constant
string
Protocols.LDAP.SYNTAX_DN
constant
string
Protocols.LDAP.SYNTAX_DIRECTORY_STR
constant
string
Protocols.LDAP.SYNTAX_DIT_CONTENT_RULE_DESCR
constant
string
Protocols.LDAP.SYNTAX_FACSIMILE_PHONE_NUM
constant
string
Protocols.LDAP.SYNTAX_FAX
constant
string
Protocols.LDAP.SYNTAX_GENERALIZED_TIME
constant
string
Protocols.LDAP.SYNTAX_IA5_STR
constant
string
Protocols.LDAP.SYNTAX_INT
constant
string
Protocols.LDAP.SYNTAX_JPEG
constant
string
Protocols.LDAP.SYNTAX_MATCHING_RULE_DESCR
constant
string
Protocols.LDAP.SYNTAX_MATCHING_RULE_USE_DESCR
constant
string
Protocols.LDAP.SYNTAX_MHS_OR_ADDR
constant
string
Protocols.LDAP.SYNTAX_NAME_AND_OPTIONAL_UID
constant
string
Protocols.LDAP.SYNTAX_NAME_FORM_DESCR
constant
string
Protocols.LDAP.SYNTAX_NUMERIC_STRING
constant
string
Protocols.LDAP.SYNTAX_OBJECT_CLASS_DESCR
constant
string
Protocols.LDAP.SYNTAX_OID
constant
string
Protocols.LDAP.SYNTAX_OTHER_MAILBOX
constant
string
Protocols.LDAP.SYNTAX_POSTAL_ADDR
constant
string
Protocols.LDAP.SYNTAX_PRESENTATION_ADDR
constant
string
Protocols.LDAP.SYNTAX_PRINTABLE_STR
constant
string
Protocols.LDAP.SYNTAX_PHONE_NUM
constant
string
Protocols.LDAP.SYNTAX_UTC_TIME
constant
string
Protocols.LDAP.SYNTAX_LDAP_SYNTAX_DESCR
constant
string
Protocols.LDAP.SYNTAX_DIT_STRUCTURE_RULE_DESCR
- Description
LDAP syntax: Standard syntaxes from RFC 2252.
- ConstantSYNTAX_CASE_EXACT_STR
constant
Protocols.LDAP.SYNTAX_CASE_EXACT_STR
- Description
"caseExactString"
is an alias used in e.g. RFC 2079.
- ConstantSYNTAX_DELIVERY_METHOD
ConstantSYNTAX_ENHANCED_GUIDE
ConstantSYNTAX_GUIDE
ConstantSYNTAX_OCTET_STR
ConstantSYNTAX_TELETEX_TERMINAL_ID
ConstantSYNTAX_TELETEX_NUM
ConstantSYNTAX_SUPPORTED_ALGORITHM constant
string
Protocols.LDAP.SYNTAX_DELIVERY_METHOD
constant
string
Protocols.LDAP.SYNTAX_ENHANCED_GUIDE
constant
string
Protocols.LDAP.SYNTAX_GUIDE
constant
string
Protocols.LDAP.SYNTAX_OCTET_STR
constant
string
Protocols.LDAP.SYNTAX_TELETEX_TERMINAL_ID
constant
string
Protocols.LDAP.SYNTAX_TELETEX_NUM
constant
string
Protocols.LDAP.SYNTAX_SUPPORTED_ALGORITHM
- Description
LDAP syntax: Standard syntaxes from RFC 2256.
- Constantldap_error_strings
constant
Protocols.LDAP.ldap_error_strings
- Description
Mapping from
LDAP_*
result codes to descriptive strings.
- Constantsyntax_decode_fns
constant
mapping
(string
:function
(string
:string
)) Protocols.LDAP.syntax_decode_fns
- Description
Mapping containing functions to decode charsets in syntaxes where that's necessary. If the syntax is complex in a way that makes the result ambiguous if decoded with a single charset transformation then it should typically not be decoded here.
These decoders are used on all attribute values returned by
Protocols.LDAP.client.result
functions.
- Constantsyntax_encode_fns
constant
mapping
(string
:function
(string
:string
)) Protocols.LDAP.syntax_encode_fns
- Description
Mapping containing the reverse functions from
syntax_decode_fns
.
- Methodcanonicalize_dn
string
canonicalize_dn(string
dn
,void
|int
strict
)- Description
Returns the given distinguished name on a canonical form, so it reliably can be used in comparisons for equality. This means removing surplus whitespace, lowercasing attributes, normalizing quoting in string attribute values, lowercasing the hex digits in binary attribute values, and sorting the RDN parts separated by "+".
The returned string follows RFC 2253. The input string may use legacy LDAPv2 syntax and is treated according to RFC 2253 section 4.
If
strict
is set then errors will be thrown if the given DN is syntactically invalid. Otherwise the invalid parts remain untouched in the result.- Note
The result is not entirely canonical since no conversion is done from or to hexadecimal BER encodings of the attribute values. It's assumed that the input already has the suitable value encoding depending on the attribute type.
- Note
No UTF-8 encoding or decoding is done. The function can be used on both encoded and decoded input strings, and the result will be likewise encoded or decoded.
- Methodencode_dn_value
string
encode_dn_value(string
str
)- Description
Encode the given string for use as an attribute value in a distinguished name (on string form).
The encoding is according to RFC 2253 section 2.4 with the exception that characters above
0x7F
aren't UTF-8 encoded. UTF-8 encoding can always be done afterwards on the complete DN, which also is done internally by theProtocols.LDAP
functions when LDAPv3 is used.
- Methodget_cached_filter
object
get_cached_filter(string
filter
,void
|int
ldap_version
)- Description
Like
make_filter
but saves the generated objects for reuse. Useful for filters that reasonably will occur often. The cache is never garbage collected, however.- Throws
If there's a parse error in the filter then a
FilterError
is thrown as frommake_filter
.
- Methodget_connection
object
get_connection(string
ldap_url
,void
|string
binddn
,void
|string
password
,void
|int
version
,void
|SSL.Context
ctx
)- Description
Returns a client connection to the specified LDAP URL. If a bind DN is specified (either through a
"bindname"
extension inldap_url
or, if there isn't one, throughbinddn
) then the connection will be bound using that DN and the optional password. If no bind DN is given then any connection is returned, regardless of the bind DN it is using.version
may be used to specify the required protocol version in the bind operation. If zero or left out, a bind attempt with the default version (currently3
) is done with a fallback to2
if that fails. Also, a cached connection for any version might be returned ifversion
isn't specified.ctx
may be specified to control SSL/TLS parameters to use with the"ldaps"
-protocol. Note that changing this only affects new connections.As opposed to creating an
Protocols.LDAP.client
instance directly, this function can return an already established connection for the same URL, provided connections are given back usingreturn_connection
when they aren't used anymore.A client object with an error condition is returned if there's a bind error, e.g. invalid password.
- Methodget_constant_name
string
get_constant_name(mixed
val
)- Description
If
val
matches any non-integer constant in this module, its name is returned.
- Methodldap_decode_string
string
ldap_decode_string(string
str
)- Description
Decodes all
\xx
escapes instr
.- See also
ldap_encode_string
- Methodldap_encode_string
string
ldap_encode_string(string
str
)- Description
Quote characters in the given string as necessary for use as a string literal in filters and various composite LDAP attributes.
The quoting is compliant with RFC 2252 section 4.3 and RFC 2254 section 4. All characters that can be special in those RFCs are quoted using the
\xx
syntax, but the set might be extended.- See also
ldap_decode_string
,Protocols.LDAP.client.search
- Methodmake_filter
object
make_filter(string
filter
,void
|int
ldap_version
)- Description
Parses an LDAP filter string into an ASN1 object tree that can be given to
Protocols.LDAP.search
.Using this function instead of giving the filter string directly to the search function has two advantages: This function provides better error reports for syntax errors, and the same object tree can be used repeatedly to avoid reparsing the filter string.
- Parameter
filter
The filter to parse, according to the syntax specified in RFC 2254. The syntax is extended a bit to allow and ignore whitespace everywhere except inside and next to the filter values.
- Parameter
ldap_version
LDAP protocol version to make the filter for. This controls what syntaxes are allowed depending on the protocol version. Also, if the protocol is
3
or later then full Unicode string literals are supported. The default is the latest supported version.- Returns
An ASN1 object tree representing the filter.
- Throws
FilterError
is thrown if there's a syntax error in the filter.
- Methodnum_connections
int
num_connections(string
ldap_url
)- Description
Returns the number of currently stored connections for the given LDAP URL.
- Methodparse_ldap_url
mapping
(string
:mixed
) parse_ldap_url(string
ldap_url
)- Description
Parses an LDAP URL and returns its fields in a mapping.
- Returns
The returned mapping contains these fields:
scheme
:string
The URL scheme, either
"ldap"
or"ldaps"
.host
:string
Self-explanatory.
port
:int
basedn
:string
attributes
:array
(string
)Array containing the attributes. Undefined if none was specified.
scope
:int
The scope as one of the
SEARCH_*
constants. Undefined if none was specified.filter
:string
The search filter. Undefined if none was specified.
ext
:mapping
(string
:string
|int(1)
)The extensions. Undefined if none was specified. The mapping values are
1
for extensions without values. Critical extensions are checked and the leading"!"
do not remain in the mapping indices.url
:string
The original unparsed URL.
- See also
get_parsed_url
- Methodreturn_connection
void
return_connection(object
conn
)- Description
Use this to return a connection to the connection pool after you've finished using it. The connection is assumed to be working.
- Note
Ensure that persistent connection settings such as the scope and the base DN are restored to the defaults
Class Protocols.LDAP.FilterError
- Description
Error object thrown by
make_filter
for parse errors.
Class Protocols.LDAP.client
- Description
Contains the client implementation of the LDAP protocol. All of the version 2 protocol features are implemented but only the base parts of the version 3.
- Variableinfo
mapping
Protocols.LDAP.client.info- Description
Several information about code itself and about active connection too
- Methodadd
int
add(string
dn
,mapping
(string
:array
(string
))attrs
)- Description
The Add Operation allows a client to request the addition of an entry into the directory
- Parameter
dn
The Distinguished Name of the entry to be added.
- Parameter
attrs
The mapping of attributes and their values that make up the content of the entry being added. Values that are sent UTF-8 encoded according the the attribute syntaxes are encoded automatically.
- Returns
Returns
1
on success,0
otherwise.- Note
The API change: the returning code was changed in Pike 7.3+ to follow his logic better.
- Methodbind
int
bind()int
bind(string
dn
,string
password
)int
bind(string
dn
,string
password
,int
version
)- Description
Authenticates connection to the direcory.
First form uses default value previously entered in create.
Second form uses value from parameters:
- Parameter
dn
The distinguished name (DN) of an entry aginst which will be made authentication.
- Parameter
password
Password used for authentication.
Third form allows specify the version of LDAP protocol used by connection to the LDAP server.
- Parameter
version
The desired protocol version (current
2
or3
). Defaults to3
if zero or left out.- Returns
Returns
1
on success,0
otherwise.- Note
Only simple authentication type is implemented. So be warned clear text passwords are sent to the directory server.
- Note
The API change: the returning code was changed in Pike 7.3+ to follow his logic better.
- Methodcompare
int
compare(string
dn
,string
attr
,string
value
)- Description
Compares an attribute value with one in the directory.
- Parameter
dn
The distinguished name of the entry.
- Parameter
attr
The type (aka name) of the attribute to compare.
- Parameter
value
The value to compare with. It's UTF-8 encoded automatically if the attribute syntax specifies that.
- Returns
Returns
1
if at least one of the values for the attribute in the directory is equal tovalue
,0
if it didn't match or there was some error (useerror_number
to find out).- Note
This function has changed arguments since version 7.6. From 7.3 to 7.6 it was effectively useless since it always returned true.
- Note
The equality matching rule for the attribute governs the comparison. There are attributes where the assertion syntax used here isn't the same as the attribute value syntax.
- Methodcreate
Protocols.LDAP.clientProtocols.LDAP.client()
Protocols.LDAP.clientProtocols.LDAP.client(
string
|mapping
(string
:mixed
)url
)Protocols.LDAP.clientProtocols.LDAP.client(
string
|mapping
(string
:mixed
)url
,object
context
)- Description
Create object. The first optional argument can be used later for subsequence operations. The second one can specify TLS context of connection. The default context only allows 128-bit encryption methods, so you may need to provide your own context if your LDAP server supports only export encryption.
- Parameter
url
LDAP server URL on the form
"ldap://hostname/basedn?attrlist?scope?ext"
. See RFC 2255. It can also be a mapping as returned byProtocol.LDAP.parse_ldap_url
.- Parameter
context
TLS context of connection
- See also
LDAP.client.bind
,LDAP.client.search
- Methoddelete
int
delete(string
dn
)- Description
Deletes entry from the LDAP server.
- Parameter
dn
The distinguished name of deleted entry.
- Returns
Returns
1
on success,0
otherwise.- Note
The API change: the returning code was changed in Pike 7.3+ to follow his logic better.
- Methodget_attr_type_descr
mapping
(string
:mixed
)|zero
get_attr_type_descr(string
attr
,void
|int
standard_attrs
)- Description
Returns the attribute type description for the given attribute, which includes the name, object identifier, syntax, etc (see RFC 2252 section 4.2 for details).
This might do a query to the server, but results are cached.
- Parameter
attr
The name of the attribute. Might also be the object identifier on string form.
- Parameter
standard_attrs
Flag that controls how the known standard attributes stored in
Protocols.LDAP
are to be used:0
Check the known standard attributes first. If the attribute isn't found there, query the server. This is the default.
1
Don't check the known standard attributes, i.e. always use the schema from the server.
2
Only check the known standard attributes. The server is never contacted.
- Returns
Returns a mapping where the indices are the terms that the server has returned and the values are their values on string form (dequoted and converted from UTF-8 as appropriate). Terms without values get
1
as value in the mapping.The mapping might contain the following members (all except
"oid"
are optional):"oid"
:string
The object identifier on string form. According to the RFC, this should always be a dotted decimal string. However some LDAP servers, e.g. iPlanet, allows registering attributes without an assigned OID. In such cases this can be some other string. In the case of iPlanet, it uses the attribute name with "-oid" appended (c.f. http://docs.sun.com/source/816-5606-10/scmacfg.htm).
"NAME"
:string
Array with one or more names used for the attribute.
"DESC"
:string
Description.
"OBSOLETE"
:string
Flag.
"SUP"
:string
Derived from this other attribute. The value is the name or oid of it. Note that the attribute description from the referenced type always is merged with the current one to make the returned description complete.
"EQUALITY"
:string
The value is the name or oid of a matching rule.
"ORDERING"
:string
The value is the name or oid of a matching rule.
"SUBSTR"
:string
The value is the name or oid of a matching rule.
"syntax_oid"
:string
The value is the oid of the syntax (RFC 2252 section 4.3.2). (This is extracted from the
"SYNTAX"
term.)"syntax_len"
:string
Optional suggested minimum upper bound of the number of characters in the attribute (or bytes if the attribute is binary). (This is extracted from the
"SYNTAX"
term.)"SINGLE-VALUE"
:string
Flag. Default multi-valued.
"COLLECTIVE"
:string
Flag. Default not collective.
"NO-USER-MODIFICATION"
:string
Flag. Default user modifiable.
"USAGE"
:string
The value is any of the following:
"userApplications"
Self-explanatory.
"directoryOperation"
"distributedOperation"
DSA-shared.
"dSAOperation"
DSA-specific, value depends on server.
There might be more fields for server extensions.
Zero is returned if the server didn't provide any attribute type description for
attr
.- Note
It's the schema applicable at the base DN that is queried.
- Note
LDAPv3 is assumed.
- Methodget_basedn
string
get_basedn()- Description
Returns the current base DN for searches using
search
and schema queries usingget_attr_type_descr
.
- Methodget_bind_password_hash
string
|zero
get_bind_password_hash()- Description
Returns an MD5 hash of the password used for the bind operation, or zero if the connection isn't bound. If no password was given to
bind
then an empty string was sent as password, and the MD5 hash of that is therefore returned.
- Methodget_bound_dn
string
get_bound_dn()- Description
Returns the bind DN currently in use for the connection. Zero is returned if the connection isn't bound. The empty string is returned if the connection is in use but no bind DN has been given explicitly to
bind
.
- Methodget_cached_filter
object
get_cached_filter(string
filter
)- Description
This is a wrapper for
Protocols.LDAP.get_cached_filter
which passes the LDAP protocol version currently in use by this connection.- Throws
If there's a parse error in the filter then a
Protocols.LDAP.FilterError
is thrown as fromProtocols.LDAP.make_filter
.
- Methodget_default_filter
object
|zero
get_default_filter()- Description
Returns the ASN1 object parsed from the filter specified in the LDAP URL, or zero if the URL doesn't specify any filter.
- Throws
If there's a parse error in the filter then a
Protocols.LDAP.FilterError
is thrown as fromProtocols.LDAP.make_filter
.
- Methodget_parsed_url
mapping
(string
:mixed
) get_parsed_url()- Description
Returns a mapping containing the data parsed from the LDAP URL passed to
create
. The mapping has the same format as the return value fromProtocols.LDAP.parse_ldap_url
. Don't be destructive on the returned value.
- Methodget_protocol_version
int
get_protocol_version()- Description
Return the LDAP protocol version in use.
- Methodget_referrals
array
|int
get_referrals()- Description
Gets referrals.
- Returns
Returns array of referrals or
0
.
- Methodget_root_dse_attr
array
(string
) get_root_dse_attr(string
attr
)- Description
Returns the value of an attribute in the root DSE (DSA-Specific Entry) of the bound server. The result is cached. A working connection is assumed.
- Returns
The return value is an array of the attribute values, which have been UTF-8 decoded where appropriate.
Don't be destructive on the returned array.
- Note
This function intentionally does not try to simplify the return values for single-valued attributes (c.f.
Protocols.LDAP.SEARCH_MULTIVAL_ARRAYS_ONLY
). That since (at least) Microsoft AD has a bunch of attributes in the root DSE that they don't bother to provide schema entries for. The return value format wouldn't be reliable if they suddenly change that.
- Methodget_scope
string
get_scope()- Description
Return the currently set scope as a string
"base"
,"one"
, or"sub"
.
- Methodget_supported_controls
multiset
(string
) get_supported_controls()- Description
Returns a multiset containing the controls supported by the server. They are returned as object identifiers on string form. A working connection is assumed.
- See also
search
- Methodmake_filter
object
make_filter(string
filter
)- Description
Returns the ASN1 object parsed from the given filter. This is a wrapper for
Protocols.LDAP.make_filter
which parses the filter with the LDAP protocol version currently in use by this connection.- Throws
If there's a parse error in the filter then a
Protocols.LDAP.FilterError
is thrown as fromProtocols.LDAP.make_filter
.
- Methodmodify
int
modify(string
dn
,mapping
(string
:array
(int(0..2)
|string
))attropval
)- Description
The Modify Operation allows a client to request that a modification of an entry be performed on its behalf by a server.
- Parameter
dn
The distinguished name of modified entry.
- Parameter
attropval
The mapping of attributes with requested operation and attribute's values.
attropval=([ attribute:({operation, value1, value2, ...})])
Where operation is one of the following:
- Protocols.LDAP.MODIFY_ADD
Add values listed to the given attribute, creating the attribute if necessary.
- Protocols.LDAP.MODIFY_DELETE
Delete values listed from the given attribute, removing the entire attribute if no values are listed, or if all current values of the attribute are listed for deletion.
- Protocols.LDAP.MODIFY_REPLACE
Replace all existing values of the given attribute with the new values listed, creating the attribute if it did not already exist. A replace with no value will delete the entire attribute if it exists, and is ignored if the attribute does not exist.
Values that are sent UTF-8 encoded according the the attribute syntaxes are encoded automatically.
- Returns
Returns
1
on success,0
otherwise.- Note
The API change: the returning code was changed in Pike 7.3+ to follow his logic better.
- Methodmodifydn
int
modifydn(string
dn
,string
newrdn
,int
deleteoldrdn
,string
|void
newsuperior
)- Description
The Modify DN Operation allows a client to change the leftmost (least significant) component of the name of an entry in the directory, or to move a subtree of entries to a new location in the directory.
- Parameter
dn
DN of source object
- Parameter
newrdn
RDN of destination
- ConstantGUID_USERS_CONTAINER