Net::SSLeay Variables Net::SSLeay for Perl
9.1.1 Net::SSLeay Variables
Net::SSLeay exports several global variables that are useful for controlling the behavior of the modules. Some of them are useful only for debugging your programs, but most of them provide finer control over the behavior of OpenSSL itself or some of the utility functions that are provided by the module. linux_debug This variable should be set only when the module is being used on a Linux system. If it is set to a nonzero value, process information from procpidstat will be displayed for each read and write. trace This variable sets the trace level that is used by the high-level utility functions. It is intended primarily for debugging, so it should generally be set to zero in production programs the zero guarantees silence. Valid values for this variable are 0 for silence, 1 for only errors to be reported, 2 for cipher information to be reported, 3 to report progress, and 4 to display everything, including the data that is both sent and received. slowly This variable is used with the sslcat utility function. It controls the number of seconds that sslcat will sleep after sending data and before closing the sending side of the connection. It defaults to zero, which means that sslcat will not sleep at all, but some servers may require a delay; otherwise, they wont be able to read all of the data that was sent. ssl_version This variable sets the version of the SSL protocol that is used by the high-level utility functions. By default, it is set to 0, which indicates that the version should be guessed as SSLv2, SSLv3, or TLSv1. Valid values for this variable are 2 for SSLv2, 3 for SSLv3, 10 for TLSv1, and 0 to guess SSLv2, SSLv3, or TLSv1. random_device This variable contains the name of a file that will be used to seed OpenSSLs PRNG. The default setting for this variable is devurandom, but not all operating systems have such a device. If your system does not have such a device, you should consider using a third- party program that can provide entropy, such as EGADS. You can optionally use devrandom if your system has it; however, that device can block if not enough randomness is available. See Chapter 4 for a discussion on the importance of properly seeding the PRNG. how_random This variable specifies, in bits, how much entropy should be collected from the source specified by random_device . The default value is 512 bits. If you change this, be sure that you collect enough entropy, but also be careful that you do not collect too much, especially if youre using devrandom as your entropy source, because it could block until more becomes available. 2229.1.2 Net::SSLeay Error Handling
Parts
» Network Security With OpenSSL 2002
» Goals of Cryptography Cryptography for the Rest of Us
» Symmetric key encryption Cryptographic Algorithms
» Public key encryption Cryptographic Algorithms
» Cryptographic hash functions and Message Authentication Codes
» Overview of SSL Introduction
» Cryptographic acceleration hardware Load balancing
» Bad Server Credentials Problems with SSL
» Certificate Validation Problems with SSL
» Poor Entropy Problems with SSL
» Insecure Cryptography Problems with SSL
» Other Transport Layer Protocols Non-Repudiation Protection Against Software Flaws
» Server-Side Proxies Securing Third-Party Software
» Client-Side Proxies Securing Third-Party Software
» Configuration Files The Basics
» Passwords and Passphrases Command-Line Interface
» Seeding the Pseudorandom Number Generator
» Private Certification Authorities Public Certification Authorities
» Certificate Revocation Lists Certificates
» Online Certificate Status Protocol
» Personal Certificates Obtaining a Certificate
» Code-Signing Certificates Obtaining a Certificate
» Web Site Certificates Obtaining a Certificate
» Creating an Environment for Your Certification Authority
» Building an OpenSSL Configuration File
» Creating a Self-Signed Root Certificate
» Revoking Certificates Setting Up a Certification Authority
» Static Locking Callbacks Multithread Support
» Dynamic Locking Callbacks Multithread Support
» Manipulating Error Queues Internal Error Handling
» Human-Readable Error Messages Internal Error Handling
» Threading and Practical Applications
» Memory sourcessinks File sourcessinks
» Socket sourcessinks SourceSink BIOs
» Filter BIOs Abstract InputOutput
» Seeding the PRNG Random Number Generation
» Using an Alternate Entropy Source
» The Basics Arbitrary Precision Math
» Mathematical Operations Arbitrary Precision Math
» Generating Prime Numbers Arbitrary Precision Math
» Using Engines Support Infrastructure
» Background Step 1: SSL Version Selection and Certificate Preparation
» Certificate preparation Step 1: SSL Version Selection and Certificate Preparation
» Our example extended Step 1: SSL Version Selection and Certificate Preparation
» Background Incorporating trusted certificates
» Certificate verification Step 2: Peer Authentication
» Incorporating certificate revocation lists
» Post-connection assertions Step 2: Peer Authentication
» Further extension of the examples
» Setting SSL options Step 3: SSL Options and Cipher Suites
» Ephemeral keying Step 3: SSL Options and Cipher Suites
» Cipher suite selection Step 3: SSL Options and Cipher Suites
» The final product Step 3: SSL Options and Cipher Suites
» Beyond the example Step 3: SSL Options and Cipher Suites
» Client-side SSL sessions SSL Session Caching
» Server-side SSL sessions SSL Session Caching
» An on-disk, session caching framework
» Reading and writing functions
» Blocking IO IO on SSL Connections
» Non-blocking IO IO on SSL Connections
» Implementing renegotiations IO on SSL Connections
» Renegotiations in 0.9.7 IO on SSL Connections
» Further notes IO on SSL Connections
» Block Ciphers and Stream Ciphers
» AES Blowfish CAST5 Available Ciphers
» IDEA RC2™ RC4™ Available Ciphers
» Initializing Symmetric Ciphers Encrypting with the EVP API
» Specifying Key Length and Other Options
» Encryption Encrypting with the EVP API
» Decryption Encrypting with the EVP API
» Handling UDP Traffic with Counter Mode
» General Recommendations Symmetric Cryptography
» Secure HTTP Cookies Hashes and MACs
» When to Use Public Key Cryptography
» Generating and Exchanging Parameters
» Computing Shared Secrets Diffie-Hellman
» The Basics Digital Signature Algorithm DSA
» Generating Parameters and Keys
» Signing and Verifying Digital Signature Algorithm DSA
» Data Encryption, Key Agreement, and Key Transport
» Signing and Verifying The EVP Public Key Interface
» Encrypting and Decrypting The EVP Public Key Interface
» Writing and Reading DER-Encoded Objects
» Writing and Reading PEM-Encoded Objects
» Net::SSLeay Variables Net::SSLeay for Perl
» Net::SSLeay Error Handling Net::SSLeay Utility Functions
» Net::SSLeay Low-Level Bindings
» M2Crypto.SSL High-Level Classes
» Miscellaneous crypto High-Level Classes
» Extensions to httplib: httpslib
» Extensions to urllib: m2urllib Extensions to xmlrpclib: m2xmlrpclib
» General Functions OpenSSL Support in PHP
» Certificate Functions OpenSSL Support in PHP
» Encryption and Signing Functions
» PKCS7 SMIME Functions OpenSSL Support in PHP
» Object Stacks Advanced Programming Topics
» Configuration Files Advanced Programming Topics
» Subject name Generating Requests
» X.509 Version 3 extensions Putting it all together
» X.509 Certificate Checking X.509
» Signing and Verifying PKCS7 and SMIME
» Encrypting and Decrypting PKCS7 and SMIME
Show more