1 /* 2 * Copyright (c) 2007-2016, Cameron Rich 3 * 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * * Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * * Neither the name of the axTLS project nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /** 32 * @mainpage axTLS API 33 * 34 * @image html axolotl.jpg 35 * 36 * The axTLS library has features such as: 37 * - The TLSv1 SSL client/server protocol 38 * - No requirement to use any openssl libraries. 39 * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers. 40 * - RSA encryption/decryption with variable sized keys (up to 4096 bits). 41 * - Certificate chaining and peer authentication. 42 * - Session resumption, session renegotiation. 43 * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding. 44 * - Highly configurable compile time options. 45 * - Portable across many platforms (written in ANSI C), and has language 46 * bindings in C, C#, VB.NET, Java, Perl and Lua. 47 * - Partial openssl API compatibility (via a wrapper). 48 * - A very small footprint (around 50-60kB for the library in 'server-only' 49 * mode). 50 * - No dependencies on sockets - can use serial connections for example. 51 * - A very simple API - ~ 20 functions/methods. 52 * 53 * A list of these functions/methods are described below. 54 * 55 * @ref c_api 56 * 57 * @ref bigint_api 58 * 59 * @ref csharp_api 60 * 61 * @ref java_api 62 */ 63 #ifndef HEADER_SSL_H 64 #define HEADER_SSL_H 65 66 #ifdef __cplusplus 67 extern "C" { 68 #endif 69 70 #include <time.h> 71 72 /* need to predefine before ssl_lib.h gets to it */ 73 #define SSL_SESSION_ID_SIZE 32 74 75 #include "tls1.h" 76 77 /* The optional parameters that can be given to the client/server SSL engine */ 78 #define SSL_CLIENT_AUTHENTICATION 0x00010000 79 #define SSL_SERVER_VERIFY_LATER 0x00020000 80 #define SSL_NO_DEFAULT_KEY 0x00040000 81 #define SSL_DISPLAY_STATES 0x00080000 82 #define SSL_DISPLAY_BYTES 0x00100000 83 #define SSL_DISPLAY_CERTS 0x00200000 84 #define SSL_DISPLAY_RSA 0x00400000 85 #define SSL_CONNECT_IN_PARTS 0x00800000 86 87 /* errors that can be generated */ 88 #define SSL_OK 0 89 #define SSL_NOT_OK -1 90 #define SSL_ERROR_DEAD -2 91 #define SSL_CLOSE_NOTIFY -3 92 #define SSL_ERROR_CONN_LOST -256 93 #define SSL_ERROR_RECORD_OVERFLOW -257 94 #define SSL_ERROR_SOCK_SETUP_FAILURE -258 95 #define SSL_ERROR_INVALID_HANDSHAKE -260 96 #define SSL_ERROR_INVALID_PROT_MSG -261 97 #define SSL_ERROR_INVALID_HMAC -262 98 #define SSL_ERROR_INVALID_VERSION -263 99 #define SSL_ERROR_UNSUPPORTED_EXTENSION -264 100 #define SSL_ERROR_INVALID_SESSION -265 101 #define SSL_ERROR_NO_CIPHER -266 102 #define SSL_ERROR_INVALID_CERT_HASH_ALG -267 103 #define SSL_ERROR_BAD_CERTIFICATE -268 104 #define SSL_ERROR_INVALID_KEY -269 105 #define SSL_ERROR_FINISHED_INVALID -271 106 #define SSL_ERROR_NO_CERT_DEFINED -272 107 #define SSL_ERROR_NO_CLIENT_RENOG -273 108 #define SSL_ERROR_NOT_SUPPORTED -274 109 #define SSL_X509_OFFSET -512 110 #define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A) 111 112 /* alert types that are recognized */ 113 #define SSL_ALERT_TYPE_WARNING 1 114 #define SLL_ALERT_TYPE_FATAL 2 115 116 /* these are all the alerts that are recognized */ 117 #define SSL_ALERT_CLOSE_NOTIFY 0 118 #define SSL_ALERT_UNEXPECTED_MESSAGE 10 119 #define SSL_ALERT_BAD_RECORD_MAC 20 120 #define SSL_ALERT_RECORD_OVERFLOW 22 121 #define SSL_ALERT_HANDSHAKE_FAILURE 40 122 #define SSL_ALERT_BAD_CERTIFICATE 42 123 #define SSL_ALERT_UNSUPPORTED_CERTIFICATE 43 124 #define SSL_ALERT_CERTIFICATE_EXPIRED 45 125 #define SSL_ALERT_CERTIFICATE_UNKNOWN 46 126 #define SSL_ALERT_ILLEGAL_PARAMETER 47 127 #define SSL_ALERT_UNKNOWN_CA 48 128 #define SSL_ALERT_DECODE_ERROR 50 129 #define SSL_ALERT_DECRYPT_ERROR 51 130 #define SSL_ALERT_INVALID_VERSION 70 131 #define SSL_ALERT_NO_RENEGOTIATION 100 132 #define SSL_ALERT_UNSUPPORTED_EXTENSION 110 133 134 /* The ciphers that are supported */ 135 #define SSL_AES128_SHA 0x2f 136 #define SSL_AES256_SHA 0x35 137 #define SSL_AES128_SHA256 0x3c 138 #define SSL_AES256_SHA256 0x3d 139 140 /* build mode ids' */ 141 #define SSL_BUILD_SKELETON_MODE 0x01 142 #define SSL_BUILD_SERVER_ONLY 0x02 143 #define SSL_BUILD_ENABLE_VERIFICATION 0x03 144 #define SSL_BUILD_ENABLE_CLIENT 0x04 145 #define SSL_BUILD_FULL_MODE 0x05 146 147 /* offsets to retrieve configuration information */ 148 #define SSL_BUILD_MODE 0 149 #define SSL_MAX_CERT_CFG_OFFSET 1 150 #define SSL_MAX_CA_CERT_CFG_OFFSET 2 151 #define SSL_HAS_PEM 3 152 153 /* default session sizes */ 154 #define SSL_DEFAULT_SVR_SESS 5 155 #define SSL_DEFAULT_CLNT_SESS 1 156 157 /* X.509/X.520 distinguished name types */ 158 #define SSL_X509_CERT_COMMON_NAME 0 159 #define SSL_X509_CERT_ORGANIZATION 1 160 #define SSL_X509_CERT_ORGANIZATIONAL_NAME 2 161 #define SSL_X509_CERT_LOCATION 3 162 #define SSL_X509_CERT_COUNTRY 4 163 #define SSL_X509_CERT_STATE 5 164 #define SSL_X509_CA_CERT_COMMON_NAME 6 165 #define SSL_X509_CA_CERT_ORGANIZATION 7 166 #define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 8 167 #define SSL_X509_CA_CERT_LOCATION 9 168 #define SSL_X509_CA_CERT_COUNTRY 10 169 #define SSL_X509_CA_CERT_STATE 11 170 171 /* SSL object loader types */ 172 #define SSL_OBJ_X509_CERT 1 173 #define SSL_OBJ_X509_CACERT 2 174 #define SSL_OBJ_RSA_KEY 3 175 #define SSL_OBJ_PKCS8 4 176 #define SSL_OBJ_PKCS12 5 177 178 /** 179 * @defgroup c_api Standard C API 180 * @brief The standard interface in C. 181 * @{ 182 */ 183 184 /** 185 * @brief Establish a new client/server context. 186 * 187 * This function is called before any client/server SSL connections are made. 188 * 189 * Each new connection will use the this context's private key and 190 * certificate chain. If a different certificate chain is required, then a 191 * different context needs to be be used. 192 * 193 * There are two threading models supported - a single thread with one 194 * SSL_CTX can support any number of SSL connections - and multiple threads can 195 * support one SSL_CTX object each (the default). But if a single SSL_CTX 196 * object uses many SSL objects in individual threads, then the 197 * CONFIG_SSL_CTX_MUTEXING option needs to be configured. 198 * 199 * @param options [in] Any particular options. At present the options 200 * supported are: 201 * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server 202 * authentication fails. The certificate can be authenticated later with a 203 * call to ssl_verify_cert(). 204 * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication 205 * i.e. each handshake will include a "certificate request" message from the 206 * server. Only available if verification has been enabled. 207 * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences 208 * during the handshake. 209 * - SSL_DISPLAY_STATES (full mode build only): Display the state changes 210 * during the handshake. 211 * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that 212 * are passed during a handshake. 213 * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that 214 * are passed during a handshake. 215 * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 216 * ssl_client_new(). 217 * @param num_sessions [in] The number of sessions to be used for session 218 * caching. If this value is 0, then there is no session caching. This option 219 * is not used in skeleton mode. 220 * @return A client/server context. 221 */ 222 EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); 223 224 /** 225 * @brief Remove a client/server context. 226 * 227 * Frees any used resources used by this context. Each connection will be 228 * sent a "Close Notify" alert (if possible). 229 * @param ssl_ctx [in] The client/server context. 230 */ 231 EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx); 232 233 /** 234 * @brief Allocates new SSL extensions structure and returns pointer to it 235 * 236 * @return ssl_ext Pointer to SSL_EXTENSIONS structure 237 * 238 */ 239 EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void); 240 241 /** 242 * @brief Frees SSL extensions structure 243 * 244 * @param ssl_ext [in] Pointer to SSL_EXTENSION structure 245 * 246 */ 247 EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext); 248 249 /** 250 * @brief (server only) Establish a new SSL connection to an SSL client. 251 * 252 * It is up to the application to establish the logical connection (whether it 253 * is a socket, serial connection etc). 254 * @param ssl_ctx [in] The server context. 255 * @param client_fd [in] The client's file descriptor. 256 * @return An SSL object reference. 257 */ 258 EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); 259 260 /** 261 * @brief (client only) Establish a new SSL connection to an SSL server. 262 * 263 * It is up to the application to establish the initial logical connection 264 * (whether it is a socket, serial connection etc). 265 * 266 * This is a normally a blocking call - it will finish when the handshake is 267 * complete (or has failed). To use in non-blocking mode, set 268 * SSL_CONNECT_IN_PARTS in ssl_ctx_new(). 269 * @param ssl_ctx [in] The client context. 270 * @param client_fd [in] The client's file descriptor. 271 * @param session_id [in] A 32 byte session id for session resumption. This 272 * can be null if no session resumption is being used or required. This option 273 * is not used in skeleton mode. 274 * @param sess_id_size The size of the session id (max 32) 275 * @param ssl_ext pointer to a structure with the activated SSL extensions 276 * and their values 277 * @return An SSL object reference. Use ssl_handshake_status() to check 278 * if a handshake succeeded. 279 */ 280 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext); 281 282 /** 283 * @brief Free any used resources on this connection. 284 285 * A "Close Notify" message is sent on this connection (if possible). It is up 286 * to the application to close the socket or file descriptor. 287 * @param ssl [in] The ssl object reference. 288 */ 289 EXP_FUNC void STDCALL ssl_free(SSL *ssl); 290 291 /** 292 * @brief Read the SSL data stream. 293 * If the socket is non-blocking and data is blocked then SSO_OK will be 294 * returned. 295 * @param ssl [in] An SSL object reference. 296 * @param in_data [out] If the read was successful, a pointer to the read 297 * buffer will be here. Do NOT ever free this memory as this buffer is used in 298 * successive calls. If the call was unsuccessful, this value will be null. 299 * @return The number of decrypted bytes: 300 * - if > 0, then the handshaking is complete and we are returning the number 301 * of decrypted bytes. 302 * - SSL_OK if the handshaking stage is successful (but not yet complete). 303 * - < 0 if an error. 304 * @see ssl.h for the error code list. 305 * @note Use in_data before doing any successive ssl calls. 306 */ 307 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data); 308 309 /** 310 * @brief Write to the SSL data stream. 311 * if the socket is non-blocking and data is blocked then a check is made 312 * to ensure that all data is sent (i.e. blocked mode is forced). 313 * @param ssl [in] An SSL obect reference. 314 * @param out_data [in] The data to be written 315 * @param out_len [in] The number of bytes to be written. 316 * @return The number of bytes sent, or if < 0 if an error. 317 * @see ssl.h for the error code list. 318 */ 319 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len); 320 321 /** 322 * @brief Find an ssl object based on a file descriptor. 323 * 324 * Goes through the list of SSL objects maintained in a client/server context 325 * to look for a file descriptor match. 326 * @param ssl_ctx [in] The client/server context. 327 * @param client_fd [in] The file descriptor. 328 * @return A reference to the SSL object. Returns null if the object could not 329 * be found. 330 */ 331 EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd); 332 333 /** 334 * @brief Get the session id for a handshake. 335 * 336 * This will be a 32 byte sequence and is available after the first 337 * handshaking messages are sent. 338 * @param ssl [in] An SSL object reference. 339 * @return The session id as a 32 byte sequence. 340 * @note A SSLv23 handshake may have only 16 valid bytes. 341 */ 342 EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl); 343 344 /** 345 * @brief Get the session id size for a handshake. 346 * 347 * This will normally be 32 but could be 0 (no session id) or something else. 348 * @param ssl [in] An SSL object reference. 349 * @return The size of the session id. 350 */ 351 EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl); 352 353 /** 354 * @brief Return the cipher id (in the SSL form). 355 * @param ssl [in] An SSL object reference. 356 * @return The cipher id. This will be one of the following: 357 * - SSL_AES128_SHA (0x2f) 358 * - SSL_AES256_SHA (0x35) 359 * - SSL_AES128_SHA256 (0x3c) 360 * - SSL_AES256_SHA256 (0x3d) 361 */ 362 EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl); 363 364 /** 365 * @brief Return the status of the handshake. 366 * @param ssl [in] An SSL object reference. 367 * @return SSL_OK if the handshake is complete and ok. 368 * @see ssl.h for the error code list. 369 */ 370 EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl); 371 372 /** 373 * @brief Retrieve various parameters about the axTLS engine. 374 * @param offset [in] The configuration offset. It will be one of the following: 375 * - SSL_BUILD_MODE The build mode. This will be one of the following: 376 * - SSL_BUILD_SERVER_ONLY (basic server mode) 377 * - SSL_BUILD_ENABLE_VERIFICATION (server can do client authentication) 378 * - SSL_BUILD_ENABLE_CLIENT (client/server capabilties) 379 * - SSL_BUILD_FULL_MODE (client/server with diagnostics) 380 * - SSL_BUILD_SKELETON_MODE (skeleton mode) 381 * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed. 382 * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed. 383 * - SSL_HAS_PEM 1 if supported 384 * @return The value of the requested parameter. 385 */ 386 EXP_FUNC int STDCALL ssl_get_config(int offset); 387 388 /** 389 * @brief Display why the handshake failed. 390 * 391 * This call is only useful in a 'full mode' build. The output is to stdout. 392 * @param error_code [in] An error code. 393 * @see ssl.h for the error code list. 394 */ 395 EXP_FUNC void STDCALL ssl_display_error(int error_code); 396 397 /** 398 * @brief Authenticate a received certificate. 399 * 400 * This call is usually made by a client after a handshake is complete and the 401 * context is in SSL_SERVER_VERIFY_LATER mode. 402 * @param ssl [in] An SSL object reference. 403 * @return SSL_OK if the certificate is verified. 404 */ 405 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl); 406 407 /** 408 * @brief Retrieve an X.509 distinguished name component. 409 * 410 * When a handshake is complete and a certificate has been exchanged, then the 411 * details of the remote certificate can be retrieved. 412 * 413 * This will usually be used by a client to check that the server's common 414 * name matches the URL. 415 * 416 * @param ssl [in] An SSL object reference. 417 * @param component [in] one of: 418 * - SSL_X509_CERT_COMMON_NAME 419 * - SSL_X509_CERT_ORGANIZATION 420 * - SSL_X509_CERT_ORGANIZATIONAL_NAME 421 * - SSL_X509_CERT_LOCATION 422 * - SSL_X509_CERT_COUNTRY 423 * - SSL_X509_CERT_STATE 424 * - SSL_X509_CA_CERT_COMMON_NAME 425 * - SSL_X509_CA_CERT_ORGANIZATION 426 * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 427 * - SSL_X509_CA_CERT_LOCATION 428 * - SSL_X509_CA_CERT_COUNTRY 429 * - SSL_X509_CA_CERT_STATE 430 * @return The appropriate string (or null if not defined) 431 * @note Verification build mode must be enabled. 432 */ 433 EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component); 434 435 /** 436 * @brief Retrieve a Subject Alternative DNSName 437 * 438 * When a handshake is complete and a certificate has been exchanged, then the 439 * details of the remote certificate can be retrieved. 440 * 441 * This will usually be used by a client to check that the server's DNS 442 * name matches the URL. 443 * 444 * @param ssl [in] An SSL object reference. 445 * @param dnsindex [in] The index of the DNS name to retrieve. 446 * @return The appropriate string (or null if not defined) 447 * @note Verification build mode must be enabled. 448 */ 449 EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex); 450 451 /** 452 * @brief Force the client to perform its handshake again. 453 * 454 * For a client this involves sending another "client hello" message. 455 * For the server is means sending a "hello request" message. 456 * 457 * This is a blocking call on the client (until the handshake completes). 458 * 459 * @param ssl [in] An SSL object reference. 460 * @return SSL_OK if renegotiation instantiation was ok 461 */ 462 EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl); 463 464 /** 465 * @brief Process a file that is in binary DER or ASCII PEM format. 466 * 467 * These are temporary objects that are used to load private keys, 468 * certificates etc into memory. 469 * @param ssl_ctx [in] The client/server context. 470 * @param obj_type [in] The format of the file. Can be one of: 471 * - SSL_OBJ_X509_CERT (no password required) 472 * - SSL_OBJ_X509_CACERT (no password required) 473 * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported) 474 * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported) 475 * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported) 476 * 477 * PEM files are automatically detected (if supported). The object type is 478 * also detected, and so is not relevant for these types of files. 479 * @param filename [in] The location of a file in DER/PEM format. 480 * @param password [in] The password used. Can be null if not required. 481 * @return SSL_OK if all ok 482 * @note Not available in skeleton build mode. 483 */ 484 EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password); 485 486 /** 487 * @brief Process binary data. 488 * 489 * These are temporary objects that are used to load private keys, 490 * certificates etc into memory. 491 * @param ssl_ctx [in] The client/server context. 492 * @param obj_type [in] The format of the memory data. 493 * @param data [in] The binary data to be loaded. 494 * @param len [in] The amount of data to be loaded. 495 * @param password [in] The password used. Can be null if not required. 496 * @return SSL_OK if all ok 497 * @see ssl_obj_load for more details on obj_type. 498 */ 499 EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password); 500 501 #ifdef CONFIG_SSL_GENERATE_X509_CERT 502 /** 503 * @brief Create an X.509 certificate. 504 * 505 * This certificate is a self-signed v1 cert with a fixed start/stop validity 506 * times. It is signed with an internal private key in ssl_ctx. 507 * 508 * @param ssl_ctx [in] The client/server context. 509 * @param options [in] Not used yet. 510 * @param dn [in] An array of distinguished name strings. The array is defined 511 * by: 512 * - SSL_X509_CERT_COMMON_NAME (0) 513 * - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 514 * hostname will be used. 515 * - SSL_X509_CERT_ORGANIZATION (1) 516 * - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 517 * will be used. 518 * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2) 519 * - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional. 520 * @param cert_data [out] The certificate as a sequence of bytes. 521 * @return < 0 if an error, or the size of the certificate in bytes. 522 * @note cert_data must be freed when there is no more need for it. 523 */ 524 EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data); 525 #endif 526 527 /** 528 * @brief Return the axTLS library version as a string. 529 */ 530 EXP_FUNC const char * STDCALL ssl_version(void); 531 532 /** @} */ 533 534 #ifdef __cplusplus 535 } 536 #endif 537 538 #endif 539