eve.tls.linux.openssl

Linux OpenSSL TLS Implementation

This module provides TLS/SSL support for Linux using the OpenSSL library. It implements the eve.tls.api contract using OpenSSL's libssl/libcrypto.

Note

This module requires the OpenSSL dub package as a dependency.

Copyright

Copyright © 2025 Dejan Lekic

License

Boost Software License, Version 1.0
var SSL_ERROR_NONE SSL_ERROR_SSL SSL_ERROR_SYSCALL SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE SSL_ERROR_ZERO_RETURN SSL_FILETYPE_PEM SSL_VERIFY_CLIENT_ONCE SSL_VERIFY_FAIL_IF_NO_PEER_CERT SSL_VERIFY_NONE SSL_VERIFY_PEER TLS1_1_VERSION TLS1_2_VERSION TLS1_3_VERSION TLS1_VERSION
alias BIO SSL SSL_CTX SSL_get_peer_certificate SSL_METHOD X509
struct OpenSslContext TlsStream
fn OPENSSL_init_ssl SSL_accept SSL_connect SSL_ctrl SSL_CTX_ctrl SSL_CTX_free SSL_CTX_load_verify_locations SSL_CTX_new SSL_CTX_set_max_proto_version SSL_CTX_set_min_proto_version SSL_CTX_set_verify SSL_CTX_use_certificate_file SSL_CTX_use_PrivateKey_file SSL_free SSL_get1_peer_certificate SSL_get_error SSL_new SSL_read SSL_set_fd SSL_set_tlsext_host_name SSL_shutdown SSL_write sslErrorToCode TLS_client_method TLS_server_method tlsClient tlsServer tlsVersionToOpenSSL verifyModeToOpenSSL X509_free X509_get_issuer_name X509_get_subject_name X509_NAME_oneline

Types 8

aliasSSL_CTX = void *

Opaque SSL context pointer.

aliasSSL = void *

Opaque SSL connection pointer.

aliasX509 = void *

Opaque X509 certificate pointer.

aliasBIO = void *

Opaque BIO (Basic I/O) pointer.

private aliasSSL_METHOD = void *
private aliasSSL_get_peer_certificate = SSL_get1_peer_certificate
structOpenSslContext

OpenSSL context wrapper.

Manages the lifecycle of an SSL_CTX object and provides methods for configuring TLS parameters.

Fields
private SSL_CTX ctx_
Methods
TlsErrorCode initialize(ref const(TlsContext) tlsCtx) @trusted nothrow @nogcInitialize the OpenSSL context from a TLS configuration.
void release() @trusted nothrow @nogcRelease the OpenSSL context.
bool isValid() const pure @safe nothrow @nogcCheck if the context is valid.
SSL_CTX handle() @safe nothrow @nogcGet the underlying SSL_CTX pointer.
structTlsStream(Transport)

OpenSSL TLS Stream.

Provides TLS encryption/decryption over an underlying transport using OpenSSL. This struct implements the TLS stream interface defined in eve.tls.api.

Parameters

TransportThe underlying transport type (must support read/write).
Fields
Transport * transport_
TlsContext context_
OpenSslContext sslContext_
SSL ssl_
TlsState state_
HandshakeState handshakeState_
TlsErrorCode lastError_
Methods
TlsState state() @property const pure @safe nothrow @nogcGet the current TLS stream state.
TlsErrorCode lastError() @property const pure @safe nothrow @nogcGet the last error code.
HandshakeResult handshake() @trustedPerform the TLS handshake.
TlsIOResult read(ubyte[] buffer) @trustedRead decrypted data from the TLS stream.
TlsIOResult write(const(ubyte)[] data) @trustedWrite data to be encrypted and sent.
void shutdown() @trustedInitiate graceful TLS shutdown.
CertificateInfo peerCertificate() @trustedGet the peer's certificate information.
Constructors
this(Transport * transport, TlsContext ctx)Construct a TLS stream over the given transport.

Functions 33

fnint OPENSSL_init_ssl(ulong opts, void * settings)
fnSSL_CTX SSL_CTX_new(SSL_METHOD method)
fnvoid SSL_CTX_free(SSL_CTX ctx)
fnSSL_METHOD TLS_client_method()
fnSSL_METHOD TLS_server_method()
fnlong SSL_CTX_ctrl(SSL_CTX ctx, int cmd, long larg, void * parg)
fnvoid SSL_CTX_set_verify(SSL_CTX ctx, int mode, void * callback)
fnint SSL_CTX_load_verify_locations(SSL_CTX ctx, const(char) * CAfile, const(char) * CApath)
fnint SSL_CTX_use_certificate_file(SSL_CTX ctx, const(char) * file, int type)
fnint SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const(char) * file, int type)
fnSSL SSL_new(SSL_CTX ctx)
fnvoid SSL_free(SSL ssl)
fnint SSL_set_fd(SSL ssl, int fd)
fnlong SSL_ctrl(SSL ssl, int cmd, long larg, void * parg)
fnint SSL_connect(SSL ssl)
fnint SSL_accept(SSL ssl)
fnint SSL_get_error(SSL ssl, int ret)
fnint SSL_read(SSL ssl, void * buf, int num)
fnint SSL_write(SSL ssl, const(void) * buf, int num)
fnint SSL_shutdown(SSL ssl)
fnX509 SSL_get1_peer_certificate(SSL ssl)
fnvoid X509_free(X509 cert)
fnchar * X509_NAME_oneline(void * name, char * buf, int size)
fnvoid * X509_get_subject_name(X509 cert)
fnvoid * X509_get_issuer_name(X509 cert)
private fnint SSL_CTX_set_min_proto_version(SSL_CTX ctx, int version_) @system nothrow @nogc
private fnint SSL_CTX_set_max_proto_version(SSL_CTX ctx, int version_) @system nothrow @nogc
private fnint SSL_set_tlsext_host_name(SSL ssl, const(char) * name) @system nothrow @nogc
private fnint tlsVersionToOpenSSL(TlsVersion ver) pure @safe nothrow @nogcConvert TlsVersion to OpenSSL protocol version constant.
private fnint verifyModeToOpenSSL(TlsVerifyMode mode) pure @safe nothrow @nogcConvert TlsVerifyMode to OpenSSL verification flags.
private fnTlsErrorCode sslErrorToCode(int sslError) pure @safe nothrow @nogcConvert OpenSSL error code to TlsErrorCode.
fnTlsStream!T tlsClient(T)(T * transport, string serverName) @safeCreate a TLS stream for client connections.
fnTlsStream!T tlsServer(T)(T * transport) @safeCreate a TLS stream for server connections.

Variables 15

private enumvarSSL_FILETYPE_PEM = 1
private enumvarSSL_ERROR_NONE = 0
private enumvarSSL_ERROR_SSL = 1
private enumvarSSL_ERROR_WANT_READ = 2
private enumvarSSL_ERROR_WANT_WRITE = 3
private enumvarSSL_ERROR_SYSCALL = 5
private enumvarSSL_ERROR_ZERO_RETURN = 6
private enumvarSSL_VERIFY_NONE = 0x00
private enumvarSSL_VERIFY_PEER = 0x01
private enumvarSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02
private enumvarSSL_VERIFY_CLIENT_ONCE = 0x04
private enumvarTLS1_VERSION = 0x0301
private enumvarTLS1_1_VERSION = 0x0302
private enumvarTLS1_2_VERSION = 0x0303
private enumvarTLS1_3_VERSION = 0x0304