SSL_cert_compress_cb_fn, SSL_cert_decompress_cb_fn, SSL_add_cert_compression_alg, SSL_CTX_add_cert_compression_alg, SSL_get_cert_compression_compress_id, SSL_get_cert_compression_decompress_id - TLS certificate compression methods
#include <openssl/ssl.h>
typedef int (*SSL_cert_compress_cb_fn)(SSL *s,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen);
typedef int (*SSL_cert_decompress_cb_fn)(SSL *s,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t outlen);
int SSL_add_cert_compression_alg(SSL *s, int alg_id,
SSL_cert_compress_cb_fn compress,
SSL_cert_decompress_cb_fn decompress);
int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, int alg_id,
SSL_cert_compress_cb_fn compress,
SSL_cert_decompress_cb_fn decompress);
int SSL_get_cert_compression_compress_id(SSL *s);
int SSL_get_cert_compression_decompress_id(SSL *s);SSL_cert_compress_cb_fn is a pointer to a function that performs compression. It must write the compressed representation of in to out. inlen is the byte length of the buffer in. *outlen is the total size of the buffer out. Upon exit, *outlen is the actual size of the compressed buffer out. Note that if out is NULL, it only computes the length of the compressed buffer out and write it to *outlen. It returns 1 on success or 0 on error.
SSL_cert_decompress_cb_fn is a pointer to a function that performs decompression. The compressed data is passed as in with length inlen and the decompressed result must be exactly outlen bytes long. It returns 1 on success, in which case *out must be set to the result of decompressing in, or 0 on error.
SSL_add_cert_compression_alg() registers a certificate compression algorithm on s with algorithm identifier alg_id. The compress callback compress is used to compress the Certificate message, and decompress callback decompress is used to decompress compressed Certificate message in CompressedCertificate message. These callbacks can be NULL. Algorithms are registered in preference order with the most preferable first.
RFC 8879 defines zlib, brotli and zstd compression algorithms corresponding to the following compression algorithm:
ZLIB compression algorithm, as defined in RFC1950.
Brotli compression algorithm, as defined in RFC7932.
Zstandard compression algorithm, as defined in RFC8478.
The algorithm id, 1-255 should be allocated under "IETF Review", under "Specification Required" policy for values 256-16383, 16384-65535 can be used for user-defined compression algorithms or others.
SSL_get_cert_compression_compress_id() returns the identifier of compression algorithm which has been used.
SSL_get_cert_compression_decompress_id() returns the identifier of decompression algorithm which has been used.
SSL_add_cert_compression_alg() and SSL_CTX_add_cert_compression_alg() return 1 on success or 0 on error.
SSL_get_cert_compression_compress_id() return the used identifier of compression algorithm, if no compression algorithm is used, 0 is returned.
SSL_get_cert_compression_decompress_id() return the used identifier of decompression algorithm, if no decompression algorithm is used, 0 is returned.
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache-2.0 license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at http://www.apache.org/licenses/LICENSE-2.0.