# %accept_ssl() function

The %accept_ssl() function first calls the
 %accept() function to extract the first connection on the queue of
 pending connections, and then creates a new socket.

Thereafter, the function will wait for a TLS/SSL Client to initiate the TLS/SSL
 handshake, and then create a secure SSL connection.

Note: To use this function, the OpenSSL libraries must be
installed.

## Syntax

```
code = %accept_ssl(fd, &address, &port, certificate_file, privkey_file, &ssl_fd);
```

## Parameter(s)

| fd | File descriptor of the local socket returned by a previous call to the FlashBASIC C function %socket(). |
| --- | --- |
| address | Originating address of the incoming call. |
| port | Originating port number of the incoming call. |
| certificate_file | Certificate file to be used by SSL_CTX_use_certificate_file. See your OpenSSL documentation for more information. For UNIX, you must specify the full path for the certificate file. |
| privkey_file | Private key file to be used by SSL_CTX_use_PrivateKey_file. See your OpenSSL documentation for more information. |
| ssl_fd | File descriptor of the secure connection. |

## Description

To compile successfully, the
statement cfunction socket.builtin must be included
in the source code.

On successful completion, a value of 0 is returned in code and the
 *address*, *port* and *ssl_fd*
 FlashBASIC variables are updated.

In the case of an error, the return code is a negative value. The following table lists all of
 the error return codes:

| -1 | Socket error and the FlashBASIC system(0) function is set to the value of errno. |
| --- | --- |
| -2 | OpenSSL is not installed. |
| -3 | Invalid certificate file. |
| -4 | Invalid private key file. |
| -5 | The private key in the privkey file does not match with the loaded certificate file. |
| -6 | Unable to create a SSL connection. |
| -7 | Unable to establish the TLS/SSL handshake with the client, the FlashBASIC system(0) function is set to the value of SSL_get_error. |
| -8 | Unable to open the certificate file. |
A legal integer value must be assigned to the *port* variable, and a legal integer value (IPv4) or char
array (IPv6) must be assigned to the *address* variable
before the call.

## Example(s)

```
include dm,bp,includes sysid.inc
include dm,bp,unix.h socket.h
* Create a socket
fd=%socket(af$inet6, sock$stream, 0)
* Bind the socket to a local Ethernet port.
* Use default address.
if %bind(fd, af$inet6, inaddr$any, 1024)<0 then
 crt "bind failed"; stop
end
* Wait for incoming connection
%listen(fd, 1)
* Accept a connection
address=0; port=0; ssl_fd = 0
cert.file = "server.pem"
privkey.file = "server.pem"
fd2=%accept_ssl(fd, &address, &port, cert.file,
privkey.file, &ssl_fd)
if fd2 < 0 then stop
crt "Called by address ":address:", port #":port
* Read data from the established secure socket link
char buffer[24]
code = %read_ssl(ssl_fd, buffer, 24)
if code < 0 then stop
crt "READ: ":buffer
code = %write_ssl(ssl_fd,"I hear you",10)
if code < 0 then stop
* close the connection
code = %close_ssl(fd2, &ssl_fd)
code = %closesocket(fd)
end
```

## See also

- [%accept() function](https://d3codex.com/pickbasic-flashbasic/percent-accept-function/)
- [%close_ssl() function](https://d3codex.com/pickbasic-flashbasic/percent-close-ssl-function/)
- [%connect_ssl() function](https://d3codex.com/pickbasic-flashbasic/percent-connect-ssl-function/)
- [%read_ssl() function](https://d3codex.com/pickbasic-flashbasic/percent-read-ssl-function/)
- [%write_ssl() function](https://d3codex.com/pickbasic-flashbasic/percent-write-ssl-function/)

---
Source: https://d3codex.com/pickbasic-flashbasic/percent-accept-ssl-function/ - part of the D3Codex reference.