A foreign pointer.
A pathname designator or
nil
.
A function designator or
nil
.
An association list.
A string, or
nil
.
A function designator, or
nil
.
The function
set-ssl-ctx-dh
sets the DH parameters for a
SSL_CTX
.
ssl-ctx can be either a foreign pointer of type ssl-ctx-pointer or a foreign pointer of type ssl-pointer.
The value is to use is specified by one of the parameters dh , filename , func or filename-list .
If
dh
is non-
nil
, it must be a foreign pointer to a DH (corresponding to the C type
DH*
), and this DH is used as-is. The default value of
dh
is
nil
.
Otherwise, if
filename
is non-
nil
, it must be a pathname designator for a file containing DH parameters, which is loaded (by read-dhparams) and then used. In this case,
pass-phrase
and
callback
can be used, and are passed to pem-read.
Otherwise, if
func
is non-
nil
, it must be a function with signature:
func is-export keylength => dh-ptr
where
is-export
is a boolean,
keylength
is an integer, and
dh-ptr
is a pointer to an appropriate DH structure.
set-ssl-ctx-dh
installs
func
as the DH callback.
Otherwise (that is, if each of
dh
,
filename
and
func
are
nil
) then
filename-list
must be a non-
nil
association list of keylengths and filenames, sorted by the keylengths in ascending order (that is, larger keylengths are towards the end of the list).
set-ssl-ctx-dh
installs a DH callback which when called finds the first keylength which is equal or bigger than the required keylength, loads the associated file (by calling read-dhparams), and returns it. It also loads the first file of the list immediately.