NextPrevUpTopContentsIndex

20.4 Socket Stream SSL keyword arguments

The keyword arguments :ssl-ctx , :ssl-side , :ctx-configure-callback and :ssl-configure-callback can be be passed to create and configure socket streams with SSL processing. The various methods for creating and configuring SSL streams accept these keyword arguments as shown in .

 

 

 

:ssl-ctx

:ssl-side

:ctx-configure-callback

:ssl-configure-callback

socket-stream make-instance

Yes

Yes

Yes

Yes

open-tcp-stream

Yes

No

Yes

Yes

attach-ssl

Yes

Yes

Yes

Yes

make-ssl-ctx

Yes

Yes

No

No

(make-instance 'socket-stream ...) and open-tcp-stream , when ssl-ctx is non- nil , call attach-ssl and pass it all the arguments.

:ssl-ctx specifies that SSL should be used, and also specifies the SSL_CTX object to use. See the OPENSSL manual entry for SSL_CTX_new for details of making a SSL_CTX. The value of ssl-ctx can be:

A symbol

Together with ssl-side , this symbol specifies which protocol to use. ssl-ctx can be one of:

1) t or :default , meaning use the default. Currently this is the same as :v23 .

2) One of :v2 , :v3 , :v23 or :tls-v1 . These are mapped to the SSLv2_*, SSLv3_*, SSLv23_*, TLSv1_* methods.

LispWorks makes a new SSL_CTX object and uses it and frees it when the stream is closed. make-instance , attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed.

A foreign pointer of type ssl-ctx-pointer

This corresponds to the C type SSL_CTX*. This is used and is not freed when the stream is closed. make-instance , attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed. The foreign pointer maybe a result of a call to make-ssl-ctx , but it can also be a result of your code, provided that it points to a valid SSL_CTX and has the type ssl-ctx-pointer .

A foreign pointer of type ssl-pointer

This corresponds to the C type SSL*. This specifies the SSL to use in make-instance , attach-ssl and open-tcp-stream . This maybe a result of a call to ssl-new . but can also be a result of your code, provided that it points to a valid SSL object and has the type ssl-pointer . The SSL is used and is not freed when the stream is closed.

When you pass a ssl-ctx-pointer or a ssl-pointer foreign pointer, these must have already been set up correctly.

:ssl-side specifies which side the socket-stream is. The value ssl-side can be one of :client , :server or :both . open-tcp-stream does not take this keyword and always uses :client . For the other calls this argument defaults to :server . The value of ssl-side is used in two cases:

When a new SSL_CTX object is created, it is used to select the method:

:client => *_client_method

:server => *_server_method

:both => *_method

When a new SSL object is created, when ssl-side is either :client or :server , LispWorks calls ssl-set-connect-state or ssl-set-accept-state respectively.

If the value of ssl-ctx is a ssl-pointer , ssl-side is ignored.

:ctx-configure-callback specifies a callback, a function which takes a foreign pointer of type ssl-ctx-pointer . This is called immediately after a new SSL_CTX is created. If the value of ssl-ctx is not a symbol, ctx-configure-callback is ignored.

:ssl-configure-callback specifies a callback, a function which taks a foreign pointer of type ssl-pointer . This is called immediately after a new SSL is created. If the value of ssl-ctx is not a ssl-pointer , ssl-configure-callback is ignored.


LispWorks User Guide - 8 Apr 2005

NextPrevUpTopContentsIndex