The keyword arguments
:ssl-ctx
,
:ssl-side
,
:ctx-configure-callback
and
:ssl-configure-callback
can be be passed to create and configure socket streams with SSL processing. The various methods for creating and configuring SSL streams accept these keyword arguments as shown in .
(make-instance 'socket-stream ...)
and
open-tcp-stream
, when
ssl-ctx
is non-
nil
, call
attach-ssl
and pass it all the arguments.
:ssl-ctx
specifies that SSL should be used, and also specifies the SSL_CTX object to use. See the OpenSSL manual entry for SSL_CTX_new for details of making a SSL_CTX. The value of
ssl-ctx
can be:
Together with
ssl-side
, this symbol specifies which protocol to use.
ssl-ctx
can be one of:
1)
t
or
:default
, meaning use the default. Currently this is the same as
:v23
.
2) One of
:v2
,
:v3
,
:v23
or
:tls-v1
. These are mapped to the SSLv2_*, SSLv3_*, SSLv23_*, TLSv1_* methods.
LispWorks makes a new SSL_CTX object and uses it and frees it when the stream is closed.
make-instance
,
attach-ssl
and
open-tcp-stream
also make an SSL object, use it and free it when the stream is closed.
A foreign pointer of type
ssl-ctx-pointer
This corresponds to the C type SSL_CTX*. This is used and is not freed when the stream is closed.
make-instance
,
attach-ssl
and
open-tcp-stream
also make an SSL object, use it and free it when the stream is closed. The foreign pointer maybe a result of a call to
make-ssl-ctx
, but it can also be a result of your code, provided that it points to a valid SSL_CTX and has the type
ssl-ctx-pointer
.
A foreign pointer of type
ssl-pointer
This corresponds to the C type SSL*. This specifies the SSL to use in
make-instance
,
attach-ssl
and
open-tcp-stream
. This maybe a result of a call to
ssl-new
. but can also be a result of your code, provided that it points to a valid SSL object and has the type
ssl-pointer
. The SSL is used and is not freed when the stream is closed.
When you pass a
ssl-ctx-pointer
or a
ssl-pointer
foreign pointer, these must have already been set up correctly.
:ssl-side
specifies which side the
socket-stream
is. The value
ssl-side
can be one of
:client
,
:server
or
:both
.
open-tcp-stream
does not take this keyword and always uses
:client
. For the other calls this argument defaults to
:server
. The value of
ssl-side
is used in two cases:
When a new SSL_CTX object is created, it is used to select the method:
When a new SSL object is created, when
ssl-side
is either
:client
or
:server
, LispWorks calls
ssl-set-connect-state
or
ssl-set-accept-state
respectively.
If the value of
ssl-ctx
is a
ssl-pointer
,
ssl-side
is ignored.
:ctx-configure-callback
specifies a callback, a function which takes a foreign pointer of type
ssl-ctx-pointer
. This is called immediately after a new SSL_CTX is created. If the value of
ssl-ctx
is not a symbol,
ctx-configure-callback
is ignored.
:ssl-configure-callback
specifies a callback, a function which taks a foreign pointer of type
ssl-pointer
. This is called immediately after a new SSL is created. If the value of
ssl-ctx
is not a
ssl-pointer
,
ssl-configure-callback
is ignored.
