21.3.3 Direct calls to OpenSSL
The following functions map directly to the OpenSSL functions. Check the OpenSSL documentation for details.
Where an OpenSSL function takes an SSL* or SSL_CTX*, the Lisp function's argument must be a foreign pointer of type ssl-pointer, ssl-ctx-pointer or ssl-cipher-pointer. Where an OpenSSL function takes a
char*
or
int
, the Lisp function's argument must be a string or integer. Where an OpenSSL function takes other kinds of pointers, the Lisp function's argument must be a foreign pointer. The return values are integers or foreign pointers unless stated otherwise.
If an error occurs in one of these functions, an error code is returned. They do not signal any Common Lisp conditions and so you should check the return value carefully.
Direct calls to OpenSSL
|
Lisp function
|
Return values
|
|
ssl-add-client-ca
|
|
|
ssl-cipher-get-bits
|
First value is number of bits the cipher actually uses.
Second value is number of bits the algorithm of the cipher can use (which may be higher).
|
|
ssl-cipher-get-name
|
string.
e.g. "DHE-RSA-AES256-SHA"
|
|
ssl-cipher-get-version
|
string.
e.g. "TLSv1/SSLv3"
|
|
ssl-clear-num-renegotiations
|
|
|
ssl-ctrl
|
|
|
ssl-ctx-add-client-ca
|
|
|
ssl-ctx-add-extra-chain-cert
|
|
|
ssl-ctx-ctrl
|
|
|
ssl-ctx-get-max-cert-list
|
|
|
ssl-ctx-get-mode
|
|
|
ssl-ctx-get-options
|
|
|
ssl-ctx-get-read-ahead
|
|
|
ssl-ctx-get-verify-mode
|
integer
|
|
ssl-ctx-load-verify-locations
|
|
|
ssl-ctx-need-tmp-rsa
|
|
|
ssl-ctx-sess-set-cache-size
|
|
|
ssl-ctx-sess-get-cache-size
|
|
|
ssl-ctx-sess-set-cache-mode
|
|
|
ssl-ctx-sess-get-cache-mode
|
|
|
ssl-ctx-set-client-ca-list
|
|
|
ssl-ctx-set-max-cert-list
|
|
|
ssl-ctx-set-mode
|
|
|
ssl-ctx-set-options
|
|
|
ssl-ctx-set-read-ahead
|
|
|
ssl-ctx-set-tmp-rsa
|
|
|
ssl-ctx-set-tmp-dh
|
|
|
ssl-ctx-use-certificate-chain-file
|
|
|
ssl-ctx-use-certificate-file
|
|
|
ssl-ctx-use-privatekey-file
|
|
|
ssl-ctx-use-rsaprivatekey-file
|
|
|
ssl-get-current-cipher
|
ssl-cipher-pointer
Can be a null pointer.
|
|
ssl-get-max-cert-list
|
|
|
ssl-get-mode
|
|
|
ssl-get-options
|
|
|
ssl-get-verify-mode
|
integer
|
|
ssl-get-version
|
string
"TLSv1", "SSLv2" or "SSLv3"
|
|
ssl-load-client-ca-file
|
|
|
ssl-need-tmp-rsa
|
|
|
ssl-num-renegotiations
|
|
|
ssl-session-reused
|
|
|
ssl-set-accept-state
|
None
|
|
ssl-set-client-ca-list
|
|
|
ssl-set-connect-state
|
None
|
|
ssl-set-max-cert-list
|
|
|
ssl-set-mode
|
|
|
ssl-set-options
|
|
|
ssl-set-tmp-rsa
|
|
|
ssl-set-tmp-dh
|
|
|
ssl-total-renegotiations
|
|
|
ssl-use-certificate-file
|
|
|
ssl-use-rsaprivatekey-file
|
|
|
ssl-use-privatekey-file
|
|
If you need OpenSSL functionality that is not provided here, you can define your own foreign functions via the LispWorks Foreign Language Interface.
If you do this, an important point to note is that on Microsoft Windows, the
:calling-convention
must be
:cdecl
(it defaults to
:stdcall
). If using OpenSSL suddenly causes mysterious crashes, the
calling-convention
in your foreign function definitions is the first thing to check.
LispWorks User Guide and Reference Manual - 22 Dec 2009
