The keyword arguments
:ssl-ctx
,
:ssl-side
,
:ctx-configure-callback
and
:ssl-configure-callback
can be be passed to create and configure socket streams with SSL processing. The various methods for creating and configuring SSL streams accept these keyword arguments as shown in SSL configuration keywords.
|
||||
(make-instance 'socket-stream ...)
and open-tcp-stream, when
ssl-ctx
is non-nil, call attach-ssl and pass it all the arguments.
:ssl-ctx
specifies that SSL should be used, and also specifies the SSL_CTX object to use. See the OpenSSL manual entry for SSL_CTX_new for details of making a SSL_CTX. The value of
ssl-ctx
can be:
Together with
ssl-side
, this symbol specifies which protocol to use.
ssl-ctx
can be one of:
1)
t
or
:default
, meaning use the default. Currently this is the same as
:v23
.
2) One of
:v2
,
:v3
,
:v23
or
:tls-v1
. These are mapped to the SSLv2_*, SSLv3_*, SSLv23_*, TLSv1_* methods.
LispWorks makes a new SSL_CTX object and uses it and frees it when the stream is closed. make-instance, attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed.
A foreign pointer of type
ssl-ctx-pointer
This corresponds to the C type SSL_CTX*. This is used and is not freed when the stream is closed. make-instance, attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed. The foreign pointer maybe a result of a call to
make-ssl-ctx, but it can also be a result of your code, provided that it points to a valid SSL_CTX and has the type
ssl-ctx-pointer
.
A foreign pointer of type
ssl-pointer
This corresponds to the C type SSL*. This specifies the SSL to use in make-instance, attach-ssl and open-tcp-stream. This maybe a result of a call to
ssl-new
. but can also be a result of your code, provided that it points to a valid SSL object and has the type
ssl-pointer
. The SSL is used and is not freed when the stream is closed.
When you pass a
ssl-ctx-pointer
or a
ssl-pointer
foreign pointer, these must have already been set up correctly.
:ssl-side
specifies which side the stream is. The value
ssl-side
can be one of
:client
,
:server
or
:both
. open-tcp-stream does not take this keyword and always uses
:client
. For the other calls this argument defaults to
:server
. The value of
ssl-side
is used in two cases:
When a new SSL_CTX object is created, it is used to select the method:
When a new SSL object is created, when
ssl-side
is either
:client
or
:server
, LispWorks calls
ssl-set-connect-state
or
ssl-set-accept-state
respectively.
If the value of
ssl-ctx
is a
ssl-pointer
,
ssl-side
is ignored.
:ctx-configure-callback
specifies a callback, a function which takes a foreign pointer of type
ssl-ctx-pointer
. This is called immediately after a new SSL_CTX is created. If the value of
ssl-ctx
is not a symbol,
ctx-configure-callback
is ignored.
:ssl-configure-callback
specifies a callback, a function which taks a foreign pointer of type
ssl-pointer
. This is called immediately after a new SSL is created. If the value of
ssl-ctx
is not a
ssl-pointer
,
ssl-configure-callback
is ignored.