The C objects SSL and SSL_CTX are represented in LispWorks by foreign pointers with type ssl-pointer and ssl-ctx-pointer, which correspond to the C types SSL* and SSL_CTX*. These foreign types should be used for any foreign function that takes or returns these C types, and must be used when passing a foreign pointer as the value of the
:ssl-ctx
argument.
Making SSL objects is a way of getting access to them to perform configuration, but, especially in the case of the SSL_CTX, it is a useful way to avoid repeated calls to the configuration routines which may be time consuming. For example, if we have defined a function
configure-a-ctx
, and we want to read once every 60 seconds from some URL, we can write:
(loop (with-open-stream
(str (comm:open-tcp-stream some-url 443 :ssl-ctx t
:ctx-configure-callback 'configure-a-ctx))
(read-something str))
(sleep 60))
This will cause
configure-a-ctx
to be called each time. If it is expensive, we can call it only once by changing the code to:
(let ((ctx (comm:make-ssl-ctx :ssl-side :client)))
(configure-a-ctx ctx)
(loop (with-open-stream
(str (comm:open-tcp-stream some-url 443 :ssl-ctx ctx))
(read-something str))
(sleep 60))
(ssl-ctx-free ctx))
The SSL objects could be made either by make-ssl-ctx or
ssl-new or by user code that calls the C functions SSL_CTX_new and SSL_new.
destroy-ssl-ctx frees the SSL_CTX object. To free an SSL object you would call
destroy-ssl. See the manual entries for full descriptions of these functions.