set-ssl-ctx-dh Function

Summary

Sets the DH parameters for a SSL_CTX. This should only be called when using the :openssl implementation.

Package

comm

Signature

set-ssl-ctx-dh ssl-ctx &key dh filename func filename-list pass-phrase callback => result

Arguments

Values

Description

The function set-ssl-ctx-dh sets the DH parameters for a SSL_CTX.

ssl-ctx can be either a foreign pointer of type ssl-ctx-pointer or a foreign pointer of type ssl-pointer.

The value is to use is specified by one of the parameters dh, filename, func or filename-list.

If dh is non-nil, it must be a foreign pointer to a DH (corresponding to the C type DH*), and this DH is used as-is. The default value of dh is nil.

Otherwise, if filename is non-nil, it must be a pathname designator for a file containing DH parameters, which is loaded (by read-dhparams) and then used. In this case, pass-phrase and callback can be used, and are passed to pem-read.

Otherwise, if func is non-nil, it must be a function with signature:

func is-export keylength => dh-ptr

where is-export is a boolean, keylength is an integer, and dh-ptr is a pointer to an appropriate DH structure. set-ssl-ctx-dh installs func as the DH callback.

Otherwise (that is, if each of dh, filename and func are nil) then filename-list must be a non-nil association list of keylengths and filenames, sorted by the keylengths in ascending order (that is, larger keylengths are towards the end of the list). set-ssl-ctx-dh installs a DH callback which when called finds the first keylength which is equal or bigger than the required keylength, loads the associated file (by calling read-dhparams), and returns it. It also loads the first file of the list immediately.

result is t on success, nil otherwise.

See also

pem-read
read-dhparams
ssl-ctx-pointer
ssl-pointer
25 TCP and UDP socket communication and SSL