21.4 Socket Stream SSL keyword arguments

The keyword arguments :ssl-ctx , :ssl-side , :ctx-configure-callback and :ssl-configure-callback can be be passed to create and configure socket streams with SSL processing. The various methods for creating and configuring SSL streams accept these keyword arguments as shown in SSL configuration keywords.

(make-instance 'socket-stream ...) and open-tcp-stream, when ssl-ctx is non-nil, call attach-ssl and pass it all the arguments.

:ssl-ctx specifies that SSL should be used, and also specifies the SSL_CTX object to use. See the OpenSSL manual entry for SSL_CTX_new for details of making a SSL_CTX. The value of ssl-ctx can be:

A symbol

Together with ssl-side , this symbol specifies which protocol to use. ssl-ctx can be one of:

1) t or :default , meaning use the default. Currently this is the same as :v23 .

2) One of :v2 , :v3 , :v23 or :tls-v1 . These are mapped to the SSLv2_*, SSLv3_*, SSLv23_*, TLSv1_* methods.

LispWorks makes a new SSL_CTX object and uses it and frees it when the stream is closed. make-instance, attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed.

A foreign pointer of type ssl-ctx-pointer

This corresponds to the C type SSL_CTX*. This is used and is not freed when the stream is closed. make-instance, attach-ssl and open-tcp-stream also make an SSL object, use it and free it when the stream is closed. The foreign pointer maybe a result of a call to make-ssl-ctx, but it can also be a result of your code, provided that it points to a valid SSL_CTX and has the type ssl-ctx-pointer .

A foreign pointer of type ssl-pointer

This corresponds to the C type SSL*. This specifies the SSL to use in make-instance, attach-ssl and open-tcp-stream. This maybe a result of a call to ssl-new . but can also be a result of your code, provided that it points to a valid SSL object and has the type ssl-pointer . The SSL is used and is not freed when the stream is closed.

When you pass a ssl-ctx-pointer or a ssl-pointer foreign pointer, these must have already been set up correctly.

:ssl-side specifies which side the stream is. The value ssl-side can be one of :client , :server or :both . open-tcp-stream does not take this keyword and always uses :client . For the other calls this argument defaults to :server . The value of ssl-side is used in two cases:

When a new SSL_CTX object is created, it is used to select the method:

:client => *_client_method

:server => *_server_method

:both => *_method

When a new SSL object is created, when ssl-side is either :client or :server , LispWorks calls ssl-set-connect-state or ssl-set-accept-state respectively.

If the value of ssl-ctx is a ssl-pointer , ssl-side is ignored.

:ctx-configure-callback specifies a callback, a function which takes a foreign pointer of type ssl-ctx-pointer . This is called immediately after a new SSL_CTX is created. If the value of ssl-ctx is not a symbol, ctx-configure-callback is ignored.

:ssl-configure-callback specifies a callback, a function which taks a foreign pointer of type ssl-pointer . This is called immediately after a new SSL is created. If the value of ssl-ctx is not a ssl-pointer , ssl-configure-callback is ignored.