46 lines
1.4 KiB
Plaintext
46 lines
1.4 KiB
Plaintext
We have an SSL_CTX which contains global information for lots of
|
|
SSL connections. The session-id cache and the certificate verificate cache.
|
|
It also contains default values for use when certificates are used.
|
|
|
|
SSL_CTX
|
|
default cipher list
|
|
session-id cache
|
|
certificate cache
|
|
default session-id timeout period
|
|
New session-id callback
|
|
Required session-id callback
|
|
session-id stats
|
|
Informational callback
|
|
Callback that is set, overrides the SSLeay X509 certificate
|
|
verification
|
|
The default Certificate/Private Key pair
|
|
Default read ahead mode.
|
|
Default verify mode and verify callback. These are not used
|
|
if the over ride callback mentioned above is used.
|
|
|
|
Each SSL can have the following defined for it before a connection is made.
|
|
|
|
Certificate
|
|
Private key
|
|
Ciphers to use
|
|
Certificate verify mode and callback
|
|
IO object to use in the comunication.
|
|
Some 'read-ahead' mode information.
|
|
A previous session-id to re-use.
|
|
|
|
A connection is made by using SSL_connect or SSL_accept.
|
|
When non-blocking IO is being used, there are functions that can be used
|
|
to determin where and why the SSL_connect or SSL_accept did not complete.
|
|
This information can be used to recall the functions when the 'error'
|
|
condition has dissapeared.
|
|
|
|
After the connection has been made, information can be retrived about the
|
|
SSL session and the session-id values that have been decided apon.
|
|
The 'peer' certificate can be retrieved.
|
|
|
|
The session-id values include
|
|
'start time'
|
|
'timeout length'
|
|
|
|
|