diff options
Diffstat (limited to 'doc/ssluse.doc')
| -rw-r--r-- | doc/ssluse.doc | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/doc/ssluse.doc b/doc/ssluse.doc new file mode 100644 index 0000000000..2e3a26cbf3 --- /dev/null +++ b/doc/ssluse.doc @@ -0,0 +1,45 @@ +We have an SSL_CTX which contains global information for lots of +SSL connections. The session-id cache and the certificate verificate cache. +It also contains default values for use when certificates are used. + +SSL_CTX + default cipher list + session-id cache + certificate cache + default session-id timeout period + New session-id callback + Required session-id callback + session-id stats + Informational callback + Callback that is set, overrides the SSLeay X509 certificate + verification + The default Certificate/Private Key pair + Default read ahead mode. + Default verify mode and verify callback. These are not used + if the over ride callback mentioned above is used. + +Each SSL can have the following defined for it before a connection is made. + +Certificate +Private key +Ciphers to use +Certificate verify mode and callback +IO object to use in the comunication. +Some 'read-ahead' mode information. +A previous session-id to re-use. + +A connection is made by using SSL_connect or SSL_accept. +When non-blocking IO is being used, there are functions that can be used +to determin where and why the SSL_connect or SSL_accept did not complete. +This information can be used to recall the functions when the 'error' +condition has dissapeared. + +After the connection has been made, information can be retrived about the +SSL session and the session-id values that have been decided apon. +The 'peer' certificate can be retrieved. + +The session-id values include +'start time' +'timeout length' + + |