HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Appendix A Data Structures and Header Files

SSL Structure

  Table of Contents

  Index

The SSL structure is defined in ssl.h.

struct ssl_st
{
/* protocol version
* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
*/

int version;
int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

SSL_METHOD *method; /* SSLv3 */


/* There are 2 BIO's even though they are normally both the
* same. This is so data can be read and written to different
* handlers */

#ifndef NO_BIO

BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
BIO *bbio; /* used during session-id reuse to concatenate
* messages */

#else

char *rbio; /* used by SSL_read */
char *wbio; /* used by SSL_write */
char *bbio;
#endif

/* This holds a variable that indicates what we were doing
* when a 0 or -1 is returned. This is needed for
* non-blocking IO so we know what request needs re-doing when
* in SSL_accept or SSL_connect */

int rwstate;

/* true when we are actually in SSL_accept() or SSL_connect() */

int in_handshake;
int (*handshake_func)();

/* Imagine that here's a boolean member "init" that is
* switched as soon as SSL_set_{accept/connect}_state
* is called for the first time, so that "state" and
* "handshake_func" are properly initialized. But as
* handshake_func is == 0 until then, we use this
* test instead of an "init" member.
*/

int server; /* are we the server side? - mostly used by SSL_clear*/
int new_session;/* 1 if we are to use a new session */
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02

* for received */

int state; /* where we are */
int rstate; /* where we are when reading */

BUF_MEM *init_buf; /* buffer used during init */
int init_num; /* amount read/written */
int init_off; /* amount read/written */

/* used internally to point at a raw packet */

unsigned char *packet;
unsigned int packet_length;
struct ssl2_state_st *s2; /* SSLv2 variables */
struct ssl3_state_st *s3; /* SSLv3 variables */
int read_ahead; /* Read as many input bytes as possible
* (for non-blocking reads) */

int hit; /* reusing a previous session */
int purpose; /* Purpose setting */
int trust; /* Trust setting */

/* crypto */

STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;

/* These are the ones being used, the ones in SSL_SESSION are
* the ones to be 'copied' into these ones */

EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
const EVP_MD *read_hash; /* used for mac generation */
#ifndef NO_COMP
COMP_CTX *expand; /* uncompress */
#else

char *expand;
#endif

EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
const EVP_MD *write_hash; /* used for mac generation */
#ifndef NO_COMP
  COMP_CTX *compress;                     /* compression */
#else
char *compress;
#endif

/* session info */
/* client cert? */
/* This is used to hold the server certificate used */

struct cert_st /* CERT */ *cert;

/* the session_id_context is used to ensure sessions are only reused
* in the appropriate context */

unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

/* This can also be in the session once a session is established */

SSL_SESSION *session;

/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */

int verify_depth;
int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
void (*info_callback)(); /* optional informational callback */

int error; /* error bytes to be written */
int error_code; /* actual code */

SSL_CTX *ctx;

/* set this flag to 1 and a sleep(1) is put into all SSL_read()
* and SSL_write() calls, good for nbio debuging :-) */

int debug;

/* extra application data */

long verify_result;
CRYPTO_EX_DATA ex_data;

/* for server side, keep the list of CA_dn we can use */

STACK_OF(X509_NAME) *client_CA;
int references;
unsigned long options; /* protocol behaviour */
unsigned long mode; /* API behaviour */
int first_packet;
int client_version; /* what was passed, used for

* SSLv3/TLS rollback check */

};