SSL Reference

When new SSL structures are created, values for certain flags are inherited from the corresponding SSL_CTX. Subsequent changes to flags for the SSL do not affect the default values set against the SSL_CTX.

The SSL structure stores dynamic information for the SSL handshake, including the ciphers and digests used in the connection. Symmetric cipher keys are generated from the shared secret (master secret). These connection-specific keys are contained in the SSL structure.

Although the private key/certificate pairs are normally specified in the SSL_CTX, they may also be specified in the SSL.

struct ssl_st
{
    int version;

    int type;

    SSL_METHOD *method;

    /*
     * There are two BIOs so data can be read and written to different
     * handlers. Typically these are both the same.
     */

    BIO *rbio;

    BIO *wbio;

    BIO *bbio;

    int rwstate;

    int in_handshake;

    int (*handshake_func)(SSL *ssl);

    int server;

    int new_session;

    int shutdown;

    int state;

    int cstate;

    int rstate;

    BUF_MEM *init_buf;

    int init_num;

    int init_off;

    unsigned char *packet;

    unsigned int packet_length;

    struct ssl2_ctx_st *s2;

    struct ssl3_ctx_st *s3;

    int read_ahead;

    int hit;

    STACK *cipher_list;

    STACK *cipher_list_by_id;

    SSL_ENC read;
    SSL_ENC write;

    void (*mac_cleanup)(SSL_MAC_CTX *ptr);

    struct cert_st *cert;

    STACK *cert_chain;

    unsigned int sid_ctx_length;
    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

    SSL_SESSION *session; /* also in the session once established */

    /* Used in SSL2 and SSL3 */

    /* 0 indicates to ignore the verification failure. Otherwise, fail. */
    int verify_mode;

    int verify_depth;


#ifndef SSLC_SMALL_CODE

    SSL_VERIFY_CB_T *verify_cb;
#endif

    SSL_INFO_CB_T *info_cb;

#if (!defined(SSLC_SMALL_CODE) && !defined(SSL_INFO_CB_ONLY))
    SSL_ALERT_INFO_CB_T *alert_info_cb;

    char *alert_info_arg;
#endif

#ifndef SSLC_SMALL_CODE
    SSL_APP_DATA_CB_T *app_data_cb;
    char *app_data_arg;
#endif /* SSLC_SMALL_CODE */

    int error;

    int error_code;

    SSL_CTX *ctx;

    int debug;

    long verify_result;
#ifndef NO_EX_DATA

    CRYPTO_EX_DATA ex_data;
#endif /* NO_EX_DATA */

#ifndef NO_CA_LIST
    /* For the server side, keep the list of CA_dn available for use */

    STACK *client_CA;
#endif /* NO_CA_LIST */

    int references;

    unsigned long options;
    unsigned long user_options;

    int first_packet;

    int client_version;

    int write_buf_size;
    int read_buf_size;

    long client_cert_sz;
    long server_cert_sz;

    int blinding;

    EVP_MD_CTX *tmp_md;
    R_LIB_CTX *lib_ctx;
    void *r_cr_switch;

    unsigned long max_rsa_n;
    unsigned long max_rsa_e;
};

Field Documentation

long client_cert_sz

The maximum acceptable length of the certificate (including the chain) that will be accepted as valid. The protocol itself does not specify limits - there are practical reasons for rejecting values beyond these limits - and these limits are configurable.

SSL_CTX* ctx

A reference back to the parent object. The SSL_CTX contains the default settings that all SSL structures inherit.

int(* handshake_func)(SSL *ssl)

The function that is handling the handshake protocol. This is set to the protocol version-specific handshake function in the underlying "method" that is being used. In SSLv23 this is not the same as the handshake field in the method structure after the version being negotiated has been determined.

int in_handshake

Indicates that the protocol handshake is still being handled and the transfer of application data has not been started. That is, 1 indicates SSL_accept() or SSL_connect(). 0 indicates otherwise.

unsigned long max_rsa_n

Allows the server to set the maximum size of the client certificate public key.

: The size is length in bits.

int rwstate

Indicates the data layer operation that was being performed when a 0 or -1 is returned. This state is needed for non-blocking IO so the IO operation is able to complete the current read or write in SSL_accept() or SSL_connect(). The states are documented in SSL_want().

	RSA BSAFE Micro Edition Suite	Streamlined security for mobile and embedded devices

Data Fields
int	version
	The protocol version 2: SSLv2, 3: SSLv3, -3: SSLv3, but accept SSLv2.
int	type
	The type - client or server - SSL_ST_CONNECT or SSL_ST_ACCEPT.
SSL_METHOD*	method
	The protocol version implementation - one of the method functions.
BIO*	rbio
	The BIO used for reading.
BIO*	wbio
	The BIO used for writing.
BIO*	bbio
	The BIO used during session-id reuse to concatenate messages.
int	rwstate
	Indicates the data layer operation that was being performed when a 0 or -1 is returned. More...
int	in_handshake
	Indicates that the protocol handshake is still being handled and the transfer of application data has not been started. More...
int(*	handshake_func )(SSL *ssl)
	The function that is handling the handshake protocol. More...
int	server
	Indicates operating as the server side of the protocol.
int	new_session
	1 indicates to use a new session.
int	shutdown
	The SSL shutdown status: 0x01 indicates sent; 0x02 indicates received.
int	state
	The protocol state.
int	cstate
	The current state that is used in the debug mode.
int	rstate
	Indicates the position when reading.
BUF_MEM*	init_buf
	The buffer used during initialization.
int	init_num
	The amount read/written.
int	init_off
	The amount read/written.
unsigned char*	packet
	The raw packet reference into the buffer.
unsigned int	packet_length
	The length of the packet.
struct ssl2_ctx_st*	s2
	SSLv2 variables.
struct ssl3_ctx_st*	s3
	SSLv3 variables.
int	read_ahead
	A flag indicating to read as many input Bytes as possible.
int	hit
	Indicates the session reuse status. More...
STACK*	cipher_list
	The list of ciphers in logical order.
STACK*	cipher_list_by_id
	The list of ciphers ordered by protocol identifiers.
SSL_ENC	read
	Contains the MAC algorithm information that is specific to the negotitated protocol version.
void(*	mac_cleanup )(SSL_MAC_CTX *ptr)
	A pointer to the function that frees the MAC algorithm data.
struct	cert
	The certificate structure used to hold the server certificate.
STACK*	cert_chain
	The certificate chain to send with the client/server certificate.
unsigned int	sid_ctx_length
	The length of the session id context.
unsigned char	sid_ctx [SSL_MAX_SID_CTX_LENGTH]
	The session id context data.
SSL_SESSION*	session
	The location of the negotiated information for the SSL session.
int	verify_depth
	The certificate verification depth (for `mod_ssl`).
SSL_INFO_CB_T*	info_cb
	An optional informative callback.
int	error
	Flag that indicates that an SSLv2 error is to be written.
int	error_code
	The actual code.
SSL_CTX*	ctx
	A reference back to the parent object. More...
int	debug
	If compiled with PKT_DEBUG then for SSLv2 only an additional call to sleep(1) is added to all SSL_read() and SSL_write() calls to enable debugging of non-blocking I/O handling.
long	verify_result
	The result of the verification callback.
CRYPTO_EX_DATA	ex_data
	Extra application data.
int	references
	The reference count.
unsigned long	options
	The protocol options.
int	first_packet
	Flag when processing the first packet which checks for non-encrypted data sent to a secure server and reports an error to the user.
int	client_version
	The rollback check for SSLv3/TLS.
int	write_buf_size
	The size of the internal buffers for handling protocol "records".
long	client_cert_sz
	The maximum acceptable length of the certificate (including the chain) that will be accepted as valid. More...
int	blinding
	Flag that enables blinding of RSA operations.
EVP_MD_CTX*	tmp_md
	A temporary location for the algorithm implementation currently being used to compute the digest of the messages in the SSL handshake.
R_LIB_CTX*	lib_ctx
	A reference to the parent object for the product library.
unsigned long	max_rsa_n
	Allows the server to set the maximum size of the client certificate public key. More...

SSL Reference

Data Fields

Field Documentation