[openssl-users] Suggested way to add option to both SSL_CTX* and SSL*?

Dr. Stephen Henson steve at openssl.org
Mon Jun 22 21:05:10 UTC 2015

On Mon, Jun 22, 2015, Salz, Rich wrote:

> > I looked at how SSL_CTX_set_cipher_list and SSL_set_cipher_list operate,
> > but they don't use SSL_{CTX}_ctrl.
> That API probably predates the ctrl.  It's a trade-off; you lose type-safety but have less to document :)
> > What is the suggested way to control the functionality through a flag?
> Probably the _ctrl API.  Problem is we're running out of bits.  Let's see what drH thinks.

We certainly are running out of options bits and will need to do something to
address that at some point it hasn't been decided precisely *what* yet.

However if the option is related to certificates it can use the cert_flags
field in the CERT structure. If it is related to mode then it can use the mode
field. Both of those have plenty to spare.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list