/* 定义在ssl.h头文件中 */
struct ssl_ctx_st

{
SSL_METHOD *method;
unsigned long options;
unsigned long mode;

STACK\_OF(SSL\_CIPHER) \*cipher\_list;  

/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;

   struct x509\_store\_st /\* X509\_STORE \*/ \*cert\_store;  

struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
/* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
unsigned long session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;

 /\* This can have one of 2 values, ored together,  
 \* SSL\_SESS\_CACHE\_CLIENT,  
\* SSL\_SESS\_CACHE\_SERVER,  
\* Default is SSL\_SESSION\_CACHE\_SERVER, which means only  
 \* SSL\_accept which cache SSL\_SESSIONS. \*/

 int session\_cache\_mode;

  /\* If timeout is not 0, it is the default timeout value set  

* when SSL_new() is called. This has been put in to make
* life easier to set things up */

 long session\_timeout;

/* If this callback is not null, it will be called each
* time a session id is added to the cache. If this function
* returns 1, it means that the callback will do a
* SSL_SESSION_free() when it has finished using it. Otherwise,
* on 0, it means the callback has finished with it.
* If remove_session_cb is not null, it will be called when
* a session-id is removed from the cache. After the call,
* OpenSSL will SSL_SESSION_free() it. */

int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
unsigned char *data,int len,int *copy);
struct
{
int sess_connect; /* SSL new conn - started */
int sess_connect_renegotiate;/* SSL reneg - requested */
int sess_connect_good; /* SSL new conne/reneg - finished */
int sess_accept; /* SSL new accept - started */
int sess_accept_renegotiate;/* SSL reneg - requested */
int sess_accept_good; /* SSL accept/reneg - finished */
int sess_miss; /* session lookup misses */
int sess_timeout; /* reuse attempt on timeouted session */
int sess_cache_full; /* session removed due to full cache */
int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not

                                  \* in the cache was  
                              \* passed back via the callback.  This  
                                   \* indicates that the application is  
                                     \* supplying session-id's from other  
                                     \* processes - spooky :-) \*/

} stats;

   int references;

    void (\*info\_callback)();

   /\* if defined, these override the X509\_verify\_cert() calls \*/

int (*app_verify_callback)();
char *app_verify_arg; /* never used; should be void * */

   /\* default values to use in SSL structures \*/

struct cert_st /* CERT */ *cert;
int read_ahead;
int verify_mode;
int verify_depth;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);

int purpose;            /\* Purpose setting \*/  
   int trust;              /\* Trust setting \*/

/\* Default password callback. \*/

   pem\_password\_cb \*default\_passwd\_callback;

  /\* Default password callback user data. \*/

 void \*default\_passwd\_callback\_userdata;

    /\* get client cert callback \*/

int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);

/* what we put in client cert requests */

  STACK\_OF(X509\_NAME) \*client\_CA;

    int quiet\_shutdown;

CRYPTO\_EX\_DATA ex\_data;

    const EVP\_MD \*rsa\_md5;  /\* For SSLv2 - name is 'ssl2-md5' \*/  
    const EVP\_MD \*md5;              /\* For SSLv3/TLSv1 'ssl3-md5' \*/  
const EVP\_MD \*sha1;             /\* For SSLv3/TLSv1 'ssl3->sha1' \*/

STACK_OF(X509) *extra_certs;
STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */

};