CLplusSSL

Subprojects

CL+SSL
trivial-https
trivial-gray-streams

News

2007-xx-yy

Fixed windows support, thanks to Matthew Kennedy and Vodonosov Anton.

2007-07-07

Improved clisp support, thanks to Pixel // pinterface, as well as client certificate support.
Re-introduced support for direct access to file descriptors as an optimization. New function stream-fd. New keyword argument close-callback.

2007-01-16: CL+SSL is now available under an MIT-style license.

Download

Anonymous CVS (browse):

$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
$ cvs login
password: anonymous
$ cvs co cl+ssl
$ cvs co trivial-gray-streams
$ cvs co trivial-https

Tarballs are also available (but not always up-to-date).

Note that you need the libssl-dev package on Debian to load this package without manual configuration.

Send bug reports to cl-plus-ssl-devel@common-lisp.net (list information).

CL+SSL

A simple Common Lisp interface to OpenSSL.

About

This library is a fork of SSL-CMUCL. The original SSL-CMUCL source code was written by Eric Marsden and includes contributions by Jochen Schmidt. License: MIT-style.

CL+SSL is portable code based on CFFI and gray streams.
It defines its own libssl BIO method, so that SSL I/O is actually written over portable Lisp streams instead of bypassing the streams and sending data over Unix file descriptors directly.

Comparison chart:

	FFI	Streams	Lisp-BIO
CL+SSL	CFFI	gray¹, buffering output	yes
CL-SSL	UFFI	gray, buffering I/O [part of ACL-COMPAT]	no
SSL-CMUCL	CMUCL/ALIEN	CMUCL, non-buffering	no

¹ Character I/O and external formats in CL+SSL are provided using flexi-streams.

API functions

Function CL+SSL:STREAM-FD (stream)

Return stream's file descriptor as an integer, if known. Otherwise return stream itself.

Pass the return value of this function to make-ssl-client-stream or make-ssl-servre-stream, which are faster when accessing file descriptors directly.

Function CL+SSL:MAKE-SSL-CLIENT-STREAM (fd-or-stream &key external-format certificate key close-callback)

Return an SSL stream for the client socket fd-or-stream. All reads and writes to this SSL stream will be pushed through the SSL connection.

If fd-or-stream is a lisp stream, it can the SSL stream will close it automatically. File descriptors are not closed automatically. However, if close-callback is non-nil, it will be called with zero arguments when the SSL stream is closed. certificate is the path to a file containing the PEM-encoded certificate for your client. key is the path to the PEM-encoded key for the client, which must not be associated with a passphrase.

If external-format is nil (the default), a plain (unsigned-byte 8) SSL stream is returned. With a non-null external-format, a flexi-stream capable of character I/O will be returned instead, with the specified value as its initial external format.

Function CL+SSL:MAKE-SSL-SERVER-STREAM (fd-or-stream &key external-format certificate key close-callback)

Return an SSL stream for the server socket fd-or-stream. All reads and writes to this server stream will be pushed through the OpenSSL library.

If fd-or-stream is a lisp stream, it can the SSL stream will close it automatically. File descriptors are not closed automatically. However, if close-callback is non-nil, it will be called with zero arguments when the SSL stream is closed. certificate is the path to a file containing the PEM-encoded certificate for your server. key is the path to the PEM-encoded key for the server, which must not be associated with a passphrase. See above for external-format handling.

Function CL+SSL:RELOAD ()

Reload libssl. Call this function after restarting a Lisp core with CL+SSL dumped into it on Lisp implementations that do not reload shared libraries automatically.

Portability

CL+SSL requires CFFI with callback support.

Test results for Linux/x86, except OpenMCL which was tested on Linux/PPC:

Lisp Implementation	Status	Comments
OpenMCL	Working
SBCL	Working
CMU CL	Working
CLISP	Working
LispWorks	Working
Allegro	Broken	segfault
Corman CL	Unknown
Digitool MCL	Unknown
Scieneer CL	Unknown
ECL	Unknown
GCL	Unknown

TODO

CNAME checking!

trivial-https

trivial-https is a fork of Brian Mastenbrook's trivial-http adding support for HTTPS using CL+SSL. License: MIT-style.

Note: The Drakma HTTP client library by Weitz supports HTTPS using CL+SSL. trivial-https will not be developed further; please use Drakma instead.

README

trivial-gray-streams

trivial-gray-streams provides an extremely thin compatibility layer for gray streams. License: MIT-style.

README