1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>CL+SSL</title>
<link rel="stylesheet" type="text/css" href="index.css"/>
</head>
<body>
<h1>CL<em style="font-weight: normal">plus</em>SSL</h1>
<h3>Subprojects</h3>
<ul>
<li><a href="#cl+ssl">CL+SSL</a></li>
<li><a href="#trivial-https">trivial-https</a></li>
<li><a href="#trivial-gray-streams">trivial-gray-streams</a></li>
</ul>
<h3>News</h3>
<p>
2007-xx-yy
</p>
<ul>
<li>
Fixed windows support, thanks to Matthew Kennedy and Vodonosov Anton.
</li>
</ul>
<p>
2007-07-07
</p>
<ul>
<li>
Improved clisp support, thanks
to <a
href="http://web.kepibu.org/code/lisp/cl+ssl/">Pixel
// pinterface</a>, as well as client certificate support.
</li>
<li>
Re-introduced support for direct access to file descriptors as
an optimization. New function <tt>stream-fd</tt>. New keyword
argument <tt>close-callback</tt>.
</li>
</ul>
<p>
2007-01-16: CL+SSL is now available under an MIT-style license.
</p>
<h3>Download</h3>
<p>
Anonymous CVS (<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/?cvsroot=cl-plus-ssl">browse</a>):
</p>
<pre>$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
$ cvs login
password: anonymous
$ cvs co cl+ssl
$ cvs co trivial-gray-streams
$ cvs co trivial-https</pre>
<p>
<a
href="http://common-lisp.net/project/cl-plus-ssl/download/">Tarballs</a>
are also available (but not always up-to-date).
</p>
<p>
Note that you need the <tt>libssl-dev</tt> package on Debian to
load this package without manual configuration.
</p>
<p>
Send bug reports to <a
href="mailto:cl-plus-ssl-devel@common-lisp.net">cl-plus-ssl-devel@common-lisp.net</a>
(<a
href="http://common-lisp.net/cgi-bin/mailman/listinfo/cl-plus-ssl-devel">list
information</a>).
</p>
<a name="cl+ssl">
<h2>CL+SSL</h2>
<p>A simple Common Lisp interface to OpenSSL.</p>
<h3>About</h3>
<p>
This library is a fork of <a
href="http://www.cliki.net/SSL-CMUCL">SSL-CMUCL</a>. The original
SSL-CMUCL source code was written by Eric Marsden and includes
contributions by Jochen Schmidt. License: MIT-style.
</p>
<ul>
<li>
CL+SSL is portable code based on CFFI and gray streams.
</li>
<li>
It defines its own libssl BIO method, so that SSL I/O is
actually written over portable Lisp streams instead of bypassing
the streams and sending data over Unix file descriptors directly.
</li>
</ul>
<p>
Comparison chart:
</p>
<table border="1" cellpadding="2" cellspacing="0">
<thead>
<tr>
<th></th>
<th><b>FFI</b></th>
<th><b>Streams</b></th>
<th><b>Lisp-BIO</b></th>
</tr>
</thead>
<tr>
<td>CL+SSL</td>
<td>CFFI</td>
<td>gray<sup>1</sup>, buffering output</td>
<td>yes</td>
</tr>
<tr>
<td>CL-SSL</td>
<td>UFFI</td>
<td>gray, buffering I/O [<em>part of ACL-COMPAT</em>]</td>
<td>no</td>
</tr>
<tr>
<td>SSL-CMUCL</td>
<td>CMUCL/ALIEN</td>
<td>CMUCL, non-buffering</td>
<td>no</td>
</tr>
</table>
<p>
<sup>1</sup> Character I/O and external formats in CL+SSL
are provided
using <a href="http://weitz.de/flexi-streams/">flexi-streams</a>.
</p>
<h3>API functions</h3>
<p>
<div class="def">Function CL+SSL:STREAM-FD (stream)</div>
Return <tt>stream</tt>'s file descriptor as an integer, if
known. Otherwise return <tt>stream</tt> itself.
</p>
<p>
Pass the
return value of this function to <tt>make-ssl-client-stream</tt>
or <tt>make-ssl-servre-stream</tt>, which are faster when
accessing file descriptors directly.
</p>
<p>
<div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (fd-or-stream &key external-format certificate key close-callback)</div>
Return an SSL stream for the client socket <tt>fd-or-stream</tt>.
All reads and writes to this SSL stream will be pushed through the
SSL connection.
</p>
<p>
If <tt>fd-or-stream</tt> is a lisp stream, it can
the SSL stream will close it automatically. File descriptors are
not closed automatically. However, if <tt>close-callback</tt> is
non-nil, it will be called with zero arguments when the SSL stream
is closed.
<tt>certificate</tt> is the path to a file containing the PEM-encoded
certificate for your client. <tt>key</tt> is the path to the PEM-encoded
key for the client, which must not be associated with a passphrase.
</p>
<p>
If <tt>external-format</tt> is <tt>nil</tt> (the default), a plain
<tt>(unsigned-byte 8)</tt> SSL stream is returned. With a
non-null <tt>external-format</tt>, a flexi-stream capable of
character I/O will be returned instead, with the specified value
as its initial external format.
</p>
<p>
<div class="def">Function CL+SSL:MAKE-SSL-SERVER-STREAM (fd-or-stream &key external-format certificate key close-callback)</div>
Return an SSL stream for the server socket <tt>fd-or-stream</tt>. All
reads and writes to this server stream will be pushed through the
OpenSSL library.
</p>
<p>
If <tt>fd-or-stream</tt> is a lisp stream, it can
the SSL stream will close it automatically. File descriptors are
not closed automatically. However, if <tt>close-callback</tt> is
non-nil, it will be called with zero arguments when the SSL stream
is closed.
<tt>certificate</tt> is the path to a file containing the PEM-encoded
certificate for your server. <tt>key</tt> is the path to the PEM-encoded
key for the server, which must not be associated with a
passphrase. See above for <tt>external-format</tt> handling.
</p>
<p>
<div class="def">Function CL+SSL:RELOAD ()</div>
Reload <tt>libssl</tt>. Call this function after restarting a Lisp
core with CL+SSL dumped into it on Lisp implementations that do
not reload shared libraries automatically.
</p>
<h3>Portability</h3>
<p>
CL+SSL requires CFFI with callback support.
</p>
<p>
Test results for Linux/x86, except OpenMCL which was tested on
Linux/PPC:
</p>
<table border="1" cellpadding="2" cellspacing="0">
<thead>
<tr>
<th><b>Lisp Implementation</b></th>
<th><b>Status</b></th>
<th><b>Comments</b></th>
</tr>
</thead>
<tr><td>OpenMCL</td><td class="working">Working</td></tr>
<tr><td>SBCL</td><td class="working">Working</td></tr>
<tr><td>CMU CL</td><td class="working">Working</td></tr>
<tr><td>CLISP</td><td class="working">Working</td></tr>
<tr><td>LispWorks</td><td class="working">Working</td></tr>
<tr>
<td>Allegro</td>
<td class="broken">Broken</td>
<td>segfault</td>
</tr>
<tr><td>Corman CL</td><td class="unknown">Unknown</td></tr>
<tr><td>Digitool MCL</td><td class="unknown">Unknown</td></tr>
<tr><td>Scieneer CL</td><td class="unknown">Unknown</td></tr>
<tr><td>ECL</td><td class="unknown">Unknown</td></tr>
<tr><td>GCL</td><td class="unknown">Unknown</td></tr>
</table>
<h3>TODO</h3>
<ul>
<li>CNAME checking!</li>
</ul>
<a name="trivial-https">
<h2>trivial-https</h2>
<p>
trivial-https is a fork of Brian
Mastenbrook's <a
href="http://www.cliki.net/trivial-http">trivial-http</a> adding
support for HTTPS using CL+SSL. License: MIT-style.
</p>
<p>
<b>
Note: The <a href="http://weitz.de/drakma/">Drakma</a> HTTP
client library by Weitz supports HTTPS using CL+SSL.
trivial-https will not be developed further; please use Drakma
instead.
</b>
</p>
<p>
<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-https/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
</p>
<a name="trivial-gray-streams">
<h2>trivial-gray-streams</h2>
<p>
trivial-gray-streams provides an extremely thin compatibility
layer for gray streams. License: MIT-style.
</p>
<p>
<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-gray-streams/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
</p>
</body>
</html>
|
