CLplusSSL

Subprojects

CL+SSL
trivial-https
trivial-gray-streams

Download

$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
$ cvs login
password: anonymous
$ cvs co cl+ssl
$ cvs co trivial-gray-streams
$ cvs co trivial-https

Note that you need the libssl-dev package on Debian to load this package without manual configuration.

Send bug reports to cl-plus-ssl-devel@common-lisp.net (list information) or David Lichteblau.

CL+SSL

A simple Common Lisp interface to OpenSSL.

About

This library is a fork of SSL-CMUCL. The original SSL-CMUCL source code was written by Eric Marsden and includes contributions by Jochen Schmidt. License: LGPL.

CL+SSL is portable code based on CFFI and gray streams.
It defines its own libssl BIO method, so that SSL I/O is actually written over portable Lisp streams instead of bypassing the streams and sending data over Unix file descriptors directly.

Comparison chart:

	FFI	Streams	Lisp-BIO
CL+SSL	CFFI	gray, non-buffering	yes
CL-SSL	UFFI	gray, buffering [part of ACL-COMPAT]	no
SSL-CMUCL	CMUCL/ALIEN	CMUCL, non-buffering	no

API functions

Variable CL+SSL-SYSTEM:*LIBSSL-PATHNAME*

Full pathname of the SSL library. Defaults to /usr/lib/libssl.so. If the default is not correct for your system, set this variable between loading the .asd file and load-op'ing the system.

Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream)

Return an SSL stream for the client socket stream. All reads and writes to this SSL stream will be pushed through the SSL connection can be closed using the standard close function.

Function CL+SSL:MAKE-SSL-SERVER-STREAM (stream &key certificate key)

Return an SSL stream for the server socket stream. All reads and writes to this server stream will be pushed through the OpenSSL library. The SSL connection can be closed using the standard close function.

certificate is the path to a file containing the PEM-encoded certificate for your server. key is the path to the PEM-encoded key for the server, which must not be associated with a passphrase.

Portability

CL+SSL requires CFFI with callback support.

Test results for Linux/x86, except OpenMCL which was tested on Linux/PPC:

Lisp Implementation	Status	Comments
OpenMCL	Working
SBCL	Working
CMU CL	Working
CLISP	Working	Extremely slow?
LispWorks	Working
Allegro	Broken	segfault
Corman CL	Unknown
Digitool MCL	Unknown
Scieneer CL	Unknown
ECL	Unknown
GCL	Unknown

TODO

Profile and optimize if needed. (CLISP?)
Implement remaining gray streams methods.
Add external format support on Unicode-capable Lisps.

Maybe

Add buffering to gray streams layer?
Add simple-streams layer instead of gray streams?

trivial-https

trivial-https is a fork of Brian Mastenbrook's trivial-http adding support for HTTPS using CL+SSL.

README

trivial-gray-streams

trivial-gray-streams provides an extremely thin compatibility layer for gray streams.

README