client cert support by pixel
parent
78eea24562
commit
3a54386160
|
@ -19,8 +19,8 @@
|
|||
<p>
|
||||
2007-07-07: Improved clisp support, thanks
|
||||
to <a
|
||||
href="http://web.kepibu.org/code/lisp/cl+ssl/#faster-clisp">Pixel
|
||||
// pinterface</a>.
|
||||
href="http://web.kepibu.org/code/lisp/cl+ssl/">Pixel
|
||||
// pinterface</a>, as well as client certificate support.
|
||||
</p>
|
||||
<p>
|
||||
2007-01-16: CL+SSL is now available under an MIT-style license.
|
||||
|
@ -118,10 +118,13 @@ $ cvs co trivial-https</pre>
|
|||
|
||||
<h3>API functions</h3>
|
||||
<p>
|
||||
<div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format)</div>
|
||||
<div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format certificate key)</div>
|
||||
Return an SSL stream for the client socket <tt>stream</tt>.
|
||||
All reads and writes to this SSL stream will be pushed through the
|
||||
SSL connection can be closed using the standard <tt>close</tt> function.
|
||||
<tt>certificate</tt> is the path to a file containing the PEM-encoded
|
||||
certificate for your client. <tt>key</tt> is the path to the PEM-encoded
|
||||
key for the client, which must not be associated with a passphrase.
|
||||
</p>
|
||||
<p>
|
||||
If <tt>external-format</tt> is <tt>nil</tt> (the default), a plain
|
||||
|
|
18
streams.lisp
18
streams.lisp
|
@ -151,14 +151,28 @@
|
|||
;;; interface functions
|
||||
;;;
|
||||
(defun make-ssl-client-stream
|
||||
(socket &key (method 'ssl-v23-method) external-format)
|
||||
"Returns an SSL stream for the client socket descriptor SOCKET."
|
||||
(socket &key certificate key (method 'ssl-v23-method) external-format)
|
||||
"Returns an SSL stream for the client socket descriptor SOCKET.
|
||||
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
|
||||
your client. KEY is the path to the PEM-encoded key for the client, which
|
||||
must not be associated with a passphrase."
|
||||
(ensure-initialized method)
|
||||
(let ((stream (make-instance 'ssl-stream :socket socket))
|
||||
(handle (ssl-new *ssl-global-context*)))
|
||||
(setf (ssl-stream-handle stream) handle)
|
||||
(ssl-set-bio handle (bio-new-lisp) (bio-new-lisp))
|
||||
(ssl-set-connect-state handle)
|
||||
(when key
|
||||
(unless (eql 1 (ssl-use-rsa-privatekey-file handle
|
||||
key
|
||||
+ssl-filetype-pem+))
|
||||
(error 'ssl-error-initialize :reason "Can't load RSA private key ~A")))
|
||||
(when certificate
|
||||
(unless (eql 1 (ssl-use-certificate-file handle
|
||||
certificate
|
||||
+ssl-filetype-pem+))
|
||||
(error 'ssl-error-initialize
|
||||
:reason "Can't load certificate ~A" certificate)))
|
||||
(ensure-ssl-funcall socket handle #'ssl-connect 0.25 handle)
|
||||
(if external-format
|
||||
(flexi-streams:make-flexi-stream stream
|
||||
|
|
Loading…
Reference in New Issue