Basic SNI support.
parent
d049bfe59e
commit
ccc9d6c89e
12
ffi.lisp
12
ffi.lisp
|
@ -253,6 +253,18 @@
|
|||
:int
|
||||
(ctx :pointer))
|
||||
|
||||
(cffi:defcenum tlsext-arg
|
||||
(:nametype-hostname 0))
|
||||
(cffi:defcenum tlsext-cmd
|
||||
(:set-tlsext-hostname 55))
|
||||
|
||||
(cffi:defcfun ("SSL_ctrl" ssl-ctrl)
|
||||
:long
|
||||
(ssl ssl-pointer)
|
||||
(cmd tlsext-cmd)
|
||||
(arg :int)
|
||||
(parg :pointer))
|
||||
|
||||
;;; Funcall wrapper
|
||||
;;;
|
||||
(defvar *socket*)
|
||||
|
|
11
streams.lisp
11
streams.lisp
|
@ -312,10 +312,17 @@ After RELOAD, you need to call this again."
|
|||
(flexi-streams:make-flexi-stream stream :external-format ef)
|
||||
stream))
|
||||
|
||||
(defun ssl-set-tlsext-hostname (stream hostname)
|
||||
(ssl-ctrl stream
|
||||
:set-tlsext-hostname
|
||||
(cffi:foreign-enum-value 'tlsext-arg :nametype-hostname)
|
||||
(cffi:convert-to-foreign hostname :string)))
|
||||
|
||||
|
||||
;; fixme: free the context when errors happen in this function
|
||||
(defun make-ssl-client-stream
|
||||
(socket &key certificate key password (method 'ssl-v23-method) external-format
|
||||
close-callback (unwrap-stream-p t))
|
||||
close-callback hostname (unwrap-stream-p t))
|
||||
"Returns an SSL stream for the client socket descriptor SOCKET.
|
||||
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
|
||||
your client. KEY is the path to the PEM-encoded key for the client, which
|
||||
|
@ -325,6 +332,8 @@ may be associated with the passphrase PASSWORD."
|
|||
:socket socket
|
||||
:close-callback close-callback))
|
||||
(handle (ssl-new *ssl-global-context*)))
|
||||
(when hostname
|
||||
(ssl-set-tlsext-hostname handle hostname))
|
||||
(setf socket (install-handle-and-bio stream handle socket unwrap-stream-p))
|
||||
(ssl-set-connect-state handle)
|
||||
(with-pem-password (password)
|
||||
|
|
Loading…
Reference in New Issue