200 lines
6.0 KiB
HTML
200 lines
6.0 KiB
HTML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
|
<head>
|
|
<title>CL+SSL</title>
|
|
<link rel="stylesheet" type="text/css" href="index.css"/>
|
|
</head>
|
|
<body>
|
|
<h1>CL<em style="font-weight: normal">plus</em>SSL</h1>
|
|
|
|
<h3>Subprojects</h3>
|
|
<ul>
|
|
<li><a href="#cl+ssl">CL+SSL</a></li>
|
|
<li><a href="#trivial-https">trivial-https</a></li>
|
|
<li><a href="#trivial-gray-streams">trivial-gray-streams</a></li>
|
|
</ul>
|
|
|
|
<h3>Download</h3>
|
|
<pre>$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
|
|
$ cvs login
|
|
password: anonymous
|
|
$ cvs co cl+ssl
|
|
$ cvs co trivial-gray-streams
|
|
$ cvs co trivial-https</pre>
|
|
<p>
|
|
Note that you need the <tt>libssl-dev</tt> package on Debian to
|
|
load this package without manual configuration.
|
|
</p>
|
|
|
|
<p>
|
|
Send bug reports to <a
|
|
href="mailto:cl-plus-ssl-devel@common-lisp.net">cl-plus-ssl-devel@common-lisp.net</a>
|
|
(<a
|
|
href="http://common-lisp.net/cgi-bin/mailman/listinfo/cl-plus-ssl-devel">list
|
|
information</a>)
|
|
or <a href="mailto:david@lichteblau.com">David Lichteblau</a>.
|
|
</p>
|
|
|
|
<a name="cl+ssl">
|
|
<h2>CL+SSL</h2>
|
|
|
|
<p>A simple Common Lisp interface to OpenSSL.</p>
|
|
|
|
<h3>About</h3>
|
|
|
|
<p>
|
|
This library is a fork of <a
|
|
href="http://www.cliki.net/SSL-CMUCL">SSL-CMUCL</a>. The original
|
|
SSL-CMUCL source code was written by Eric Marsden and includes
|
|
contributions by Jochen Schmidt. License: LGPL.
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
CL+SSL is portable code based on CFFI and gray streams.
|
|
</li>
|
|
<li>
|
|
It defines its own libssl BIO method, so that SSL I/O is
|
|
actually written over portable Lisp streams instead of bypassing
|
|
the streams and sending data over Unix file descriptors directly.
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
Comparison chart:
|
|
</p>
|
|
<table border="1" cellpadding="2" cellspacing="0">
|
|
<thead>
|
|
<tr>
|
|
<th></th>
|
|
<th><b>FFI</b></th>
|
|
<th><b>Streams</b></th>
|
|
<th><b>Lisp-BIO</b></th>
|
|
</tr>
|
|
</thead>
|
|
<tr>
|
|
<td>CL+SSL</td>
|
|
<td>CFFI</td>
|
|
<td>gray, non-buffering</td>
|
|
<td>yes</td>
|
|
</tr>
|
|
<tr>
|
|
<td>CL-SSL</td>
|
|
<td>UFFI</td>
|
|
<td>gray, buffering [<em>part of ACL-COMPAT</em>]</td>
|
|
<td>no</td>
|
|
</tr>
|
|
<tr>
|
|
<td>SSL-CMUCL</td>
|
|
<td>CMUCL/ALIEN</td>
|
|
<td>CMUCL, non-buffering</td>
|
|
<td>no</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<h3>API functions</h3>
|
|
<p>
|
|
<div class="def">Variable CL+SSL-SYSTEM:*LIBSSL-PATHNAME*</div>
|
|
Full pathname of the SSL library. Defaults
|
|
to <tt>/usr/lib/libssl.so</tt>. If the default is not correct for
|
|
your system, set this variable between loading the .asd file and
|
|
load-op'ing the system.
|
|
</p>
|
|
<p>
|
|
<div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream)</div>
|
|
Return an SSL stream for the client socket <tt>stream</tt>.
|
|
All reads and writes to this SSL stream will be pushed through the
|
|
SSL connection can be closed using the standard <tt>close</tt> function.
|
|
</p>
|
|
<p>
|
|
<div class="def">Function CL+SSL:MAKE-SSL-SERVER-STREAM (stream &key certificate key)</div>
|
|
Return an SSL stream for the server socket <tt>stream</tt>. All
|
|
reads and writes to this server stream will be pushed through the
|
|
OpenSSL library. The SSL connection can be closed using the
|
|
standard <tt>close</tt> function.
|
|
</p>
|
|
<p>
|
|
<tt>certificate</tt> is the path to a file containing the PEM-encoded
|
|
certificate for your server. <tt>key</tt> is the path to the PEM-encoded
|
|
key for the server, which must not be associated with a
|
|
passphrase.
|
|
</p>
|
|
|
|
<h3>Portability</h3>
|
|
<p>
|
|
CL+SSL requires CFFI with callback support.
|
|
</p>
|
|
<p>
|
|
Test results for Linux/x86, except OpenMCL which was tested on
|
|
Linux/PPC:
|
|
</p>
|
|
<table border="1" cellpadding="2" cellspacing="0">
|
|
<thead>
|
|
<tr>
|
|
<th><b>Lisp Implementation</b></th>
|
|
<th><b>Status</b></th>
|
|
<th><b>Comments</b></th>
|
|
</tr>
|
|
</thead>
|
|
<tr><td>OpenMCL</td><td class="working">Working</td></tr>
|
|
<tr><td>SBCL</td><td class="working">Working</td></tr>
|
|
<tr><td>CMU CL</td><td class="working">Working</td></tr>
|
|
<tr>
|
|
<td>CLISP</td>
|
|
<td class="incomplete">Working</td>
|
|
<td>Extremely slow?</td>
|
|
</tr>
|
|
<tr><td>LispWorks</td><td class="working">Working</td></tr>
|
|
<tr>
|
|
<td>Allegro</td>
|
|
<td class="broken">Broken</td>
|
|
<td>segfault</td>
|
|
</tr>
|
|
<tr><td>Corman CL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>Digitool MCL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>Scieneer CL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>ECL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>GCL</td><td class="unknown">Unknown</td></tr>
|
|
</table>
|
|
|
|
<h3>TODO</h3>
|
|
<ul>
|
|
<li>Profile and optimize if needed. (CLISP?)</li>
|
|
<li>Implement remaining gray streams methods.</li>
|
|
<li>Add external format support on Unicode-capable Lisps.</li>
|
|
</ul>
|
|
<h3>Maybe</h3>
|
|
<ul>
|
|
<li>Add buffering to gray streams layer?</li>
|
|
<li>Add simple-streams layer instead of gray streams?</li>
|
|
</ul>
|
|
|
|
<a name="trivial-https">
|
|
<h2>trivial-https</h2>
|
|
|
|
<p>
|
|
trivial-https is a fork of Brian
|
|
Mastenbrook's <a
|
|
href="http://www.cliki.net/trivial-http">trivial-http</a> adding
|
|
support for HTTPS using CL+SSL.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="">README</a>
|
|
</p>
|
|
|
|
<a name="trivial-gray-streams">
|
|
<h2>trivial-gray-streams</h2>
|
|
|
|
<p>
|
|
trivial-gray-streams provides an extremely thin compatibility
|
|
layer for gray streams.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="">README</a>
|
|
</p>
|
|
</body>
|
|
</html>
|