230 lines
7.3 KiB
HTML
230 lines
7.3 KiB
HTML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
|
<head>
|
|
<title>CL+SSL</title>
|
|
<link rel="stylesheet" type="text/css" href="index.css"/>
|
|
</head>
|
|
<body>
|
|
<h1>CL<em style="font-weight: normal">plus</em>SSL</h1>
|
|
|
|
<h3>Subprojects</h3>
|
|
<ul>
|
|
<li><a href="#cl+ssl">CL+SSL</a></li>
|
|
<li><a href="#trivial-https">trivial-https</a></li>
|
|
<li><a href="#trivial-gray-streams">trivial-gray-streams</a></li>
|
|
</ul>
|
|
|
|
<h3>News</h3>
|
|
<p>
|
|
2007-07-07: Improved clisp support, thanks
|
|
to <a
|
|
href="http://web.kepibu.org/code/lisp/cl+ssl/#faster-clisp">Pixel
|
|
// pinterface</a>.
|
|
</p>
|
|
<p>
|
|
2007-01-16: CL+SSL is now available under an MIT-style license.
|
|
</p>
|
|
|
|
<h3>Download</h3>
|
|
<p>
|
|
Anonymous CVS (<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/?cvsroot=cl-plus-ssl">browse</a>):
|
|
</p>
|
|
<pre>$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
|
|
$ cvs login
|
|
password: anonymous
|
|
$ cvs co cl+ssl
|
|
$ cvs co trivial-gray-streams
|
|
$ cvs co trivial-https</pre>
|
|
<p>
|
|
<a
|
|
href="http://common-lisp.net/project/cl-plus-ssl/download/">Tarballs</a>
|
|
are also available (but not always up-to-date).
|
|
</p>
|
|
<p>
|
|
Note that you need the <tt>libssl-dev</tt> package on Debian to
|
|
load this package without manual configuration.
|
|
</p>
|
|
|
|
<p>
|
|
Send bug reports to <a
|
|
href="mailto:cl-plus-ssl-devel@common-lisp.net">cl-plus-ssl-devel@common-lisp.net</a>
|
|
(<a
|
|
href="http://common-lisp.net/cgi-bin/mailman/listinfo/cl-plus-ssl-devel">list
|
|
information</a>).
|
|
</p>
|
|
|
|
<a name="cl+ssl">
|
|
<h2>CL+SSL</h2>
|
|
|
|
<p>A simple Common Lisp interface to OpenSSL.</p>
|
|
|
|
<h3>About</h3>
|
|
|
|
<p>
|
|
This library is a fork of <a
|
|
href="http://www.cliki.net/SSL-CMUCL">SSL-CMUCL</a>. The original
|
|
SSL-CMUCL source code was written by Eric Marsden and includes
|
|
contributions by Jochen Schmidt. License: MIT-style.
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
CL+SSL is portable code based on CFFI and gray streams.
|
|
</li>
|
|
<li>
|
|
It defines its own libssl BIO method, so that SSL I/O is
|
|
actually written over portable Lisp streams instead of bypassing
|
|
the streams and sending data over Unix file descriptors directly.
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
Comparison chart:
|
|
</p>
|
|
<table border="1" cellpadding="2" cellspacing="0">
|
|
<thead>
|
|
<tr>
|
|
<th></th>
|
|
<th><b>FFI</b></th>
|
|
<th><b>Streams</b></th>
|
|
<th><b>Lisp-BIO</b></th>
|
|
</tr>
|
|
</thead>
|
|
<tr>
|
|
<td>CL+SSL</td>
|
|
<td>CFFI</td>
|
|
<td>gray<sup>1</sup>, buffering output</td>
|
|
<td>yes</td>
|
|
</tr>
|
|
<tr>
|
|
<td>CL-SSL</td>
|
|
<td>UFFI</td>
|
|
<td>gray, buffering I/O [<em>part of ACL-COMPAT</em>]</td>
|
|
<td>no</td>
|
|
</tr>
|
|
<tr>
|
|
<td>SSL-CMUCL</td>
|
|
<td>CMUCL/ALIEN</td>
|
|
<td>CMUCL, non-buffering</td>
|
|
<td>no</td>
|
|
</tr>
|
|
</table>
|
|
<p>
|
|
<sup>1</sup> Character I/O and external formats in CL+SSL
|
|
are provided
|
|
using <a href="http://weitz.de/flexi-streams/">flexi-streams</a>.
|
|
</p>
|
|
|
|
<h3>API functions</h3>
|
|
<p>
|
|
<div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format)</div>
|
|
Return an SSL stream for the client socket <tt>stream</tt>.
|
|
All reads and writes to this SSL stream will be pushed through the
|
|
SSL connection can be closed using the standard <tt>close</tt> function.
|
|
</p>
|
|
<p>
|
|
If <tt>external-format</tt> is <tt>nil</tt> (the default), a plain
|
|
<tt>(unsigned-byte 8)</tt> SSL stream is returned. With a
|
|
non-null <tt>external-format</tt>, a flexi-stream capable of
|
|
character I/O will be returned instead, with the specified value
|
|
as its initial external format.
|
|
</p>
|
|
<p>
|
|
<div class="def">Function CL+SSL:MAKE-SSL-SERVER-STREAM (stream &key external-format certificate key)</div>
|
|
Return an SSL stream for the server socket <tt>stream</tt>. All
|
|
reads and writes to this server stream will be pushed through the
|
|
OpenSSL library. The SSL connection can be closed using the
|
|
standard <tt>close</tt> function.
|
|
<tt>certificate</tt> is the path to a file containing the PEM-encoded
|
|
certificate for your server. <tt>key</tt> is the path to the PEM-encoded
|
|
key for the server, which must not be associated with a
|
|
passphrase. See above for <tt>external-format</tt> handling.
|
|
</p>
|
|
<p>
|
|
<div class="def">Function CL+SSL:RELOAD ()</div>
|
|
Reload <tt>libssl</tt>. Call this function after restarting a Lisp
|
|
core with CL+SSL dumped into it on Lisp implementations that do
|
|
not reload shared libraries automatically.
|
|
</p>
|
|
|
|
<h3>Portability</h3>
|
|
<p>
|
|
CL+SSL requires CFFI with callback support.
|
|
</p>
|
|
<p>
|
|
Test results for Linux/x86, except OpenMCL which was tested on
|
|
Linux/PPC:
|
|
</p>
|
|
<table border="1" cellpadding="2" cellspacing="0">
|
|
<thead>
|
|
<tr>
|
|
<th><b>Lisp Implementation</b></th>
|
|
<th><b>Status</b></th>
|
|
<th><b>Comments</b></th>
|
|
</tr>
|
|
</thead>
|
|
<tr><td>OpenMCL</td><td class="working">Working</td></tr>
|
|
<tr><td>SBCL</td><td class="working">Working</td></tr>
|
|
<tr><td>CMU CL</td><td class="working">Working</td></tr>
|
|
<tr>
|
|
<td>CLISP</td>
|
|
<td class="incomplete">Working</td>
|
|
<td>Extremely slow?</td>
|
|
</tr>
|
|
<tr><td>LispWorks</td><td class="working">Working</td></tr>
|
|
<tr>
|
|
<td>Allegro</td>
|
|
<td class="broken">Broken</td>
|
|
<td>segfault</td>
|
|
</tr>
|
|
<tr><td>Corman CL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>Digitool MCL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>Scieneer CL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>ECL</td><td class="unknown">Unknown</td></tr>
|
|
<tr><td>GCL</td><td class="unknown">Unknown</td></tr>
|
|
</table>
|
|
|
|
<h3>TODO</h3>
|
|
<ul>
|
|
<li>Profile and optimize if needed. (CLISP?)</li>
|
|
<li>CNAME checking!</li>
|
|
</ul>
|
|
|
|
<a name="trivial-https">
|
|
<h2>trivial-https</h2>
|
|
|
|
<p>
|
|
trivial-https is a fork of Brian
|
|
Mastenbrook's <a
|
|
href="http://www.cliki.net/trivial-http">trivial-http</a> adding
|
|
support for HTTPS using CL+SSL. License: MIT-style.
|
|
</p>
|
|
|
|
<p>
|
|
<b>
|
|
Note: The <a href="http://weitz.de/drakma/">Drakma</a> HTTP
|
|
client library by Weitz supports HTTPS using CL+SSL.
|
|
trivial-https will not be developed further; please use Drakma
|
|
instead.
|
|
</b>
|
|
</p>
|
|
|
|
<p>
|
|
<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-https/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
|
|
</p>
|
|
|
|
<a name="trivial-gray-streams">
|
|
<h2>trivial-gray-streams</h2>
|
|
|
|
<p>
|
|
trivial-gray-streams provides an extremely thin compatibility
|
|
layer for gray streams. License: MIT-style.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-gray-streams/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
|
|
</p>
|
|
</body>
|
|
</html>
|