cl-plus-ssl/index.html

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  <head>
    <title>CL+SSL</title>
    <link rel="stylesheet" type="text/css" href="index.css"/>
  </head>
  <body>
    <h1>CL<em style="font-weight: normal">plus</em>SSL</h1>

    <h3>Subprojects</h3>
    <ul>
      <li><a href="#cl+ssl">CL+SSL</a></li>
      <li><a href="#trivial-https">trivial-https</a></li>
      <li><a href="#trivial-gray-streams">trivial-gray-streams</a></li>
    </ul>

    <h3>News</h3>
    <p>
      2007-07-07: Improved clisp support, thanks
      to <a
      href="http://web.kepibu.org/code/lisp/cl+ssl/#faster-clisp">Pixel
      // pinterface</a>.
    </p>
    <p>
      2007-01-16: CL+SSL is now available under an MIT-style license.
    </p>

    <h3>Download</h3>
    <p>
      Anonymous CVS (<a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/?cvsroot=cl-plus-ssl">browse</a>):
    </p>
    <pre>$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
$ cvs login
password: anonymous
$ cvs co cl+ssl
$ cvs co trivial-gray-streams
$ cvs co trivial-https</pre>
    <p>
      <a
      href="http://common-lisp.net/project/cl-plus-ssl/download/">Tarballs</a>
      are also available (but not always up-to-date).
    </p>
    <p>
      Note that you need the <tt>libssl-dev</tt> package on Debian to
      load this package without manual configuration.
    </p>

    <p>
      Send bug reports to <a
      href="mailto:cl-plus-ssl-devel@common-lisp.net">cl-plus-ssl-devel@common-lisp.net</a>
      (<a
      href="http://common-lisp.net/cgi-bin/mailman/listinfo/cl-plus-ssl-devel">list
      information</a>).
    </p>

    <a name="cl+ssl">
    <h2>CL+SSL</h2>

    <p>A simple Common Lisp interface to OpenSSL.</p>

    <h3>About</h3>

    <p>
      This library is a fork of <a
      href="http://www.cliki.net/SSL-CMUCL">SSL-CMUCL</a>.  The original
      SSL-CMUCL source code was written by Eric Marsden and includes
      contributions by Jochen Schmidt.  License: MIT-style.
    </p>

    <ul>
      <li>
        CL+SSL is portable code based on CFFI and gray streams.
      </li>
      <li>
        It defines its own libssl BIO method, so that SSL I/O is
        actually written over portable Lisp streams instead of bypassing
	the streams and sending data over Unix file descriptors directly.
      </li>
    </ul>

    <p>
      Comparison chart:
    </p>
    <table border="1" cellpadding="2" cellspacing="0">
      <thead>
        <tr>
          <th></th>
          <th><b>FFI</b></th>
          <th><b>Streams</b></th>
          <th><b>Lisp-BIO</b></th>
        </tr>
      </thead>
      <tr>
        <td>CL+SSL</td>
        <td>CFFI</td>
        <td>gray<sup>1</sup>, buffering output</td>
        <td>yes</td>
      </tr>
      <tr>
        <td>CL-SSL</td>
        <td>UFFI</td>
        <td>gray, buffering I/O [<em>part of ACL-COMPAT</em>]</td>
        <td>no</td>
      </tr>
      <tr>
        <td>SSL-CMUCL</td>
        <td>CMUCL/ALIEN</td>
        <td>CMUCL, non-buffering</td>
        <td>no</td>
      </tr>
    </table>
    <p>
      <sup>1</sup>&nbsp;Character I/O and external formats in CL+SSL
      are provided
      using <a href="http://weitz.de/flexi-streams/">flexi-streams</a>.
    </p>

    <h3>API functions</h3>
    <p>
      <div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format)</div>
      Return an SSL stream for the client socket <tt>stream</tt>.
      All reads and writes to this SSL stream will be pushed through the
      SSL connection can be closed using the standard <tt>close</tt> function.
    </p>
    <p>
      If <tt>external-format</tt> is <tt>nil</tt> (the default), a plain
      <tt>(unsigned-byte 8)</tt> SSL stream is returned.  With a
      non-null <tt>external-format</tt>, a flexi-stream capable of
      character I/O will be returned instead, with the specified value
      as its initial external format.
    </p>
    <p>
      <div class="def">Function CL+SSL:MAKE-SSL-SERVER-STREAM (stream &key external-format certificate key)</div>
      Return an SSL stream for the server socket <tt>stream</tt>.  All
      reads and writes to this server stream will be pushed through the
      OpenSSL library. The SSL connection can be closed using the
      standard <tt>close</tt> function.
      <tt>certificate</tt> is the path to a file containing the PEM-encoded
      certificate for your server. <tt>key</tt> is the path to the PEM-encoded
      key for the server, which must not be associated with a
      passphrase.  See above for <tt>external-format</tt> handling.
    </p>
    <p>
      <div class="def">Function CL+SSL:RELOAD ()</div>
      Reload <tt>libssl</tt>.  Call this function after restarting a Lisp
      core with CL+SSL dumped into it on Lisp implementations that do
      not reload shared libraries automatically.
    </p>

    <h3>Portability</h3>
    <p>
      CL+SSL requires CFFI with callback support.
    </p>
    <p>
      Test results for Linux/x86, except OpenMCL which was tested on
      Linux/PPC:
    </p>
    <table border="1" cellpadding="2" cellspacing="0">
      <thead>
        <tr>
          <th><b>Lisp Implementation</b></th>
          <th><b>Status</b></th>
          <th><b>Comments</b></th>
        </tr>
      </thead>
      <tr><td>OpenMCL</td><td class="working">Working</td></tr>
      <tr><td>SBCL</td><td class="working">Working</td></tr>
      <tr><td>CMU CL</td><td class="working">Working</td></tr>
      <tr>
        <td>CLISP</td>
        <td class="incomplete">Working</td>
        <td>Extremely slow?</td>
      </tr>
      <tr><td>LispWorks</td><td class="working">Working</td></tr>
      <tr>
        <td>Allegro</td>
        <td class="broken">Broken</td>
        <td>segfault</td>
      </tr>
      <tr><td>Corman CL</td><td class="unknown">Unknown</td></tr>
      <tr><td>Digitool MCL</td><td class="unknown">Unknown</td></tr>
      <tr><td>Scieneer CL</td><td class="unknown">Unknown</td></tr>
      <tr><td>ECL</td><td class="unknown">Unknown</td></tr>
      <tr><td>GCL</td><td class="unknown">Unknown</td></tr>
    </table>

    <h3>TODO</h3>
    <ul>
      <li>Profile and optimize if needed. (CLISP?)</li>
      <li>CNAME checking!</li>
    </ul>

    <a name="trivial-https">
    <h2>trivial-https</h2>

    <p>
      trivial-https is a fork of Brian
      Mastenbrook's <a
      href="http://www.cliki.net/trivial-http">trivial-http</a> adding
      support for HTTPS using CL+SSL.  License: MIT-style.
    </p>

    <p>
      <b>
	Note: The <a href="http://weitz.de/drakma/">Drakma</a> HTTP
	client library by Weitz supports HTTPS using CL+SSL.
	trivial-https will not be developed further; please use Drakma
	instead.
      </b>
    </p>

    <p>
      <a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-https/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
    </p>

    <a name="trivial-gray-streams">
    <h2>trivial-gray-streams</h2>

    <p>
      trivial-gray-streams provides an extremely thin compatibility
      layer for gray streams.  License: MIT-style.
    </p>

    <p>
      <a href="http://common-lisp.net/cgi-bin/viewcvs.cgi/*checkout*/trivial-gray-streams/README?rev=HEAD&cvsroot=cl-plus-ssl&content-type=text/plain">README</a>
    </p>
  </body>
</html>