[cl-plus-ssl-cvs] CVS cl+ssl

Sat Jul 7 15:26:13 UTC 2007

Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory clnet:/tmp/cvs-serv3573

Modified Files:
	index.html streams.lisp 
Log Message:
client cert support by pixel

--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html	2007/07/07 15:25:09	1.9
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html	2007/07/07 15:26:13	1.10
@@ -19,8 +19,8 @@
     <p>
       2007-07-07: Improved clisp support, thanks
       to <a
-      href="http://web.kepibu.org/code/lisp/cl+ssl/#faster-clisp">Pixel
-      // pinterface</a>.
+      href="http://web.kepibu.org/code/lisp/cl+ssl/">Pixel
+      // pinterface</a>, as well as client certificate support.
     </p>
     <p>
       2007-01-16: CL+SSL is now available under an MIT-style license.
@@ -118,10 +118,13 @@
 
     <h3>API functions</h3>
     <p>
-      <div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format)</div>
+      <div class="def">Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format certificate key)</div>
       Return an SSL stream for the client socket <tt>stream</tt>.
       All reads and writes to this SSL stream will be pushed through the
       SSL connection can be closed using the standard <tt>close</tt> function.
+      <tt>certificate</tt> is the path to a file containing the PEM-encoded
+      certificate for your client. <tt>key</tt> is the path to the PEM-encoded
+      key for the client, which must not be associated with a passphrase.
     </p>
     <p>
       If <tt>external-format</tt> is <tt>nil</tt> (the default), a plain
--- /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp	2007/07/07 15:25:09	1.6
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp	2007/07/07 15:26:13	1.7
@@ -151,14 +151,28 @@
 ;;; interface functions
 ;;;
 (defun make-ssl-client-stream
-    (socket &key (method 'ssl-v23-method) external-format)
-  "Returns an SSL stream for the client socket descriptor SOCKET."
+    (socket &key certificate key (method 'ssl-v23-method) external-format)
+  "Returns an SSL stream for the client socket descriptor SOCKET.
+CERTIFICATE is the path to a file containing the PEM-encoded certificate for
+ your client. KEY is the path to the PEM-encoded key for the client, which
+must not be associated with a passphrase."
   (ensure-initialized method)
   (let ((stream (make-instance 'ssl-stream :socket socket))
         (handle (ssl-new *ssl-global-context*)))
     (setf (ssl-stream-handle stream) handle)
     (ssl-set-bio handle (bio-new-lisp) (bio-new-lisp))
     (ssl-set-connect-state handle)
+    (when key
+      (unless (eql 1 (ssl-use-rsa-privatekey-file handle
+						  key
+						  +ssl-filetype-pem+))
+        (error 'ssl-error-initialize :reason "Can't load RSA private key ~A")))
+    (when certificate
+      (unless (eql 1 (ssl-use-certificate-file handle
+					       certificate
+					       +ssl-filetype-pem+))
+        (error 'ssl-error-initialize
+	       :reason "Can't load certificate ~A" certificate)))
     (ensure-ssl-funcall socket handle #'ssl-connect 0.25 handle)
     (if external-format
         (flexi-streams:make-flexi-stream stream


