$ cvs -d :pserver:anonymous:anonymous at common-lisp.net:/project/cl-plus-ssl/cvsroot cl+ssl
+
$ cvs -z3 -d :pserver:anonymous:anonymous at common-lisp.net:/project/cl-plus-ssl/cvsroot co cl+ssl
Tarballs
From avodonosov at common-lisp.net Sat Nov 1 05:15:28 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Sat, 01 Nov 2008 05:15:28 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv13378
Modified Files:
index.html
Log Message:
mark ECL as working in the docs
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/01 05:13:53 1.16
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/01 05:15:27 1.17
@@ -166,6 +166,7 @@
CMU CL
Working
CLISP
Working
LispWorks
Working
+
ECL
Working
Allegro
Broken
@@ -174,7 +175,6 @@
Corman CL
Unknown
Digitool MCL
Unknown
Scieneer CL
Unknown
-
ECL
Unknown
GCL
Unknown
From avodonosov at common-lisp.net Sat Nov 1 05:18:43 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Sat, 01 Nov 2008 05:18:43 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv13658
Modified Files:
index.html
Log Message:
rollback previous change (marking ECL as supported in the docs)
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/01 05:15:27 1.17
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/01 05:18:43 1.18
@@ -166,7 +166,6 @@
CMU CL
Working
CLISP
Working
LispWorks
Working
-
ECL
Working
Allegro
Broken
@@ -175,6 +174,7 @@
Corman CL
Unknown
Digitool MCL
Unknown
Scieneer CL
Unknown
+
ECL
Unknown
GCL
Unknown
From avodonosov at common-lisp.net Mon Nov 3 09:21:16 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 09:21:16 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv2656
Modified Files:
package.lisp
Log Message:
formatting fix
--- /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2007/07/07 16:26:11 1.3
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2008/11/03 09:21:16 1.4
@@ -10,6 +10,6 @@
(:use :common-lisp :trivial-gray-streams)
(:export #:ensure-initialized
#:reload
- #:stream-fd
- #:make-ssl-client-stream
+ #:stream-fd
+ #:make-ssl-client-stream
#:make-ssl-server-stream))
From avodonosov at common-lisp.net Mon Nov 3 09:25:39 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 09:25:39 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv3108
Modified Files:
ffi.lisp index.html streams.lisp
Log Message:
Support for encrypted keys, thanks to Vsevolod Dyomkin.
--- /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/04/17 20:58:29 1.8
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 09:25:39 1.9
@@ -196,6 +196,10 @@
(larg :long)
(parg :long))
+(cffi:defcfun ("SSL_CTX_set_default_passwd_cb" ssl-ctx-set-default-passwd-cb)
+ :void
+ (ctx ssl-ctx)
+ (pem_passwd_cb :pointer))
;;; Funcall wrapper
;;;
@@ -318,6 +322,35 @@
(defun ssl-ctx-set-session-cache-mode (ctx mode)
(ssl-ctx-ctrl ctx +SSL_CTRL_SET_SESS_CACHE_MODE+ mode 0))
+;;;;; Encrypted PEM files support
+
+;; see http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html
+
+(defvar *pem-password* ""
+ "The callback registered with SSL_CTX_set_default_passwd_cb
+will use this value.")
+
+;; The callback itself
+(cffi:defcallback pem-password-callback :int
+ ((buf :pointer) (size :int) (rwflag :int) (unused :pointer))
+ (let* ((password-str (coerce *pem-password* 'base-string))
+ (tmp (cffi:foreign-string-alloc password-str)))
+ (cffi:foreign-funcall "strncpy"
+ :pointer buf
+ :pointer tmp
+ :int size)
+ (cffi:foreign-string-free tmp)
+ (setf (cffi:mem-ref buf :char (1- size)) 0)
+ (cffi:foreign-funcall "strlen" :pointer buf :int)))
+
+;; The macro to be used by other code to provide password
+;; when loading PEM file.
+(defmacro with-pem-password ((password) &body body)
+ `(let ((*pem-password* (or ,password "")))
+ , at body))
+
+;;;;; Initialization
+
(defun initialize (&optional (method 'ssl-v23-method))
(setf *bio-lisp-method* (make-bio-lisp-method))
(ssl-load-error-strings)
@@ -325,7 +358,9 @@
(init-prng)
(setf *ssl-global-method* (funcall method))
(setf *ssl-global-context* (ssl-ctx-new *ssl-global-method*))
- (ssl-ctx-set-session-cache-mode *ssl-global-context* 3))
+ (ssl-ctx-set-session-cache-mode *ssl-global-context* 3)
+ (ssl-ctx-set-default-passwd-cb *ssl-global-context*
+ (cffi:callback pem-password-callback)))
(defun ensure-initialized (&optional (method 'ssl-v23-method))
(unless (ssl-initialized-p)
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/01 05:18:43 1.18
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 09:25:39 1.19
@@ -94,8 +94,8 @@
API functions
-
Function CL+SSL:MAKE-SSL-CLIENT-STREAM (fd-or-stream &key external-format certificate key close-callback (unwrap-streams-p t))
Return an SSL stream for the client (server)
socket fd-or-stream. All reads and writes to this
stream will be pushed through the OpenSSL library.
@@ -121,8 +121,11 @@
certificate is the path to a file containing the PEM-encoded
- certificate for your client. key is the path to the PEM-encoded
- key for the client, which must not be associated with a passphrase.
+ certificate.
+
+
+ key is the path to the PEM-encoded key, which may be associated
+ with the passphrase password.
If external-format is nil (the default), a plain
@@ -194,13 +197,16 @@
Support for I/O deadlines (Clozure CL and SBCL).
+
+ Support for encrypted keys, thanks to Vsevolod Dyomkin.
+
2007-xx-yy
- Fixed windows support, thanks to Matthew Kennedy and Vodonosov Anton.
+ Fixed windows support, thanks to Matthew Kennedy and Anton Vodonosov.
--- /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp 2008/11/01 02:56:07 1.14
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp 2008/11/03 09:25:39 1.15
@@ -226,12 +226,12 @@
;; fixme: free the context when errors happen in this function
(defun make-ssl-client-stream
- (socket &key certificate key (method 'ssl-v23-method) external-format
+ (socket &key certificate key password (method 'ssl-v23-method) external-format
close-callback (unwrap-stream-p t))
"Returns an SSL stream for the client socket descriptor SOCKET.
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
your client. KEY is the path to the PEM-encoded key for the client, which
-must not be associated with a passphrase."
+may be associated with the passphrase PASSWORD."
(ensure-initialized method)
(let ((stream (make-instance 'ssl-stream
:socket socket
@@ -239,18 +239,19 @@
(handle (ssl-new *ssl-global-context*)))
(setf socket (install-handle-and-bio stream handle socket unwrap-stream-p))
(ssl-set-connect-state handle)
- (install-key-and-cert handle key certificate)
+ (with-pem-password (password)
+ (install-key-and-cert handle key certificate))
(ensure-ssl-funcall stream handle #'ssl-connect handle)
(handle-external-format stream external-format)))
;; fixme: free the context when errors happen in this function
(defun make-ssl-server-stream
- (socket &key certificate key (method 'ssl-v23-method) external-format
+ (socket &key certificate key password (method 'ssl-v23-method) external-format
close-callback (unwrap-stream-p t))
"Returns an SSL stream for the server socket descriptor SOCKET.
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
your server. KEY is the path to the PEM-encoded key for the server, which
-must not be associated with a passphrase."
+may be associated with the passphrase PASSWORD."
(ensure-initialized method)
(let ((stream (make-instance 'ssl-server-stream
:socket socket
@@ -262,7 +263,8 @@
(ssl-set-accept-state handle)
(when (zerop (ssl-set-cipher-list handle "ALL"))
(error 'ssl-error-initialize :reason "Can't set SSL cipher list"))
- (install-key-and-cert handle key certificate)
+ (with-pem-password (password)
+ (install-key-and-cert handle key certificate))
(ensure-ssl-funcall stream handle #'ssl-accept handle)
(handle-external-format stream external-format)))
From avodonosov at common-lisp.net Mon Nov 3 17:36:48 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 17:36:48 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv9144
Modified Files:
ffi.lisp
Log Message:
better formatting/comments
--- /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 09:25:39 1.9
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:36:46 1.10
@@ -307,24 +307,10 @@
(warn "non-blocking stream encountered unexpectedly"))
-;;; Initialization
+;;; Encrypted PEM files support
;;;
-(defun init-prng ()
- ;; this initialization of random entropy is not necessary on
- ;; Linux, since the OpenSSL library automatically reads from
- ;; /dev/urandom if it exists. On Solaris it is necessary.
- (let ((buf (cffi-sys::make-shareable-byte-vector +random-entropy+)))
- (dotimes (i +random-entropy+)
- (setf (elt buf i) (random 256)))
- (cffi-sys::with-pointer-to-vector-data (ptr buf)
- (rand-seed ptr +random-entropy+))))
-(defun ssl-ctx-set-session-cache-mode (ctx mode)
- (ssl-ctx-ctrl ctx +SSL_CTRL_SET_SESS_CACHE_MODE+ mode 0))
-
-;;;;; Encrypted PEM files support
-
-;; see http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html
+;; based on http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html
(defvar *pem-password* ""
"The callback registered with SSL_CTX_set_default_passwd_cb
@@ -349,7 +335,21 @@
`(let ((*pem-password* (or ,password "")))
, at body))
-;;;;; Initialization
+
+;;; Initialization
+;;;
+(defun init-prng ()
+ ;; this initialization of random entropy is not necessary on
+ ;; Linux, since the OpenSSL library automatically reads from
+ ;; /dev/urandom if it exists. On Solaris it is necessary.
+ (let ((buf (cffi-sys::make-shareable-byte-vector +random-entropy+)))
+ (dotimes (i +random-entropy+)
+ (setf (elt buf i) (random 256)))
+ (cffi-sys::with-pointer-to-vector-data (ptr buf)
+ (rand-seed ptr +random-entropy+))))
+
+(defun ssl-ctx-set-session-cache-mode (ctx mode)
+ (ssl-ctx-ctrl ctx +SSL_CTRL_SET_SESS_CACHE_MODE+ mode 0))
(defun initialize (&optional (method 'ssl-v23-method))
(setf *bio-lisp-method* (make-bio-lisp-method))
From avodonosov at common-lisp.net Mon Nov 3 17:58:46 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 17:58:46 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv12960
Modified Files:
ffi.lisp index.html package.lisp
Log Message:
Certificate chains support, thanks to Juhani Rankimies
--- /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:36:46 1.10
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:58:45 1.11
@@ -176,6 +176,10 @@
(ssl ssl-pointer)
(str :string)
(type :int))
+(cffi:defcfun ("SSL_CTX_use_certificate_chain_file" ssl-ctx-use-certificate-chain-file)
+ :int
+ (ctx ssl-ctx)
+ (str :string))
(cffi:defcfun ("SSL_CTX_load_verify_locations" ssl-ctx-load-verify-locations)
:int
(ctx ssl-ctx)
@@ -368,6 +372,16 @@
(unless *bio-lisp-method*
(setf *bio-lisp-method* (make-bio-lisp-method))))
+(defun use-certificate-chain-file (certificate-chain-file)
+ "Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
+and adds the chain to global context. The certificates must be sorted
+starting with the subject's certificate (actual client or server certificate),
+followed by intermediate CA certificates if applicable, and ending at
+the highest level (root) CA. Note: the RELOAD function clears the global
+context and in particular the loaded certificate chain."
+ (ensure-initialized)
+ (ssl-ctx-use-certificate-chain-file *ssl-global-context* certificate-chain-file))
+
(defun reload ()
(cffi:load-foreign-library 'libssl)
(cffi:load-foreign-library 'libeay32)
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 09:25:39 1.19
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 17:58:45 1.20
@@ -1,4 +1,4 @@
-
+
@@ -123,8 +123,8 @@
certificate is the path to a file containing the PEM-encoded
certificate.
-
- key is the path to the PEM-encoded key, which may be associated
+
+ key is the path to the PEM-encoded key, which may be associated
with the passphrase password.
@@ -135,6 +135,18 @@
as its initial external format.
+
Function CL+SSL:USE-CERTIFICATE-CHAIN-FILE (certificate-chain-file)
+ Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
+ and adds the chain to global context. The certificates must be sorted
+ starting with the subject's certificate (actual client or server certificate),
+ followed by intermediate CA certificates if applicable, and ending at
+ the highest level (root) CA.
+
+
+ Note: the RELOAD function clears the global
+ context and in particular the loaded certificate chain.
+
+
Function CL+SSL:RELOAD ()
Reload libssl. Call this function after restarting a Lisp
core with CL+SSL dumped into it on Lisp implementations that do
@@ -200,6 +212,9 @@
Support for encrypted keys, thanks to Vsevolod Dyomkin.
+
+ Chained certificates support, thanks to Juhani R??nkimies.
+
2007-xx-yy
--- /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2008/11/03 09:21:16 1.4
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2008/11/03 17:58:45 1.5
@@ -12,4 +12,5 @@
#:reload
#:stream-fd
#:make-ssl-client-stream
- #:make-ssl-server-stream))
+ #:make-ssl-server-stream
+ #:use-certificate-chain-file))
From avodonosov at common-lisp.net Mon Nov 3 18:35:39 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 18:35:39 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv21042
Modified Files:
index.html
Log Message:
add utf-8 charset declaration to the index.html
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 17:58:45 1.20
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 18:35:39 1.21
@@ -2,6 +2,7 @@
+ .
CL+SSL
From avodonosov at common-lisp.net Mon Nov 3 18:50:17 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 18:50:17 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv24486
Modified Files:
index.html
Log Message:
index.html: back to iso-8859-1
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 18:35:39 1.21
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 18:50:17 1.22
@@ -1,8 +1,7 @@
-
+
- .
CL+SSL
@@ -214,7 +213,7 @@
Support for encrypted keys, thanks to Vsevolod Dyomkin.
- Chained certificates support, thanks to Juhani R??nkimies.
+ Chained certificates support, thanks to Juhani R?nkimies.
From avodonosov at common-lisp.net Mon Nov 3 23:19:29 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Mon, 03 Nov 2008 23:19:29 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv11901
Modified Files:
index.html
Log Message:
formatting fix
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 18:50:17 1.22
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 23:19:28 1.23
@@ -136,7 +136,7 @@
Function CL+SSL:USE-CERTIFICATE-CHAIN-FILE (certificate-chain-file)
- Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
+ Loads a PEM encoded certificate chain file certificate-chain-file
and adds the chain to global context. The certificates must be sorted
starting with the subject's certificate (actual client or server certificate),
followed by intermediate CA certificates if applicable, and ending at
From avodonosov at common-lisp.net Tue Nov 4 00:25:52 2008
From: avodonosov at common-lisp.net (avodonosov)
Date: Tue, 04 Nov 2008 00:25:52 +0000
Subject: [cl-plus-ssl-cvs] CVS cl+ssl
Message-ID:
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv29000
Modified Files:
ffi.lisp index.html streams.lisp
Log Message:
more secure initialization of OpenSSL random number generator
--- /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:58:45 1.11
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/04 00:25:52 1.12
@@ -25,8 +25,6 @@
;;; Constants
;;;
-(defconstant +random-entropy+ 256)
-
(defconstant +ssl-filetype-pem+ 1)
(defconstant +ssl-filetype-asn1+ 2)
(defconstant +ssl-filetype-default+ 3)
@@ -342,33 +340,49 @@
;;; Initialization
;;;
-(defun init-prng ()
- ;; this initialization of random entropy is not necessary on
- ;; Linux, since the OpenSSL library automatically reads from
- ;; /dev/urandom if it exists. On Solaris it is necessary.
- (let ((buf (cffi-sys::make-shareable-byte-vector +random-entropy+)))
- (dotimes (i +random-entropy+)
- (setf (elt buf i) (random 256)))
+
+(defun init-prng (seed-byte-sequence)
+ (let* ((length (length seed-byte-sequence))
+ (buf (cffi-sys::make-shareable-byte-vector length)))
+ (dotimes (i length)
+ (setf (elt buf i) (elt seed-byte-sequence i)))
(cffi-sys::with-pointer-to-vector-data (ptr buf)
- (rand-seed ptr +random-entropy+))))
+ (rand-seed ptr length))))
(defun ssl-ctx-set-session-cache-mode (ctx mode)
(ssl-ctx-ctrl ctx +SSL_CTRL_SET_SESS_CACHE_MODE+ mode 0))
-(defun initialize (&optional (method 'ssl-v23-method))
+(defun initialize (&key (method 'ssl-v23-method) rand-seed)
(setf *bio-lisp-method* (make-bio-lisp-method))
(ssl-load-error-strings)
(ssl-library-init)
- (init-prng)
+ (when rand-seed
+ (init-prng rand-seed))
(setf *ssl-global-method* (funcall method))
(setf *ssl-global-context* (ssl-ctx-new *ssl-global-method*))
(ssl-ctx-set-session-cache-mode *ssl-global-context* 3)
(ssl-ctx-set-default-passwd-cb *ssl-global-context*
(cffi:callback pem-password-callback)))
-(defun ensure-initialized (&optional (method 'ssl-v23-method))
+(defun ensure-initialized (&key (method 'ssl-v23-method) (rand-seed nil))
+ "In most cases you do *not* need to call this function, because it
+is called automatically by all other functions. The only reason to
+call it explicitly is to supply the RAND-SEED parameter. In this case
+do it before calling any other functions.
+
+Just leave the default value for the METHOD parameter.
+
+RAND-SEED is an octet sequence to initialize OpenSSL random number generator.
+On many platforms, including Linux and Windows, it may be leaved NIL (default),
+because OpenSSL initializes the random number generator from OS specific service.
+But for example on Solaris it may be necessary to supply this value.
+The minimum length required by OpenSSL is 128 bits.
+See ttp://www.openssl.org/support/faq.html#USER1 for details.
+
+Hint: do not use Common Lisp RANDOM function to generate the RAND-SEED,
+because the function usually returns predictable values."
(unless (ssl-initialized-p)
- (initialize method))
+ (initialize :method method :rand-seed rand-seed))
(unless *bio-lisp-method*
(setf *bio-lisp-method* (make-bio-lisp-method))))
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 23:19:28 1.23
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/04 00:25:52 1.24
@@ -94,6 +94,30 @@
API functions
+
Function CL+SSL:ENSURE-INITIALIZED (&key (method 'ssl-v23-method) (rand-seed nil))
+ In most cases you do not need to call this function, because it is called
+ automatically. The only reason to call it explicitly is to supply the rand-seed parameter.
+ In this case do it before calling any other functions.
+
+
+ Keyword arguments:
+
+
+ method. Just leave its default value.
+
+
+ rand-seed is an octet sequence to initialize OpenSSL random number generator.
+ On many platforms, including Linux and Windows, it may be leaved NIL (default),
+ because OpenSSL initializes the random number generator from OS specific service. But for
+ example on Solaris it may be necessary to supply this value. The minimum length required
+ by OpenSSL is 128 bits. See here
+ http://www.openssl.org/support/faq.html#USER1 for the details.
+
+
+ Hint: do not use Common Lisp RANDOM function to generate the rand-seed, because the function
+ usually returns predictable values.
+
Return an SSL stream for the client (server)
@@ -213,7 +237,13 @@
Support for encrypted keys, thanks to Vsevolod Dyomkin.
- Chained certificates support, thanks to Juhani R?nkimies.
+ Chained certificates support, thanks to Juhani R?nkimies.
+
+
+ More secure initialization of OpenSSL random number generator.
+
+
+ Minor CLISP-specific fixes.
@@ -229,7 +259,7 @@
- Improved clisp support, thanks
+ Improved CLISP support, thanks
to Pixel
// pinterface, as well as client certificate support.
--- /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp 2008/11/03 09:25:39 1.15
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/streams.lisp 2008/11/04 00:25:52 1.16
@@ -232,7 +232,7 @@
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
your client. KEY is the path to the PEM-encoded key for the client, which
may be associated with the passphrase PASSWORD."
- (ensure-initialized method)
+ (ensure-initialized :method method)
(let ((stream (make-instance 'ssl-stream
:socket socket
:close-callback close-callback))
@@ -252,7 +252,7 @@
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
your server. KEY is the path to the PEM-encoded key for the server, which
may be associated with the passphrase PASSWORD."
- (ensure-initialized method)
+ (ensure-initialized :method method)
(let ((stream (make-instance 'ssl-server-stream
:socket socket
:close-callback close-callback