[cl-plus-ssl-cvs] CVS cl+ssl
avodonosov
avodonosov at common-lisp.net
Mon Nov 3 17:58:46 UTC 2008
Update of /project/cl-plus-ssl/cvsroot/cl+ssl
In directory cl-net:/tmp/cvs-serv12960
Modified Files:
ffi.lisp index.html package.lisp
Log Message:
Certificate chains support, thanks to Juhani Rankimies
--- /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:36:46 1.10
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/ffi.lisp 2008/11/03 17:58:45 1.11
@@ -176,6 +176,10 @@
(ssl ssl-pointer)
(str :string)
(type :int))
+(cffi:defcfun ("SSL_CTX_use_certificate_chain_file" ssl-ctx-use-certificate-chain-file)
+ :int
+ (ctx ssl-ctx)
+ (str :string))
(cffi:defcfun ("SSL_CTX_load_verify_locations" ssl-ctx-load-verify-locations)
:int
(ctx ssl-ctx)
@@ -368,6 +372,16 @@
(unless *bio-lisp-method*
(setf *bio-lisp-method* (make-bio-lisp-method))))
+(defun use-certificate-chain-file (certificate-chain-file)
+ "Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
+and adds the chain to global context. The certificates must be sorted
+starting with the subject's certificate (actual client or server certificate),
+followed by intermediate CA certificates if applicable, and ending at
+the highest level (root) CA. Note: the RELOAD function clears the global
+context and in particular the loaded certificate chain."
+ (ensure-initialized)
+ (ssl-ctx-use-certificate-chain-file *ssl-global-context* certificate-chain-file))
+
(defun reload ()
(cffi:load-foreign-library 'libssl)
(cffi:load-foreign-library 'libeay32)
--- /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 09:25:39 1.19
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/index.html 2008/11/03 17:58:45 1.20
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
+<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
@@ -123,8 +123,8 @@
<tt>certificate</tt> is the path to a file containing the PEM-encoded
certificate.
</p>
- <p>
- <tt>key</tt> is the path to the PEM-encoded key, which may be associated
+ <p>
+ <tt>key</tt> is the path to the PEM-encoded key, which may be associated
with the passphrase <tt>password</tt>.
</p>
<p>
@@ -135,6 +135,18 @@
as its initial external format.
</p>
<p>
+ <div class="def">Function CL+SSL:USE-CERTIFICATE-CHAIN-FILE (certificate-chain-file)</div>
+ Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
+ and adds the chain to global context. The certificates must be sorted
+ starting with the subject's certificate (actual client or server certificate),
+ followed by intermediate CA certificates if applicable, and ending at
+ the highest level (root) CA.
+ </p>
+ <p>
+ Note: the RELOAD function clears the global
+ context and in particular the loaded certificate chain.
+ </p>
+ <p>
<div class="def">Function CL+SSL:RELOAD ()</div>
Reload <tt>libssl</tt>. Call this function after restarting a Lisp
core with CL+SSL dumped into it on Lisp implementations that do
@@ -200,6 +212,9 @@
<li>
Support for encrypted keys, thanks to Vsevolod Dyomkin.
</li>
+ <li>
+ Chained certificates support, thanks to Juhani Ränkimies.
+ </li>
</ul>
<p>
2007-xx-yy
--- /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2008/11/03 09:21:16 1.4
+++ /project/cl-plus-ssl/cvsroot/cl+ssl/package.lisp 2008/11/03 17:58:45 1.5
@@ -12,4 +12,5 @@
#:reload
#:stream-fd
#:make-ssl-client-stream
- #:make-ssl-server-stream))
+ #:make-ssl-server-stream
+ #:use-certificate-chain-file))
More information about the cl-plus-ssl-cvs
mailing list