[drakma-devel] drakma and personal ssl certificates

Kevin Raison raison at chatsubo.net
Tue Apr 14 10:10:15 UTC 2009 

I think it might be this easy (although I have ignored support for 
Allegro, given that I can't afford their licensing fees):

--- request.lisp.orig	2009-04-14 02:58:20.000000000 -0700
+++ request.lisp	2009-04-14 03:03:15.000000000 -0700
@@ -200,6 +200,8 @@
                                force-binary
                                want-stream
                                stream
+		              client-ssl-certificate
+		              client-ssl-key
                                #+:lispworks (connection-timeout 20)
                                #+:lispworks (read-timeout 20)
                                #+(and :lispworks (not 
:lw-does-not-have-write-timeout))
@@ -475,9 +477,15 @@
                        (socket:make-ssl-client-stream http-stream)
                        #-:allegro
                        (let ((s http-stream))
-                        (cl+ssl:make-ssl-client-stream
-                         (cl+ssl:stream-fd s)
-                         :close-callback (lambda () (close s)))))))
+			(if (and client-ssl-certificate client-ssl-key)
+			    (cl+ssl:make-ssl-client-stream
+			     (cl+ssl:stream-fd s)
+			     :certificate client-ssl-certificate
+			     :key client-ssl-key
+			     :close-callback (lambda () (close s)))
+			    (cl+ssl:make-ssl-client-stream
+			     (cl+ssl:stream-fd s)
+			     :close-callback (lambda () (close s))))))))
              (cond (stream
                     (setf (flexi-stream-element-type http-stream)
                           #+:lispworks 'lw:simple-char #-:lispworks 
'character

I will test this as soon as I get my client certificate from the credit 
card processor.

Cheers.
Kevin Raison



Kevin Raison wrote:
> Edi, basically, the HTTP server forces the client to authenticate itself 
> using a client certificate.  I believe RFC2246 describes the process, 
> see http://www.ietf.org/rfc/rfc2246.txt.  The patches at 
> http://web.kepibu.org/code/lisp/cl+ssl/ which add client certificate 
> support have already been incorporated into CL+SSL, so it should be 
> relatively easy to add support to Drakma, perhaps by adding 
> client-ssl-certificate and client-ssl-key keywords to http-request and 
> then passing the args to cl+ssl:make-ssl-client-stream in request.lisp. 
>   Unless I have missed something and there is a way to do this already, 
> I will experiment and send you a patch.
> 
> Cheers.
> Kevin
> 
> 
> Edi Weitz wrote:
>> On Tue, Apr 14, 2009 at 12:28 AM, Kevin Raison <raison at chatsubo.net> wrote:
>>> Hello.  I am using a site for credit card authorization that requires me
>>> to send my personal SSL certificate with any POST.  I don't see anything
>>> in the Drakma documentation about how to go about this;  is it possible?
>>>  I would rather not use curl, but it does have the -E option that
>>> allows for sending certificates to the remote host.  Any help would be
>>> appreciated!
>> I have to admit that I'm not familiar with how this is done in
>> general.  Is there an RFC for this or can you point me to some
>> documentation?
>>
>> Thanks,
>> Edi.
>>
>> _______________________________________________
>> drakma-devel mailing list
>> drakma-devel at common-lisp.net
>> http://common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
>>
> 
> _______________________________________________
> drakma-devel mailing list
> drakma-devel at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
>

More information about the Drakma-devel mailing list