CLplusSSL

Subprojects

CL+SSL
trivial-https
trivial-gray-streams

News

2007-01-16: CL+SSL is now available under an MIT-style license.

Download

Anonymous CVS (browse):

$ export CVSROOT=:pserver:anonymous@common-lisp.net:/project/cl-plus-ssl/cvsroot
$ cvs login
password: anonymous
$ cvs co cl+ssl
$ cvs co trivial-gray-streams
$ cvs co trivial-https

Tarballs are also available (but not always up-to-date).

Note that you need the libssl-dev package on Debian to load this package without manual configuration.

Send bug reports to cl-plus-ssl-devel@common-lisp.net (list information).

CL+SSL

A simple Common Lisp interface to OpenSSL.

About

This library is a fork of SSL-CMUCL. The original SSL-CMUCL source code was written by Eric Marsden and includes contributions by Jochen Schmidt. License: MIT-style.

CL+SSL is portable code based on CFFI and gray streams.
It defines its own libssl BIO method, so that SSL I/O is actually written over portable Lisp streams instead of bypassing the streams and sending data over Unix file descriptors directly.

Comparison chart:

	FFI	Streams	Lisp-BIO
CL+SSL	CFFI	gray¹, buffering output	yes
CL-SSL	UFFI	gray, buffering I/O [part of ACL-COMPAT]	no
SSL-CMUCL	CMUCL/ALIEN	CMUCL, non-buffering	no

¹ Character I/O and external formats in CL+SSL are provided using flexi-streams.

API functions

Function CL+SSL:MAKE-SSL-CLIENT-STREAM (stream &key external-format)

Return an SSL stream for the client socket stream. All reads and writes to this SSL stream will be pushed through the SSL connection can be closed using the standard close function.

If external-format is nil (the default), a plain (unsigned-byte 8) SSL stream is returned. With a non-null external-format, a flexi-stream capable of character I/O will be returned instead, with the specified value as its initial external format.

Function CL+SSL:MAKE-SSL-SERVER-STREAM (stream &key external-format certificate key)

Return an SSL stream for the server socket stream. All reads and writes to this server stream will be pushed through the OpenSSL library. The SSL connection can be closed using the standard close function. certificate is the path to a file containing the PEM-encoded certificate for your server. key is the path to the PEM-encoded key for the server, which must not be associated with a passphrase. See above for external-format handling.

Function CL+SSL:RELOAD ()

Reload libssl. Call this function after restarting a Lisp core with CL+SSL dumped into it on Lisp implementations that do not reload shared libraries automatically.

Portability

CL+SSL requires CFFI with callback support.

Test results for Linux/x86, except OpenMCL which was tested on Linux/PPC:

Lisp Implementation	Status	Comments
OpenMCL	Working
SBCL	Working
CMU CL	Working
CLISP	Working	Extremely slow?
LispWorks	Working
Allegro	Broken	segfault
Corman CL	Unknown
Digitool MCL	Unknown
Scieneer CL	Unknown
ECL	Unknown
GCL	Unknown

TODO

Profile and optimize if needed. (CLISP?)
CNAME checking!

trivial-https

trivial-https is a fork of Brian Mastenbrook's trivial-http adding support for HTTPS using CL+SSL. License: MIT-style.

Note: The Drakma HTTP client library by Weitz supports HTTPS using CL+SSL. trivial-https will not be developed further; please use Drakma instead.

README

trivial-gray-streams

trivial-gray-streams provides an extremely thin compatibility layer for gray streams. License: MIT-style.

README