Next: Introduction, Previous: (dir), Up: (dir) [Contents][Index]
This is the cl+ssl Reference Manual, generated automatically by Declt version 3.0 "Montgomery Scott" on Mon Apr 19 14:26:12 2021 GMT+0.
| • Introduction | What cl+ssl is all about | |
| • Systems | The systems documentation | |
| • Modules | The modules documentation | |
| • Files | The files documentation | |
| • Packages | The packages documentation | |
| • Definitions | The symbols documentation | |
| • Indexes | Concepts, functions, variables and data types |
Homepage: http://common-lisp.net/project/cl-plus-ssl/
Next: Modules, Previous: Introduction, Up: Top [Contents][Index]
The main system appears first, followed by any subsystem dependency.
| • The cl+ssl system |
Eric Marsden, Jochen Schmidt, David Lichteblau
MIT
Common Lisp interface to OpenSSL.
cl+ssl.asd (file)
src (module)
Modules are listed depth-first from the system components tree.
| • The cl+ssl/src module |
cl+ssl (system)
src/
Files are sorted by type and then listed depth-first from the systems components trees.
| • Lisp files |
Next: The cl+ssl/src/package․lisp file, Previous: Lisp files, Up: Lisp files [Contents][Index]
cl+ssl.asd
cl+ssl (system)
Next: The cl+ssl/src/reload․lisp file, Previous: The cl+ssl․asd file, Up: Lisp files [Contents][Index]
Next: The cl+ssl/src/conditions․lisp file, Previous: The cl+ssl/src/package․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
src (module)
src/reload.lisp
Next: The cl+ssl/src/ffi․lisp file, Previous: The cl+ssl/src/reload․lisp file, Up: Lisp files [Contents][Index]
reload.lisp (file)
src (module)
src/conditions.lisp
Next: The cl+ssl/src/x509․lisp file, Previous: The cl+ssl/src/conditions․lisp file, Up: Lisp files [Contents][Index]
conditions.lisp (file)
src (module)
src/ffi.lisp
Next: The cl+ssl/src/ffi-buffer-all․lisp file, Previous: The cl+ssl/src/ffi․lisp file, Up: Lisp files [Contents][Index]
ffi.lisp (file)
src (module)
src/x509.lisp
Next: The cl+ssl/src/ffi-buffer․lisp file, Previous: The cl+ssl/src/x509․lisp file, Up: Lisp files [Contents][Index]
Next: The cl+ssl/src/streams․lisp file, Previous: The cl+ssl/src/ffi-buffer-all․lisp file, Up: Lisp files [Contents][Index]
ffi-buffer-all.lisp (file)
src (module)
src/ffi-buffer.lisp
Next: The cl+ssl/src/bio․lisp file, Previous: The cl+ssl/src/ffi-buffer․lisp file, Up: Lisp files [Contents][Index]
ffi-buffer.lisp (file)
src (module)
src/streams.lisp
Next: The cl+ssl/src/random․lisp file, Previous: The cl+ssl/src/streams․lisp file, Up: Lisp files [Contents][Index]
streams.lisp (file)
src (module)
src/bio.lisp
Next: The cl+ssl/src/context․lisp file, Previous: The cl+ssl/src/bio․lisp file, Up: Lisp files [Contents][Index]
bio.lisp (file)
src (module)
src/random.lisp
random-bytes (function)
Next: The cl+ssl/src/verify-hostname․lisp file, Previous: The cl+ssl/src/random․lisp file, Up: Lisp files [Contents][Index]
random.lisp (file)
src (module)
src/context.lisp
Previous: The cl+ssl/src/context․lisp file, Up: Lisp files [Contents][Index]
context.lisp (file)
src (module)
src/verify-hostname.lisp
verify-hostname (function)
Next: Definitions, Previous: Files, Up: Top [Contents][Index]
Packages are listed by definition order.
| • The cl+ssl-system package | ||
| • The cl+ssl package |
Next: The cl+ssl package, Previous: Packages, Up: Packages [Contents][Index]
cl+ssl.asd
Previous: The cl+ssl-system package, Up: Packages [Contents][Index]
package.lisp (file)
Definitions are sorted by export status, category, package, and then by lexicographic order.
| • Exported definitions | ||
| • Internal definitions |
Next: Internal definitions, Previous: Definitions, Up: Definitions [Contents][Index]
| • Exported constants | ||
| • Exported special variables | ||
| • Exported macros | ||
| • Exported functions | ||
| • Exported generic functions | ||
| • Exported conditions |
Next: Exported special variables, Previous: Exported definitions, Up: Exported definitions [Contents][Index]
Enable both +SSL-SESS-CACHE-CLIENT+ and +SSL-SESS-CACHE-SERVER+ at the same time.
Client sessions are added to the session cache.
As there is no reliable way for the OpenSSL library to know whether a session should be reused
or which session to choose (due to the abstract BIO layer the SSL engine does not have details
about the connection), the application must select the session to be reused by using the
SSL-SET-SESSION function. This option is not activated by default.
Normally the session cache is checked for expired sessions every 255 connections using the SSL-CTX-FLUSH-SESSIONS function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and SSL-CTX-FLUSH-SESSIONS can be called explicitly by the application.
Enable both +SSL-SESS-CACHE-NO-INTERNAL-LOOKUP+ and +SSL-SESS-CACHE-NO-INTERNAL-STORE+ at the same time.
By setting this flag, session-resume operations in an SSL/TLS server will not automatically look up sessions in the internal cache, even if sessions are automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients.
Depending on the presence of +SSL-SESS-CACHE-CLIENT+ and/or +SSL-SESS-CACHE-SERVER+, sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the SSL-CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using SSL-CTX-ADD-SESSION). Note: in any SSL/TLS servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well.
No session caching for client or server takes place.
Server sessions are added to the session cache.
When a client proposes a session to be reused, the server looks for the corresponding session
in (first) the internal session cache (unless +SSL-SESS-CACHE-NO-INTERNAL-LOOKUP+ is set), then
(second) in the external cache if available. If the session is found, the server will try to
reuse the session. This is the default.
Next: Exported macros, Previous: Exported constants, Up: Exported definitions [Contents][Index]
The default input and output buffers size of the SSL-STREAM objects
streams.lisp (file)
streams.lisp (file)
Helps to mitigate the change in default behaviour of
MAKE-SSL-CLIENT-STREAM - previously it worked as if :VERIFY NIL
but then :VERIFY :REQUIRED became the default on non-Windows platforms.
Change this variable if you want the previous behaviour.
streams.lisp (file)
Next: Exported functions, Previous: Exported special variables, Up: Exported definitions [Contents][Index]
context.lisp (file)
Next: Exported generic functions, Previous: Exported macros, Up: Exported definitions [Contents][Index]
Returns a universal-time representing the time after which the certificate is not valid.
Returns a universal-time representing the time before which the certificate is not valid.
In most cases you do *not* need to call this function, because it
is called automatically by all other functions. The only reason to
call it explicitly is to supply the RAND-SEED parameter. In this case
do it before calling any other functions.
Just leave the default value for the METHOD parameter.
RAND-SEED is an octet sequence to initialize OpenSSL random number generator.
On many platforms, including Linux and Windows, it may be leaved NIL (default),
because OpenSSL initializes the random number generator from OS specific service.
But for example on Solaris it may be necessary to supply this value.
The minimum length required by OpenSSL is 128 bits.
See ttp://www.openssl.org/support/faq.html#USER1 for details.
Hint: do not use Common Lisp RANDOM function to generate the RAND-SEED, because the function usually returns predictable values.
context.lisp (file)
Returns an SSL stream for the client socket descriptor SOCKET.
CERTIFICATE is the path to a file containing the PEM-encoded certificate for
your client. KEY is the path to the PEM-encoded key for the client, which
may be associated with the passphrase PASSWORD.
VERIFY can be specified either as NIL if no check should be performed,
:OPTIONAL to verify the server’s certificate if it presented one or
:REQUIRED to verify the server’s certificate and fail if an invalid
or no certificate was presented.
HOSTNAME if specified, will be sent by client during TLS negotiation,
according to the Server Name Indication (SNI) extension to the TLS.
When server handles several domain names, this extension enables the server
to choose certificate for right domain. Also the HOSTNAME is used for
hostname verification if verification is enabled by VERIFY.
streams.lisp (file)
Returns an SSL stream for the server socket descriptor SOCKET. CERTIFICATE is the path to a file containing the PEM-encoded certificate for your server. KEY is the path to the PEM-encoded key for the server, which may be associated with the passphrase PASSWORD.
streams.lisp (file)
Generates COUNT cryptographically strong pseudo-random bytes. Returns the bytes as a SIMPLE-ARRAY with ELEMENT-TYPE ’(UNSIGNED-BYTE 8). Signals an ERROR in case of problems, for example when the OpenSSL random number generator has not been seeded with enough randomness to ensure an unpredictable byte sequence.
random.lisp (file)
DEPRECATED. Use the (MAKE-SSL-CLIENT-STREAM .. :VERIFY ?) to enable/disable verification.
MAKE-CONTEXT also allows to enab/disable verification.
Return true if SSL connections will error if the certificate doesn’t verify.
streams.lisp (file)
(setf ssl-check-verify-p) (function)
DEPRECATED. Use the (MAKE-SSL-CLIENT-STREAM .. :VERIFY ?) to enable/disable verification.
MAKE-CONTEXT also allows to enab/disable verification.
If CHECK-VERIFY-P is true, signal connection errors if the server certificate doesn’t verify.
streams.lisp (file)
ssl-check-verify-p (function)
PATHNAMES is a list of pathnames to PEM files containing server and CA certificates.
Install these certificates to use for verifying on all SSL connections.
After RELOAD, you need to call this again.
streams.lisp (file)
Load the system default verification certificates. After RELOAD, you need to call this again.
streams.lisp (file)
streams.lisp (file)
Loads a PEM encoded certificate chain file CERTIFICATE-CHAIN-FILE
and adds the chain to global context. The certificates must be sorted
starting with the subject’s certificate (actual client or server certificate),
followed by intermediate CA certificates if applicable, and ending at
the highest level (root) CA. Note: the RELOAD function clears the global
context and in particular the loaded certificate chain.
verify-hostname.lisp (file)
Next: Exported conditions, Previous: Exported functions, Up: Exported definitions [Contents][Index]
The BYTES must be created by CFFI:MAKE-SHAREABLE-BYTE-VECTOR (because we are going to pass them to CFFI:WITH-POINTER-TO-VECTOR-DATA)
conditions.lisp (file)
conditions.lisp (file)
streams.lisp (file)
Previous: Exported generic functions, Up: Exported definitions [Contents][Index]
conditions.lisp (file)
ssl-error (condition)
ssl-error-reason (method)
:reason
ssl-error-reason (generic function)
This condition is signalled on SSL connection when a peer certificate doesn’t verify.
conditions.lisp (file)
ssl-error (condition)
The SSL stream whose peer certificate didn’t verify.
:stream
ssl-error-stream (generic function)
The peer certificate verification error code.
:error-code
ssl-error-code (generic function)
Previous: Exported definitions, Up: Definitions [Contents][Index]
| • Internal constants | ||
| • Internal special variables | ||
| • Internal macros | ||
| • Internal functions | ||
| • Internal generic functions | ||
| • Internal conditions | ||
| • Internal classes |
Next: Internal special variables, Previous: Internal definitions, Up: Internal definitions [Contents][Index]
context.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
Next: Internal macros, Previous: Internal constants, Up: Internal definitions [Contents][Index]
The callback registered with SSL_CTX_set_default_passwd_cb will use this value.
DEPRECATED.
Use the (MAKE-SSL-CLIENT-STREAM .. :VERIFY ?) to enable/disable verification.
MAKE-CONTEXT also allows to enab/disable verification.
conditions.lisp (file)
Next: Internal functions, Previous: Internal special variables, Up: Internal definitions [Contents][Index]
streams.lisp (file)
ffi-buffer.lisp (file)
Next: Internal generic functions, Previous: Internal macros, Up: Internal definitions [Contents][Index]
context.lisp (file)
ffi-buffer.lisp (file)
ffi-buffer.lisp (file)
(setf buffer-elt) (setf expander)
ffi-buffer.lisp (file)
buffer-elt (function)
set-buffer-elt (function)
ffi-buffer.lisp (file)
context.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
Builds a version number to compare OpenSSL against. Note: the _really_ old formats (<= 0.9.4) are not supported.
STREAM-DESIGNATOR is the same as CL:FORMAT accepts: T, NIL, or a stream.
QUEUE-DESIGNATOR is either a list of error codes (as returned
by READ-SSL-ERROR-QUEUE) or an SSL-ERROR condition.
conditions.lisp (file)
streams.lisp (file)
streams.lisp (file)
streams.lisp (file)
streams.lisp (file)
ffi-buffer.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
streams.lisp (file)
conditions.lisp (file)
verify-hostname.lisp (file)
ffi-buffer.lisp (file)
ffi-buffer.lisp (file)
(setf buffer-elt) (setf expander)
Returns a sequence containing the STREAM bytes; the sequence is created by CFFI:MAKE-SHAREABLE-BYTE-VECTOR, therefore it can safely be passed to CFFI:WITH-POINTER-TO-VECTOR-DATA.
context.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
DEPRECATED.
Use the (MAKE-SSL-CLIENT-STREAM .. :VERIFY ?) to enable/disable verification.
Use (MAKE-CONTEXT ... :VERIFY-LOCATION ? :VERIFY-DEPTH ?) to control the verification depth and locations.
MAKE-CONTEXT also allows to enab/disable verification.
streams.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
verify-hostname.lisp (file)
context.lisp (file)
verify-hostname.lisp (file)
streams.lisp (file)
Next: Internal conditions, Previous: Internal functions, Up: Internal definitions [Contents][Index]
x509.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
conditions.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
automatically generated reader method
streams.lisp (file)
automatically generated writer method
streams.lisp (file)
Next: Internal classes, Previous: Internal generic functions, Up: Internal definitions [Contents][Index]
Asn1 syntax error
conditions.lisp (file)
cl+ssl-error (condition)
conditions.lisp (file)
error (condition)
verify-hostname.lisp (file)
error (condition)
ASN.1 string parsing/validation error
conditions.lisp (file)
cl+ssl-error (condition)
:type
(quote nil)
SSL server didn’t present a certificate
conditions.lisp (file)
conditions.lisp (file)
cl+ssl-error (condition)
ssl-error-queue (method)
:queue
(quote nil)
ssl-error-queue (generic function)
A failure in the SSL library occurred..
conditions.lisp (file)
ssl-error (condition)
:message
The TLS/SSL I/O operation completed. This result code is returned if and only if ret > 0.
conditions.lisp (file)
ssl-error/handle (condition)
A failure in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error.
conditions.lisp (file)
ssl-error/handle (condition)
Some I/O error occurred. The OpenSSL error queue may contain more
information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0),
ret can be used to find out more about the error: If ret == 0, an EOF was observed that
violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket
I/O on Unix systems, consult errno for details).
conditions.lisp (file)
ssl-error/handle (condition)
:syscall
The operation did not complete; the same TLS/SSL I/O function should be
called again later. The underlying BIO was not connected yet to the peer
and the call would block in connect()/accept(). The SSL
function should be called again when the connection is established. These
messages can only appear with a BIO_s_connect() or
BIO_s_accept() BIO, respectively. In order to find out, when
the connection has been successfully established, on many platforms
select() or poll() for writing on the socket file
descriptor can be used.
conditions.lisp (file)
ssl-error-want-something (condition)
The operation did not complete; the same TLS/SSL I/O function should be called again later. If, by then, the underlying BIO has data available for reading (if the result code is SSL_ERROR_WANT_READ) or allows writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL protocol progress will take place, i.e. at least part of an TLS/SSL record will be read or written. Note that the retry may again lead to a SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level.
conditions.lisp (file)
ssl-error-want-something (condition)
conditions.lisp (file)
ssl-error/handle (condition)
The operation did not complete; the same TLS/SSL I/O function should be called again later. If, by then, the underlying BIO has data available for reading (if the result code is SSL_ERROR_WANT_READ) or allows writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL protocol progress will take place, i.e. at least part of an TLS/SSL record will be read or written. Note that the retry may again lead to a SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level.
conditions.lisp (file)
ssl-error-want-something (condition)
The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.
conditions.lisp (file)
ssl-error-want-something (condition)
The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
or TLS 1.0, this result code is returned only if a closure alert has
occurred in the protocol, i.e. if the connection has been closed cleanly.
Note that in this case SSL_ERROR_ZERO_RETURN
does not necessarily indicate that the underlying transport has been
closed.
conditions.lisp (file)
ssl-error/handle (condition)
conditions.lisp (file)
ssl-error (condition)
:ret
ssl-error-ret (generic function)
:handle
ssl-error-handle (generic function)
verify-hostname.lisp (file)
hostname-verification-error (condition)
verify-hostname.lisp (file)
hostname-verification-error (condition)
verify-hostname.lisp (file)
hostname-verification-error (condition)
Unable to find verify locations
context.lisp (file)
ssl-error (condition)
:location
Previous: Internal conditions, Up: Internal definitions [Contents][Index]
streams.lisp (file)
ssl-stream (class)
:certificate
ssl-stream-certificate (generic function)
(setf ssl-stream-certificate) (generic function)
:key
ssl-stream-key (generic function)
(setf ssl-stream-key) (generic function)
streams.lisp (file)
ssl-server-stream (class)
:socket
ssl-stream-socket (generic function)
(setf ssl-stream-socket) (generic function)
:close-callback
ssl-close-callback (generic function)
(setf ssl-close-callback) (generic function)
ssl-stream-handle (generic function)
(setf ssl-stream-handle) (generic function)
:deadline
ssl-stream-deadline (generic function)
(setf ssl-stream-deadline) (generic function)
ssl-stream-output-buffer (generic function)
(setf ssl-stream-output-buffer) (generic function)
0
ssl-stream-output-pointer (generic function)
(setf ssl-stream-output-pointer) (generic function)
ssl-stream-input-buffer (generic function)
(setf ssl-stream-input-buffer) (generic function)
ssl-stream-peeked-byte (generic function)
(setf ssl-stream-peeked-byte) (generic function)
Previous: Definitions, Up: Top [Contents][Index]
| • Concept index | ||
| • Function index | ||
| • Variable index | ||
| • Data type index |
Next: Function index, Previous: Indexes, Up: Indexes [Contents][Index]
| Jump to: | C F L M |
|---|
| Jump to: | C F L M |
|---|
Next: Variable index, Previous: Concept index, Up: Indexes [Contents][Index]
| Jump to: | (
A B C D E F G H I L M N O R S T U V W X |
|---|
| Jump to: | (
A B C D E F G H I L M N O R S T U V W X |
|---|
Next: Data type index, Previous: Function index, Up: Indexes [Contents][Index]
| Jump to: | *
+
C D E H I K L M O P Q R S T |
|---|
| Jump to: | *
+
C D E H I K L M O P Q R S T |
|---|
Previous: Variable index, Up: Indexes [Contents][Index]
| Jump to: | A B C G H I P S U V |
|---|
| Jump to: | A B C G H I P S U V |
|---|