If I call make-ssl-stream with *ssl-key-file* and *ssl-certificate-file* both nil, I get the following error:
Error: A failure in the SSL library occurred on handle #<Pointer to type :VOID = #x02600208>. (Return code: 1)SSL error queue: error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call
Does this mean that it's not possible to make a unilateral SSL connection? Should there be a more user-friendly error message? Thanks for any help.
Mitch
Hi Mitch,
When I first added the SSL stuff, not passing a certificate and key worked. I haven't tested this for a while, and it seems the CL+SSL version you are using somehow doesn't support it. All Postmodern does is call (make-ssl-stream socket :key *ssl-key-file* :certificate *ssl-certificate-file*) -- see cl-postgres/protocol.lisp.
Best, Marijn
Marijn Haverbeke wrote:
Hi Mitch,
When I first added the SSL stuff, not passing a certificate and key worked. I haven't tested this for a while, and it seems the CL+SSL version you are using somehow doesn't support it. All Postmodern does is call (make-ssl-stream socket :key *ssl-key-file* :certificate *ssl-certificate-file*) -- see cl-postgres/protocol.lisp.
Best, Marijn
Thanks. I looked at that and fooled around with it a little but can't figure out how to get it working. I am able to open a unilateral SSL connection fine from Lispworks. Is there a straightforward way to have Lispworks make the connection for Postmodern instead of CL+SSL?
Mitch
Is there a straightforward way to have Lispworks make the connection for Postmodern instead of CL+SSL?
Of course -- the use that's made of CL+SSL is very minimal. If Lispworks also has a 'convert raw socket to ssl socket' function it'll serve just as well as CL+SSL. As I mentioned, the relevant code is in cl-postgres/protocol.lisp. If you can get a Lispworks-specific approach working in a way that is compatible with the CL+SSL code (#+/#-, etc), I'd be happy to integrate it into the distribution.
Best, Marijn
postmodern-devel@common-lisp.net
-
Marijn Haverbeke -
Mitch Berkson