I've made some progress with my stand-alone server using SSL but still can't quite get it to work. I'm hoping someone will have an new idea.
I finally figured out how to correctly generate the CA files without passwords. I start the server like this:
(hunchentoot:start-server :port 4000 :ssl-certificate-file "CA3/ca-cert.pem" :ssl-privatekey-file "CA3/private/ca-key.pem")
When I point a browser at the url https://achilles.olympus.net:4000/test it brings up a dialog box asking if I want to accept this unrecognized certificate. I say "yes" and it then times out after about fifteen seconds without producing any html.
I know it is going through the test html generator because I added a log-messages statement in it and it writes my message to the log.
And I know the html generator works alright because if I run the same server without SSL it generates the test page as it should.
Any ideas?
Regards, --Jeff
On Sat, 25 Nov 2006 18:52:54 -0800, Jeffrey Cunningham jeffrey@cunningham.net wrote:
I finally figured out how to correctly generate the CA files without passwords.
Aha!
When I point a browser at the url https://achilles.olympus.net:4000/test it brings up a dialog box asking if I want to accept this unrecognized certificate. I say "yes" and it then times out after about fifteen seconds without producing any html.
As I said - I think the best bet at this point is to try with another Lisp implementation. It /might/ be some FFI problem with CL+SSL that's hard to debug.
Edi was right - when I compiled my SSL testcase using SBCL it worked. So there is a problem with CMUCL. I was using 19d rev2 (x86 binary loaded from one of their mirrors).
--Jeff
On Thu, 30 Nov 2006 17:43:01 -0800, Jeffrey Cunningham jeffrey@cunningham.net wrote:
Edi was right - when I compiled my SSL testcase using SBCL it worked. So there is a problem with CMUCL. I was using 19d rev2 (x86 binary loaded from one of their mirrors).
It might be useful to report that to the CL+SSL maintainer. He'd probably prefer an isolated test case, but it's better than nothing.
Thanks for the info, Edi.