Lispworks and SSL

First of all, apologies for the inter-mailing list cross post.


I've recently tried to upgrade our version of portableaserve
from something totally ancient (1.2.12 ?) to the latest CVS
version.

When I did this, SSL support (i.e. HTTPS) stopped working.
I tried with both my old version of cl-ssl, and what
appears to be the currently available version.

Does anyone have SSL (server side) support working with 
portableaserve under Lispworks?  If so, what is your setup?


Furthermore, I note that there is now support for client side SSL
using LW's native ssl support, i.e. the method

#+(and :lispworks4.4 (not :cl-ssl))
(defmethod make-ssl-client-stream ((socket-stream bidirectional-binary-socket-stream) &rest options)
  (declare (ignore options))
  (comm:attach-ssl socket-stream :ssl-ctx t :ssl-side :client)
  socket-stream)

There is however no method for MAKE-SSL-SERVER-STREAM.
Does anyone know how to write one?  My take is you have
to use the :CTX-CONFIGURE-CALLBACK and :SSL-CONFIGURE-CALLBACK
methods to put in some info relating to the certificate and
password files into the stream, but I don't know enough details
on exactly what to do.  

I tried this for kicks

(defmethod make-ssl-server-stream ((socket-stream bidirectional-binary-socket-stream) &rest options)
  (declare (ignore options))
  (flet ((ctx-configure-callback (ctx)
	   (comm:set-ssl-ctx-options ctx :all t))
	 (ssl-configure-callback (ssl)
	   (comm:ssl-use-certificate-file my-ssl "/tmp/ca.crt" COMM:SSL_FILETYPE_ASN1)))
    (comm:attach-ssl socket-stream :ssl-ctx t :ssl-side :server
		     :ctx-configure-callback #'ctx-configure-callback
		     :ssl-configure-callback #'ssl-configure-callback))
  socket-stream)

But that's as far as I got.  This is incomplete because it doesn't
reference the key file "ca.key" (what aserve calls the :ssl-password
argument).  Also, I have no idea what ctx-options I'm supposed to set.

If someone's already done this, or knows exactly how to do this, we
could remove the requirement for :cl-ssl entirely, at least under
lispworks, to provide HTTPS support.

Anyone?  Please???  :-)

Thanks
				--ap

Re: Lispworks and SSL

On Wed, 19 Oct 2005 11:23:12 +1000, Alain.Picard@memetrics.com wrote:

> This is incomplete because it doesn't reference the key file
> "ca.key" (what aserve calls the :ssl-password argument).

I'm just guessing here but there's SET-SSL-CTX-PASSWORD-CALLBACK:

  <http://www.lispworks.com/documentation/lw445/LWRM/html/lwref-40.htm>

Cheers,
Edi.

Re: Lispworks and SSL

On Wed, 19 Oct 2005 11:23:12 +1000, Alain.Picard@memetrics.com wrote:

> Also, I have no idea what ctx-options I'm supposed to set.

The options are explained here:

  <http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html>

Cheers,
Edi.

Re: Lispworks and SSL

Alain.Picard@memetrics.com wrote:

>First of all, apologies for the inter-mailing list cross post.
>
>
>I've recently tried to upgrade our version of portableaserve
>from something totally ancient (1.2.12 ?) to the latest CVS
>version.
>
>When I did this, SSL support (i.e. HTTPS) stopped working.
>I tried with both my old version of cl-ssl, and what
>appears to be the currently available version.
>
>Does anyone have SSL (server side) support working with 
>portableaserve under Lispworks?  If so, what is your setup?
>
>
>  
>

Yes, I have SSL working under both LWW and LWL.  It takes some massaging,
and it is not obvious as to what to do.   Give me a bit and I will pack 
up what I
have and post it somewhere.  The version of cl-ssl I use is (0.1.2), 
basically
I build/load cl-ssl before (load "INSTALL.lisp") with portable aserve.  
But you have
to push some ssl features into *features* before loading portableaserve 
and then make sure
that you force a recompile of pserve.

Here is defsystem.lisp file I use to load aserve with ssl support on 
Linux.  I think there
is some other things you might have to change in miscellaneous files 
somewhere.

;; Westmount Charter School - School Council Web Portal
;;
;;
;; Load This File First!

(in-package :common-lisp-user)

(setf (logical-pathname-translations "WESTMOUNT-COUNCIL")
      `(("**;*"
         ,(make-pathname :host (pathname-host *load-truename*)
                         :directory (append (pathname-directory 
*load-truename*) '(:wild-inferiors))
                         :name :wild))))

(progn
  (unless (member :cl-ssl *features*)
    (load "/home/wade/cl-ssl/cl-ssl.asd"))
  (asdf:operate 'asdf:load-op :cl-ssl)
  (pushnew :ssl-available *features*))

(unless (member :aserve *features*)
  #+cmu(load "/home/wade/portableaserve/INSTALL.lisp")
  #+lispworks(load "/home/wade/aserve/INSTALL.lisp"))

(defpackage :xhtml
  (:use :common-lisp)
  (:export "*XHTML-STREAM*"
           "DEFTAG"
       "CONTENT-->"))

(defpackage :westmount-council
  (:use :common-lisp :acl-compat.excl :net.aserve :xhtml)
  (:nicknames :westmount))

(asdf:defsystem :westmount-council
    :version "04-09-2004.0"
    :components
    ((:file "xhtml")
     (:file "csv-parser")
     (:file "calendar")
     (:file "web-base" :depends-on ("xhtml" "csv-parser" "calendar"))
     (:file "school-calendar" :depends-on ("web-base"))
     (:file "teachers" :depends-on ("web-base"))
     (:file "volunteer" :depends-on ("web-base"))
     (:file "practicum" :depends-on ("web-base" "volunteer"))
     (:file "web-pages" :depends-on ("volunteer" "practicum" "teachers" 
"school-calendar")))
    :depends-on (:cl-smtp :aserve))

(asdf:oos 'asdf:load-op :westmount-council)

(in-package :westmount-council)

(setf *volunteer-filename*
      (translate-logical-pathname "WESTMOUNT-COUNCIL:data;volunteers.db"))



Wade