This is openssl.egg.info, produced by makeinfo version 4.7 from eggdoc-output.texi. INFO-DIR-SECTION The Algorithmic Language Scheme START-INFO-DIR-ENTRY * openssl.egg: (openssl.egg). Bindings to the OpenSSL SSL/TLS library END-INFO-DIR-ENTRY  File: openssl.egg.info, Node: Top, Next: About this egg, Up: (dir) openssl egg *********** Bindings to the OpenSSL SSL/TLS library Written by Thomas Chust (http://www.chust.org/) This manual corresponds to version 1.1.1 of the openssl extension library for Chicken Scheme. * Menu: * About this egg:: * Documentation:: * License:: * Index::  File: openssl.egg.info, Node: About this egg, Next: Documentation, Prev: Top, Up: Top 1 About this egg **************** * Menu: * Version history:: * Usage::  File: openssl.egg.info, Node: Version history, Next: Usage, Up: About this egg 1.1 Version history =================== `1.1.1' Output that would block properly suspends threads now `1.1.0' `##sys#tcp-port->fileno' and `tcp-addresses' are now supported on SSL ports `1.0.0' Corrections, tests against `openssl s_server, openssl s_client' and comparison with the PLT module `0.4.0' Server functionality added `0.3.1' Client-only with certificate functions `0.2.0' Client-only prerelease  File: openssl.egg.info, Node: Usage, Prev: Version history, Up: About this egg 1.2 Usage ========= Load this egg like so: `(require-extension openssl)'  File: openssl.egg.info, Node: Documentation, Next: License, Prev: About this egg, Up: Top 2 Documentation *************** This reference is basically a copy of the documentation of PLT Scheme's (http://www.plt-scheme.org/) openssl module. The API provided here is largely compatible with that one. The exceptions are the missing `.../enable-break' and `ssl-available?' procedures and the missing `reuse?' argument to `ssl-listen'. Please note that all the procedures described here may fail and raise a non-continuable exception of the composite type `(exn i/o net openssl)'. The `openssl' property condition contains a property called `status' which will be bound to a symbol corresponding to the OpenSSL error code that was encountered. It may have the following values: Symbol Meaning ------------------------------------------------------------------- `'zero-return' The SSL/TLS connection was shut down unexpectedly but in a controlled way `'want-read' The operation didn't finish because data must be read from a nonblocking socket. This error condition only occurs though, when it could not be handled automatically because there is actually no socket involved or some other strange thing happended in the OpenSSL library. `'want-write' The operation didn't finish because data must be read from a nonblocking socket. The same comment as for `'want-read' applies. `'want-connect' The operation didn't finish because a nonblocking socket must first be connected. The same comment as for `'want-read' applies. `'want-accept' The operation didn't finish because a nonblocking socket must first be acepted. The same comment as for `'want-read' applies. `'want-X509-lookup' The operation failed because an application callback that could not even have been registered through this API was apparently registered anyway and has asked to be called again. `'syscall' Some low-level I/O error occurred. `'ssl' Something went wrong in the OpenSSL library itself. `#f' The error is not classified Of course the exception that is thrown also has an appropriate message set. If you feel that this documentation lacks some information, please also consider the manual pages of OpenSSL (http://www.openssl.org/docs/ssl/ssl.html). * Menu: * Client procedures:: * Server procedures:: * Certificate procedures::  File: openssl.egg.info, Node: Client procedures, Next: Server procedures, Up: Documentation 2.1 Client procedures ===================== -- procedure: ssl-connect (ssl-connect (hostname ) #!optional (port ) ((ctx ) 'sslv2-or-v3)) => , Connect to the given `host' on the given `port' (a number from 1 to 65535). This connection will be encrypted using SSL. The return values are as tcp-connect; an input port and an output port. The optional `ctx' argument determines which encryption protocol is used, whether the server's certificate is checked, etc. The argument can be either a client context created by `ssl-make-client-context' (see below), or one of the following symbols: `'sslv2-or-v3' (the default), `'sslv2', `'sslv3', or `'tls'. See `ssl-make-client-context' for further details, including the meanings of the protocol symbols. -- procedure: ssl-make-client-context (ssl-make-client-context #!optional ((protocol ) 'sslv2-or-v3)) => Creates a context to be supplied to `ssl-connect'. The context identifies a communication protocol (as selected by `protocol'), and also holds certificate information (i.e., the client's identity, its trusted certificate authorities, etc.). See the "Certificate procedures" section below for more information on certificates. The `protocol' must be one of the following: Symbol Meaning -------------------------------------------------------------- `'sslv2-or-v3' SSL protocol versions 2 or 3, as appropriate `'sslv2' SSL protocol version 2 `'sslv3' SSL protocol version 3 `'tls' the TLS protocol version 1 By default, the context returned by `ssl-make-client-context' does not request verification of a server's certificate. Use `ssl-set-verify!' to enable such verification. -- procedure: ssl-client-context? (ssl-client-context? (obj )) => Returns `#t' if `obj' is a value produced by `ssl-make-client-context', `#f' otherwise.  File: openssl.egg.info, Node: Server procedures, Next: Certificate procedures, Prev: Client procedures, Up: Documentation 2.2 Server procedures ===================== -- procedure: ssl-listen (ssl-listen (port ) #!optional ((backlog ) 4) ((hostname ) #f) ((ctx ) 'sslv2-or-v3)) => Like `tcp-listen', but the result is an SSL listener. The extra optional `ctx' argument is as for `ssl-connect'. Call `ssl-load-certificate-chain!' and `ssl-load-private-key!' to avoid a `"no shared cipher"' error on accepting connections. -- procedure: ssl-close -- procedure: ssl-listener? -- procedure: ssl-listener-port -- procedure: ssl-listener-fileno -- procedure: ssl-listener-accept-ready? -- procedure: ssl-accept (ssl-close (listener )) => (ssl-listener? (obj )) => (ssl-listener-port (listener )) => (ssl-listener-fileno (listener )) => (ssl-listener-accept-ready? (listener )) => (ssl-accept (listener )) => , Analogous to `tcp-close', `tcp-listener?', `tcp-listener-port', `tcp-listener-fileno', `tcp-accept-ready?' and `tcp-accept'.  File: openssl.egg.info, Node: Certificate procedures, Prev: Server procedures, Up: Documentation 2.3 Certificate procedures ========================== -- procedure: ssl-load-certificate-chain! (ssl-load-certificate-chain! (obj ) (pathname )) => Loads a PEM-format certification chain file for connections to be made with the given context (created by `ssl-make-context') or listener (created by `ssl-listener'). This chain is used to identify the client or server when it connects or accepts connections. Loading a chain overwrites the old chain. Also call `ssl-load-private-key!' to load the certificate's corresponding key. -- procedure: ssl-load-private-key! (ssl-load-private-key! (obj ) (pathname ) #!optional ((rsa? ) #t) ((asn1? ) #f)) => Loads the first private key from `pathname' for the given client context or listener. The key goes with the certificate that identifies the client or server. If `rsa?' is `#t', the first RSA key is read (i.e., non-RSA keys are skipped). If `asn1?' is `#t', the file is parsed as ASN1 format instead of PEM. -- procedure: ssl-set-verify! (ssl-set-verify! (obj ) (v )) => Enables or disables verification of a connection peer's certificates. By default, verification is disabled. Enabling verification also requires, at a minimum, designating trusted certificate authorities with `ssl-load-verify-root-certificates!'. -- procedure: ssl-load-verify-root-certificates! (ssl-load-verify-root-certificates! (obj ) (pathname ) #!optional ((dirname ) #f)) => Loads a PEM-format file containing trusted certificates that are used to verify the certificates of a connection peer. Call this procedure multiple times to load multiple sets of trusted certificates. The optional second argument specifies a directory in which certificates are automatically looked up. You may also only pass a path in this argument and pass `#f' as the first argument to this procedure. See the OpenSSL documentation on `SSL_CTX_load_verify_locations' (http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html) for more details. -- procedure: ssl-load-suggested-certificate-authorities! (ssl-load-suggested-certificate-authorities! (obj ) (pathname )) => Loads a PEM-format file containing certificates that are used by a server. The certificate list is sent to a client when the server requests a certificate as an indication of which certificates the server trusts. Loading the suggested certificates does not imply trust, however; any certificate presented by the client will be checked using the trusted roots loaded by `ssl-load-verify-root-certificates!'.  File: openssl.egg.info, Node: License, Next: Index, Prev: Documentation, Up: Top 3 License ********* Copyright (c) 2005, Thomas Chust . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  File: openssl.egg.info, Node: Index, Prev: License, Up: Top Index ***** [index] * Menu: * ssl-accept: Server procedures. (line 21) * ssl-client-context?: Client procedures. (line 46) * ssl-close: Server procedures. (line 16) * ssl-connect: Client procedures. (line 7) * ssl-listen: Server procedures. (line 7) * ssl-listener-accept-ready?: Server procedures. (line 20) * ssl-listener-fileno: Server procedures. (line 19) * ssl-listener-port: Server procedures. (line 18) * ssl-listener?: Server procedures. (line 17) * ssl-load-certificate-chain!: Certificate procedures. (line 7) * ssl-load-private-key!: Certificate procedures. (line 19) * ssl-load-suggested-certificate-authorities!: Certificate procedures. (line 56) * ssl-load-verify-root-certificates!: Certificate procedures. (line 40) * ssl-make-client-context: Client procedures. (line 22) * ssl-set-verify!: Certificate procedures. (line 30)  Tag Table: Node: Top246 Node: About this egg601 Node: Version history769 Node: Usage1307 Node: Documentation1471 Node: Client procedures4386 Node: Server procedures6644 Node: Certificate procedures7994 Node: License11096 Node: Index12703  End Tag Table