openssl egg Bindings to the OpenSSL SSL/TLS library Extension for Chicken Scheme Version 1.1.1 Thomas Chust



Similar documents
OpenSSL. Version January 28, 2010

OpenSSL: Secure Communication

HIGHSEC eid App Administration User Manual

Fuse MQ Enterprise Broker Administration Tutorials

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

Using SNMP with OnGuard

Third Party Software Used In PLEK500 (Utility for Win) v1.x.xx.xxx

Apache Software Foundation This product includes software developed by the Apache Software Foundation (

RSA Two Factor Authentication

Adobe DNG Flat Field Plug-in (1.0) Software Notices and/or Additional Terms and Conditions

Release Notes for. CounterPath Bria iphone Edition CounterPath Bria ipad Edition Version 3.1.0

Microsoft SharePoint

Introduction to OpenCV for Tegra. Shalini Gupta, Nvidia

Shrew Soft VPN Client Configuration for GTA Firewalls

System Center Virtual Machine Manager 2012 R2 Plug-In. Feature Description

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

ANZ TRANSACTIVE - MOBILE

Activelock Customer Management 1.0

Flask-SSO Documentation

Pulse Redundancy. User Guide

IMX Mobile Proxy Administration

Log Insight Manager. Deployment Guide

ANZ TRANSACTIVE MOBILE for ipad

CA DLP. Release Notes for Advanced Encryption. r12.0

Installing the Shrew Soft VPN Client

Software Package Document exchange (SPDX ) Tools. Version 1.2. Copyright The Linux Foundation. All other rights are expressly reserved.

Portions derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

Port Following. Port Following. Feature Description

RSA Two Factor Authentication. Feature Description

NetVault : SmartDisk v1.0.1 Release Notes Contents

[MD5 Message Digests] derived from the RSA Data Security, Inc. MD5 Message Digest Algorithm

Security whitepaper. CloudAnywhere.

Guide to Using DoD PKI Certificates in Outlook 2000

Installation and Configuration Guide Simba Technologies Inc.

Installation Guide Supplement

GEO Sticky DNS. GEO Sticky DNS. Feature Description

RSA Data Security, Inc. Portions derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

SSL Accelerated Services. SSL Accelerated Services for the LM5305-FIPS. Feature Description

Advanced Planning PDP Client for Microsoft Excel 1.3 Install PeopleBook

On-Core Software, LLC. 893 Sycamore Ave. Tinton Falls, NJ United States of America

R&S TSMW Radio Network Analyzer Open Source Acknowledgment

NetSuite End User License Agreement for Mobile Applications

Release Notes for CounterPath X-Lite 4 for Windows Version 4.8

Simba ODBC Driver with SQL Connector for Apache Cassandra

Sophos Enterprise Console quick startup guide. Product version: 5.1 Document date: June 2012

[The BSD License] Copyright (c) Jaroslaw Kowalski

AccuTerm 7 Cloud Edition Connection Designer Help. Copyright Zumasys, Inc.

Architecting the Future of Big Data

StoneGate SSL VPN Technical Note Adding Bundled Certificates

Enterprise Manager to Enterprise Console upgrade guide. Sophos Enterprise Manager version 4.7 Sophos Enterprise Console version 4.7.

Integrated Citrix Servers

Novell Nsure Audit Novell Nsure Audit Administration Guide. novdocx (ENU) 01 February ADMINISTRATION GUIDE

Digger Solutions. Intranet Open Source. Administrator s Guide

How To Use The Programs Of Ancient.Org

This script builds the FacebookSDK.framework that is distributed at

Release Notes for CounterPath Bria 3 for Windows Version 3.1.2

The Tor VM Project. Installing the Build Environment & Building Tor VM. Copyright The Tor Project, Inc. Authors: Martin Peck and Kyle Williams

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Security OpenSSL SSL. Roberta Daidone.

idp Connect for OutSystems applications

Open Source Used In Cisco D9865 Satellite Receiver Software Version 2.20

Adobe Connect Collaboration SDK Third Party Notices and/or Additional Terms and Conditions

RED HAT SECURE WEB SERVER 3.0 DEVELOPER EDITION FOR COBALT NETWORKS SERVERS

HP OpenView Adapter for SSL Using Radia

Sophos Anti-Virus for VMware vshield upgrade guide. Product version: 1.1

Guide to Using DoD PKI Certificates in Outlook

Avaya VPN Client Software Release (build 022)

Guide to Securing Microsoft Windows 2000 DHCP

Hyper V Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Virtual LoadMaster for Microsoft Hyper-V

Sophos Anti-Virus for Linux startup guide. Product version: 9

Release Notes for CounterPath Bria Android Edition CounterPath Bria Android Tablet Edition Version 3.2.0

PeopleSoft Enterprise 8.9 MP1 Financial Aid Updates to Financial Aid for CS Bundle 4 Regulatory Release

Open Source Used In Cisco IronPort Encryption SDK

Software Support Maintenance Agreement

Configuring and Integrating MAPI

Oracle s PeopleSoft 9.0 Recruiting and Admissions Changes and Updates for CS Bundle #38

Minor corrective content service pack to address customer and software issues. * This release is no longer available.

USING SSL/TLS WITH TERMINAL EMULATION

SimbaEngine SDK 9.5. OLE DB Implementation Guide. Simba Technologies Inc.

1. Install the SOAP Toolkit 3.0 on your computer. This is freely available from msdn.microsoft.com.

If you are submitting changes to the project, please see CONTRIBUTIONS file for more instructions.

AGILE RISK MANAGEMENT LLC MASTER SOFTWARE LICENSE AGREEMENT

SDN Adaptive Load Balancing. Feature Description

PAW Web Filter Version 0.30 (release) This Software is Open Source. project.sourceforge.net

S CHEDULER U SER M ANUAL

Boost Libraries Boost Software License Version 1.0

AIXM Change Management Charter

Citrix ShareFile Sync for Mac

Self Help Guides. Create a New User in a Domain

SBClient SSL. Ehab AbuShmais

Transcription:

openssl egg Bindings to the OpenSSL SSL/TLS library Extension for Chicken Scheme Version 1.1.1 Thomas Chust

i Table of Contents 1 About this egg............................ 1 1.1 Version history.............................................. 1 1.2 Usage...................................................... 1 2 Documentation............................ 2 2.1 Client procedures............................................ 3 2.2 Server procedures........................................... 3 2.3 Certificate procedures....................................... 4 3 License.................................... 6 Index........................................ 7

Chapter 1: About this egg 1 1 About this egg 1.1 Version history 1.1.1 Output that would block properly suspends threads now 1.1.0 ##sys#tcp-port->fileno and tcp-addresses are now supported on SSL ports 1.0.0 Corrections, tests against openssl s_server, openssl s_client and comparison with the PLT module 0.4.0 Server functionality added 0.3.1 Client-only with certificate functions 0.2.0 Client-only prerelease 1.2 Usage Load this egg like so: (require-extension openssl)

Chapter 2: Documentation 2 2 Documentation This reference is basically a copy of the documentation of PLT Scheme s openssl module. The API provided here is largely compatible with that one. The exceptions are the missing.../enable-break and ssl-available? procedures and the missing reuse? argument to ssl-listen. Please note that all the procedures described here may fail and raise a non-continuable exception of the composite type (exn i/o net openssl). The openssl property condition contains a property called status which will be bound to a symbol corresponding to the OpenSSL error code that was encountered. It may have the following values: Symbol zero-return want-read want-write want-connect want-accept want-x509-lookup syscall ssl Meaning The SSL/TLS connection was shut down unexpectedly but in a controlled way The operation didn t finish because data must be read from a nonblocking socket. This error condition only occurs though, when it could not be handled automatically because there is actually no socket involved or some other strange thing happended in the OpenSSL library. The operation didn t finish because data must be read from a nonblocking socket. The same comment as for want-read applies. The operation didn t finish because a nonblocking socket must first be connected. The same comment as for want-read applies. The operation didn t finish because a nonblocking socket must first be acepted. The same comment as for want-read applies. The operation failed because an application callback that could not even have been registered through this API was apparently registered anyway and has asked to be called again. Some low-level I/O error occurred. Something went wrong in the OpenSSL library itself. #f The error is not classified

Chapter 2: Documentation 3 Of course the exception that is thrown also has an appropriate message set. If you feel that this documentation lacks some information, please also consider the manual pages of OpenSSL. 2.1 Client procedures ssl-connect (ssl-connect (hostname <string>) #!optional (port <exact>) ((ctx <ssl-client-conte Connect to the given host on the given port (a number from 1 to 65535). This connection will be encrypted using SSL. The return values are as tcp-connect; an input port and an output port. The optional ctx argument determines which encryption protocol is used, whether the server s certificate is checked, etc. The argument can be either a client context created by ssl-make-client-context (see below), or one of the following symbols: sslv2- or-v3 (the default), sslv2, sslv3, or tls. See ssl-make-client-context for further details, including the meanings of the protocol symbols. ssl-make-client-context (ssl-make-client-context #!optional ((protocol <symbol>) sslv2-or-v3)) => <ssl-cl Creates a context to be supplied to ssl-connect. The context identifies a communication protocol (as selected by protocol), and also holds certificate information (i.e., the client s identity, its trusted certificate authorities, etc.). See the "Certificate procedures" section below for more information on certificates. The protocol must be one of the following: Symbol sslv2-or-v3 Meaning SSL protocol versions 2 or 3, as appropriate sslv2 SSL protocol version 2 sslv3 SSL protocol version 3 tls the TLS protocol version 1 By default, the context returned by ssl-make-client-context does not request verification of a server s certificate. Use ssl-set-verify! to enable such verification. ssl-client-context? (ssl-client-context? (obj <top>)) => <bool> Returns #t if obj is a value produced by ssl-make-client-context, #f otherwise. 2.2 Server procedures ssl-listen (ssl-listen (port <exact>) #!optional ((backlog <exact>) 4) ((hostname <string>) #

Chapter 2: Documentation 4 Like tcp-listen, but the result is an SSL listener. The extra optional ctx argument is as for ssl-connect. Call ssl-load-certificate-chain! and ssl-load-private-key! to avoid a "no shared cipher" error on accepting connections. ssl-close ssl-listener? ssl-listener-port ssl-listener-fileno ssl-listener-accept-ready? ssl-accept (ssl-close (listener <ssl-listener>)) => <void> (ssl-listener? (obj <top>)) => <bool> (ssl-listener-port (listener <ssl-listener>)) => <exact> (ssl-listener-fileno (listener <ssl-listener>)) => <exact> (ssl-listener-accept-ready? (listener <ssl-listener>)) => <bool> (ssl-accept (listener <ssl-listener>)) => <input-port>, <output-port> Analogous to tcp-close, tcp-listener?, tcp-listener-port, tcp-listenerfileno, tcp-accept-ready? and tcp-accept. 2.3 Certificate procedures ssl-load-certificate-chain! (ssl-load-certificate-chain! (obj <ssl-client-context ssl-listener>) (pathname <st Loads a PEM-format certification chain file for connections to be made with the given context (created by ssl-make-context) or listener (created by ssl-listener). This chain is used to identify the client or server when it connects or accepts connections. Loading a chain overwrites the old chain. Also call ssl-load-private-key! to load the certificate s corresponding key. ssl-load-private-key! (ssl-load-private-key! (obj <ssl-client-context ssl-listener>) (pathname <string>) Loads the first private key from pathname for the given client context or listener. The key goes with the certificate that identifies the client or server. If rsa? is #t, the first RSA key is read (i.e., non-rsa keys are skipped). If asn1? is #t, the file is parsed as ASN1 format instead of PEM. ssl-set-verify! (ssl-set-verify! (obj <ssl-client-context ssl-listener>) (v <bool>)) => <void> Enables or disables verification of a connection peer s certificates. By default, verification is disabled. Enabling verification also requires, at a minimum, designating trusted certificate authorities with ssl-load-verify-root-certificates!. ssl-load-verify-root-certificates! (ssl-load-verify-root-certificates! (obj <ssl-client-context ssl-listener>) (pathn

Chapter 2: Documentation 5 Loads a PEM-format file containing trusted certificates that are used to verify the certificates of a connection peer. Call this procedure multiple times to load multiple sets of trusted certificates. The optional second argument specifies a directory in which certificates are automatically looked up. You may also only pass a path in this argument and pass #f as the first argument to this procedure. See the OpenSSL documentation on SSL_CTX_ load_verify_locations for more details. ssl-load-suggested-certificate-authorities! (ssl-load-suggested-certificate-authorities! (obj <ssl-client-context ssl-listener Loads a PEM-format file containing certificates that are used by a server. The certificate list is sent to a client when the server requests a certificate as an indication of which certificates the server trusts. Loading the suggested certificates does not imply trust, however; any certificate presented by the client will be checked using the trusted roots loaded by ssl-loadverify-root-certificates!.

Chapter 3: License 6 3 License Copyright (c) 2005, Thomas Chust <chust@web.de>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Index 7 Index ssl-accept.................................. 4 ssl-client-context?......................... 3 ssl-close.................................... 4 ssl-connect................................. 3 ssl-listen.................................. 3 ssl-listener-accept-ready?................. 4 ssl-listener-fileno......................... 4 ssl-listener-port........................... 4 ssl-listener?............................... 4 ssl-load-certificate-chain!................ 4 ssl-load-private-key!....................... 4 ssl-load-suggested-certificate-authorities!......................................... 5 ssl-load-verify-root-certificates!......... 4 ssl-make-client-context.................... 3 ssl-set-verify!............................. 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information