Changeset 40347 in project


Ignore:
Timestamp:
08/20/21 20:37:11 (5 weeks ago)
Author:
Vasilij Schneidermann
Message:

openssl: Avoid pipes in procedure signatures

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/eggref/5/openssl

    r40346 r40347  
    116116===== Client procedures
    117117
    118 <procedure>(ssl-connect (hostname <string>) #!optional (port <exact>) ((ctx <ssl-client-context|symbol|pair>) 'tls) (sni-name <string|bool>)) => <input-port>, <output-port></procedure>
     118<procedure>(ssl-connect (hostname <string>) #!optional (port <exact>) ((ctx <ssl-client-context-or-symbol-or-pair>) 'tls) (sni-name <string-or-bool>)) => <input-port>, <output-port></procedure>
    119119
    120120This procedure exists mainly for backwards compatibility. Consider using {{ssl-connect*}} instead, which uses better default settings.
     
    128128The optional {{sni-name}} argument determines whether a virtual hostname is sent with the connection handshake: If {{sni-name}} is a string, that value is sent as the virtual hostname. If {{sni-name}} is {{#t}} and the value of {{hostname}} does not look like a literal IPv4 or IPv6 address, it is sent as the virtual hostname. By default, no virtual hostname is sent.
    129129
    130 <procedure>(ssl-connect* #!key (hostname <string>) (port <exact>) ((sni-name <string|bool>) #t) ((protocol <symbol|pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #t)) => <input-port>, <output-port></procedure>
     130<procedure>(ssl-connect* #!key (hostname <string>) (port <exact>) ((sni-name <string-or-bool>) #t) ((protocol <symbol-or-pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string-or-blob>) (private-key <string-or-blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #t)) => <input-port>, <output-port></procedure>
    131131
    132132Convenience constructor for SSL connections that uses keyword arguments to convey client context initialization information. Uses sensible defaults for the protocol configuration, enables certificate verification and sends a virtual hostname by default.
     
    134134The {{hostname}} and {{port}} arguments determine the network address to connect to. See {{ssl-make-client-context*}} for a description of the other keyword arguments.
    135135
    136 <procedure>(ssl-make-client-context #!optional ((protocol <symbol|pair>) 'tls)) => <ssl-client-context></procedure>
     136<procedure>(ssl-make-client-context #!optional ((protocol <symbol-or-pair>) 'tls)) => <ssl-client-context></procedure>
    137137
    138138This procedure exists mainly for backwards compatibility. Consider using {{ssl-make-client-context*}} instead, which uses better default settings.
     
    161161By default, the context returned by {{ssl-make-client-context}} does not request verification of a server's certificate. Use {{ssl-set-verify!}} to enable such verification.
    162162
    163 <procedure>(ssl-make-client-context* #!key ((protocol <symbol|pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #t)) => <ssl-client-context></procedure>
     163<procedure>(ssl-make-client-context* #!key ((protocol <symbol-or-pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string-or-blob>) (private-key <string-or-blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #t)) => <ssl-client-context></procedure>
    164164
    165165Convenience constructor for client contexts that uses keyword arguments to convey initialization information. Uses sensible defaults for the protocol configuration and enables certificate verification.
     
    173173===== Server procedures
    174174
    175 <procedure>(ssl-listen (port <exact>) #!optional ((backlog <exact>) 4) ((hostname <string>) #f) ((ctx <ssl-client-context|symbol|pair>) 'tls)) => <ssl-listener></procedure>
     175<procedure>(ssl-listen (port <exact>) #!optional ((backlog <exact>) 4) ((hostname <string>) #f) ((ctx <ssl-client-context-or-symbol-or-pair>) 'tls)) => <ssl-listener></procedure>
    176176
    177177This procedure exists mainly for backwards compatibility. Consider using {{ssl-listen*}} instead, which uses better default settings.
     
    184184Call {{ssl-load-certificate-chain!}} and {{ssl-load-private-key!}} to avoid a {{"no shared cipher"}} error on accepting connections.
    185185
    186 <procedure>(ssl-listen* #!key (hostname <string>) ((port <exact>) 0) ((backlog <exact>) 4) ((protocol <symbol|pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #f)) => <ssl-listener></procedure>
     186<procedure>(ssl-listen* #!key (hostname <string>) ((port <exact>) 0) ((backlog <exact>) 4) ((protocol <symbol-or-pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string-or-blob>) (private-key <string-or-blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #f)) => <ssl-listener></procedure>
    187187
    188188Convenience constructor for an SSL listener that uses keyword arguments to convey initialization information. Uses sensible defaults for the protocol configuration.
     
    202202===== STARTTLS support
    203203
    204 <procedure>(ssl-start* (server? <bool>) (tcp-in <input-port>) (tcp-out <output-port>) #!key ((protocol <symbol|pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) (not server?)) (sni-name <string>)) => <input-port>, <output-port></procedure>
     204<procedure>(ssl-start* (server? <bool>) (tcp-in <input-port>) (tcp-out <output-port>) #!key ((protocol <symbol-or-pair>) 'tlsv12) ((cipher-list <any>) "DEFAULT") (certificate <string-or-blob>) (private-key <string-or-blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) (not server?)) (sni-name <string>)) => <input-port>, <output-port></procedure>
    205205
    206206Given existing TCP input and output ports, {{ssl-start*}} establishes an SSL context working on top of the TCP connection. The returned ports should be used for all further communication with the remote peer. {{ssl-start*}} acts similar to {{ssl-connect*}} if {{server?}} is false or to {{ssl-accept}} if {{server?}} is true. The arguments all behave analogous to those for {{ssl-connect*}} or {{ssl-listen*}}.
     
    208208===== Certificate procedures
    209209
    210 <procedure>(ssl-load-certificate-chain! (obj <ssl-client-context|ssl-listener>) (pathname/blob <string|blob>)) => <void></procedure>
     210<procedure>(ssl-load-certificate-chain! (obj <ssl-client-context-or-ssl-listener>) (pathname/blob <string-or-blob>)) => <void></procedure>
    211211
    212212Loads a PEM-format certification chain file or data blob for connections to be made
     
    219219corresponding key.
    220220
    221 <procedure>(ssl-load-private-key! (obj <ssl-client-context|ssl-listener>) (pathname/blob <string|blob>) #!optional ((rsa? <symbol|bool>) #t) ((asn1? <bool>) #f)) => <void></procedure>
     221<procedure>(ssl-load-private-key! (obj <ssl-client-context-or-ssl-listener>) (pathname/blob <string-or-blob>) #!optional ((rsa? <symbol-or-bool>) #t) ((asn1? <bool>) #f)) => <void></procedure>
    222222
    223223Loads the first private key from the file or data blob {{pathname/blob}} for the given client context
     
    230230If {{asn1?}} is {{#t}} and {{pathname/blob}} refers to a file, that file is parsed as ASN1 format instead of PEM.
    231231
    232 <procedure>(ssl-set-verify! (obj <ssl-client-context|ssl-listener>) (v <bool>)) => <void></procedure>
     232<procedure>(ssl-set-verify! (obj <ssl-client-context-or-ssl-listener>) (v <bool>)) => <void></procedure>
    233233
    234234Enables or disables verification of a connection peer's
     
    238238trusted certificate authorities with {{ssl-load-verify-root-certificates!}}.
    239239
    240 <procedure>(ssl-load-verify-root-certificates! (obj <ssl-client-context|ssl-listener>) (pathname <string>) #!optional ((dirname <string>) #f)) => <void></procedure>
     240<procedure>(ssl-load-verify-root-certificates! (obj <ssl-client-context-or-ssl-listener>) (pathname <string>) #!optional ((dirname <string>) #f)) => <void></procedure>
    241241
    242242Loads a PEM-format file containing trusted certificates that are used
     
    250250[[http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html|SSL_CTX_load_verify_locations]] for more details.
    251251
    252 <procedure>(ssl-load-suggested-certificate-authorities! (obj <ssl-client-context|ssl-listener>) (pathname <string>)) => <void></procedure>
     252<procedure>(ssl-load-suggested-certificate-authorities! (obj <ssl-client-context-or-ssl-listener>) (pathname <string>)) => <void></procedure>
    253253
    254254Loads a PEM-format file containing certificates that are used by a
     
    263263===== Cipher selection
    264264
    265 <procedure>(ssl-set-cipher-list! (obj <ssl-client-context|ssl-listener>) (v <any>)) => <void></procedure>
     265<procedure>(ssl-set-cipher-list! (obj <ssl-client-context-or-ssl-listener>) (v <any>)) => <void></procedure>
    266266
    267267Selects a list of allowed cipher suites that are used by an SSL client or server.
Note: See TracChangeset for help on using the changeset viewer.