(index ("ssl-handshake-timeout" 0) ("ssl-shutdown-timeout" 423) ("ssl-default-certificate-authority-directory" 648) ("ssl-make-client-context" 950) ("ssl-make-client-context*" 2558) ("ssl-client-context?" 4084) ("ssl-listen*" 4348) ("ssl-close" 6094) ("ssl-listener?" 6094) ("ssl-listener-port" 6094) ("ssl-listener-fileno" 6094) ("ssl-listener-accept-ready?" 6094) ("ssl-accept" 6094) ("ssl-start*" 6842) ("ssl-load-certificate-chain!" 7783) ("ssl-port?" 8385) ("ssl-port->tcp-port" 8569))
(def (sig (parameter "(ssl-handshake-timeout [TIMEOUT])" (id ssl-handshake-timeout))) (p "The time in milliseconds to wait for a SSL handshake to complete (after " (tt "ssl-connect") " or " (tt "ssl-accept") "). Defaults to 120000, ie two minutes.") (p (b "note") ": The handshake is only initiated after the first read or the first write action occurs on the connection, so the timer is started upon that first action."))
(def (sig (parameter "(ssl-shutdown-timeout [TIMEOUT])" (id ssl-shutdown-timeout))) (p "The time in milliseconds to wait for a SSL shutdown operation to complete (after closing a port). Defaults to 120000, ie two minutes."))
(def (sig (parameter "(ssl-default-certificate-authority-directory [DIRECTORY])" (id ssl-default-certificate-authority-directory))) (p "The default directory containing trusted CA certificates that is used if verification is enabled but not explicitly configured using the convenience constructors."))
(def (sig (procedure "(ssl-make-client-context #!optional ((protocol <symbol>) 'sslv2-or-v3)) => <ssl-client-context>" (id ssl-make-client-context))) (p "This procedure exists mainly for backwards compatibility. Consider using " (tt "ssl-make-client-context*") " instead, which uses better default settings.") (p "Creates a context to be supplied to " (tt "ssl-connect") ". The context identifies a communication protocol (as selected by " (tt "protocol") "), and also holds certificate information (i.e., the client's identity, its trusted certificate authorities, etc.). See the \"Certificate procedures\" section below for more information on certificates.") (p "The " (tt "protocol") " must be one of the following:") (dl (dt (tt "'sslv2-or-v3")) (dd "TLS protocol or SSL protocol versions 2 or 3, as appropriate") (dt (tt "'sslv3")) (dd "SSL protocol version 3") (dt (tt "'tls") " or " (tt "'tlsv1")) (dd "the TLS protocol version 1") (dt (tt "'tlsv11")) (dd "the TLS protocol version 1.1") (dt (tt "'tlsv12")) (dd "the TLS protocol version 1.2")) (p "The default protocol is " (tt "'sslv2-or-v3") ", which ensures maximum compatibility with other endpoints. Note, however, that this choice is not particularly secure. Vulnerabilities affecting only the legacy protocols can be avoided by explicitly requesting the " (tt "'tls") " protocol, if every peer you will be communicating with is supporting this.") (p "By default, the context returned by " (tt "ssl-make-client-context") " does not request verification of a server's certificate. Use " (tt "ssl-set-verify!") " to enable such verification."))
(def (sig (procedure "(ssl-make-client-context* #!key ((protocol <symbol>) 'tlsv12) ((cipher-list <any>) \"DEFAULT\") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #t)) => <ssl-client-context>" (id ssl-make-client-context*))) (p "Convenience constructor for client contexts that uses keyword arguments to convey initialization information. Uses sensible defaults for the protocol configuration and enables certificate verification.") (p "The " (tt "protocol") " can be any of the choices available for " (tt "ssl-make-client-context") ", but it defaults to the modern " (tt "'tlsv12") ". You can customize the list of allowed cipher suites using the " (tt "cipher-list") " argument, which is passed to " (tt "ssl-set-cipher-list!") ". A client certificate and associated private key can be loaded using the " (tt "certificate") " and " (tt "private-key") " arguments, which may be strings representing file paths or blobs containing the data itself; see " (tt "ssl-load-certificate-chain!") " and " (tt "ssl-load-private-key!") " for details. The verification of server certificates may be enabled (the default) or disabled using " (tt "verify?") "; the set of trusted CA certificates can be specified by " (tt "certificate-authorities") " and " (tt "certificate-authority-directory") ", which are passed to " (tt "ssl-load-verify-root-certificates!") "."))
(def (sig (procedure "(ssl-client-context? (obj <top>)) => <bool>" (id ssl-client-context?))) (p "Returns " (tt "#t") " if " (tt "obj") " is a value produced by " (tt "ssl-make-client-context") " or " (tt "ssl-make-client-context*") ", " (tt "#f") " otherwise."))
(def (sig (procedure "(ssl-listen* #!key (hostname <string>) ((port <exact>) 0) ((backlog <exact>) 4) ((protocol <symbol>) 'tlsv12) ((cipher-list <any>) \"DEFAULT\") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) #f)) => <ssl-listener>" (id ssl-listen*))) (p "Convenience constructor for an SSL listener that uses keyword arguments to convey initialization information. Uses sensible defaults for the protocol configuration.") (p "The " (tt "hostname") " argument determines the local network interface to listen on and defaults to the wildcard address. The " (tt "port") " arguments determine the local network port to listen to and defaults to a randomly selected port. The " (tt "protocol") " can be any of the choices available for " (tt "ssl-listen") ", but it defaults to the modern " (tt "'tlsv12") ". You can customize the list of allowed cipher suites using the " (tt "cipher-list") " argument, which is passed to " (tt "ssl-set-cipher-list!") ". A server certificate and associated private key can be loaded using the " (tt "certificate") " and " (tt "private-key") " arguments, which may be strings representing file paths or blobs containing the data itself; see " (tt "ssl-load-certificate-chain!") " and " (tt "ssl-load-private-key!") " for details. The verification of client certificates may be enabled or disabled (the default) using " (tt "verify?") "; the set of trusted CA certificates can be specified by " (tt "certificate-authorities") " and " (tt "certificate-authority-directory") ", which are passed to " (tt "ssl-load-verify-root-certificates!") "."))
(def (sig (procedure "(ssl-close (listener <ssl-listener>)) => <void>" (id ssl-close)) (procedure "(ssl-listener? (obj <top>)) => <bool>" (id ssl-listener?)) (procedure "(ssl-listener-port (listener <ssl-listener>)) => <exact>" (id ssl-listener-port)) (procedure "(ssl-listener-fileno (listener <ssl-listener>)) => <exact>" (id ssl-listener-fileno)) (procedure "(ssl-listener-accept-ready? (listener <ssl-listener>)) => <bool>" (id ssl-listener-accept-ready?)) (procedure "(ssl-accept (listener <ssl-listener>)) => <input-port>, <output-port>" (id ssl-accept))) (p "Analogous to " (tt "tcp-close") ", " (tt "tcp-listener?") ", " (tt "tcp-listener-port") ", " (tt "tcp-listener-fileno") ", " (tt "tcp-accept-ready?") " and " (tt "tcp-accept") "."))
(def (sig (procedure "(ssl-start* (server? <bool>) (sni-name <string>) (tcp-in <input-port>) (tcp-out <output-port>) #!key ((protocol <symbol>) 'tlsv12) ((cipher-list <any>) \"DEFAULT\") (certificate <string|blob>) (private-key <string|blob>) ((private-key-type <symbol>) 'rsa) (private-key-asn1? <bool>) (certificate-authorities <string>) (certificate-authority-directory <string>) ((verify? <bool>) (not server?))) => <input-port>, <output-port>" (id ssl-start*))) (p "Given existing TCP input and output ports, " (tt "ssl-start*") " establishes an SSL context working on top of the TCP connection. The returned ports should be used for all further communication with the remote peer. " (tt "ssl-start*") " acts similar to " (tt "ssl-connect*") " if " (tt "server?") " is false or to " (tt "ssl-accept") " if " (tt "server?") " is true. The arguments all behave analogous to those for " (tt "ssl-connect*") " or " (tt "ssl-listen*") "."))
(def (sig (procedure "(ssl-load-certificate-chain! (obj <ssl-client-context|ssl-listener>) (pathname/blob <string|blob>)) => <void>" (id ssl-load-certificate-chain!))) (p "Loads a PEM-format certification chain file or data blob for connections to be made with the given context (created by " (tt "ssl-make-context") ") or listener (created by " (tt "ssl-listener") ").") (p "This chain is used to identify the client or server when it connects or accepts connections. Loading a chain overwrites the old chain. Also call " (tt "ssl-load-private-key!") " to load the certificate's corresponding key."))
(def (sig (procedure "(ssl-port? obj) => <boolean>" (id ssl-port?))) (p "Predicate for SSL ports; returns " (tt "#t") " if " (tt "obj") " is an SSL port, " (tt "#f") " if it isn't."))
(def (sig (procedure "(ssl-port->tcp-port p) => <tcp-port>" (id ssl-port->tcp-port))) (p "Convert SSL port " (tt "p") " to the raw underlying TCP port.") (p "This is mostly useful if you need to obtain extra information about the connection, like for example " (tt "tcp-addresses") ".  Note that you generally " (i "cannot") " safely send data over the port, as that would interfere with OpenSSL's operation."))
