|
29 | 29 |
|
30 | 30 | (defun ensure-init (&key from-load)
|
31 | 31 | (unless *ssl-init*
|
32 |
| - (cffi:foreign-funcall ("SSL_library_init") :void) |
33 |
| - (cffi:foreign-funcall ("SSL_load_error_strings") :void) |
34 |
| - (cffi:foreign-funcall ("ERR_load_BIO_strings") :void) |
| 32 | + (if (cffi:foreign-symbol-pointer "SSL_library_init" ) |
| 33 | + (cffi:foreign-funcall "SSL_library_init" :void) |
| 34 | + (cffi:foreign-funcall "OPENSSL_init_ssl" :int 0 :int 0)) |
| 35 | + (when (cffi:foreign-symbol-pointer "SSL_load_error_strings") |
| 36 | + (cffi:foreign-funcall "SSL_load_error_strings" :void)) |
| 37 | + (cffi:foreign-funcall "ERR_load_BIO_strings" :void) |
35 | 38 | (unless from-load
|
36 | 39 | (setf *ssl-init* t)))))
|
37 | 40 |
|
|
322 | 325 | (stream-socket socket/stream)
|
323 | 326 | socket/stream))
|
324 | 327 | (ctx (or ssl-ctx
|
325 |
| - (let ((ctx (create-ssl-ctx :method :tlsv1-client :options ssl-options))) |
| 328 | + (let ((ctx (create-ssl-ctx :options ssl-options))) |
326 | 329 | (ssl-ctx-set-default-verify-paths ctx)
|
327 | 330 | ;; TODO better verify support
|
328 | 331 | (ssl-ctx-set-verify ctx +ssl-verify-none+ (cffi:null-pointer))
|
|
340 | 343 | (funcall connect-cb sock/stream))))
|
341 | 344 | (lambda (ssl)
|
342 | 345 | (ssl-set-connect-state ssl))
|
| 346 | + :store-ctx (not ssl-ctx) |
343 | 347 | :ciphers ciphers)
|
344 | 348 | ;; now that the 'socket class was replaced with 'ssl-socket, we can safely
|
345 | 349 | ;; write out our data and it will be buffered properly.
|
|
377 | 381 | (:pem +ssl-filetype-pem+)
|
378 | 382 | (:asn1 +ssl-filetype-asn1+)
|
379 | 383 | (t +ssl-x509-filetype-default+)))
|
380 |
| - (res (ssl-ctx-use-privatekey-file ctx (namestring certificate) type))) |
| 384 | + (res (ssl-ctx-use-privatekey-file ctx (namestring key) type))) |
381 | 385 | (when (<= res 0)
|
382 | 386 | (let* ((code (ssl-err-get-error))
|
383 | 387 | (msg (ssl-err-error-string code (cffi:null-pointer))))
|
|
0 commit comments