Make a new SSL client stream on the given socket fd, returning the new stream upon success, and signaling an appropriate error upon failure. The socket fd is not closed upon a failure, and the caller is expected to ensure the socket is closed if necessary.

:element-type

Indicates the element type to use. Only the character and '(unsigned-byte 8) types are supported.

:external-format

For a character stream this is the external character format to use. The default value is :default for which the value of ext:*default-external-format* is used.

:buffering

Indicates the kind of output buffer flushing to use which may be one of: :none, :line, or the default :full. Line buffering is only applicable to character streams.

:timeout

The number of seconds to wait for an input or output operation. If false, which is the default, then wait forever. When a timeout occurs the sys:io-timeout condition is signaled.

:expiration

The number of seconds to before the stream expires. If false, which is the default, then the stream does not expire. When the stream expires the sys:io-timeout condition is signaled until the expiration time is reset.

:ssl-context

The SSL context in which the stream will be created. If not supplied then the ssl:*default-ssl-context* is used, and a default context is created if necessary. See also: ssl:make-ssl-context, and ssl:initialize-ssl-context.

The following SSL options are accepted and override the global SSL context defaults:

:certificate

The certificate file to use, in PEM format.

:key

The key file to use. If the key is password protected then the password must have been specified in the SSL global context, see ssl:initialize-ssl-context. If the key file is nil then the certificate file is used.

:verify-mode

One of the following

:none

The server certificate, if any, is checked but the connection handshake will proceed regardless of the result of the server certificate verification. The verification result may be checked with ssl:ssl-stream-verify-result.

:request

The server certificate, if any, is checked and the handshake is terminated immediately upon a verification failure. A server certificate is not required.

:require

The server certificate is required and is checked and the handshake is terminated immediately upon a verification failure.

:verify-depth

The limit up to which depth certificates in a chain are used during the verification procedure. Certificates above the limit are ignored.

:ciphers

A colon separated list of the restricted set of ciphers to use.