Scieneer Common Lisp 1.3.9 online documentation

ssl:make-ssl-context &key name method certificate key password verify-mode verify-depth ciphers cafile capath dh-params[Function]

Make and return a new SSL context. The SSL context provides the location of the trusted CA certificates and the key password, and may also provide default values for later operations. A default context will be automatically allocated when needed and does not need to be explicitly initialized unless the trusted CA certificates, or the key password, need to be specified. SSL contexts do not remain valid in a restarted lisp image so new contexts should be created and initialized when an application restarts.

:method
The method may be one of: :sslv2, :sslv3, :tlsv1, or :sslv23, and defaults to :sslv23. See the OpenSSL SSL_CTX_new function for more information.
:name
An optional name may be supplied which is printed if an interactive request is made for a password.
:certificate
The certificate file to use, in PEM format.
:key
The key file to use, and the password if applicable. If the key file is nil then the certificate file is used.
:password
The global password to use for password protected keys. Only a single global password can be specified. If a password is not supplied then it will be prompted for if needed and then stored.
:verify-mode
One of :none, :request, or :require. This affects both the client and server mode, see ssl:make-ssl-server-stream and ssl:make-ssl-client-stream respectively for more information. The default is :none which may be suitable for a server but probably not for a client.
:verify-depth
The limit up to which depth certificates in a chain are used during the verification procedure. Certificates above the limit are ignored. The default depth is one.
:ciphers
A colon separated list of the restricted set of ciphers to use.
:cafile
A file with the trusted CA certificates used for verification purposes.
:capath
The path to the trusted CA certificates directory.
:dh-params
A DH parameters file. If a file is not supplied then internal hard coded parameters are used.