Scieneer Common Lisp 1.3.9 online documentation

ssl:make-ssl-server-stream fd &key element-type external-format buffering timeout expiration certificate key verify-mode verify-depth ciphers options ssl-context[Function]

Make a new SSL server stream on the given socket fd, returning the new stream upon success, and signaling an appropriate error upon failure. The socket fd is not closed upon a failure, and the caller is expected to ensure the socket is closed if necessary.

Indicates the element type to use. Only the character and '(unsigned-byte 8) types are supported.
For a character stream this is the external character format to use. The default value is :default for which the value of ext:*default-external-format* is used.
Indicates the kind of output buffer flushing to use which may be one of: :none, :line, or the default :full. Line buffering is only applicable to character streams.
The number of seconds to wait for an input or output operation. If false, which is the default, then wait forever. When a timeout occurs the sys:io-timeout condition is signaled.
The number of seconds before the stream expires. If false, which is the default, then the stream does not expire. When the stream expires the sys:io-timeout condition is signaled until the expiration time is reset.
The SSL context in which the stream will be created. If not supplied then the ssl:*default-ssl-context* is used, and a default context is created if necessary. See also: ssl:make-ssl-context, and ssl:initialize-ssl-context.

The following SSL options are accepted and override the SSL context defaults:

The certificate file to use, in PEM format.
The key file to use. If the key is password protected then the password must have been specified in the SSL global context, see ssl:initialize-ssl-context. If the key file is nil then the certificate file is used.
One of the following
Do not send a client certificate request.
Send a client certificate request, and check the returned certificate if any. The client is not required to return a certificate.
Send a client certificate request, requiring the client to sent a certificate which is checked.
The limit up to which depth certificates in a chain are used during the verification procedure. Certificates above the limit are ignored.
A colon separated list of the restricted set of ciphers to use.