dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-12-28 13:28:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #122 from Zash/dane

Browse Source 
DANE support
This commit is contained in:
Bruno Silvestre 2019-07-11 09:50:25 -03:00 committed by GitHub
commit 18fa0118be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
samples/dane/client.lua Normal file
View File

@ -0,0 +1,40 @@
local socket = require "socket";
local ssl = require "ssl";
local dns = require "lunbound".new();
local cfg = {
protocol = "tlsv1_2",
mode = "client",
ciphers = "DEFAULT",
capath = "/etc/ssl/certs",
verify = "peer",
dane = true,
};
local function daneconnect(host, port)
port = port or "443";
local conn = ssl.wrap(socket.connect(host, port), cfg);
local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
assert(tlsa.secure, "Insecure DNS");
assert(conn:setdane(host));
for i = 1, tlsa.n do
local usage, selector, mtype = tlsa[i] :byte(1, 3);
assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
end
assert(conn:dohandshake());
return conn;
end
if not ... then
print("Usage: client.lua example.com [port]");
return os.exit(1);
end
local conn = daneconnect(...);
print(conn:getpeerverification());

13
src/context.c
View File

@ -704,6 +704,17 @@ static int set_alpn_cb(lua_State *L)
} }
/*
* DANE
*/
static int set_dane(lua_State *L)
{
SSL_CTX *ctx = lsec_checkcontext(L, 1);
int ret = SSL_CTX_dane_enable(ctx);
lua_pushboolean(L, ret);
return 1;
}
/** /**
* Package functions * Package functions
*/ */
@ -728,6 +739,8 @@ static luaL_Reg funcs[] = {
{"setcurveslist", set_curves_list}, {"setcurveslist", set_curves_list},
#endif #endif
{"setdane", set_dane},
{NULL, NULL} {NULL, NULL}
}; };

27
src/ssl.c
View File

@ -826,6 +826,31 @@ static int meth_copyright(lua_State *L)
return 1; return 1;
} }
static int meth_dane(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
int ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
lua_pushboolean(L, ret);
return 1;
}
static int meth_tlsa(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
uint8_t usage = luaL_checkinteger(L, 2);
uint8_t selector = luaL_checkinteger(L, 3);
uint8_t mtype = luaL_checkinteger(L, 4);
size_t len;
const char *data = luaL_checklstring(L, 5, &len);
ERR_clear_error();
int ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
lua_pushboolean(L, ret);
return 1;
}
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** /**
@ -850,6 +875,8 @@ static luaL_Reg methods[] = {
{"settimeout", meth_settimeout}, {"settimeout", meth_settimeout},
{"sni", meth_sni}, {"sni", meth_sni},
{"want", meth_want}, {"want", meth_want},
{"setdane", meth_dane},
{"settlsa", meth_tlsa},
{NULL, NULL} {NULL, NULL}
}; };

4
src/ssl.lua
View File

@ -201,6 +201,10 @@ local function newcontext(cfg)
if not succ then return nil, msg end if not succ then return nil, msg end
end end
if cfg.dane then
context.setdane(ctx)
end
return ctx return ctx
end end