dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-02-13 15:32:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add 'ciphersuites' property for TLS 1.3

Browse Source
This commit is contained in:
Bruno Silvestre 2019-03-22 11:34:33 -03:00
parent 1c9401ae54
commit 1efa37087e
2 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/context.c
View File

@ -436,14 +436,31 @@ static int set_cipher(lua_State *L)
const char *list = luaL_checkstring(L, 2); const char *list = luaL_checkstring(L, 2);
if (SSL_CTX_set_cipher_list(ctx, list) != 1) { if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
lua_pushboolean(L, 0); lua_pushboolean(L, 0);
lua_pushfstring(L, "error setting cipher list (%s)", lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
ERR_reason_error_string(ERR_get_error()));
return 2; return 2;
} }
lua_pushboolean(L, 1); lua_pushboolean(L, 1);
return 1; return 1;
} }
/**
* Set the cipher suites.
*/
static int set_ciphersuites(lua_State *L)
{
#if defined(TLS1_3_VERSION)
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *list = luaL_checkstring(L, 2);
if (SSL_CTX_set_ciphersuites(ctx, list) != 1) {
lua_pushboolean(L, 0);
lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
return 2;
}
#endif
lua_pushboolean(L, 1);
return 1;
}
/** /**
* Set the depth for certificate checking. * Set the depth for certificate checking.
*/ */
@ -690,19 +707,20 @@ static int set_alpn_cb(lua_State *L)
* Package functions * Package functions
*/ */
static luaL_Reg funcs[] = { static luaL_Reg funcs[] = {
{"create", create}, {"create", create},
{"locations", load_locations}, {"locations", load_locations},
{"loadcert", load_cert}, {"loadcert", load_cert},
{"loadkey", load_key}, {"loadkey", load_key},
{"checkkey", check_key}, {"checkkey", check_key},
{"setalpn", set_alpn}, {"setalpn", set_alpn},
{"setalpncb", set_alpn_cb}, {"setalpncb", set_alpn_cb},
{"setcipher", set_cipher}, {"setcipher", set_cipher},
{"setdepth", set_depth}, {"setciphersuites", set_ciphersuites},
{"setdhparam", set_dhparam}, {"setdepth", set_depth},
{"setverify", set_verify}, {"setdhparam", set_dhparam},
{"setoptions", set_options}, {"setverify", set_verify},
{"setmode", set_mode}, {"setoptions", set_options},
{"setmode", set_mode},
#if !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_EC)
{"setcurve", set_curve}, {"setcurve", set_curve},

7
src/ssl.lua
View File

@ -112,7 +112,12 @@ local function newcontext(cfg)
succ, msg = context.setcipher(ctx, cfg.ciphers) succ, msg = context.setcipher(ctx, cfg.ciphers)
if not succ then return nil, msg end if not succ then return nil, msg end
end end
-- Set the verification options -- Set SSL cipher suites
if cfg.ciphersuites then
succ, msg = context.setciphersuites(ctx, cfg.ciphersuites)
if not succ then return nil, msg end
end
-- Set the verification options
succ, msg = optexec(context.setverify, cfg.verify, ctx) succ, msg = optexec(context.setverify, cfg.verify, ctx)
if not succ then return nil, msg end if not succ then return nil, msg end
-- Set SSL options -- Set SSL options