diff --git a/INSTALL b/INSTALL
index 0ab0e9f..db18fd0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,12 +3,12 @@ LuaSec 0.8
* OpenSSL options:
- By default, LuaSec 0.8 includes options for OpenSSL 1.1.0g.
+ By default, LuaSec 0.8 includes options for OpenSSL 1.1.1.
If you need to generate the options for a different version of OpenSSL:
$ cd src
- $ lua options.lua -g /usr/include/openssl/ssl.h > options.h
+ $ lua options.lua -g /usr/include/openssl/ssl.h > options.c
--------------------------------------------------------------------------------
diff --git a/luasec-0.8-1.rockspec b/luasec-0.8-1.rockspec
index 34ea93e..2a52494 100644
--- a/luasec-0.8-1.rockspec
+++ b/luasec-0.8-1.rockspec
@@ -58,7 +58,7 @@ build = {
"ssl", "crypto"
},
sources = {
- "src/config.c", "src/ec.c",
+ "src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
@@ -93,7 +93,7 @@ build = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
},
sources = {
- "src/config.c", "src/ec.c",
+ "src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"
diff --git a/luasec.vcxproj b/luasec.vcxproj
index 557f83b..10b936a 100644
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@@ -107,6 +107,7 @@
+
@@ -127,4 +128,4 @@
-
\ No newline at end of file
+
diff --git a/src/Makefile b/src/Makefile
index 9be2f14..5f22936 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,6 +2,7 @@ CMOD=ssl.so
LMOD=ssl.lua
OBJS= \
+ options.o \
x509.o \
context.o \
ssl.o \
@@ -57,8 +58,9 @@ clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD)
+options.o: options.h options.c
ec.o: ec.c ec.h
x509.o: x509.c x509.h compat.h
-context.o: context.c context.h ec.h compat.h
+context.o: context.c context.h ec.h compat.h options.h
ssl.o: ssl.c ssl.h context.h x509.h compat.h
config.o: config.c ec.h options.h compat.h
diff --git a/src/config.c b/src/config.c
index 9ba3806..aeb2c95 100644
--- a/src/config.c
+++ b/src/config.c
@@ -14,14 +14,14 @@
*/
LSEC_API int luaopen_ssl_config(lua_State *L)
{
- ssl_option_t *opt;
+ lsec_ssl_option_t *opt;
lua_newtable(L);
// Options
lua_pushstring(L, "options");
lua_newtable(L);
- for (opt = ssl_options; opt->name; opt++) {
+ for (opt = lsec_get_ssl_options(); opt->name; opt++) {
lua_pushstring(L, opt->name);
lua_pushboolean(L, 1);
lua_rawset(L, -3);
diff --git a/src/context.c b/src/context.c
index 43b30c3..ce7d33b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -50,8 +50,8 @@ static p_context testctx(lua_State *L, int idx)
*/
static int set_option_flag(const char *opt, unsigned long *flag)
{
- ssl_option_t *p;
- for (p = ssl_options; p->name; p++) {
+ lsec_ssl_option_t *p;
+ for (p = lsec_get_ssl_options(); p->name; p++) {
if (!strcmp(opt, p->name)) {
*flag |= p->code;
return 1;
diff --git a/src/options.c b/src/options.c
new file mode 100644
index 0000000..95a76df
--- /dev/null
+++ b/src/options.c
@@ -0,0 +1,167 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 0.8
+ *
+ * Copyright (C) 2006-2019 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#include
+
+#include "options.h"
+
+/* If you need to generate these options again, see options.lua */
+
+
+/*
+ OpenSSL version: OpenSSL 1.1.1
+*/
+
+static lsec_ssl_option_t ssl_options[] = {
+#if defined(SSL_OP_ALL)
+ {"all", SSL_OP_ALL},
+#endif
+#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
+ {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
+#endif
+#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+ {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
+ {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
+#endif
+#if defined(SSL_OP_CISCO_ANYCONNECT)
+ {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
+#endif
+#if defined(SSL_OP_COOKIE_EXCHANGE)
+ {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
+#endif
+#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
+ {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
+#endif
+#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+ {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
+#endif
+#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
+ {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
+#endif
+#if defined(SSL_OP_EPHEMERAL_RSA)
+ {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
+#endif
+#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
+ {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
+#endif
+#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+ {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
+#endif
+#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
+ {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
+#endif
+#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
+ {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
+#endif
+#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
+ {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
+ {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+ {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+ {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NO_ANTI_REPLAY)
+ {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
+#endif
+#if defined(SSL_OP_NO_COMPRESSION)
+ {"no_compression", SSL_OP_NO_COMPRESSION},
+#endif
+#if defined(SSL_OP_NO_DTLS_MASK)
+ {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
+#endif
+#if defined(SSL_OP_NO_DTLSv1)
+ {"no_dtlsv1", SSL_OP_NO_DTLSv1},
+#endif
+#if defined(SSL_OP_NO_DTLSv1_2)
+ {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
+#endif
+#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
+ {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
+#endif
+#if defined(SSL_OP_NO_QUERY_MTU)
+ {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
+#endif
+#if defined(SSL_OP_NO_RENEGOTIATION)
+ {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
+ {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_NO_SSL_MASK)
+ {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
+#endif
+#if defined(SSL_OP_NO_SSLv2)
+ {"no_sslv2", SSL_OP_NO_SSLv2},
+#endif
+#if defined(SSL_OP_NO_SSLv3)
+ {"no_sslv3", SSL_OP_NO_SSLv3},
+#endif
+#if defined(SSL_OP_NO_TICKET)
+ {"no_ticket", SSL_OP_NO_TICKET},
+#endif
+#if defined(SSL_OP_NO_TLSv1)
+ {"no_tlsv1", SSL_OP_NO_TLSv1},
+#endif
+#if defined(SSL_OP_NO_TLSv1_1)
+ {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
+#endif
+#if defined(SSL_OP_NO_TLSv1_2)
+ {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
+#endif
+#if defined(SSL_OP_NO_TLSv1_3)
+ {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_1)
+ {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_2)
+ {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
+#endif
+#if defined(SSL_OP_PRIORITIZE_CHACHA)
+ {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
+#endif
+#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+ {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
+#endif
+#if defined(SSL_OP_SINGLE_DH_USE)
+ {"single_dh_use", SSL_OP_SINGLE_DH_USE},
+#endif
+#if defined(SSL_OP_SINGLE_ECDH_USE)
+ {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
+#endif
+#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
+ {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
+#endif
+#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
+ {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
+#endif
+#if defined(SSL_OP_TLSEXT_PADDING)
+ {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
+#endif
+#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
+ {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
+#endif
+#if defined(SSL_OP_TLS_D5_BUG)
+ {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
+#endif
+#if defined(SSL_OP_TLS_ROLLBACK_BUG)
+ {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
+#endif
+ {NULL, 0L}
+};
+
+LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
+ return ssl_options;
+}
+
diff --git a/src/options.h b/src/options.h
index 12029a5..6569f3f 100644
--- a/src/options.h
+++ b/src/options.h
@@ -8,164 +8,15 @@
*
*--------------------------------------------------------------------------*/
-#include
+#include "compat.h"
-/* If you need to generate these options again, see options.lua */
-
-/*
- OpenSSL version: OpenSSL 1.1.1b
-*/
-
-struct ssl_option_s {
+struct lsec_ssl_option_s {
const char *name;
unsigned long code;
};
-typedef struct ssl_option_s ssl_option_t;
-static ssl_option_t ssl_options[] = {
-#if defined(SSL_OP_ALL)
- {"all", SSL_OP_ALL},
-#endif
-#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
- {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
-#endif
-#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
- {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
-#endif
-#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
- {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
-#endif
-#if defined(SSL_OP_CISCO_ANYCONNECT)
- {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
-#endif
-#if defined(SSL_OP_COOKIE_EXCHANGE)
- {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
-#endif
-#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
- {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
-#endif
-#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
- {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
-#endif
-#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
- {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
-#endif
-#if defined(SSL_OP_EPHEMERAL_RSA)
- {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
-#endif
-#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
- {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
-#endif
-#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
-#endif
-#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
- {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
-#endif
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
- {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
-#endif
-#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
- {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
-#endif
-#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
- {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
-#endif
-#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
- {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
-#endif
-#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
- {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
-#endif
-#if defined(SSL_OP_NO_ANTI_REPLAY)
- {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
-#endif
-#if defined(SSL_OP_NO_COMPRESSION)
- {"no_compression", SSL_OP_NO_COMPRESSION},
-#endif
-#if defined(SSL_OP_NO_DTLS_MASK)
- {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
-#endif
-#if defined(SSL_OP_NO_DTLSv1)
- {"no_dtlsv1", SSL_OP_NO_DTLSv1},
-#endif
-#if defined(SSL_OP_NO_DTLSv1_2)
- {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
-#endif
-#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
- {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
-#endif
-#if defined(SSL_OP_NO_QUERY_MTU)
- {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
-#endif
-#if defined(SSL_OP_NO_RENEGOTIATION)
- {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
-#endif
-#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
- {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
-#endif
-#if defined(SSL_OP_NO_SSL_MASK)
- {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
-#endif
-#if defined(SSL_OP_NO_SSLv2)
- {"no_sslv2", SSL_OP_NO_SSLv2},
-#endif
-#if defined(SSL_OP_NO_SSLv3)
- {"no_sslv3", SSL_OP_NO_SSLv3},
-#endif
-#if defined(SSL_OP_NO_TICKET)
- {"no_ticket", SSL_OP_NO_TICKET},
-#endif
-#if defined(SSL_OP_NO_TLSv1)
- {"no_tlsv1", SSL_OP_NO_TLSv1},
-#endif
-#if defined(SSL_OP_NO_TLSv1_1)
- {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
-#endif
-#if defined(SSL_OP_NO_TLSv1_2)
- {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
-#endif
-#if defined(SSL_OP_NO_TLSv1_3)
- {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
-#endif
-#if defined(SSL_OP_PKCS1_CHECK_1)
- {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
-#endif
-#if defined(SSL_OP_PKCS1_CHECK_2)
- {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
-#endif
-#if defined(SSL_OP_PRIORITIZE_CHACHA)
- {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
-#endif
-#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
-#endif
-#if defined(SSL_OP_SINGLE_DH_USE)
- {"single_dh_use", SSL_OP_SINGLE_DH_USE},
-#endif
-#if defined(SSL_OP_SINGLE_ECDH_USE)
- {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
-#endif
-#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
- {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
-#endif
-#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
- {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
-#endif
-#if defined(SSL_OP_TLSEXT_PADDING)
- {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
-#endif
-#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
- {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
-#endif
-#if defined(SSL_OP_TLS_D5_BUG)
- {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
-#endif
-#if defined(SSL_OP_TLS_ROLLBACK_BUG)
- {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
-#endif
- {NULL, 0L}
-};
+typedef struct lsec_ssl_option_s lsec_ssl_option_t;
+
+LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
#endif
-
diff --git a/src/options.lua b/src/options.lua
index cc0ab70..4b2e5bb 100644
--- a/src/options.lua
+++ b/src/options.lua
@@ -1,10 +1,10 @@
local function usage()
print("Usage:")
print("* Generate options of your system:")
- print(" lua options.lua -g /path/to/ssl.h [version] > options.h")
+ print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
print("* Examples:")
- print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
- print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
+ print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
+ print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
print("* List options of your system:")
print(" lua options.lua -l /path/to/ssl.h\n")
@@ -17,9 +17,6 @@ end
local function generate(options, version)
print([[
-#ifndef LSEC_OPTIONS_H
-#define LSEC_OPTIONS_H
-
/*--------------------------------------------------------------------------
* LuaSec 0.8
*
@@ -29,22 +26,19 @@ local function generate(options, version)
#include
+#include "options.h"
+
/* If you need to generate these options again, see options.lua */
+
]])
+
printf([[
/*
OpenSSL version: %s
*/
]], version)
- print([[
-struct ssl_option_s {
- const char *name;
- unsigned long code;
-};
-typedef struct ssl_option_s ssl_option_t;
-]])
- print([[static ssl_option_t ssl_options[] = {]])
+ print([[static lsec_ssl_option_t ssl_options[] = {]])
for k, option in ipairs(options) do
local name = string.lower(string.sub(option, 8))
@@ -56,7 +50,9 @@ typedef struct ssl_option_s ssl_option_t;
print([[
};
-#endif
+LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
+ return ssl_options;
+}
]])
end
diff --git a/src/ssl.lua b/src/ssl.lua
index fedb4ff..66cd0fa 100644
--- a/src/ssl.lua
+++ b/src/ssl.lua
@@ -273,6 +273,7 @@ core.setmethod("info", info)
local _M = {
_VERSION = "0.8",
_COPYRIGHT = core.copyright(),
+ config = config,
loadcertificate = x509.load,
newcontext = newcontext,
wrap = wrap,