From 6359275c5f35c394752618ffd434ed89bd1d83bd Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 30 Jan 2018 20:21:29 +0100
Subject: [PATCH] Add support for setting DANE TLSA information

---
 src/context.c | 13 +++++++++++++
 src/ssl.c     | 27 +++++++++++++++++++++++++++
 src/ssl.lua   |  4 ++++
 3 files changed, 44 insertions(+)

diff --git a/src/context.c b/src/context.c
index cb96be0..2bef7ae 100644
--- a/src/context.c
+++ b/src/context.c
@@ -686,6 +686,17 @@ static int set_alpn_cb(lua_State *L)
 }
 
 
+/*
+ * DANE
+ */
+static int set_dane(lua_State *L)
+{
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
+  int ret = SSL_CTX_dane_enable(ctx);
+  lua_pushboolean(L, ret);
+  return 1;
+}
+
 /**
  * Package functions
  */
@@ -709,6 +720,8 @@ static luaL_Reg funcs[] = {
   {"setcurveslist", set_curves_list},
 #endif
 
+  {"setdane",      set_dane},
+
   {NULL, NULL}
 };
 
diff --git a/src/ssl.c b/src/ssl.c
index 9fab55d..00f7495 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -826,6 +826,31 @@ static int meth_copyright(lua_State *L)
   return 1;
 }
 
+static int meth_dane(lua_State *L)
+{
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
+  int ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
+  lua_pushboolean(L, ret);
+  return 1;
+}
+
+static int meth_tlsa(lua_State *L)
+{
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
+  uint8_t usage = luaL_checkinteger(L, 2);
+  uint8_t selector = luaL_checkinteger(L, 3);
+  uint8_t mtype = luaL_checkinteger(L, 4);
+  size_t len;
+  const char *data = luaL_checklstring(L, 5, &len);
+
+  ERR_clear_error();
+  int ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
+  lua_pushboolean(L, ret);
+
+  return 1;
+}
+
+
 /*---------------------------------------------------------------------------*/
 
 /**
@@ -850,6 +875,8 @@ static luaL_Reg methods[] = {
   {"settimeout",          meth_settimeout},
   {"sni",                 meth_sni},
   {"want",                meth_want},
+  {"setdane",             meth_dane},
+  {"settlsa",             meth_tlsa},
   {NULL,                  NULL}
 };
 
diff --git a/src/ssl.lua b/src/ssl.lua
index d5fbd59..f427e0c 100644
--- a/src/ssl.lua
+++ b/src/ssl.lua
@@ -188,6 +188,10 @@ local function newcontext(cfg)
       if not succ then return nil, msg end
    end
 
+   if cfg.dane then
+      context.setdane(ctx)
+   end
+
    return ctx
 end