mirror of
https://github.com/brunoos/luasec.git
synced 2024-12-27 12:58:21 +01:00
Add support for setting DANE TLSA information
This commit is contained in:
parent
550777a9d6
commit
6359275c5f
@ -686,6 +686,17 @@ static int set_alpn_cb(lua_State *L)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* DANE
|
||||
*/
|
||||
static int set_dane(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
int ret = SSL_CTX_dane_enable(ctx);
|
||||
lua_pushboolean(L, ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Package functions
|
||||
*/
|
||||
@ -709,6 +720,8 @@ static luaL_Reg funcs[] = {
|
||||
{"setcurveslist", set_curves_list},
|
||||
#endif
|
||||
|
||||
{"setdane", set_dane},
|
||||
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
|
27
src/ssl.c
27
src/ssl.c
@ -826,6 +826,31 @@ static int meth_copyright(lua_State *L)
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int meth_dane(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
int ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
|
||||
lua_pushboolean(L, ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int meth_tlsa(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
uint8_t usage = luaL_checkinteger(L, 2);
|
||||
uint8_t selector = luaL_checkinteger(L, 3);
|
||||
uint8_t mtype = luaL_checkinteger(L, 4);
|
||||
size_t len;
|
||||
const char *data = luaL_checklstring(L, 5, &len);
|
||||
|
||||
ERR_clear_error();
|
||||
int ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
|
||||
lua_pushboolean(L, ret);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
@ -850,6 +875,8 @@ static luaL_Reg methods[] = {
|
||||
{"settimeout", meth_settimeout},
|
||||
{"sni", meth_sni},
|
||||
{"want", meth_want},
|
||||
{"setdane", meth_dane},
|
||||
{"settlsa", meth_tlsa},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
|
@ -188,6 +188,10 @@ local function newcontext(cfg)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
|
||||
if cfg.dane then
|
||||
context.setdane(ctx)
|
||||
end
|
||||
|
||||
return ctx
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user