Merge pull request #47 from wmark/curve-negotiation

Add TLS curve negotiation. (closes #42)
This commit is contained in:
Bruno Silvestre 2017-03-31 14:14:54 -03:00 committed by GitHub
commit 67a2133e7d
3 changed files with 84 additions and 0 deletions

View File

@ -0,0 +1,28 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "any",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-256:P-384",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

View File

@ -0,0 +1,37 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-384:P-256:P-521",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot with curve negotiation test\n")
peer:close()

View File

@ -574,6 +574,24 @@ static int set_curve(lua_State *L)
long ret; long ret;
SSL_CTX *ctx = lsec_checkcontext(L, 1); SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *str = luaL_checkstring(L, 2); const char *str = luaL_checkstring(L, 2);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
#if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
if (SSL_CTX_set1_curves_list(ctx, str) != 1) {
lua_pushboolean(L, 0);
lua_pushfstring(L, "unknown elliptic curve in \"%s\"", str);
return 2;
}
#ifdef SSL_CTRL_SET_ECDH_AUTO
SSL_CTX_set_ecdh_auto(ctx, 1);
#endif
lua_pushboolean(L, 1);
return 1;
#else /* !defined(SSL_CTRL_SET_CURVES_LIST) */
EC_KEY *key = find_ec_key(str); EC_KEY *key = find_ec_key(str);
if (!key) { if (!key) {
@ -594,6 +612,7 @@ static int set_curve(lua_State *L)
} }
lua_pushboolean(L, 1); lua_pushboolean(L, 1);
return 1; return 1;
#endif /* defined(SSL_CTRL_SET_CURVES_LIST) */
} }
#endif #endif