LuaSec 0.4

CHANGELOG

@@ -1,3 +1,9 @@
+--------------------------------------------------------------------------------
+LuaSec 0.4
+------------
+- Add option 'no_ticket' (included in OpenSSL 0.9.8f).
+- Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
+
 --------------------------------------------------------------------------------
 LuaSec 0.3.3
 ------------

INSTALL

@@ -1,10 +1,11 @@
-LuaSec 0.3.3
+LuaSec 0.4
 ------------
 
 * On Linux, BSD, and Mac OS X:
 
   - Edit 'Makefile'
-    * Inform the path to install the modules.
+    * Inform the path to where install the Lua modules (LUAPATH) and binaries 
+      modules (LUACPATH)
     * If Lua or OpenSSL are not in the default path, set the 
       variables INCDIR and LIBDIR.
     * For Mac OS X, set the variable MACOSX_VERSION.
@@ -21,3 +22,5 @@ LuaSec 0.3.3
   - Copy the 'ssl.lua' file to some place in your LUA_PATH.
 
   - Copy the 'ssl.dll' file to some place in your LUA_CPATH.
+
+  - Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.

LICENSE

@@ -1,5 +1,5 @@
-LuaSec 0.3.3 license
-Copyright (C) 2006-2009 Bruno Silvestre
+LuaSec 0.4 license
+Copyright (C) 2006-2009 Bruno Silvestre, PUC-Rio
 
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the

Makefile

@@ -1,6 +1,6 @@
 # Inform the location to intall the modules
 LUAPATH=/usr/local/share/lua/5.1
-CPATH=/usr/local/lib/lua/5.1
+LUACPATH=/usr/local/lib/lua/5.1
 
 # Edit the lines below to inform new path, if necessary
 #
@@ -26,7 +26,7 @@ none:
 	@echo "  * macosx"
 
 install:
-	@cd src ; $(MAKE) CPATH="$(CPATH)" LUAPATH="$(LUAPATH)" install
+	@cd src ; $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
 
 linux:
 	@echo "---------------------"

luasec.vcproj

@@ -121,7 +121,7 @@
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
-				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)"
+				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;BUFFER_DEBUG"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
@@ -141,7 +141,7 @@
 				AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="1"
-				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
+				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9\lib"
 				GenerateDebugInformation="true"
 				SubSystem="2"
 				OptimizeReferences="2"

samples/README

@@ -1,14 +1,8 @@
-In all examples, the SSL/TLS  layer can be disable just commenting the
-wrap  section.   In this  case,  the  examples  work with  normal  TCP
-communication.
-
 Directories: 
 ------------
 * certs
- It  contains a set of  certificates used in the examples.  You can use
- the  scrits  to  recreate  them  if  necessary  (due  to  certificates
- expiration  date,  for example).  First,  generate the Root CA 'A' and 
- 'B', then the servers and clients.
+ Contains scripts to generate the certificates used by the examples.
+ Generate Root CA 'A' and 'B' first, then the servers and clients.
 
 * oneshot
  A simple connection example.
@@ -19,7 +13,7 @@ Directories:
 
 * loop-gc
  Same of above,  but the connection is not  explicit closed, the gabage
- collector is encharge of it.
+ collector is encharge of that.
 
 * wantread
  Test timeout in handshake() and receive().

src/Makefile

@@ -23,7 +23,6 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
 MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
 MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
 
-CP=cp
 CC=gcc
 LD=$(MYENV) gcc
 CFLAGS=$(MYCFLAGS)
@@ -34,8 +33,10 @@ LDFLAGS=$(MYLDFLAGS)
 all:
 
 install: $(CMOD) $(LMOD)
-	$(CP) $(CMOD) $(CPATH)
-	$(CP) $(LMOD) $(LUAPATH)
+	mkdir -p $(LUAPATH)/ssl
+	cp $(CMOD) $(LUACPATH)
+	cp $(LMOD) $(LUAPATH)
+	cp https.lua $(LUAPATH)/ssl
 
 linux:
 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"

src/context.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.3
+ * LuaSec 0.4
  * Copyright (C) 2006-2009 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
@@ -51,6 +51,10 @@ static ssl_option_t ssl_options[] = {
   {"cookie_exchange",                  SSL_OP_COOKIE_EXCHANGE},
   {"no_query_mtu",                     SSL_OP_NO_QUERY_MTU},
   {"single_ecdh_use",                  SSL_OP_SINGLE_ECDH_USE},
+#endif
+  /* OpenSSL 0.9.8f and above */
+#if defined(SSL_OP_NO_TICKET)
+  {"no_ticket",                        SSL_OP_NO_TICKET},
 #endif
   {NULL, 0L}
 };

src/context.h

@@ -2,7 +2,7 @@
 #define __CONTEXT_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.3
+ * LuaSec 0.4
  * Copyright (C) 2006-2009 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
@@ -10,7 +10,9 @@
 #include <lua.h>
 #include <openssl/ssl.h>
 
-#ifndef LUASEC_API
+#if defined(_WIN32)
+#define LUASEC_API __declspec(dllexport) 
+#else
 #define LUASEC_API extern
 #endif
 

src/https.lua

@@ -0,0 +1,138 @@
+----------------------------------------------------------------------------
+-- LuaSec 0.4
+-- Copyright (C) 2009 PUC-Rio
+--
+-- Author: Pablo Musa
+-- Author: Tomas Guisasola
+---------------------------------------------------------------------------
+
+local socket = require("socket")
+local ssl    = require("ssl")
+local ltn12  = require("ltn12")
+local http   = require("socket.http")
+local url    = require("socket.url")
+
+local table  = require("table")
+local string = require("string")
+
+local try          = socket.try
+local type         = type
+local pairs        = pairs
+local getmetatable = getmetatable
+
+module("ssl.https")
+
+_VERSION   = "0.4"
+_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2009 PUC-Rio"
+
+-- Default settings
+PORT = 443
+
+local cfg = {
+  protocol = "tlsv1",
+  options  = "all",
+  verify   = "none",
+}
+
+--------------------------------------------------------------------
+-- Auxiliar Functions
+--------------------------------------------------------------------
+
+-- Insert default HTTPS port.
+local function default_https_port(u)
+   return url.build(url.parse(u, {port = PORT}))
+end
+
+-- Convert an URL to a table according to Luasocket needs.
+local function urlstring_totable(url, body, result_table)
+   url = {
+      url = default_https_port(url),
+      method = body and "POST" or "GET",
+      sink = ltn12.sink.table(result_table)
+   }
+   if body then
+      url.source = ltn12.source.string(body)
+      url.headers = {
+         ["content-length"] = #body,
+         ["content-type"] = "application/x-www-form-urlencoded",
+      }
+   end
+   return url
+end
+
+-- Forward calls to the real connection object.
+local function reg(conn)
+   local mt = getmetatable(conn.sock).__index
+   for name, method in pairs(mt) do
+      if type(method) == "function" then
+         conn[name] = function (self, ...)
+                         return method(self.sock, ...)
+                      end
+      end
+   end
+end
+
+-- Return a function which performs the SSL/TLS connection.
+local function tcp(params)
+   params = params or {}
+   -- Default settings
+   for k, v in pairs(cfg) do 
+      params[k] = params[k] or v
+   end
+   -- Force client mode
+   params.mode = "client"
+   -- 'create' function for LuaSocket
+   return function ()
+      local conn = {}
+      conn.sock = try(socket.tcp())
+      local st = getmetatable(conn.sock).__index.settimeout
+      function conn:settimeout(...)
+         return st(self.sock, ...)
+      end
+      -- Replace TCP's connection function
+      function conn:connect(host, port)
+         try(self.sock:connect(host, port))
+         self.sock = try(ssl.wrap(self.sock, params))
+         try(self.sock:dohandshake())
+         reg(self, getmetatable(self.sock))
+         return 1
+      end
+      return conn
+  end
+end
+
+--------------------------------------------------------------------
+-- Main Function
+--------------------------------------------------------------------
+
+-- Make a HTTP request over secure connection.  This function receives
+--  the same parameters of LuaSocket's HTTP module (except 'proxy' and
+--  'redirect') plus LuaSec parameters.
+--
+-- @param url mandatory (string or table)
+-- @param body optional (string)
+-- @return (string if url == string or 1), code, headers, status
+--
+function request(url, body)
+  local result_table = {}
+  local stringrequest = type(url) == "string"
+  if stringrequest then
+    url = urlstring_totable(url, body, result_table)
+  else
+    url.url = default_https_port(url.url)
+  end
+  if http.PROXY or url.proxy then
+    return nil, "proxy not supported"
+  elseif url.redirect then
+    return nil, "redirect not supported"
+  elseif url.create then
+    return nil, "create function not permitted"
+  end
+  -- New 'create' function to establish a secure connection
+  url.create = tcp(url)
+  local res, code, headers, status = http.request(url)
+  if res and stringrequest then
+    return table.concat(result_table), code, headers, status
+  end
+  return res, code, headers, status
+end

src/ssl.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.3
+ * LuaSec 0.4
  * Copyright (C) 2006-2009 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
@@ -16,7 +16,6 @@
 #include "buffer.h"
 #include "timeout.h"
 #include "socket.h"
-#include "context.h"
 #include "ssl.h"
 
 /**

src/ssl.h

@@ -2,7 +2,7 @@
 #define __SSL_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.3
+ * LuaSec 0.4
  * Copyright (C) 2006-2009 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
@@ -13,10 +13,7 @@
 #include "io.h"
 #include "buffer.h"
 #include "timeout.h"
-
-#ifndef LUASEC_API
-#define LUASEC_API extern
-#endif
+#include "context.h"
 
 #define ST_SSL_NEW       1
 #define ST_SSL_CONNECTED 2

src/ssl.lua

@@ -1,5 +1,5 @@
 ------------------------------------------------------------------------------
--- LuaSec 0.3.3
+-- LuaSec 0.4
 -- Copyright (C) 2006-2009 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
@@ -10,8 +10,8 @@ require("ssl.core")
 require("ssl.context")
 
 
-_VERSION   = "0.3.3"
-_COPYRIGHT = "LuaSec 0.3.3 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. 
+_VERSION   = "0.4"
+_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. 
              "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
 
 -- Export functions