LuaSec 20120616 (unofficial) + patches

2025-07-12 22:14:23 +02:00 · 2013-03-30 12:21:40 +00:00
parent 908fc346d2
commit 77ac210283
64 changed files with 3560 additions and 272 deletions
--- a/samples/verification/fail-string/client.lua
+++ b/samples/verification/fail-string/client.lua
@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "sslv3",
+   key = "../../certs/clientBkey.pem",
+   certificate = "../../certs/clientB.pem",
+   cafile = "../../certs/rootB.pem",
+   verify = {"none"},
+   options = {"all", "no_sslv2"},
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+print(peer:receive("*l"))
+peer:close()
--- a/samples/verification/fail-string/server.lua
+++ b/samples/verification/fail-string/server.lua
@ -0,0 +1,38 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "sslv3",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"none"},
+   options = {"all", "no_sslv2"},
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+peer:send("oneshot test\n")
+peer:close()
--- a/samples/verification/fail-table/client.lua
+++ b/samples/verification/fail-table/client.lua
@ -0,0 +1,40 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "sslv3",
+   key = "../../certs/clientBkey.pem",
+   certificate = "../../certs/clientB.pem",
+   cafile = "../../certs/rootB.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all", "no_sslv2"},
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+ctx:setverifyext("lsec_continue")
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert(peer:dohandshake())
+--]]
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+print(peer:receive("*l"))
+peer:close()
--- a/samples/verification/fail-table/server.lua
+++ b/samples/verification/fail-table/server.lua
@ -0,0 +1,45 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "sslv3",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all", "no_sslv2"},
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+ctx:setverifyext("lsec_continue", "crl_check", "crl_check_chain")
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+peer:send("oneshot test\n")
+peer:close()
--- a/samples/verification/success/client.lua
+++ b/samples/verification/success/client.lua
@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "sslv3",
+   key = "../../certs/clientAkey.pem",
+   certificate = "../../certs/clientA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all", "no_sslv2"},
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+print(peer:receive("*l"))
+peer:close()
--- a/samples/verification/success/server.lua
+++ b/samples/verification/success/server.lua
@ -0,0 +1,38 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "sslv3",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all", "no_sslv2"},
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+peer:send("oneshot test\n")
+peer:close()