dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-09-18 18:16:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add connection helper ssl.connect

Browse Source
This commit is contained in:
Bart van Strien 2015-06-05 21:17:33 +02:00
parent 2fc8a85bec
commit 7de198bea2
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/luasec.md
View File

@ -57,3 +57,18 @@ and alternative names.
**NOTE**: It is crucial the hostname is checked to verify the certificate is
not only valid, but belonging to the host connected to.
### ssl.connect ###
conn, socket = ssl.connect(hostname, port, [flags])
Creates a tcp socket, connects it to the specified hostname and port, wraps it
in an ssl object, does the handshake and verifies the hostname. It makes sure
the mode flag is set to `client`, and defaults verify to `none`, and protocol
to `tlsv1_2`. Can fail, in which case it returns nil, followed by an error.
See `ssl.wrap` and `ssl.checkhostname` for details.
**WARNING**: Peer verification is off by default. It is highly recommended to
specify either a `capath` or a `cafile` in the flags, and turn peer
verification on.

32
src/ssl.lua
View File

@ -4,6 +4,7 @@
--
------------------------------------------------------------------------------
local socket = require("socket")
local core = require("ssl.core")
local context = require("ssl.context")
local x509 = require("ssl.x509")
@ -205,6 +206,36 @@ local function checkhostname_ssl(ssl, hostname)
return checkhostname(ssl:getpeercertificate(), hostname)
end
--
-- Connect helper
--
local function connect(hostname, port, flags)
local sock, conn, success, err
sock = socket.tcp()
success, err = sock:connect(hostname, port)
if not success then
return nil, err
end
flags = flags or {}
flags.mode = "client"
flags.verify = flags.verify or "none"
flags.protocol = flags.protocol or "tlsv1_2"
conn, err = ssl.wrap(sock, flags or {})
if not conn then
sock:close()
return nil, err
end
success, err = conn:dohandshake()
if not success then
return nil, err
end
if not conn:checkhostname(hostname) then
sock:close()
return nil, "hostname does not match certificate"
end
return conn, sock
end
--
-- Set method for SSL connections.
--
@ -222,6 +253,7 @@ local _M = {
newcontext = newcontext,
wrap = wrap,
checkhostname = checkhostname,
connect = connect,
}
return _M