mirror of
https://github.com/brunoos/luasec.git
synced 2024-09-19 18:46:41 +02:00
Add connection helper ssl.connect
This commit is contained in:
parent
2fc8a85bec
commit
7de198bea2
@ -57,3 +57,18 @@ and alternative names.
|
|||||||
|
|
||||||
**NOTE**: It is crucial the hostname is checked to verify the certificate is
|
**NOTE**: It is crucial the hostname is checked to verify the certificate is
|
||||||
not only valid, but belonging to the host connected to.
|
not only valid, but belonging to the host connected to.
|
||||||
|
|
||||||
|
### ssl.connect ###
|
||||||
|
|
||||||
|
conn, socket = ssl.connect(hostname, port, [flags])
|
||||||
|
|
||||||
|
Creates a tcp socket, connects it to the specified hostname and port, wraps it
|
||||||
|
in an ssl object, does the handshake and verifies the hostname. It makes sure
|
||||||
|
the mode flag is set to `client`, and defaults verify to `none`, and protocol
|
||||||
|
to `tlsv1_2`. Can fail, in which case it returns nil, followed by an error.
|
||||||
|
|
||||||
|
See `ssl.wrap` and `ssl.checkhostname` for details.
|
||||||
|
|
||||||
|
**WARNING**: Peer verification is off by default. It is highly recommended to
|
||||||
|
specify either a `capath` or a `cafile` in the flags, and turn peer
|
||||||
|
verification on.
|
||||||
|
32
src/ssl.lua
32
src/ssl.lua
@ -4,6 +4,7 @@
|
|||||||
--
|
--
|
||||||
------------------------------------------------------------------------------
|
------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
local socket = require("socket")
|
||||||
local core = require("ssl.core")
|
local core = require("ssl.core")
|
||||||
local context = require("ssl.context")
|
local context = require("ssl.context")
|
||||||
local x509 = require("ssl.x509")
|
local x509 = require("ssl.x509")
|
||||||
@ -205,6 +206,36 @@ local function checkhostname_ssl(ssl, hostname)
|
|||||||
return checkhostname(ssl:getpeercertificate(), hostname)
|
return checkhostname(ssl:getpeercertificate(), hostname)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Connect helper
|
||||||
|
--
|
||||||
|
local function connect(hostname, port, flags)
|
||||||
|
local sock, conn, success, err
|
||||||
|
sock = socket.tcp()
|
||||||
|
success, err = sock:connect(hostname, port)
|
||||||
|
if not success then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
flags = flags or {}
|
||||||
|
flags.mode = "client"
|
||||||
|
flags.verify = flags.verify or "none"
|
||||||
|
flags.protocol = flags.protocol or "tlsv1_2"
|
||||||
|
conn, err = ssl.wrap(sock, flags or {})
|
||||||
|
if not conn then
|
||||||
|
sock:close()
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
success, err = conn:dohandshake()
|
||||||
|
if not success then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
if not conn:checkhostname(hostname) then
|
||||||
|
sock:close()
|
||||||
|
return nil, "hostname does not match certificate"
|
||||||
|
end
|
||||||
|
return conn, sock
|
||||||
|
end
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Set method for SSL connections.
|
-- Set method for SSL connections.
|
||||||
--
|
--
|
||||||
@ -222,6 +253,7 @@ local _M = {
|
|||||||
newcontext = newcontext,
|
newcontext = newcontext,
|
||||||
wrap = wrap,
|
wrap = wrap,
|
||||||
checkhostname = checkhostname,
|
checkhostname = checkhostname,
|
||||||
|
connect = connect,
|
||||||
}
|
}
|
||||||
|
|
||||||
return _M
|
return _M
|
||||||
|
Loading…
Reference in New Issue
Block a user