mirror of
https://github.com/brunoos/luasec.git
synced 2024-12-28 05:18:21 +01:00
SNI support.
This commit is contained in:
parent
cc2fb8ee75
commit
903efaf3b1
15
src/Makefile
15
src/Makefile
@ -20,22 +20,21 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
|
|||||||
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
|
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
|
||||||
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
|
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
|
||||||
|
|
||||||
INSTALL ?= install
|
INSTALL = install
|
||||||
CC ?= cc
|
CC = cc
|
||||||
LD ?= $(MYENV) cc
|
LD = $(MYENV) cc
|
||||||
CFLAGS += $(MYCFLAGS)
|
CFLAGS += $(MYCFLAGS)
|
||||||
LDFLAGS += $(MYLDFLAGS)
|
LDFLAGS += $(MYLDFLAGS)
|
||||||
DESTDIR ?= /
|
|
||||||
|
|
||||||
.PHONY: all clean install none linux bsd macosx luasocket
|
.PHONY: all clean install none linux bsd macosx luasocket
|
||||||
|
|
||||||
all:
|
all:
|
||||||
|
|
||||||
install: $(CMOD) $(LMOD)
|
install: $(CMOD) $(LMOD)
|
||||||
$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
|
$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
|
||||||
$(INSTALL) -D $(CMOD) $(DESTDIR)$(LUACPATH)
|
$(INSTALL) $(CMOD) $(LUACPATH)
|
||||||
$(INSTALL) -m644 -D $(LMOD) $(DESTDIR)$(LUAPATH)
|
$(INSTALL) -m644 $(LMOD) $(LUAPATH)
|
||||||
$(INSTALL) -m644 -D https.lua $(DESTDIR)$(LUAPATH)/ssl
|
$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
|
||||||
|
|
||||||
linux:
|
linux:
|
||||||
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
|
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
|
||||||
|
73
src/ssl.c
73
src/ssl.c
@ -28,6 +28,7 @@
|
|||||||
#include <luasocket/socket.h>
|
#include <luasocket/socket.h>
|
||||||
|
|
||||||
#include "x509.h"
|
#include "x509.h"
|
||||||
|
#include "context.h"
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -80,11 +81,15 @@ static int meth_destroy(lua_State *L)
|
|||||||
}
|
}
|
||||||
ssl->state = LSEC_STATE_CLOSED;
|
ssl->state = LSEC_STATE_CLOSED;
|
||||||
if (ssl->ssl) {
|
if (ssl->ssl) {
|
||||||
/* Clear the registry */
|
/* Clear the registries */
|
||||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||||
lua_pushnil(L);
|
lua_pushnil(L);
|
||||||
lua_settable(L, -3);
|
lua_settable(L, -3);
|
||||||
|
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||||
|
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||||
|
lua_pushnil(L);
|
||||||
|
lua_settable(L, -3);
|
||||||
/* Destroy the object */
|
/* Destroy the object */
|
||||||
SSL_free(ssl->ssl);
|
SSL_free(ssl->ssl);
|
||||||
ssl->ssl = NULL;
|
ssl->ssl = NULL;
|
||||||
@ -653,6 +658,67 @@ static int meth_info(lua_State *L)
|
|||||||
return 4;
|
return 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int sni_cb(SSL *ssl, int *ad, void *arg)
|
||||||
|
{
|
||||||
|
SSL_CTX *newctx = NULL;
|
||||||
|
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
|
||||||
|
lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
|
||||||
|
const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
||||||
|
/* No name, use default context */
|
||||||
|
if (!name)
|
||||||
|
return SSL_TLSEXT_ERR_NOACK;
|
||||||
|
/* Search for the name in the map */
|
||||||
|
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||||
|
lua_pushlightuserdata(L, (void*)ssl);
|
||||||
|
lua_gettable(L, -2);
|
||||||
|
lua_pushstring(L, name);
|
||||||
|
lua_gettable(L, -2);
|
||||||
|
if (lua_isuserdata(L, -1))
|
||||||
|
newctx = lsec_checkcontext(L, -1);
|
||||||
|
lua_pop(L, 3);
|
||||||
|
if (newctx) {
|
||||||
|
SSL_set_SSL_CTX(ssl, newctx);
|
||||||
|
return SSL_TLSEXT_ERR_OK;
|
||||||
|
}
|
||||||
|
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int meth_sni(lua_State *L)
|
||||||
|
{
|
||||||
|
SSL_CTX *aux;
|
||||||
|
const char *name;
|
||||||
|
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||||
|
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
|
||||||
|
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||||
|
switch (pctx->mode) {
|
||||||
|
case LSEC_MODE_CLIENT:
|
||||||
|
name = luaL_checkstring(L, 2);
|
||||||
|
SSL_set_tlsext_host_name(ssl->ssl, name);
|
||||||
|
break;
|
||||||
|
case LSEC_MODE_SERVER:
|
||||||
|
luaL_checktype(L, 2, LUA_TTABLE);
|
||||||
|
/* Check if the table contains only (string -> context) */
|
||||||
|
lua_pushnil(L);
|
||||||
|
while (lua_next(L, 2)) {
|
||||||
|
luaL_checkstring(L, 3);
|
||||||
|
aux = lsec_checkcontext(L, 4);
|
||||||
|
/* Set callback in every context */
|
||||||
|
SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
|
||||||
|
/* leave the next key on the stack */
|
||||||
|
lua_pop(L, 1);
|
||||||
|
}
|
||||||
|
/* Save table in the register */
|
||||||
|
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||||
|
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||||
|
lua_pushvalue(L, 2);
|
||||||
|
lua_settable(L, -3);
|
||||||
|
/* Set callback in the default context */
|
||||||
|
SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int meth_copyright(lua_State *L)
|
static int meth_copyright(lua_State *L)
|
||||||
{
|
{
|
||||||
lua_pushstring(L, "LuaSec 0.5 - Copyright (C) 2006-2011 Bruno Silvestre"
|
lua_pushstring(L, "LuaSec 0.5 - Copyright (C) 2006-2011 Bruno Silvestre"
|
||||||
@ -683,6 +749,7 @@ static luaL_Reg methods[] = {
|
|||||||
{"receive", meth_receive},
|
{"receive", meth_receive},
|
||||||
{"send", meth_send},
|
{"send", meth_send},
|
||||||
{"settimeout", meth_settimeout},
|
{"settimeout", meth_settimeout},
|
||||||
|
{"sni", meth_sni},
|
||||||
{"want", meth_want},
|
{"want", meth_want},
|
||||||
{NULL, NULL}
|
{NULL, NULL}
|
||||||
};
|
};
|
||||||
@ -728,6 +795,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
|
|||||||
socket_open();
|
socket_open();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
luaL_newmetatable(L, "SSL:SNI:Registry");
|
||||||
|
|
||||||
/* Register the functions and tables */
|
/* Register the functions and tables */
|
||||||
luaL_newmetatable(L, "SSL:Connection");
|
luaL_newmetatable(L, "SSL:Connection");
|
||||||
luaL_register(L, NULL, meta);
|
luaL_register(L, NULL, meta);
|
||||||
@ -758,6 +827,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
|
|||||||
socket_open();
|
socket_open();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
luaL_newmetatable(L, "SSL:SNI:Registry");
|
||||||
|
|
||||||
/* Register the functions and tables */
|
/* Register the functions and tables */
|
||||||
luaL_newmetatable(L, "SSL:Connection");
|
luaL_newmetatable(L, "SSL:Connection");
|
||||||
luaL_setfuncs(L, meta, 0);
|
luaL_setfuncs(L, meta, 0);
|
||||||
|
@ -10,7 +10,7 @@ local x509 = require("ssl.x509")
|
|||||||
|
|
||||||
module("ssl", package.seeall)
|
module("ssl", package.seeall)
|
||||||
|
|
||||||
_VERSION = "0.5.PR"
|
_VERSION = "0.5"
|
||||||
_COPYRIGHT = core.copyright()
|
_COPYRIGHT = core.copyright()
|
||||||
|
|
||||||
-- Export
|
-- Export
|
||||||
|
Loading…
Reference in New Issue
Block a user