SNI support.

This commit is contained in:
Bruno Silvestre 2014-04-21 13:20:17 -03:00
parent cc2fb8ee75
commit 903efaf3b1
4 changed files with 91 additions and 21 deletions

View File

@ -20,22 +20,21 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
INSTALL ?= install
CC ?= cc
LD ?= $(MYENV) cc
INSTALL = install
CC = cc
LD = $(MYENV) cc
CFLAGS += $(MYCFLAGS)
LDFLAGS += $(MYLDFLAGS)
DESTDIR ?= /
.PHONY: all clean install none linux bsd macosx luasocket
all:
install: $(CMOD) $(LMOD)
$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
$(INSTALL) -D $(CMOD) $(DESTDIR)$(LUACPATH)
$(INSTALL) -m644 -D $(LMOD) $(DESTDIR)$(LUAPATH)
$(INSTALL) -m644 -D https.lua $(DESTDIR)$(LUAPATH)/ssl
$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
$(INSTALL) $(CMOD) $(LUACPATH)
$(INSTALL) -m644 $(LMOD) $(LUAPATH)
$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"

View File

@ -28,6 +28,7 @@
#include <luasocket/socket.h>
#include "x509.h"
#include "context.h"
#include "ssl.h"
/**
@ -80,11 +81,15 @@ static int meth_destroy(lua_State *L)
}
ssl->state = LSEC_STATE_CLOSED;
if (ssl->ssl) {
/* Clear the registry */
/* Clear the registries */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_pushnil(L);
lua_settable(L, -3);
luaL_getmetatable(L, "SSL:SNI:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_pushnil(L);
lua_settable(L, -3);
/* Destroy the object */
SSL_free(ssl->ssl);
ssl->ssl = NULL;
@ -653,6 +658,67 @@ static int meth_info(lua_State *L)
return 4;
}
static int sni_cb(SSL *ssl, int *ad, void *arg)
{
SSL_CTX *newctx = NULL;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
/* No name, use default context */
if (!name)
return SSL_TLSEXT_ERR_NOACK;
/* Search for the name in the map */
luaL_getmetatable(L, "SSL:SNI:Registry");
lua_pushlightuserdata(L, (void*)ssl);
lua_gettable(L, -2);
lua_pushstring(L, name);
lua_gettable(L, -2);
if (lua_isuserdata(L, -1))
newctx = lsec_checkcontext(L, -1);
lua_pop(L, 3);
if (newctx) {
SSL_set_SSL_CTX(ssl, newctx);
return SSL_TLSEXT_ERR_OK;
}
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
static int meth_sni(lua_State *L)
{
SSL_CTX *aux;
const char *name;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
switch (pctx->mode) {
case LSEC_MODE_CLIENT:
name = luaL_checkstring(L, 2);
SSL_set_tlsext_host_name(ssl->ssl, name);
break;
case LSEC_MODE_SERVER:
luaL_checktype(L, 2, LUA_TTABLE);
/* Check if the table contains only (string -> context) */
lua_pushnil(L);
while (lua_next(L, 2)) {
luaL_checkstring(L, 3);
aux = lsec_checkcontext(L, 4);
/* Set callback in every context */
SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
/* leave the next key on the stack */
lua_pop(L, 1);
}
/* Save table in the register */
luaL_getmetatable(L, "SSL:SNI:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_pushvalue(L, 2);
lua_settable(L, -3);
/* Set callback in the default context */
SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
break;
}
return 0;
}
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 0.5 - Copyright (C) 2006-2011 Bruno Silvestre"
@ -683,6 +749,7 @@ static luaL_Reg methods[] = {
{"receive", meth_receive},
{"send", meth_send},
{"settimeout", meth_settimeout},
{"sni", meth_sni},
{"want", meth_want},
{NULL, NULL}
};
@ -728,6 +795,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
socket_open();
#endif
luaL_newmetatable(L, "SSL:SNI:Registry");
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Connection");
luaL_register(L, NULL, meta);
@ -758,6 +827,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
socket_open();
#endif
luaL_newmetatable(L, "SSL:SNI:Registry");
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Connection");
luaL_setfuncs(L, meta, 0);

View File

@ -10,7 +10,7 @@ local x509 = require("ssl.x509")
module("ssl", package.seeall)
_VERSION = "0.5.PR"
_VERSION = "0.5"
_COPYRIGHT = core.copyright()
-- Export