LuaSec 0.4.1

This commit is contained in:
Bruno Silvestre 2012-09-02 11:33:59 -03:00
parent 67e5176b6b
commit 908fc346d2
11 changed files with 194 additions and 66 deletions

View File

@ -1,4 +1,11 @@
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
LuaSec 0.4.1
------------
- SSL options updated --- based on OpenSSL 1.0.0d.
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
(thanks Prosody project)
---------------------------------------------------------------------------------
LuaSec 0.4 LuaSec 0.4
------------ ------------
- Add option 'no_ticket' (included in OpenSSL 0.9.8f). - Add option 'no_ticket' (included in OpenSSL 0.9.8f).

View File

@ -1,4 +1,4 @@
LuaSec 0.4 LuaSec 0.4.1
------------ ------------
* On Linux, BSD, and Mac OS X: * On Linux, BSD, and Mac OS X:

View File

@ -1,5 +1,5 @@
LuaSec 0.4 license LuaSec 0.4.1 license
Copyright (C) 2006-2009 Bruno Silvestre, PUC-Rio Copyright (C) 2006-2011 Bruno Silvestre, PUC-Rio
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the a copy of this software and associated documentation files (the

View File

@ -195,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
pos = 0; pos = 0;
while (pos < count && data[pos] != '\n') { while (pos < count && data[pos] != '\n') {
/* we ignore all \r's */ /* we ignore all \r's */
if (data[pos] != '\r') luaL_putchar(b, data[pos]); if (data[pos] != '\r') luaL_addchar(b, data[pos]);
pos++; pos++;
} }
if (pos < count) { /* found '\n' */ if (pos < count) { /* found '\n' */

View File

@ -1,6 +1,6 @@
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.4 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
@ -12,52 +12,7 @@
#include <lauxlib.h> #include <lauxlib.h>
#include "context.h" #include "context.h"
#include "options.h"
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
static ssl_option_t ssl_options[] = {
/* OpenSSL 0.9.7 and 0.9.8 */
{"all", SSL_OP_ALL},
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
{"no_session_resumption_on_renegotiation",
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
{"no_sslv2", SSL_OP_NO_SSLv2},
{"no_sslv3", SSL_OP_NO_SSLv3},
{"no_tlsv1", SSL_OP_NO_TLSv1},
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
/* OpenSSL 0.9.8 only */
#if OPENSSL_VERSION_NUMBER > 0x00908000L
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
/* OpenSSL 0.9.8f and above */
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
{NULL, 0L}
};
/*--------------------------- Auxiliary Functions ----------------------------*/ /*--------------------------- Auxiliary Functions ----------------------------*/

View File

@ -2,8 +2,8 @@
#define __CONTEXT_H__ #define __CONTEXT_H__
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.4 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/

View File

@ -1,6 +1,6 @@
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- LuaSec 0.4 -- LuaSec 0.4.1
-- Copyright (C) 2009 PUC-Rio -- Copyright (C) 2009-2011 PUC-Rio
-- --
-- Author: Pablo Musa -- Author: Pablo Musa
-- Author: Tomas Guisasola -- Author: Tomas Guisasola
@ -22,8 +22,8 @@ local getmetatable = getmetatable
module("ssl.https") module("ssl.https")
_VERSION = "0.4" _VERSION = "0.4.1"
_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2009 PUC-Rio" _COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2009-2011 PUC-Rio"
-- Default settings -- Default settings
PORT = 443 PORT = 443

163
src/options.h Normal file
View File

@ -0,0 +1,163 @@
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2006-2011 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
/*
-- Supported SSL options and script in Lua 5.1 to generate the file.
-- Ugly, but easier to maintain.
local options = [[
SSL_OP_ALL
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_CISCO_ANYCONNECT
SSL_OP_COOKIE_EXCHANGE
SSL_OP_CRYPTOPRO_TLSEXT_BUG
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_EPHEMERAL_RSA
SSL_OP_LEGACY_SERVER_CONNECT
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NO_COMPRESSION
SSL_OP_NO_QUERY_MTU
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_OP_NO_SSLv2
SSL_OP_NO_SSLv3
SSL_OP_NO_TICKET
SSL_OP_NO_TLSv1
SSL_OP_PKCS1_CHECK_1
SSL_OP_PKCS1_CHECK_2
SSL_OP_SINGLE_DH_USE
SSL_OP_SINGLE_ECDH_USE
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_TLS_ROLLBACK_BUG
]]
print([[static ssl_option_t ssl_options[] = {]])
for option in string.gmatch(options, "(%S+)") do
local name = string.lower(string.sub(option, 8))
print(string.format([[#if defined(%s)]], option))
print(string.format([[ {"%s", %s},]], name, option))
print([[#endif]])
end
print([[ {NULL, 0L}]])
print([[};]])
*/
static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};

View File

@ -1,6 +1,6 @@
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.4 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
@ -220,6 +220,9 @@ static int meth_create(lua_State *L)
SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#if defined(SSL_MODE_RELEASE_BUFFERS)
SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
#endif
if (mode == MD_CTX_SERVER) if (mode == MD_CTX_SERVER)
SSL_set_accept_state(ssl->ssl); SSL_set_accept_state(ssl->ssl);
else else

View File

@ -2,8 +2,8 @@
#define __SSL_H__ #define __SSL_H__
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.4 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/

View File

@ -1,6 +1,6 @@
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
-- LuaSec 0.4 -- LuaSec 0.4.1
-- Copyright (C) 2006-2009 Bruno Silvestre -- Copyright (C) 2006-2011 Bruno Silvestre
-- --
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
@ -10,8 +10,8 @@ require("ssl.core")
require("ssl.context") require("ssl.context")
_VERSION = "0.4" _VERSION = "0.4.1"
_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. _COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" ..
"LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
-- Export functions -- Export functions