LuaSec 0.4.1

2024-11-08 06:28:26 +01:00 · 2012-09-02 11:33:59 -03:00 · 2012-09-02 11:33:59 -03:00 · 908fc346d2
commit 908fc346d2
parent 67e5176b6b
11 changed files with 194 additions and 66 deletions
--- a/7
+++ b/7
@ -1,4 +1,11 @@
 --------------------------------------------------------------------------------
+LuaSec 0.4.1
+------------
+- SSL options updated --- based on OpenSSL 1.0.0d.
+- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
+  (thanks Prosody project)
+
+---------------------------------------------------------------------------------
 LuaSec 0.4
 ------------
 - Add option 'no_ticket' (included in OpenSSL 0.9.8f).
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-LuaSec 0.4
+LuaSec 0.4.1
 ------------

 * On Linux, BSD, and Mac OS X:
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-LuaSec 0.4 license
-Copyright (C) 2006-2009 Bruno Silvestre, PUC-Rio
+LuaSec 0.4.1 license
+Copyright (C) 2006-2011 Bruno Silvestre, PUC-Rio

 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
--- a/src/buffer.c
+++ b/src/buffer.c
@ -195,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
        pos = 0;
        while (pos < count && data[pos] != '\n') {
            /* we ignore all \r's */
-            if (data[pos] != '\r') luaL_putchar(b, data[pos]);
+            if (data[pos] != '\r') luaL_addchar(b, data[pos]);
            pos++;
        }
        if (pos < count) { /* found '\n' */
--- a/src/context.c
+++ b/src/context.c
@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

@ -12,52 +12,7 @@
 #include <lauxlib.h>

 #include "context.h"
-
-struct ssl_option_s {
-  const char *name;
-  unsigned long code;
-};
-typedef struct ssl_option_s ssl_option_t;
-
-
-static ssl_option_t ssl_options[] = {
-  /* OpenSSL 0.9.7 and 0.9.8 */
-  {"all",                              SSL_OP_ALL},
-  {"cipher_server_preference",         SSL_OP_CIPHER_SERVER_PREFERENCE},
-  {"dont_insert_empty_fragments",      SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
-  {"ephemeral_rsa",                    SSL_OP_EPHEMERAL_RSA},
-  {"netscape_ca_dn_bug",               SSL_OP_NETSCAPE_CA_DN_BUG},
-  {"netscape_challenge_bug",           SSL_OP_NETSCAPE_CHALLENGE_BUG},
-  {"microsoft_big_sslv3_buffer",       SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
-  {"microsoft_sess_id_bug",            SSL_OP_MICROSOFT_SESS_ID_BUG},
-  {"msie_sslv2_rsa_padding",           SSL_OP_MSIE_SSLV2_RSA_PADDING},
-  {"netscape_demo_cipher_change_bug",  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
-  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
-  {"no_session_resumption_on_renegotiation", 
-      SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
-  {"no_sslv2",                         SSL_OP_NO_SSLv2},
-  {"no_sslv3",                         SSL_OP_NO_SSLv3},
-  {"no_tlsv1",                         SSL_OP_NO_TLSv1},
-  {"pkcs1_check_1",                    SSL_OP_PKCS1_CHECK_1},
-  {"pkcs1_check_2",                    SSL_OP_PKCS1_CHECK_2},
-  {"single_dh_use",                    SSL_OP_SINGLE_DH_USE},
-  {"ssleay_080_client_dh_bug",         SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
-  {"sslref2_reuse_cert_type_bug",      SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
-  {"tls_block_padding_bug",            SSL_OP_TLS_BLOCK_PADDING_BUG},
-  {"tls_d5_bug",                       SSL_OP_TLS_D5_BUG},
-  {"tls_rollback_bug",                 SSL_OP_TLS_ROLLBACK_BUG},
-  /* OpenSSL 0.9.8 only */
-#if OPENSSL_VERSION_NUMBER > 0x00908000L
-  {"cookie_exchange",                  SSL_OP_COOKIE_EXCHANGE},
-  {"no_query_mtu",                     SSL_OP_NO_QUERY_MTU},
-  {"single_ecdh_use",                  SSL_OP_SINGLE_ECDH_USE},
-#endif
-  /* OpenSSL 0.9.8f and above */
-#if defined(SSL_OP_NO_TICKET)
-  {"no_ticket",                        SSL_OP_NO_TICKET},
-#endif
-  {NULL, 0L}
-};
+#include "options.h"

 /*--------------------------- Auxiliary Functions ----------------------------*/

--- a/src/context.h
+++ b/src/context.h
@ -2,8 +2,8 @@
 #define __CONTEXT_H__

 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

--- a/src/https.lua
+++ b/src/https.lua
@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 0.4
-- Copyright (C) 2009 PUC-Rio
+-- LuaSec 0.4.1
+-- Copyright (C) 2009-2011 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -22,8 +22,8 @@ local getmetatable = getmetatable

 module("ssl.https")

-_VERSION   = "0.4"
-_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2009 PUC-Rio"
+_VERSION   = "0.4.1"
+_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2009-2011 PUC-Rio"

 -- Default settings
 PORT = 443
--- a/src/options.h
+++ b/src/options.h
@ -0,0 +1,163 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+struct ssl_option_s {
+  const char *name;
+  unsigned long code;
+};
+typedef struct ssl_option_s ssl_option_t;
+
+/*
+-- Supported SSL options and script in Lua 5.1 to generate the file.
+-- Ugly, but easier to maintain.
+
+local options = [[
+SSL_OP_ALL
+SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+SSL_OP_CIPHER_SERVER_PREFERENCE
+SSL_OP_CISCO_ANYCONNECT
+SSL_OP_COOKIE_EXCHANGE
+SSL_OP_CRYPTOPRO_TLSEXT_BUG
+SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+SSL_OP_EPHEMERAL_RSA
+SSL_OP_LEGACY_SERVER_CONNECT
+SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+SSL_OP_MICROSOFT_SESS_ID_BUG
+SSL_OP_MSIE_SSLV2_RSA_PADDING
+SSL_OP_NETSCAPE_CA_DN_BUG
+SSL_OP_NETSCAPE_CHALLENGE_BUG
+SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+SSL_OP_NO_COMPRESSION
+SSL_OP_NO_QUERY_MTU
+SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+SSL_OP_NO_SSLv2
+SSL_OP_NO_SSLv3
+SSL_OP_NO_TICKET
+SSL_OP_NO_TLSv1
+SSL_OP_PKCS1_CHECK_1
+SSL_OP_PKCS1_CHECK_2
+SSL_OP_SINGLE_DH_USE
+SSL_OP_SINGLE_ECDH_USE
+SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+SSL_OP_TLS_BLOCK_PADDING_BUG
+SSL_OP_TLS_D5_BUG
+SSL_OP_TLS_ROLLBACK_BUG
+]]
+
+print([[static ssl_option_t ssl_options[] = {]])
+
+for option in string.gmatch(options, "(%S+)") do
+  local name = string.lower(string.sub(option, 8))
+  print(string.format([[#if defined(%s)]], option))
+  print(string.format([[  {"%s", %s},]], name, option))
+  print([[#endif]])
+end
+
+print([[  {NULL, 0L}]])
+print([[};]])
+*/
+
+static ssl_option_t ssl_options[] = {
+#if defined(SSL_OP_ALL)
+  {"all", SSL_OP_ALL},
+#endif
+#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
+  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
+#endif
+#if defined(SSL_OP_CISCO_ANYCONNECT)
+  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
+#endif
+#if defined(SSL_OP_COOKIE_EXCHANGE)
+  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
+#endif
+#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
+  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
+#endif
+#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
+#endif
+#if defined(SSL_OP_EPHEMERAL_RSA)
+  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
+#endif
+#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
+  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
+#endif
+#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
+#endif
+#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
+  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
+#endif
+#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
+  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
+#endif
+#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
+  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
+  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NO_COMPRESSION)
+  {"no_compression", SSL_OP_NO_COMPRESSION},
+#endif
+#if defined(SSL_OP_NO_QUERY_MTU)
+  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
+#endif
+#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
+  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_NO_SSLv2)
+  {"no_sslv2", SSL_OP_NO_SSLv2},
+#endif
+#if defined(SSL_OP_NO_SSLv3)
+  {"no_sslv3", SSL_OP_NO_SSLv3},
+#endif
+#if defined(SSL_OP_NO_TICKET)
+  {"no_ticket", SSL_OP_NO_TICKET},
+#endif
+#if defined(SSL_OP_NO_TLSv1)
+  {"no_tlsv1", SSL_OP_NO_TLSv1},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_1)
+  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_2)
+  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
+#endif
+#if defined(SSL_OP_SINGLE_DH_USE)
+  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
+#endif
+#if defined(SSL_OP_SINGLE_ECDH_USE)
+  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
+#endif
+#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
+  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
+#endif
+#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
+  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
+#endif
+#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
+  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
+#endif
+#if defined(SSL_OP_TLS_D5_BUG)
+  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
+#endif
+#if defined(SSL_OP_TLS_ROLLBACK_BUG)
+  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
+#endif
+  {NULL, 0L}
+};
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

@ -220,6 +220,9 @@ static int meth_create(lua_State *L)
  SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
  SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | 
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+#if defined(SSL_MODE_RELEASE_BUFFERS)
+  SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
+#endif
  if (mode == MD_CTX_SERVER)
    SSL_set_accept_state(ssl->ssl);
  else
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,8 +2,8 @@
 #define __SSL_H__

 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,6 +1,6 @@
 ------------------------------------------------------------------------------
-- LuaSec 0.4
-- Copyright (C) 2006-2009 Bruno Silvestre
+-- LuaSec 0.4.1
+-- Copyright (C) 2006-2011 Bruno Silvestre
 --
 ------------------------------------------------------------------------------

@ -10,8 +10,8 @@ require("ssl.core")
 require("ssl.context")


-_VERSION   = "0.4"
-_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. 
+_VERSION   = "0.4.1"
+_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" .. 
             "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"

 -- Export functions