From d84a0a911cb49f1df26c4e8836a34100ced89e25 Mon Sep 17 00:00:00 2001 From: Bart van Strien Date: Thu, 4 Jun 2015 13:30:32 +0200 Subject: [PATCH] Document functions of 'ssl' module --- doc/luasec.md | 115 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 112 insertions(+), 3 deletions(-) diff --git a/doc/luasec.md b/doc/luasec.md index f9d45b0..5164f34 100644 --- a/doc/luasec.md +++ b/doc/luasec.md @@ -8,6 +8,115 @@ between the peers. Functions --------- -`ssl.loadcertificate` -`ssl.newcontext` -`ssl.wrap` +### ssl.newcontext ### + + cfg = { + protocol = "sslv23" | "sslv3" | "tlsv1" | "tlsv1_1" | "tlsv1_2", + mode = "server" | "client", + key = nil | filename, + password = nil | string | function() -> string, + certificate = nil | filename, + cafile = nil | filename, + capath = nil | path, + ciphers = ciphers, + verify = {"none" | "peer" | "client_once" | "fail_if_no_peer_cert", ...}, + options = options, + depth = number, + dhparam = function(is_export, keylength) -> dh_params_string, + curve = curve, + verifyext = {"lsec_continue" | "lsec_ignore_purpose" | "crl_check" | + "crl_check_chain", ...}, + } + + context = ssl.newcontext(cfg) + +Creates a new context based on the settings in the `cfg` table. +See OpenSSL documentation on specifics on these settings, and see the `openssl +ciphers` command for the list of supported ciphers and its format specifically. + +#### options #### + "all" + "allow_unsafe_legacy_renegotiation" + "cipher_server_preference" + "cisco_anyconnect" + "cookie_exchange" + "cryptopro_tlsext_bug" + "dont_insert_empty_fragments" + "ephemeral_rsa" + "legacy_server_connect" + "microsoft_big_sslv3_buffer" + "microsoft_sess_id_bug" + "msie_sslv2_rsa_padding" + "netscape_ca_dn_bug" + "netscape_challenge_bug" + "netscape_demo_cipher_change_bug" + "netscape_reuse_cipher_change_bug" + "no_compression" + "no_query_mtu" + "no_session_resumption_on_renegotiation" + "no_sslv2" + "no_sslv3" + "no_ticket" + "no_tlsv1" + "no_tlsv1_1" + "no_tlsv1_2" + "pkcs1_check_1" + "pkcs1_check_2" + "single_dh_use" + "single_ecdh_use" + "ssleay_080_client_dh_bug" + "sslref2_reuse_cert_type_bug" + "tls_block_padding_bug" + "tls_d5_bug" + "tls_rollback_bug" + +#### curves #### + + "secp112r1" + "secp112r2" + "secp128r1" + "secp128r2" + "secp160k1" + "secp160r1" + "secp160r2" + "secp192k1" + "secp224k1" + "secp224r1" + "secp256k1" + "secp384r1" + "secp521r1" + "sect113r1" + "sect113r2" + "sect131r1" + "sect131r2" + "sect163k1" + "sect163r1" + "sect163r2" + "sect193r1" + "sect193r2" + "sect233k1" + "sect233r1" + "sect239k1" + "sect283k1" + "sect283r1" + "sect409k1" + "sect409r1" + "sect571k1" + "sect571r1" + "prime192v1" + "prime192v2" + "prime192v3" + "prime239v1" + "prime239v2" + "prime239v3" + "prime256v1" + +### ssl.loadcertificate ### +Alias for `cert.load`. + +### ssl.wrap ### + + conn = ssl.wrap(socket, cfg) + +`ssl.wrap` wraps an existing luasocket socket into a luasec connection object. +`cfg` is defined as for `ssl.newcontext`.