Document functions of 'ssl' module

This commit is contained in:
Bart van Strien 2015-06-04 13:30:32 +02:00
parent 54db93c530
commit d84a0a911c

View File

@ -8,6 +8,115 @@ between the peers.
Functions Functions
--------- ---------
`ssl.loadcertificate` ### ssl.newcontext ###
`ssl.newcontext`
`ssl.wrap` cfg = {
protocol = "sslv23" | "sslv3" | "tlsv1" | "tlsv1_1" | "tlsv1_2",
mode = "server" | "client",
key = nil | filename,
password = nil | string | function() -> string,
certificate = nil | filename,
cafile = nil | filename,
capath = nil | path,
ciphers = ciphers,
verify = {"none" | "peer" | "client_once" | "fail_if_no_peer_cert", ...},
options = options,
depth = number,
dhparam = function(is_export, keylength) -> dh_params_string,
curve = curve,
verifyext = {"lsec_continue" | "lsec_ignore_purpose" | "crl_check" |
"crl_check_chain", ...},
}
context = ssl.newcontext(cfg)
Creates a new context based on the settings in the `cfg` table.
See OpenSSL documentation on specifics on these settings, and see the `openssl
ciphers` command for the list of supported ciphers and its format specifically.
#### options ####
"all"
"allow_unsafe_legacy_renegotiation"
"cipher_server_preference"
"cisco_anyconnect"
"cookie_exchange"
"cryptopro_tlsext_bug"
"dont_insert_empty_fragments"
"ephemeral_rsa"
"legacy_server_connect"
"microsoft_big_sslv3_buffer"
"microsoft_sess_id_bug"
"msie_sslv2_rsa_padding"
"netscape_ca_dn_bug"
"netscape_challenge_bug"
"netscape_demo_cipher_change_bug"
"netscape_reuse_cipher_change_bug"
"no_compression"
"no_query_mtu"
"no_session_resumption_on_renegotiation"
"no_sslv2"
"no_sslv3"
"no_ticket"
"no_tlsv1"
"no_tlsv1_1"
"no_tlsv1_2"
"pkcs1_check_1"
"pkcs1_check_2"
"single_dh_use"
"single_ecdh_use"
"ssleay_080_client_dh_bug"
"sslref2_reuse_cert_type_bug"
"tls_block_padding_bug"
"tls_d5_bug"
"tls_rollback_bug"
#### curves ####
"secp112r1"
"secp112r2"
"secp128r1"
"secp128r2"
"secp160k1"
"secp160r1"
"secp160r2"
"secp192k1"
"secp224k1"
"secp224r1"
"secp256k1"
"secp384r1"
"secp521r1"
"sect113r1"
"sect113r2"
"sect131r1"
"sect131r2"
"sect163k1"
"sect163r1"
"sect163r2"
"sect193r1"
"sect193r2"
"sect233k1"
"sect233r1"
"sect239k1"
"sect283k1"
"sect283r1"
"sect409k1"
"sect409r1"
"sect571k1"
"sect571r1"
"prime192v1"
"prime192v2"
"prime192v3"
"prime239v1"
"prime239v2"
"prime239v3"
"prime256v1"
### ssl.loadcertificate ###
Alias for `cert.load`.
### ssl.wrap ###
conn = ssl.wrap(socket, cfg)
`ssl.wrap` wraps an existing luasocket socket into a luasec connection object.
`cfg` is defined as for `ssl.newcontext`.