From ff868e4a0672c5132ac03267f8d7f2777df38496 Mon Sep 17 00:00:00 2001 From: Jeremy List Date: Fri, 22 Feb 2019 13:39:15 +1300 Subject: [PATCH] Enable multiple SSL certificates (issue 27) --- src/ssl.lua | 48 +++++++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/src/ssl.lua b/src/ssl.lua index d5fbd59..10925e8 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -74,25 +74,39 @@ local function newcontext(cfg) -- Mode succ, msg = context.setmode(ctx, cfg.mode) if not succ then return nil, msg end - -- Load the key - if cfg.key then - if cfg.password and - type(cfg.password) ~= "function" and - type(cfg.password) ~= "string" - then - return nil, "invalid password type" + -- Wrap singular certificate, key, etc in tables if necessary + for _, prop in pairs({ "key", "certificate", "password" }) do + if not cfg[prop .. "s"] then + if cfg[prop] then + cfg[prop .. "s"] = { cfg[prop] } + else + cfg[prop .. "s"] = {} + end end - succ, msg = context.loadkey(ctx, cfg.key, cfg.password) - if not succ then return nil, msg end end - -- Load the certificate - if cfg.certificate then - succ, msg = context.loadcert(ctx, cfg.certificate) - if not succ then return nil, msg end - if cfg.key and context.checkkey then - succ = context.checkkey(ctx) - if not succ then return nil, "private key does not match public key" end - end + for i, certificate in pairs(cfg.certificates) do + local password = cfg.passwords[i] + local key = cfg.keys[i] + -- Load the key + if key then + if password and + type(password) ~= "function" and + type(password) ~= "string" + then + return nil, "invalid password type" + end + succ, msg = context.loadkey(ctx, key, password) + if not succ then return nil, msg end + end + -- Load the certificate(s) + if certificate then + succ, msg = context.loadcert(ctx, certificate) + if not succ then return nil, msg end + if key and context.checkkey then + succ = context.checkkey(ctx) + if not succ then return nil, "private key does not match public key" end + end + end end -- Load the CA certificates if cfg.cafile or cfg.capath then