Commit Graph

25 Commits

Author SHA1 Message Date
Paul Aurich
0dab860770 context: Link SSL_CTX to p_context (not lua_State)
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
2013-09-11 21:55:25 -07:00
Paul Aurich
8cf7eb2d78 context: for dhparam_cb, pass is_export as boolean
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.

It should be a boolean anyway.
2013-09-11 21:55:25 -07:00
Paul Aurich
9c7c96f2a0 Add useful context to various error messages 2013-09-11 21:55:25 -07:00
Paul Aurich
9262f9e7de ssl.lua: Comment subtle DH/ECDH ordering caveat 2013-09-11 21:55:25 -07:00
Paul Aurich
3fb33cdc4e context: Don't leak EC_KEY in set_curve()
SSL_CTX_set_tmp_ecdh() takes a reference to the provided key.

==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631
==8323==    at 0x4C2935B: malloc (vg_replace_malloc.c:270)
==8323==    by 0x5E05D9F: CRYPTO_malloc (mem.c:308)
==8323==    by 0x5E59859: EC_KEY_new (ec_key.c:75)
==8323==    by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96)
==8323==    by 0x4E395A7: set_curve (context.c:261)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
a344f58b20 context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH
"#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.
2013-09-11 21:55:25 -07:00
Bruno Silvestre
063e8a8a5c - using buffer from luasocket 3.0.
- adding getstats() and setstats().
2013-06-20 13:03:58 -03:00
Matthew Wild
9f16c6fb11 Merge pull request #4 from darkrain42/master
no_compression fix for OpenSSL 0.9.8
2013-06-13 15:04:54 -07:00
Paul Aurich
7532f3b729 context: Support explicit selection of TLS v1.1 and v1.2 2013-06-12 19:06:16 -07:00
Paul Aurich
2dae14877e options: Remove dead code
The workaround for 'no_compression' on older OpenSSL is handled in context.c;
set_option_flag (which uses ssl_options) is never called, so this shouldn't
exist.
2013-06-12 18:38:44 -07:00
Paul Aurich
4c5ce1b177 context: Incidental cleanup 2013-06-12 18:36:35 -07:00
Paul Aurich
9bda3322fb context: no_compression is options, not verify
The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the
verification flags.
2013-06-12 18:33:19 -07:00
Matthew Wild
f77fb40033 Merge pull request #3 from msva/master
DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix + #1 fix
2013-05-15 04:02:47 -07:00
Vadim A. Misbakh-Soloviov
fceef56dce DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix. Also fixes #1
Signed-off-by: Vadim A. Misbakh-Soloviov <mva@mva.name>
2013-05-14 08:13:57 +07:00
Matthew Wild
4aecd53dc1 Update README with version explanation 2013-03-30 13:12:57 +00:00
Matthew Wild
1b899afd38 Remove duplicate files (now in luasocket/) 2013-03-30 12:49:55 +00:00
Matthew Wild
77ac210283 LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
Bruno Silvestre
908fc346d2 LuaSec 0.4.1 2012-09-02 11:40:59 -03:00
Bruno Silvestre
67e5176b6b LuaSec 0.4 2012-09-02 11:32:26 -03:00
Bruno Silvestre
29c6bd65d2 LuaSec 0.3.3 2012-09-02 11:31:22 -03:00
Bruno Silvestre
d28c5e4f9e LuaSec 0.3.2 2012-09-02 11:30:04 -03:00
Bruno Silvestre
affd08cf05 LuaSec 0.3.1 2012-09-02 11:27:04 -03:00
Bruno Silvestre
1c95a077ee LuaSec 0.3 2012-09-02 11:22:22 -03:00
Bruno Silvestre
36e94ee40d LuaSec 0.2 2012-09-02 11:15:49 -03:00
brunoos
0bae6dedd9 Initial commit 2012-05-30 10:26:40 -07:00