Bruno Silvestre
28e247dbc5
Removing deprecated methods to select the protocol
...
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
2018-07-02 10:31:45 -03:00
Bruno Silvestre
89bdc6148c
Removing SSLv3 support
2018-06-29 14:06:51 -03:00
Bruno Silvestre
8212b89f1a
Using 'const SSL_METHOD*'
...
This change was introduced in OpenSSL 1.0.0.
Start droping 0.9.8 code.
2018-06-29 14:02:39 -03:00
Bruno Silvestre
de63f21f63
Change version number to 0.7
2018-06-27 10:36:26 -03:00
Bruno Silvestre
be3c6d67e0
Make luaL_testudata() compat function visible for all files
2017-10-28 09:53:28 -02:00
Bruno Silvestre
0d01b53461
Version number to 0.7alpha
2017-09-26 18:22:49 -03:00
Bruno Silvestre
fe1fb0b350
Adding 'curveslist' parameter
...
LuaSec will try to set 'curveslist' parameter first.
If the parameter is not present or not supported, LuaSec will
try 'curve' parameter.
2017-08-04 17:00:12 -03:00
Bruno Silvestre
0b99832ec7
Export configuration (protocols, options, curves, algorithms, capabilities)
2017-06-16 22:50:27 -03:00
Bruno Silvestre
fc757e1fd0
Discover curves dynamically
2017-06-16 21:03:10 -03:00
W-Mark Kubacki
622ef3d6a6
Enable curve negotiation with #ifdef SSL_CTX_set1_curves_list
...
One of currently three definitions in the wild that indicate support for
SSL_CTX_set1_curves_list().
2017-02-26 00:16:25 +01:00
Mark Kubacki
231563682a
Add support for the new curve selection API.
...
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
2017-02-26 00:16:24 +01:00
Bruno Silvestre
4889830d53
Compatibility with OpenSSL 1.1.0
...
Defining macros X509_up_ref() and SSL_is_server to use the same
API of OpenSSL 1.1.0.
2016-09-14 17:47:09 -03:00
Bruno Silvestre
20443861eb
Update version number and rock file.
2016-03-03 16:11:46 -03:00
Bruno Silvestre
6a7a6f7f67
Keep 'sslv23' for compability, but deprected. (it will be removed in the next version)
2015-11-19 12:33:06 -02:00
Gleydson Soares
63f7d46d00
for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols.
2015-11-17 20:05:06 -03:00
Gleydson Soares
ef28f7d20d
add TLS_method(). for now, keep SSLv23_method() for compatibility.
2015-11-17 19:36:58 -03:00
Bruno Silvestre
49ea6b8ba6
Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3
...
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
2015-11-12 18:47:56 -02:00
Bruno Silvestre
96401bdf67
Add lsec_testcontext().
2015-10-28 00:05:30 -02:00
Gleydson Soares
67f0867277
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
2015-10-12 08:35:35 -03:00
Bruno Silvestre
d1fb889547
Version number -> 0.6 alpha
2015-08-21 11:21:16 -03:00
Bruno Silvestre
1ab6fac919
Don't set globals from C.
2015-02-12 16:32:54 -02:00
Bruno Silvestre
97b1974039
Change to luaL_newlib().
2015-02-06 17:44:08 -02:00
Bruno Silvestre
9cb5220759
Remove luaL_optint() and luaL_checkint().
2015-02-06 16:53:34 -02:00
Kim Alvefur
8e5bcefbb6
Check that certificate matches private key
2014-02-05 01:48:58 +01:00
Bruno Silvestre
21aefcf67d
Version number -> 0.5.
2014-01-29 18:43:33 -02:00
Paul Aurich
1d920fc13c
context: Don't leak DH* in dhparam_cb
...
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429== by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429== by 0x4E39D8F: dhparam_cb (context.c:184)
==1429== by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x4E3C00D: meth_handshake (ssl.c:103)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
0dab860770
context: Link SSL_CTX to p_context (not lua_State)
...
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
2013-09-11 21:55:25 -07:00
Paul Aurich
8cf7eb2d78
context: for dhparam_cb, pass is_export as boolean
...
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.
It should be a boolean anyway.
2013-09-11 21:55:25 -07:00
Paul Aurich
9c7c96f2a0
Add useful context to various error messages
2013-09-11 21:55:25 -07:00
Paul Aurich
3fb33cdc4e
context: Don't leak EC_KEY in set_curve()
...
SSL_CTX_set_tmp_ecdh() takes a reference to the provided key.
==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631
==8323== at 0x4C2935B: malloc (vg_replace_malloc.c:270)
==8323== by 0x5E05D9F: CRYPTO_malloc (mem.c:308)
==8323== by 0x5E59859: EC_KEY_new (ec_key.c:75)
==8323== by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96)
==8323== by 0x4E395A7: set_curve (context.c:261)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
a344f58b20
context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH
...
"#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.
2013-09-11 21:55:25 -07:00
Paul Aurich
7532f3b729
context: Support explicit selection of TLS v1.1 and v1.2
2013-06-12 19:06:16 -07:00
Paul Aurich
4c5ce1b177
context: Incidental cleanup
2013-06-12 18:36:35 -07:00
Paul Aurich
9bda3322fb
context: no_compression is options, not verify
...
The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the
verification flags.
2013-06-12 18:33:19 -07:00
Matthew Wild
77ac210283
LuaSec 20120616 (unofficial) + patches
2013-03-30 12:21:40 +00:00
Bruno Silvestre
908fc346d2
LuaSec 0.4.1
2012-09-02 11:40:59 -03:00
Bruno Silvestre
67e5176b6b
LuaSec 0.4
2012-09-02 11:32:26 -03:00
Bruno Silvestre
29c6bd65d2
LuaSec 0.3.3
2012-09-02 11:31:22 -03:00
Bruno Silvestre
d28c5e4f9e
LuaSec 0.3.2
2012-09-02 11:30:04 -03:00
Bruno Silvestre
affd08cf05
LuaSec 0.3.1
2012-09-02 11:27:04 -03:00
Bruno Silvestre
1c95a077ee
LuaSec 0.3
2012-09-02 11:22:22 -03:00
Bruno Silvestre
36e94ee40d
LuaSec 0.2
2012-09-02 11:15:49 -03:00