Commit Graph

32 Commits

Author SHA1 Message Date
Matthew Wild
4cecbb2783 ssl: Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods
These methods mirror the existing methods that fetch the peer certificate and
chain. Due to various factors (SNI, multiple key types, etc.) it is not always
trivial for an application to determine what certificate was presented to the
client. However there are various use-cases where this is needed, such as
tls-server-end-point channel binding and OCSP stapling.

Requires OpenSSL 1.0.2+ (note: SSL_get_certificate() has existed for a very
long time, but was lacking documentation until OpenSSL 3.0).
2022-09-21 18:40:10 +01:00
Bruno Silvestre
860b2a8b5f Use a more generic form 2019-10-19 10:22:21 -03:00
Bruno Silvestre
caeaa5ffda Use a more generic form 2019-10-19 10:12:20 -03:00
Bruno Silvestre
9d84469912 Use a more generic form 2019-10-19 10:04:30 -03:00
Bruno Silvestre
18fa0118be
Merge pull request #122 from Zash/dane
DANE support
2019-07-11 09:50:25 -03:00
Bruno Silvestre
1c9401ae54 README for samples updated 2019-02-26 16:06:17 -03:00
Bruno Silvestre
ea8ccc3113 Update sample of multiple certificates 2019-02-26 15:52:02 -03:00
Bruno Silvestre
1c3bf23551
Merge pull request #133 from quickdudley/multi-certs
Enable multiple SSL certificates
2019-02-26 14:42:47 -03:00
Bruno Silvestre
31237195a3 Fix invalid section 2019-02-26 13:37:12 -03:00
Jeremy List
c72dc02ecb Sample for multiple certificates. 2019-02-26 10:52:53 +13:00
Bruno Silvestre
ef342a7cda
Merge pull request #125 from horazont/feature/fix-memleak
Fix memory leak in meth_extensions
2019-01-10 10:03:25 -02:00
Jonas Schäfer
0775d5744f Make memory leak reproducible in loop sample 2018-11-19 16:00:20 +01:00
Jonas Schäfer
8bcabff0c1 Modernize certificate generation
- Use 2048 bit keys (required for modern OpenSSL)
- Use SHA256 instead of SHA1 (required for modern OpenSSL)
- Add a SubjectAltName to be able to trigger certain edge-cases
- Add all.sh to conveniently re-generate certificates
2018-11-19 15:56:42 +01:00
Kim Alvefur
5ffe22e98e Add sample DANE usage 2018-10-06 19:37:43 +02:00
Bruno Silvestre
dea60edf4f Add ALPN support based on PR #64 from xnyhps 2018-08-27 15:10:18 -03:00
Bruno Silvestre
93e0e8cc64 Force a cipher that use DH parameter 2018-07-26 11:22:24 -03:00
daurnimator
64f11f515d
Add example of luaossl integration
Based on 'info' sample
2017-04-04 13:07:48 +10:00
Bruno Silvestre
9c41eaf09a Merge pull request #74 from ka7/spelling
spelling fixes, as seen on lintian.debian.org
2017-03-31 14:50:19 -03:00
Mark Kubacki
231563682a
Add support for the new curve selection API.
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
2017-02-26 00:16:24 +01:00
klemens
d45c03a1ad spelling fixes, as seen on lintian.debian.org 2016-07-11 21:57:50 +02:00
Gleydson Soares
5561ddfa3c update protocol samples(bring "tlsv1_2" to clients and "any" to servers) 2015-11-17 20:39:05 -03:00
Bruno Silvestre
64faf6322e Update samples (using 'tlsv1'). 2015-11-12 19:04:37 -02:00
Bruno Silvestre
dd9688cf12 Merge pull request #39 from Tieske/win-certs
added batch files to generate sample certs on Windows
2015-04-17 09:51:35 -03:00
Thijs Schreijer
7c02208590 added batch files to generate sample certs on Windows 2015-04-03 23:51:16 +02:00
Bruno Silvestre
84cb83b92f - Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
- Add the method :getsniname() to retrieve the SNI hostname used.
2014-09-09 21:48:26 -03:00
Bruno Silvestre
cc2fb8ee75 SNI support. 2014-04-21 13:18:20 -03:00
Bruno Silvestre
89375f495a Examples update. 2014-01-29 17:47:27 -02:00
Bruno Silvestre
063e8a8a5c - using buffer from luasocket 3.0.
- adding getstats() and setstats().
2013-06-20 13:03:58 -03:00
Matthew Wild
77ac210283 LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
Bruno Silvestre
67e5176b6b LuaSec 0.4 2012-09-02 11:32:26 -03:00
Bruno Silvestre
1c95a077ee LuaSec 0.3 2012-09-02 11:22:22 -03:00
Bruno Silvestre
36e94ee40d LuaSec 0.2 2012-09-02 11:15:49 -03:00