Lluixhi Scura
4c7339cace
Fix for LibreSSL/OPENSSL_NO_COMP
2015-01-16 08:55:22 -08:00
Bruno Silvestre
f514e9fb1b
Problem on Win64, since double does not represent SOCKET_INVALID exactly.
2014-09-10 14:41:09 -03:00
Bruno Silvestre
84cb83b92f
- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
...
- Add the method :getsniname() to retrieve the SNI hostname used.
2014-09-09 21:48:26 -03:00
Thijs Schreijer
0c58a8f9b8
Updated (and renamed) rockspec Windows
...
Added several missing entries for the windows platform
2014-08-24 09:21:27 +02:00
Thijs Schreijer
3770f928d8
Create luasec-scm-1.rockspec
2014-08-23 11:26:01 +02:00
Kim Alvefur
f13aee5dac
Encode iPAddress fields in human readable form
2014-06-08 13:20:47 +02:00
Kim Alvefur
b83d2c6a91
Don't try to encode IP addresses as UTF-8
2014-06-08 12:47:58 +02:00
Kim Alvefur
c276e9ff60
Return early if ASN1 string is invalid
2014-06-08 12:41:20 +02:00
Kim Alvefur
1ade1542d7
Push nil if unable to encode ASN1 string as UTF-8
2014-06-08 12:38:52 +02:00
Kim Alvefur
97e836696b
Return human readable error message from cert:issued()
2014-04-22 01:17:34 +02:00
Bruno Silvestre
903efaf3b1
SNI support.
2014-04-21 13:20:17 -03:00
Bruno Silvestre
cc2fb8ee75
SNI support.
2014-04-21 13:18:20 -03:00
brunoos
77637e9d3c
Merge pull request #17 from Zash/zash/checkkey
...
Verify that certificate and key belong together
2014-04-21 13:07:38 -03:00
brunoos
a481015217
Merge pull request #19 from Zash/zash/pubkey
...
Zash/pubkey
2014-04-21 11:52:40 -03:00
Kim Alvefur
11eaec6520
Add cert:pubkey() to methods registry
2014-04-19 23:11:32 +02:00
Kim Alvefur
d2c87d71f7
Add cert:issued(leafcert) for checking chains
2014-04-19 22:58:28 +02:00
Bruno Silvestre
8fd31f3ad2
Wrong type.
2014-04-18 22:50:40 -03:00
Kim Alvefur
55d45f0542
Check if private key matches cert only if both key and cert are set
2014-02-05 16:51:30 +01:00
Kim Alvefur
8e5bcefbb6
Check that certificate matches private key
2014-02-05 01:48:58 +01:00
Kim Alvefur
eb8cb33160
Add method for extracting public key, type and size from x509 objects
2014-02-05 01:39:30 +01:00
Bruno Silvestre
21aefcf67d
Version number -> 0.5.
2014-01-29 18:43:33 -02:00
Bruno Silvestre
89375f495a
Examples update.
2014-01-29 17:47:27 -02:00
Bruno Silvestre
46d6078e82
Merge branch 'master' of https://github.com/brunoos/luasec
2013-10-23 13:53:43 -02:00
Bruno Silvestre
ce504d3554
Add x509:setencode() function to change the encode of ASN.1 string.
2013-10-23 13:42:34 -02:00
brunoos
4a95102cc8
Merge pull request #8 from xnyhps/protocol_version
...
Report the actual TLS version used, not the version the cipher belongs to.
2013-09-16 09:25:39 -07:00
brunoos
fe782fde14
Merge pull request #10 from darkrain42/master
...
Various minor fixes (build on Fedora/RH, memory leaks)
2013-09-16 09:17:58 -07:00
Paul Aurich
1d920fc13c
context: Don't leak DH* in dhparam_cb
...
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429== by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429== by 0x4E39D8F: dhparam_cb (context.c:184)
==1429== by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x4E3C00D: meth_handshake (ssl.c:103)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
0dab860770
context: Link SSL_CTX to p_context (not lua_State)
...
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
2013-09-11 21:55:25 -07:00
Paul Aurich
8cf7eb2d78
context: for dhparam_cb, pass is_export as boolean
...
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.
It should be a boolean anyway.
2013-09-11 21:55:25 -07:00
Paul Aurich
9c7c96f2a0
Add useful context to various error messages
2013-09-11 21:55:25 -07:00
Paul Aurich
9262f9e7de
ssl.lua: Comment subtle DH/ECDH ordering caveat
2013-09-11 21:55:25 -07:00
Paul Aurich
3fb33cdc4e
context: Don't leak EC_KEY in set_curve()
...
SSL_CTX_set_tmp_ecdh() takes a reference to the provided key.
==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631
==8323== at 0x4C2935B: malloc (vg_replace_malloc.c:270)
==8323== by 0x5E05D9F: CRYPTO_malloc (mem.c:308)
==8323== by 0x5E59859: EC_KEY_new (ec_key.c:75)
==8323== by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96)
==8323== by 0x4E395A7: set_curve (context.c:261)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
a344f58b20
context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH
...
"#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.
2013-09-11 21:55:25 -07:00
Thijs Alkemade
1a75704ff0
Report the actual TLS version used, not the version the cipher belongs
...
to.
2013-09-08 15:00:07 +02:00
Bruno Silvestre
063e8a8a5c
- using buffer from luasocket 3.0.
...
- adding getstats() and setstats().
2013-06-20 13:03:58 -03:00
Matthew Wild
9f16c6fb11
Merge pull request #4 from darkrain42/master
...
no_compression fix for OpenSSL 0.9.8
2013-06-13 15:04:54 -07:00
Paul Aurich
7532f3b729
context: Support explicit selection of TLS v1.1 and v1.2
2013-06-12 19:06:16 -07:00
Paul Aurich
2dae14877e
options: Remove dead code
...
The workaround for 'no_compression' on older OpenSSL is handled in context.c;
set_option_flag (which uses ssl_options) is never called, so this shouldn't
exist.
2013-06-12 18:38:44 -07:00
Paul Aurich
4c5ce1b177
context: Incidental cleanup
2013-06-12 18:36:35 -07:00
Paul Aurich
9bda3322fb
context: no_compression is options, not verify
...
The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the
verification flags.
2013-06-12 18:33:19 -07:00
Matthew Wild
f77fb40033
Merge pull request #3 from msva/master
...
DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix + #1 fix
2013-05-15 04:02:47 -07:00
Vadim A. Misbakh-Soloviov
fceef56dce
DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix. Also fixes #1
...
Signed-off-by: Vadim A. Misbakh-Soloviov <mva@mva.name>
2013-05-14 08:13:57 +07:00
Matthew Wild
4aecd53dc1
Update README with version explanation
2013-03-30 13:12:57 +00:00
Matthew Wild
1b899afd38
Remove duplicate files (now in luasocket/)
2013-03-30 12:49:55 +00:00
Matthew Wild
77ac210283
LuaSec 20120616 (unofficial) + patches
2013-03-30 12:21:40 +00:00
Bruno Silvestre
908fc346d2
LuaSec 0.4.1
2012-09-02 11:40:59 -03:00
Bruno Silvestre
67e5176b6b
LuaSec 0.4
2012-09-02 11:32:26 -03:00
Bruno Silvestre
29c6bd65d2
LuaSec 0.3.3
2012-09-02 11:31:22 -03:00
Bruno Silvestre
d28c5e4f9e
LuaSec 0.3.2
2012-09-02 11:30:04 -03:00
Bruno Silvestre
affd08cf05
LuaSec 0.3.1
2012-09-02 11:27:04 -03:00