Commit Graph

37 Commits

Author SHA1 Message Date
4e59c719df Perform all validation before allocating structures
Check that all arguments are certificates before allocating OpenSSL
structures that require cleanup afterwards.

API of issued() changes (again) to root:issued(cert, [chain]*)
2015-03-31 17:48:44 +02:00
aa0c7ea1e5 Validate signatures too.
API changes to root:issued([intermediate]*, cert)
2015-03-20 16:36:05 +01:00
97e836696b Return human readable error message from cert:issued() 2014-04-22 01:17:34 +02:00
d2c87d71f7 Add cert:issued(leafcert) for checking chains 2014-04-19 22:58:28 +02:00
21aefcf67d Version number -> 0.5. luasec-0.5 2014-01-29 18:43:33 -02:00
89375f495a Examples update. 2014-01-29 17:47:27 -02:00
46d6078e82 Merge branch 'master' of https://github.com/brunoos/luasec 2013-10-23 13:53:43 -02:00
ce504d3554 Add x509:setencode() function to change the encode of ASN.1 string. 2013-10-23 13:42:34 -02:00
4a95102cc8 Merge pull request #8 from xnyhps/protocol_version
Report the actual TLS version used, not the version the cipher belongs to.
2013-09-16 09:25:39 -07:00
fe782fde14 Merge pull request #10 from darkrain42/master
Various minor fixes (build on Fedora/RH, memory leaks)
2013-09-16 09:17:58 -07:00
1d920fc13c context: Don't leak DH* in dhparam_cb
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429==    by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429==    by 0x4E39D8F: dhparam_cb (context.c:184)
==1429==    by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x4E3C00D: meth_handshake (ssl.c:103)
...
2013-09-11 21:55:25 -07:00
0dab860770 context: Link SSL_CTX to p_context (not lua_State)
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
2013-09-11 21:55:25 -07:00
8cf7eb2d78 context: for dhparam_cb, pass is_export as boolean
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.

It should be a boolean anyway.
2013-09-11 21:55:25 -07:00
9c7c96f2a0 Add useful context to various error messages 2013-09-11 21:55:25 -07:00
9262f9e7de ssl.lua: Comment subtle DH/ECDH ordering caveat 2013-09-11 21:55:25 -07:00
3fb33cdc4e context: Don't leak EC_KEY in set_curve()
SSL_CTX_set_tmp_ecdh() takes a reference to the provided key.

==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631
==8323==    at 0x4C2935B: malloc (vg_replace_malloc.c:270)
==8323==    by 0x5E05D9F: CRYPTO_malloc (mem.c:308)
==8323==    by 0x5E59859: EC_KEY_new (ec_key.c:75)
==8323==    by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96)
==8323==    by 0x4E395A7: set_curve (context.c:261)
...
2013-09-11 21:55:25 -07:00
a344f58b20 context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH
"#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.
2013-09-11 21:55:25 -07:00
1a75704ff0 Report the actual TLS version used, not the version the cipher belongs
to.
2013-09-08 15:00:07 +02:00
063e8a8a5c - using buffer from luasocket 3.0.
- adding getstats() and setstats().
2013-06-20 13:03:58 -03:00
9f16c6fb11 Merge pull request #4 from darkrain42/master
no_compression fix for OpenSSL 0.9.8
2013-06-13 15:04:54 -07:00
7532f3b729 context: Support explicit selection of TLS v1.1 and v1.2 2013-06-12 19:06:16 -07:00
2dae14877e options: Remove dead code
The workaround for 'no_compression' on older OpenSSL is handled in context.c;
set_option_flag (which uses ssl_options) is never called, so this shouldn't
exist.
2013-06-12 18:38:44 -07:00
4c5ce1b177 context: Incidental cleanup 2013-06-12 18:36:35 -07:00
9bda3322fb context: no_compression is options, not verify
The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the
verification flags.
2013-06-12 18:33:19 -07:00
f77fb40033 Merge pull request #3 from msva/master
DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix + #1 fix
2013-05-15 04:02:47 -07:00
fceef56dce DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix. Also fixes #1
Signed-off-by: Vadim A. Misbakh-Soloviov <mva@mva.name>
2013-05-14 08:13:57 +07:00
4aecd53dc1 Update README with version explanation 2013-03-30 13:12:57 +00:00
1b899afd38 Remove duplicate files (now in luasocket/) 2013-03-30 12:49:55 +00:00
77ac210283 LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
908fc346d2 LuaSec 0.4.1 luasec-0.4.1 2012-09-02 11:40:59 -03:00
67e5176b6b LuaSec 0.4 luasec-0.4 2012-09-02 11:32:26 -03:00
29c6bd65d2 LuaSec 0.3.3 luasec-0.3.3 2012-09-02 11:31:22 -03:00
d28c5e4f9e LuaSec 0.3.2 luasec-0.3.2 2012-09-02 11:30:04 -03:00
affd08cf05 LuaSec 0.3.1 luasec-0.3.1 2012-09-02 11:27:04 -03:00
1c95a077ee LuaSec 0.3 luasec-0.3 2012-09-02 11:22:22 -03:00
36e94ee40d LuaSec 0.2 luasec-0.2 2012-09-02 11:15:49 -03:00
0bae6dedd9 Initial commit 2012-05-30 10:26:40 -07:00