dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-11-08 06:28:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
63 Commits 6 Branches 25 Tags 1.4 MiB
580d9b7ed8
Commit Graph

63 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Niels Ole Salscheider
580d9b7ed8 Do not hardcode ar 
On Exherbo, ar is prefixed by the target triple.
 2015-05-23 19:51:58 +02:00
Bruno Silvestre
dd9688cf12 Merge pull request #39 from Tieske/win-certs 
added batch files to generate sample certs on Windows
 2015-04-17 09:51:35 -03:00
Thijs Schreijer
7c02208590 added batch files to generate sample certs on Windows 2015-04-03 23:51:16 +02:00
Bruno Silvestre
3862e76df9 Fix inet_ntop() on Windows. 2015-03-12 17:05:53 -03:00
Bruno Silvestre
1ab6fac919 Don't set globals from C. 2015-02-12 16:32:54 -02:00
Bruno Silvestre
91d378a86e Fix unpack(). 2015-02-12 16:29:02 -02:00
Bruno Silvestre
356e03a64d Stop using module(). 2015-02-06 18:07:29 -02:00
Bruno Silvestre
97b1974039 Change to luaL_newlib(). 2015-02-06 17:44:08 -02:00
Bruno Silvestre
9cb5220759 Remove luaL_optint() and luaL_checkint(). 2015-02-06 16:53:34 -02:00
Bruno Silvestre
acbf575420 BSD headers. 2015-01-28 16:38:00 -02:00
Bruno Silvestre
a9b81b1c10 Merge pull request #21 from Zash/zash/iPAddress-fix 
iPAddress encoding
 2015-01-28 16:24:02 -02:00
Bruno Silvestre
ab42d4ec86 Stop if we don't have a string. 2015-01-28 16:19:19 -02:00
Bruno Silvestre
12e1b1f1d9 Merge pull request #30 from lluixhi/master 
Fix for LibreSSL/OPENSSL_NO_COMP
 2015-01-28 15:07:07 -02:00
Lluixhi Scura
5240c02f3d Changed for strict compiles. 2015-01-16 09:12:14 -08:00
Lluixhi Scura
4c7339cace Fix for LibreSSL/OPENSSL_NO_COMP 2015-01-16 08:55:22 -08:00
Bruno Silvestre
f514e9fb1b Problem on Win64, since double does not represent SOCKET_INVALID exactly. 2014-09-10 14:41:09 -03:00
Bruno Silvestre
84cb83b92f - Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context. 
- Add the method :getsniname() to retrieve the SNI hostname used.
 2014-09-09 21:48:26 -03:00
Kim Alvefur
f13aee5dac Encode iPAddress fields in human readable form 2014-06-08 13:20:47 +02:00
Kim Alvefur
b83d2c6a91 Don't try to encode IP addresses as UTF-8 2014-06-08 12:47:58 +02:00
Kim Alvefur
c276e9ff60 Return early if ASN1 string is invalid 2014-06-08 12:41:20 +02:00
Kim Alvefur
1ade1542d7 Push nil if unable to encode ASN1 string as UTF-8 2014-06-08 12:38:52 +02:00
Bruno Silvestre
903efaf3b1 SNI support. 2014-04-21 13:20:17 -03:00
Bruno Silvestre
cc2fb8ee75 SNI support. 2014-04-21 13:18:20 -03:00
brunoos
77637e9d3c Merge pull request #17 from Zash/zash/checkkey 
Verify that certificate and key belong together
 2014-04-21 13:07:38 -03:00
brunoos
a481015217 Merge pull request #19 from Zash/zash/pubkey 
Zash/pubkey
 2014-04-21 11:52:40 -03:00
Kim Alvefur
11eaec6520 Add cert:pubkey() to methods registry 2014-04-19 23:11:32 +02:00
Bruno Silvestre
8fd31f3ad2 Wrong type. 2014-04-18 22:50:40 -03:00
Kim Alvefur
55d45f0542 Check if private key matches cert only if both key and cert are set 2014-02-05 16:51:30 +01:00
Kim Alvefur
8e5bcefbb6 Check that certificate matches private key 2014-02-05 01:48:58 +01:00
Kim Alvefur
eb8cb33160 Add method for extracting public key, type and size from x509 objects 2014-02-05 01:39:30 +01:00
Bruno Silvestre
21aefcf67d Version number -> 0.5. 2014-01-29 18:43:33 -02:00
Bruno Silvestre
89375f495a Examples update. 2014-01-29 17:47:27 -02:00
Bruno Silvestre
46d6078e82 Merge branch 'master' of https://github.com/brunoos/luasec 2013-10-23 13:53:43 -02:00
Bruno Silvestre
ce504d3554 Add x509:setencode() function to change the encode of ASN.1 string. 2013-10-23 13:42:34 -02:00
brunoos
4a95102cc8 Merge pull request #8 from xnyhps/protocol_version 
Report the actual TLS version used, not the version the cipher belongs to.
 2013-09-16 09:25:39 -07:00
brunoos
fe782fde14 Merge pull request #10 from darkrain42/master 
Various minor fixes (build on Fedora/RH, memory leaks)
 2013-09-16 09:17:58 -07:00
Paul Aurich
1d920fc13c context: Don't leak DH* in dhparam_cb 
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429==    by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429==    by 0x4E39D8F: dhparam_cb (context.c:184)
==1429==    by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x4E3C00D: meth_handshake (ssl.c:103)
...
 2013-09-11 21:55:25 -07:00
Paul Aurich
0dab860770 context: Link SSL_CTX to p_context (not lua_State) 
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
 2013-09-11 21:55:25 -07:00
Paul Aurich
8cf7eb2d78 context: for dhparam_cb, pass is_export as boolean 
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.

It should be a boolean anyway.
 2013-09-11 21:55:25 -07:00
Paul Aurich
9c7c96f2a0 Add useful context to various error messages 2013-09-11 21:55:25 -07:00
Paul Aurich
9262f9e7de ssl.lua: Comment subtle DH/ECDH ordering caveat 2013-09-11 21:55:25 -07:00
Paul Aurich
3fb33cdc4e context: Don't leak EC_KEY in set_curve() 
SSL_CTX_set_tmp_ecdh() takes a reference to the provided key.

==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631
==8323==    at 0x4C2935B: malloc (vg_replace_malloc.c:270)
==8323==    by 0x5E05D9F: CRYPTO_malloc (mem.c:308)
==8323==    by 0x5E59859: EC_KEY_new (ec_key.c:75)
==8323==    by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96)
==8323==    by 0x4E395A7: set_curve (context.c:261)
...
 2013-09-11 21:55:25 -07:00
Paul Aurich
a344f58b20 context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH 
"#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.
 2013-09-11 21:55:25 -07:00
Thijs Alkemade
1a75704ff0 Report the actual TLS version used, not the version the cipher belongs 
to.
 2013-09-08 15:00:07 +02:00
Bruno Silvestre
063e8a8a5c - using buffer from luasocket 3.0. 
- adding getstats() and setstats().
 2013-06-20 13:03:58 -03:00
Matthew Wild
9f16c6fb11 Merge pull request #4 from darkrain42/master 
no_compression fix for OpenSSL 0.9.8
 2013-06-13 15:04:54 -07:00
Paul Aurich
7532f3b729 context: Support explicit selection of TLS v1.1 and v1.2 2013-06-12 19:06:16 -07:00
Paul Aurich
2dae14877e options: Remove dead code 
The workaround for 'no_compression' on older OpenSSL is handled in context.c;
set_option_flag (which uses ssl_options) is never called, so this shouldn't
exist.
 2013-06-12 18:38:44 -07:00
Paul Aurich
4c5ce1b177 context: Incidental cleanup 2013-06-12 18:36:35 -07:00
Paul Aurich
9bda3322fb context: no_compression is options, not verify 
The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the
verification flags.
 2013-06-12 18:33:19 -07:00