Bruno Silvestre
9f6d623ccb
proper socket invalidation #70
2017-03-31 14:32:35 -03:00
W-Mark Kubacki
622ef3d6a6
Enable curve negotiation with #ifdef SSL_CTX_set1_curves_list
...
One of currently three definitions in the wild that indicate support for
SSL_CTX_set1_curves_list().
2017-02-26 00:16:25 +01:00
Mark Kubacki
231563682a
Add support for the new curve selection API.
...
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
2017-02-26 00:16:24 +01:00
Greatwolf
77b88e0b0d
Fix for sni host issue #88 and #44 . Thanks to @TomasB
2016-12-15 16:46:59 -08:00
Bruno Silvestre
4889830d53
Compatibility with OpenSSL 1.1.0
...
Defining macros X509_up_ref() and SSL_is_server to use the same
API of OpenSSL 1.1.0.
2016-09-14 17:47:09 -03:00
Bruno Silvestre
80a527d630
Use EVP_PKEY_base_id() to recover the key's type
2016-09-13 13:30:44 -03:00
Bruno Silvestre
53db804b9d
Use X509_EXTENSION_get_object() to get the 'object' field from extension
2016-09-13 13:22:25 -03:00
Bruno Silvestre
22e6652d88
ASN1_STRING_data() is deprecated in OpenSSL 1.1.0
...
ASN1_STRING_get0_data() must be used instead.
2016-09-13 13:09:18 -03:00
Bruno Silvestre
3cfdb878dd
Merge pull request #76 from msva/patch-1
...
Return of DESTDIR support
2016-08-03 15:10:06 -03:00
Bruno Silvestre
4101af103e
Return the number of data read and remove a useless line.
2016-08-03 14:56:07 -03:00
Vadim A. Misbakh-Soloviov
4aa9ec3b60
Return of DESTDIR support
2016-07-24 02:01:21 +07:00
Perry Clarke
5a98bb6adb
Fix crash related to incorrect buffer size
...
The number of bytes received by ssl_recv() is being passed to luaL_addlstring() (in recvall()) but it was being left either uninitialized or being set to an error code. The crashing case I found was when the state was not LSEC_STATE_CONNECTED (e.g. when dohandshake() has failed) and ssl_recv() returned immediately without setting "got".
2016-05-03 16:37:47 -07:00
Bruno Silvestre
20443861eb
Update version number and rock file.
2016-03-03 16:11:46 -03:00
Bruno Silvestre
3b5f4b0dc1
Options from OpenSSL 1.0.2f
2016-02-16 10:48:19 -02:00
Bruno Silvestre
407ff6133c
Use "any" protocol, but SSL.
2016-02-16 09:35:47 -02:00
Bruno Silvestre
72e159149b
Merge pull request #20 from Zash/zash/checkissued
...
Method for checking if one certificate issued another
2016-02-16 09:34:31 -02:00
Bruno Silvestre
6a7a6f7f67
Keep 'sslv23' for compability, but deprected. (it will be removed in the next version)
2015-11-19 12:33:06 -02:00
Gleydson Soares
63f7d46d00
for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols.
2015-11-17 20:05:06 -03:00
Gleydson Soares
ef28f7d20d
add TLS_method(). for now, keep SSLv23_method() for compatibility.
2015-11-17 19:36:58 -03:00
Bruno Silvestre
49ea6b8ba6
Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3
...
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
2015-11-12 18:47:56 -02:00
Bruno Silvestre
96401bdf67
Add lsec_testcontext().
2015-10-28 00:05:30 -02:00
Gleydson Soares
67f0867277
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
2015-10-12 08:35:35 -03:00
Bruno Silvestre
d1fb889547
Version number -> 0.6 alpha
2015-08-21 11:21:16 -03:00
Bruno Silvestre
24e5ec13f3
Merge pull request #46 from olesalscheider/master
...
Do not hardcode ar
2015-08-03 20:37:00 -03:00
Bruno Silvestre
8e9910cb15
Format.
2015-08-01 01:14:16 -03:00
Bruno Silvestre
2c2c9cf16f
Alternative implementation to inet_ntop() for old versions of Windows.
2015-08-01 01:07:04 -03:00
Niels Ole Salscheider
580d9b7ed8
Do not hardcode ar
...
On Exherbo, ar is prefixed by the target triple.
2015-05-23 19:51:58 +02:00
Kim Alvefur
4e59c719df
Perform all validation before allocating structures
...
Check that all arguments are certificates before allocating OpenSSL
structures that require cleanup afterwards.
API of issued() changes (again) to root:issued(cert, [chain]*)
2015-03-31 17:48:44 +02:00
Kim Alvefur
aa0c7ea1e5
Validate signatures too.
...
API changes to root:issued([intermediate]*, cert)
2015-03-20 16:36:05 +01:00
Bruno Silvestre
3862e76df9
Fix inet_ntop() on Windows.
2015-03-12 17:05:53 -03:00
Bruno Silvestre
1ab6fac919
Don't set globals from C.
2015-02-12 16:32:54 -02:00
Bruno Silvestre
91d378a86e
Fix unpack().
2015-02-12 16:29:02 -02:00
Bruno Silvestre
356e03a64d
Stop using module().
2015-02-06 18:07:29 -02:00
Bruno Silvestre
97b1974039
Change to luaL_newlib().
2015-02-06 17:44:08 -02:00
Bruno Silvestre
9cb5220759
Remove luaL_optint() and luaL_checkint().
2015-02-06 16:53:34 -02:00
Bruno Silvestre
acbf575420
BSD headers.
2015-01-28 16:38:00 -02:00
Bruno Silvestre
a9b81b1c10
Merge pull request #21 from Zash/zash/iPAddress-fix
...
iPAddress encoding
2015-01-28 16:24:02 -02:00
Bruno Silvestre
ab42d4ec86
Stop if we don't have a string.
2015-01-28 16:19:19 -02:00
Lluixhi Scura
5240c02f3d
Changed for strict compiles.
2015-01-16 09:12:14 -08:00
Lluixhi Scura
4c7339cace
Fix for LibreSSL/OPENSSL_NO_COMP
2015-01-16 08:55:22 -08:00
Bruno Silvestre
f514e9fb1b
Problem on Win64, since double does not represent SOCKET_INVALID exactly.
2014-09-10 14:41:09 -03:00
Bruno Silvestre
84cb83b92f
- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
...
- Add the method :getsniname() to retrieve the SNI hostname used.
2014-09-09 21:48:26 -03:00
Kim Alvefur
f13aee5dac
Encode iPAddress fields in human readable form
2014-06-08 13:20:47 +02:00
Kim Alvefur
b83d2c6a91
Don't try to encode IP addresses as UTF-8
2014-06-08 12:47:58 +02:00
Kim Alvefur
c276e9ff60
Return early if ASN1 string is invalid
2014-06-08 12:41:20 +02:00
Kim Alvefur
1ade1542d7
Push nil if unable to encode ASN1 string as UTF-8
2014-06-08 12:38:52 +02:00
Kim Alvefur
97e836696b
Return human readable error message from cert:issued()
2014-04-22 01:17:34 +02:00
Bruno Silvestre
903efaf3b1
SNI support.
2014-04-21 13:20:17 -03:00
brunoos
77637e9d3c
Merge pull request #17 from Zash/zash/checkkey
...
Verify that certificate and key belong together
2014-04-21 13:07:38 -03:00
brunoos
a481015217
Merge pull request #19 from Zash/zash/pubkey
...
Zash/pubkey
2014-04-21 11:52:40 -03:00