Kim Alvefur
4e59c719df
Perform all validation before allocating structures
...
Check that all arguments are certificates before allocating OpenSSL
structures that require cleanup afterwards.
API of issued() changes (again) to root:issued(cert, [chain]*)
2015-03-31 17:48:44 +02:00
Kim Alvefur
aa0c7ea1e5
Validate signatures too.
...
API changes to root:issued([intermediate]*, cert)
2015-03-20 16:36:05 +01:00
Bruno Silvestre
3862e76df9
Fix inet_ntop() on Windows.
2015-03-12 17:05:53 -03:00
Thijs Schreijer
9e93748671
Merge branch 'master' of https://github.com/brunoos/luasec
2015-03-08 16:24:44 +01:00
Thijs Schreijer
148a56f26c
Merge branch 'moteus_rock'
2015-03-02 13:26:20 +01:00
Thijs Schreijer
9183cb724f
added bindir to lib section, as mingw links against dll's to be found in bindir
2015-03-02 13:25:49 +01:00
Thijs Schreijer
b6327b95b4
updated defines in rockspec
2015-03-02 11:43:40 +01:00
Thijs Schreijer
a334f11abf
Merge branch 'master' of github.com:Tieske/luasec into moteus_rock
...
Conflicts:
luasec-0.5-3.rockspec
2015-03-02 11:37:51 +01:00
Thijs Schreijer
932465c66a
gitignore build artifacts
2015-03-02 11:33:37 +01:00
Thijs Schreijer
474b105087
use winsock 2
2015-03-02 11:21:48 +01:00
Thijs Schreijer
65da178ca3
alternative rockspec
2015-03-02 11:11:25 +01:00
Bruno Silvestre
1ab6fac919
Don't set globals from C.
2015-02-12 16:32:54 -02:00
Bruno Silvestre
91d378a86e
Fix unpack().
2015-02-12 16:29:02 -02:00
Bruno Silvestre
356e03a64d
Stop using module().
2015-02-06 18:07:29 -02:00
Bruno Silvestre
97b1974039
Change to luaL_newlib().
2015-02-06 17:44:08 -02:00
Bruno Silvestre
9cb5220759
Remove luaL_optint() and luaL_checkint().
2015-02-06 16:53:34 -02:00
Bruno Silvestre
acbf575420
BSD headers.
2015-01-28 16:38:00 -02:00
Bruno Silvestre
a9b81b1c10
Merge pull request #21 from Zash/zash/iPAddress-fix
...
iPAddress encoding
2015-01-28 16:24:02 -02:00
Bruno Silvestre
ab42d4ec86
Stop if we don't have a string.
2015-01-28 16:19:19 -02:00
Bruno Silvestre
12e1b1f1d9
Merge pull request #30 from lluixhi/master
...
Fix for LibreSSL/OPENSSL_NO_COMP
2015-01-28 15:07:07 -02:00
Lluixhi Scura
5240c02f3d
Changed for strict compiles.
2015-01-16 09:12:14 -08:00
Lluixhi Scura
4c7339cace
Fix for LibreSSL/OPENSSL_NO_COMP
2015-01-16 08:55:22 -08:00
Bruno Silvestre
f514e9fb1b
Problem on Win64, since double does not represent SOCKET_INVALID exactly.
2014-09-10 14:41:09 -03:00
Bruno Silvestre
84cb83b92f
- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
...
- Add the method :getsniname() to retrieve the SNI hostname used.
2014-09-09 21:48:26 -03:00
Thijs Schreijer
0c58a8f9b8
Updated (and renamed) rockspec Windows
...
Added several missing entries for the windows platform
2014-08-24 09:21:27 +02:00
Thijs Schreijer
3770f928d8
Create luasec-scm-1.rockspec
2014-08-23 11:26:01 +02:00
Kim Alvefur
f13aee5dac
Encode iPAddress fields in human readable form
2014-06-08 13:20:47 +02:00
Kim Alvefur
b83d2c6a91
Don't try to encode IP addresses as UTF-8
2014-06-08 12:47:58 +02:00
Kim Alvefur
c276e9ff60
Return early if ASN1 string is invalid
2014-06-08 12:41:20 +02:00
Kim Alvefur
1ade1542d7
Push nil if unable to encode ASN1 string as UTF-8
2014-06-08 12:38:52 +02:00
Kim Alvefur
97e836696b
Return human readable error message from cert:issued()
2014-04-22 01:17:34 +02:00
Bruno Silvestre
903efaf3b1
SNI support.
2014-04-21 13:20:17 -03:00
Bruno Silvestre
cc2fb8ee75
SNI support.
2014-04-21 13:18:20 -03:00
brunoos
77637e9d3c
Merge pull request #17 from Zash/zash/checkkey
...
Verify that certificate and key belong together
2014-04-21 13:07:38 -03:00
brunoos
a481015217
Merge pull request #19 from Zash/zash/pubkey
...
Zash/pubkey
2014-04-21 11:52:40 -03:00
Kim Alvefur
11eaec6520
Add cert:pubkey() to methods registry
2014-04-19 23:11:32 +02:00
Kim Alvefur
d2c87d71f7
Add cert:issued(leafcert) for checking chains
2014-04-19 22:58:28 +02:00
Bruno Silvestre
8fd31f3ad2
Wrong type.
2014-04-18 22:50:40 -03:00
Kim Alvefur
55d45f0542
Check if private key matches cert only if both key and cert are set
2014-02-05 16:51:30 +01:00
Kim Alvefur
8e5bcefbb6
Check that certificate matches private key
2014-02-05 01:48:58 +01:00
Kim Alvefur
eb8cb33160
Add method for extracting public key, type and size from x509 objects
2014-02-05 01:39:30 +01:00
Bruno Silvestre
21aefcf67d
Version number -> 0.5.
2014-01-29 18:43:33 -02:00
Bruno Silvestre
89375f495a
Examples update.
2014-01-29 17:47:27 -02:00
Bruno Silvestre
46d6078e82
Merge branch 'master' of https://github.com/brunoos/luasec
2013-10-23 13:53:43 -02:00
Bruno Silvestre
ce504d3554
Add x509:setencode() function to change the encode of ASN.1 string.
2013-10-23 13:42:34 -02:00
brunoos
4a95102cc8
Merge pull request #8 from xnyhps/protocol_version
...
Report the actual TLS version used, not the version the cipher belongs to.
2013-09-16 09:25:39 -07:00
brunoos
fe782fde14
Merge pull request #10 from darkrain42/master
...
Various minor fixes (build on Fedora/RH, memory leaks)
2013-09-16 09:17:58 -07:00
Paul Aurich
1d920fc13c
context: Don't leak DH* in dhparam_cb
...
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429== by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429== by 0x4E39D8F: dhparam_cb (context.c:184)
==1429== by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429== by 0x4E3C00D: meth_handshake (ssl.c:103)
...
2013-09-11 21:55:25 -07:00
Paul Aurich
0dab860770
context: Link SSL_CTX to p_context (not lua_State)
...
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
2013-09-11 21:55:25 -07:00
Paul Aurich
8cf7eb2d78
context: for dhparam_cb, pass is_export as boolean
...
The integer value that's actually returned for this flag is 2, which is fine
for C (it is defined as true), but it's sufficiently surprising (because it's
not 1), that this is worth fixing -- even if export ciphers aren't common.
It should be a boolean anyway.
2013-09-11 21:55:25 -07:00