Commit Graph

264 Commits

Author SHA1 Message Date
Bruno Silvestre
b321ba8fab Fix PSK samples 2023-02-16 10:52:05 -03:00
Bruno Silvestre
6708ccc381 Do not wrap the PSK callbacks 2023-02-16 10:37:59 -03:00
Bruno Silvestre
4f28db9f53 Format 2023-02-16 10:31:06 -03:00
Bruno Silvestre
dd8ba1fc92 Fix PSK client callback 2023-02-16 10:28:34 -03:00
Bruno Silvestre
9b09c93249 Return '0' from callback on size error 2023-02-16 10:13:54 -03:00
Bruno Silvestre
0f793b73c0 Format 2023-02-16 09:43:44 -03:00
Bruno Silvestre
7b60dc4794 Fix psk_len type, do not check string again 2023-02-16 09:41:35 -03:00
Bruno Silvestre
4f6aec07f6 Return the value from Lua's callback, fixes 2023-02-16 09:37:09 -03:00
Bruno Silvestre
c87fe7d5ea Do not need two PSK registry 2023-02-16 09:33:29 -03:00
unknown
842380caf6 feat: tls-psk 2023-02-16 09:52:18 +09:00
Bruno Silvestre
480aef1626
Merge pull request #192 from mwild1/conn-local-cert-methods
ssl: Add :getlocalchain() + :getlocalcertificate() to mirror peer methods
2022-10-06 16:48:57 -03:00
Matthew Wild
4cecbb2783 ssl: Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods
These methods mirror the existing methods that fetch the peer certificate and
chain. Due to various factors (SNI, multiple key types, etc.) it is not always
trivial for an application to determine what certificate was presented to the
client. However there are various use-cases where this is needed, such as
tls-server-end-point channel binding and OCSP stapling.

Requires OpenSSL 1.0.2+ (note: SSL_get_certificate() has existed for a very
long time, but was lacking documentation until OpenSSL 3.0).
2022-09-21 18:40:10 +01:00
Bruno Silvestre
d9215ee00f Update rockspec 2022-07-30 08:42:53 -03:00
Bruno Silvestre
03e03140cd Update version number 2022-07-30 08:41:46 -03:00
Bruno Silvestre
8b3b2318d2
Merge pull request #188 from mckaygerhard/patch-1
backguard compat for openssl on providers, like LTS linuxes
2022-07-29 11:42:21 -03:00
Bruno Silvestre
2c248947df Adjust some types and casts 2022-07-20 17:52:01 -03:00
Bruno Silvestre
f22b3ea609 Code format 2022-07-20 17:39:20 -03:00
Bruno Silvestre
c9539bca86 Fix variable shadowing 2022-07-20 17:36:27 -03:00
Bruno Silvestre
afb2d44b0e
Merge pull request #187 from Zash/exporter
Add key material export method
2022-07-20 17:32:02 -03:00
Герхард PICCORO Lenz McKAY
f9afada3d1
backguard compat for openssl on providers, like LTS linuxes
* The commit de393417b7 introduces high dependency due raices requirement to openssl 1.1.0l+
* The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.
* This patch makes luasec runs on all kind of embebed systems that cannot be upgraded due vendors limitations
2022-06-24 01:09:44 -04:00
Kim Alvefur
371abcf718 Add key material export method 2022-06-01 16:26:35 +02:00
Bruno Silvestre
df27c62f4c Update source protocol on rockspec 2022-04-13 10:46:36 -03:00
Bruno Silvestre
09691fe782 Update rockspec 2022-04-13 10:38:18 -03:00
Bruno Silvestre
3a71559e13 Update version number 2022-04-13 10:35:06 -03:00
Bruno Silvestre
3f04fd7529 Removing useless code 2022-04-04 15:48:22 -03:00
Bruno Silvestre
d7161ca026
Merge pull request #179 from Zash/dane_no_hostname
Support passing DANE flags
2022-01-05 09:35:10 -03:00
Kim Alvefur
65ee83275b Support passing DANE flags
The only flag at the moment is one that disables name checks, which is
needed for certain protocols such as XMPP.
2022-01-01 19:42:09 +01:00
Bruno Silvestre
ef14b27a2c Update CHANGELOG 2021-08-14 10:28:09 -03:00
Bruno Silvestre
316bea078c Update version to LuaSec 1.0.2 2021-08-14 10:16:35 -03:00
Bruno Silvestre
79bbc0bc3e Ignore SSL_OP_BIT(n) macro and update option.c #178 2021-08-02 17:02:44 -03:00
Bruno Silvestre
8cba350f37 Update the Lua state reference on the selected SSL context after SNI
Thanks Kim Alvefur
2021-08-02 16:13:12 -03:00
Bruno Silvestre
eedebb2477
Merge pull request #176 from linusg/fix-method-name
Fix meth_get_{sinagure => signature}_name function name
2021-07-14 13:05:09 -03:00
Linus Groh
c1e28e9132 Fix meth_get_{sinagure => signature}_name function name 2021-07-10 12:47:53 +01:00
Bruno Silvestre
cdcf5fdb30 Off by one in cert:validat(notafter) #173 2021-06-23 13:35:49 -03:00
Bruno Silvestre
bdbc67b188 Move the fix of SSL_get_error() in OpenSSL 1.1.1
Moving to lsec_socket_error() coverts better 'errno == 0' with SSL_ERROR_SYSCALL.
2021-05-29 10:11:02 -03:00
Bruno Silvestre
359151144b
Merge pull request #172 from edzius/master
Handle SSL_send SYSCALL error without errno
https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
2021-05-29 09:38:29 -03:00
Edvinas Stunžėnas
d6b2fd7d35 Handle SSL_send SYSCALL error without errno
Either intentionaly or due to bug in openssl in some marginal
cases SSL_send reports SYSCALL error whilst errno is set to 0.
This either could mean that SSL_send did not made any system
call or errno were prematurely reset with consequent syscalls.
And in consequence sendraw() is not propagate correct errno
ends up in infinite loop trying to send same data.

Such behaviour was usually observed after third consequential
failed SSL send attempt which application was not aware of.
First send failed with syscall errno 32 (Broken pipe) second
one with SSL error 0x1409e10f (bad length) and lastly next
send attemt results with SYSCALL error and errno 0.

Tested using:
* OpenSSL v1.1.1
* musl v1.1.20 (c50985d5c8e316c5c464f352e79eeebfed1121a9)
* Linux 4.4.60+yocto armv7l
2021-05-21 21:20:19 +03:00
Bruno Silvestre
d5df315617 Update version and rockspec 2021-04-26 09:16:05 -03:00
Bruno Silvestre
34252fb10a Set parameter 2 and 3 to none before luaL_buffinit() 2021-04-26 08:37:09 -03:00
Bruno Silvestre
711a98b760 Update rockspec 2021-01-30 10:32:28 -03:00
Bruno Silvestre
4894c2f6a4 Update version number 2021-01-30 10:29:53 -03:00
Bruno Silvestre
ae774258c5
Merge pull request #164 from murillopaula/master
feature: getsignaturename
2021-01-16 10:13:29 -03:00
Murillo Paula
de393417b7 feature: getsignaturename 2021-01-12 10:49:27 -03:00
Bruno Silvestre
22eadbd20e
Merge pull request #156 from Petr-kk/upstream
SOCKET_INVALID pushed as integer, not as number
2020-03-06 13:44:42 -03:00
Petr Kristan
63e35c161f SOCKET_INVALID pushed as integer, not as number
winsock define INVALID_SOCKET as (UINT_PTR)(~0)
in win64 it is 0xffffffffffffffff
if pushed by lua_pushnumber, then ssl.core.SOCKET_INVALID is 1.84467440737096E19

tested in win32/64, linux32/64 lua5.1 and lua5.3
2020-03-04 17:05:06 +01:00
Bruno Silvestre
c6704919bd Typo 2019-10-31 11:43:53 -03:00
Bruno Silvestre
d7ccfad97f Fix source in rockspec 2019-10-31 11:39:37 -03:00
Bruno Silvestre
43feb51c5e Update 0.8 -> 0.9 2019-10-31 11:34:27 -03:00
Bruno Silvestre
860b2a8b5f Use a more generic form 2019-10-19 10:22:21 -03:00
Bruno Silvestre
caeaa5ffda Use a more generic form 2019-10-19 10:12:20 -03:00