Commit Graph

173 Commits

Author SHA1 Message Date
4cecbb2783 ssl: Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods
These methods mirror the existing methods that fetch the peer certificate and
chain. Due to various factors (SNI, multiple key types, etc.) it is not always
trivial for an application to determine what certificate was presented to the
client. However there are various use-cases where this is needed, such as
tls-server-end-point channel binding and OCSP stapling.

Requires OpenSSL 1.0.2+ (note: SSL_get_certificate() has existed for a very
long time, but was lacking documentation until OpenSSL 3.0).
2022-09-21 18:40:10 +01:00
03e03140cd Update version number 2022-07-30 08:41:46 -03:00
8b3b2318d2 Merge pull request #188 from mckaygerhard/patch-1
backguard compat for openssl on providers, like LTS linuxes
2022-07-29 11:42:21 -03:00
2c248947df Adjust some types and casts 2022-07-20 17:52:01 -03:00
f22b3ea609 Code format 2022-07-20 17:39:20 -03:00
c9539bca86 Fix variable shadowing 2022-07-20 17:36:27 -03:00
f9afada3d1 backguard compat for openssl on providers, like LTS linuxes
* The commit de393417b7 introduces high dependency due raices requirement to openssl 1.1.0l+
* The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.
* This patch makes luasec runs on all kind of embebed systems that cannot be upgraded due vendors limitations
2022-06-24 01:09:44 -04:00
371abcf718 Add key material export method 2022-06-01 16:26:35 +02:00
3a71559e13 Update version number 2022-04-13 10:35:06 -03:00
3f04fd7529 Removing useless code 2022-04-04 15:48:22 -03:00
65ee83275b Support passing DANE flags
The only flag at the moment is one that disables name checks, which is
needed for certain protocols such as XMPP.
2022-01-01 19:42:09 +01:00
316bea078c Update version to LuaSec 1.0.2 2021-08-14 10:16:35 -03:00
79bbc0bc3e Ignore SSL_OP_BIT(n) macro and update option.c #178 2021-08-02 17:02:44 -03:00
8cba350f37 Update the Lua state reference on the selected SSL context after SNI
Thanks Kim Alvefur
2021-08-02 16:13:12 -03:00
c1e28e9132 Fix meth_get_{sinagure => signature}_name function name 2021-07-10 12:47:53 +01:00
cdcf5fdb30 Off by one in cert:validat(notafter) #173 2021-06-23 13:35:49 -03:00
bdbc67b188 Move the fix of SSL_get_error() in OpenSSL 1.1.1
Moving to lsec_socket_error() coverts better 'errno == 0' with SSL_ERROR_SYSCALL.
2021-05-29 10:11:02 -03:00
d6b2fd7d35 Handle SSL_send SYSCALL error without errno
Either intentionaly or due to bug in openssl in some marginal
cases SSL_send reports SYSCALL error whilst errno is set to 0.
This either could mean that SSL_send did not made any system
call or errno were prematurely reset with consequent syscalls.
And in consequence sendraw() is not propagate correct errno
ends up in infinite loop trying to send same data.

Such behaviour was usually observed after third consequential
failed SSL send attempt which application was not aware of.
First send failed with syscall errno 32 (Broken pipe) second
one with SSL error 0x1409e10f (bad length) and lastly next
send attemt results with SYSCALL error and errno 0.

Tested using:
* OpenSSL v1.1.1
* musl v1.1.20 (c50985d5c8e316c5c464f352e79eeebfed1121a9)
* Linux 4.4.60+yocto armv7l
2021-05-21 21:20:19 +03:00
d5df315617 Update version and rockspec 2021-04-26 09:16:05 -03:00
34252fb10a Set parameter 2 and 3 to none before luaL_buffinit() 2021-04-26 08:37:09 -03:00
4894c2f6a4 Update version number 2021-01-30 10:29:53 -03:00
de393417b7 feature: getsignaturename 2021-01-12 10:49:27 -03:00
63e35c161f SOCKET_INVALID pushed as integer, not as number
winsock define INVALID_SOCKET as (UINT_PTR)(~0)
in win64 it is 0xffffffffffffffff
if pushed by lua_pushnumber, then ssl.core.SOCKET_INVALID is 1.84467440737096E19

tested in win32/64, linux32/64 lua5.1 and lua5.3
2020-03-04 17:05:06 +01:00
43feb51c5e Update 0.8 -> 0.9 2019-10-31 11:34:27 -03:00
87e51d99ea Add __close metamethod 2019-10-15 13:25:12 -03:00
7898bd2043 Remove warning from cast. 2019-10-14 10:00:47 -03:00
c810df6839 Cleanup of #if expression 2019-10-13 22:21:05 -03:00
1e2f342006 Using same form to ifdefs 2019-10-13 22:11:55 -03:00
8ef33e33cf Some adjusts to OpenSSL 1.1.1 with --api=1.1.0 2019-10-13 22:10:03 -03:00
3490d8d1c0 Merge pull request #126 from neheb/master
Get rid of some deprecation warnings with OpenSSL 1.1
2019-10-13 19:42:19 -03:00
86c8fa40c9 Merge pull request #134 from neheb/patch-1
use $(CC) for LD definition.
2019-10-13 19:11:48 -03:00
4903e2f2c1 Export 'config' table (#149)
Avoid duplicating variable 'ssl_options'.
2019-10-09 14:49:58 -03:00
c26513f4f7 Special case listing of TLS 1.3 EC curves (fixes #146) 2019-08-21 20:58:01 +02:00
f64e660de0 Disable DANE for LibreSSL 2019-07-11 11:19:21 -03:00
8722f83e8f Fix check for error in DANE functions 2019-07-11 10:20:53 -03:00
a2dcfffcfa Enable DANE only for OpenSSL 1.1.0 or higher 2019-07-11 10:09:39 -03:00
18fa0118be Merge pull request #122 from Zash/dane
DANE support
2019-07-11 09:50:25 -03:00
daf728fec2 Fix general_name leak in cert:extensions()
Thanks to @zeen for identifying and @horazont for providing test
environment.
2019-07-07 23:03:54 +02:00
d6ba8d21da Update version to 0.8, new rock file 2019-04-16 14:01:52 -03:00
f8b2968e79 Declare variable "key" before use it. 2019-04-16 10:48:15 -03:00
57f2f1363f Replace LD with CCLD variable
When cross compiling, the LD variable typically gets overriden.
2019-04-08 09:45:40 -07:00
1efa37087e Add 'ciphersuites' property for TLS 1.3 2019-03-22 11:34:33 -03:00
c0cb85d77f Do not create 'certificates' on 'cfg' if it does not exist 2019-02-26 15:49:51 -03:00
1c3bf23551 Merge pull request #133 from quickdudley/multi-certs
Enable multiple SSL certificates
2019-02-26 14:42:47 -03:00
143ccf1323 PR feedback (Data structure) 2019-02-26 10:51:44 +13:00
5e2b27fa71 Merge pull request #132 from ewestbrook/prc-expose-tcp
Expose tcp() for use by LuaSocket
2019-02-25 15:25:20 -03:00
ff868e4a06 Enable multiple SSL certificates (issue 27) 2019-02-22 13:42:44 +13:00
79c629956e Get rid of some deprecation warnings with OpenSSL 1.1 2018-11-20 20:12:39 -08:00
81c38864d4 Fix memory leak in meth_extensions 2018-11-19 16:00:30 +01:00
3f38f0929c Expose src/https.lua:tcp() for use by e.g. luasocket redirects 2018-10-13 07:31:38 -06:00