dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-09-07 05:14:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
252 Commits 6 Branches 25 Tags 1.4 MiB
d9215ee00f
Commit Graph

172 Commits

Author SHA1 Message Date
Narcis Tesa
4c5996a499 Disable TLSv1 to fix *received tlsv1 alert protocol version from* errors with certain websites 2018-09-19 16:25:39 -04:00
Bruno Silvestre
421c897dd3 Support for TLS 1.3 from OpenSSL 1.1.1 
Based on PR #97 from @wmark.
 2018-09-12 19:08:19 -03:00
Bruno Silvestre
2ecf239cfe Suppress warning with OpenSSL 1.1.0 and 1.1.1 2018-09-12 18:43:44 -03:00
Bruno Silvestre
113331fa0c Assuming that TLS 1.1 and TLS 1.2 are available 2018-09-12 18:27:43 -03:00
Bruno Silvestre
8440bc3d59 Assuming curves list is available if EC is available 2018-09-12 18:26:19 -03:00
Bruno Silvestre
5ece6049e5 Fix constant: OPENSS_NO_ECDH -> OPENSSL_NO_EC 2018-09-12 18:24:12 -03:00
Bruno Silvestre
9883782102 Fix constant: OPENSS_NO_ECDH -> OPENSSL_NO_EC 2018-09-12 18:17:19 -03:00
Bruno Silvestre
661d08e5f3 Removing OpenSSL 0.9.8 code 2018-09-12 18:08:19 -03:00
Bruno Silvestre
5514c4a06e Assuming that TLS 1.1 and TLS 1.2 are available 
Fix some #if's also.
 2018-09-12 18:03:37 -03:00
Bruno Silvestre
f42c171d55 This mode is available in new versions of OpenSSL, no more check 2018-09-12 17:45:13 -03:00
Bruno Silvestre
706e0f0281 New version of LibreSSL already implement these functions 2018-09-12 17:41:03 -03:00
Bruno Silvestre
d4ea2d12f3 Update reference to Lua state prior to handshake 
The Lua thread that creates the context is saved to be used for
accessing callback related data. However that thread may become garbage
and its memory could be overwritten with anything if the handshake
happens later, in a different thread.

Fixes #75

Thanks @Zash
 2018-09-10 10:49:18 -03:00
Bruno Silvestre
dea60edf4f Add ALPN support based on PR #64 from xnyhps 2018-08-27 15:10:18 -03:00
Bruno Silvestre
fdb2fa5f59 Let the library choose the min and max versions 
Some protocols can be disable with 'options'.
 2018-07-26 11:25:57 -03:00
Bruno Silvestre
d9d0cd620d Free DH parameter right after handshake 2018-07-26 11:21:54 -03:00
Bruno Silvestre
953a363a59 Add timeout to https module 
Glocal attribute https.TIMEOUT controls connection tiemout.

Sample:
  https.TIMEOUT = 5  -- seconds
  https.request()
 2018-07-02 10:40:14 -03:00
Bruno Silvestre
28e247dbc5 Removing deprecated methods to select the protocol 
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
 2018-07-02 10:31:45 -03:00
Bruno Silvestre
89bdc6148c Removing SSLv3 support 2018-06-29 14:06:51 -03:00
Bruno Silvestre
8212b89f1a Using 'const SSL_METHOD*' 
This change was introduced in OpenSSL 1.0.0.
Start droping 0.9.8 code.
 2018-06-29 14:02:39 -03:00
Hisham Muhammad
4d10a5a0c0 Use lowercase Windows header name 
This is necessary for cross-compilation of Windows binaries on non-Windows
platforms (and harmless for Windows).
 2018-06-29 10:21:22 -03:00
Bruno Silvestre
de63f21f63 Change version number to 0.7 2018-06-27 10:36:26 -03:00
Bruno Silvestre
be3c6d67e0 Make luaL_testudata() compat function visible for all files 2017-10-28 09:53:28 -02:00
Bruno Silvestre
2f562e1399 Put an error check back 2017-10-28 09:31:40 -02:00
Bruno Silvestre
7934e58b4b
Merge pull request #99 from daurnimator/luaossl-integration 
Allow passing a luaossl context for socket creation/wrapping
 2017-10-28 09:23:07 -02:00
Bruno Silvestre
0d01b53461 Version number to 0.7alpha 2017-09-26 18:22:49 -03:00
Bruno Silvestre
8762441cd2 Add popular aliases for commonly used curves 2017-09-26 17:43:00 -03:00
Bruno Silvestre
60f02f7701 LuaJIT 2.1.0 added luaL_newlib() as extension 2017-09-26 17:39:32 -03:00
Bruno Silvestre
fe1fb0b350 Adding 'curveslist' parameter 
LuaSec will try to set 'curveslist' parameter first.
If the parameter is not present or not supported, LuaSec will
try 'curve' parameter.
 2017-08-04 17:00:12 -03:00
Bruno Silvestre
db42a5084a Export configuration (protocols, options, curves, algorithms, capabilities) 2017-06-16 22:53:59 -03:00
Bruno Silvestre
0b99832ec7 Export configuration (protocols, options, curves, algorithms, capabilities) 2017-06-16 22:50:27 -03:00
Bruno Silvestre
fc757e1fd0 Discover curves dynamically 2017-06-16 21:03:10 -03:00
daurnimator
e90a264c93
Allow passing luaossl objects to meth_create() 2017-04-04 13:06:12 +10:00
Bruno Silvestre
5299803bef Merge pull request #77 from kekstee/master 
Make CC and LD configurable
 2017-03-31 15:11:17 -03:00
Bruno Silvestre
9c41eaf09a Merge pull request #74 from ka7/spelling 
spelling fixes, as seen on lintian.debian.org
 2017-03-31 14:50:19 -03:00
Bruno Silvestre
31b7a4744b Merge pull request #63 from gleydsonsoares/tweak-OPENSSL_NO_COMP 
simplify OPENSSL_NO_COMP guard
 2017-03-31 14:48:19 -03:00
Bruno Silvestre
6b82fa6104 LuaRocks workaround 2017-03-31 14:40:09 -03:00
Bruno Silvestre
9f6d623ccb proper socket invalidation #70 2017-03-31 14:32:35 -03:00
W-Mark Kubacki
622ef3d6a6
Enable curve negotiation with #ifdef SSL_CTX_set1_curves_list 
One of currently three definitions in the wild that indicate support for
SSL_CTX_set1_curves_list().
 2017-02-26 00:16:25 +01:00
Mark Kubacki
231563682a
Add support for the new curve selection API. 
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
 2017-02-26 00:16:24 +01:00
Greatwolf
77b88e0b0d Fix for sni host issue #88 and #44. Thanks to @TomasB 2016-12-15 16:46:59 -08:00
Bruno Silvestre
4889830d53 Compatibility with OpenSSL 1.1.0 
Defining macros X509_up_ref() and SSL_is_server to use the same
API of OpenSSL 1.1.0.
 2016-09-14 17:47:09 -03:00
Bruno Silvestre
80a527d630 Use EVP_PKEY_base_id() to recover the key's type 2016-09-13 13:30:44 -03:00
Bruno Silvestre
53db804b9d Use X509_EXTENSION_get_object() to get the 'object' field from extension 2016-09-13 13:22:25 -03:00
Bruno Silvestre
22e6652d88 ASN1_STRING_data() is deprecated in OpenSSL 1.1.0 
ASN1_STRING_get0_data() must be used instead.
 2016-09-13 13:09:18 -03:00
Alexander Scheuermann
6bb007b75f Make CC and LD configurable 2016-08-13 23:24:11 +02:00
Bruno Silvestre
3cfdb878dd Merge pull request #76 from msva/patch-1 
Return of DESTDIR support
 2016-08-03 15:10:06 -03:00
Bruno Silvestre
4101af103e Return the number of data read and remove a useless line. 2016-08-03 14:56:07 -03:00
Vadim A. Misbakh-Soloviov
4aa9ec3b60 Return of DESTDIR support 2016-07-24 02:01:21 +07:00
klemens
d45c03a1ad spelling fixes, as seen on lintian.debian.org 2016-07-11 21:57:50 +02:00
Perry Clarke
5a98bb6adb Fix crash related to incorrect buffer size 
The number of bytes received by ssl_recv() is being passed to luaL_addlstring() (in recvall()) but it was being left either uninitialized or being set to an error code.  The crashing case I found was when the state was not LSEC_STATE_CONNECTED (e.g. when dohandshake() has failed) and ssl_recv() returned immediately without setting "got".
 2016-05-03 16:37:47 -07:00
Bruno Silvestre
20443861eb Update version number and rock file. 2016-03-03 16:11:46 -03:00
Bruno Silvestre
3b5f4b0dc1 Options from OpenSSL 1.0.2f 2016-02-16 10:48:19 -02:00
Bruno Silvestre
407ff6133c Use "any" protocol, but SSL. 2016-02-16 09:35:47 -02:00
Bruno Silvestre
72e159149b Merge pull request #20 from Zash/zash/checkissued 
Method for checking if one certificate issued another
 2016-02-16 09:34:31 -02:00
Gleydson
27fbd70424 tweak OPENSSL_NO_COMP 2015-11-20 13:22:00 -03:00
Bruno Silvestre
6a7a6f7f67 Keep 'sslv23' for compability, but deprected. (it will be removed in the next version) 2015-11-19 12:33:06 -02:00
Gleydson Soares
63f7d46d00 for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols. 2015-11-17 20:05:06 -03:00
Gleydson Soares
ef28f7d20d add TLS_method(). for now, keep SSLv23_method() for compatibility. 2015-11-17 19:36:58 -03:00
Bruno Silvestre
49ea6b8ba6 Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3 
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
 2015-11-12 18:47:56 -02:00
Bruno Silvestre
96401bdf67 Add lsec_testcontext(). 2015-10-28 00:05:30 -02:00
Gleydson Soares
67f0867277 guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3 2015-10-12 08:35:35 -03:00
Bruno Silvestre
d1fb889547 Version number -> 0.6 alpha 2015-08-21 11:21:16 -03:00
Bruno Silvestre
24e5ec13f3 Merge pull request #46 from olesalscheider/master 
Do not hardcode ar
 2015-08-03 20:37:00 -03:00
Bruno Silvestre
8e9910cb15 Format. 2015-08-01 01:14:16 -03:00
Bruno Silvestre
2c2c9cf16f Alternative implementation to inet_ntop() for old versions of Windows. 2015-08-01 01:07:04 -03:00
Niels Ole Salscheider
580d9b7ed8 Do not hardcode ar 
On Exherbo, ar is prefixed by the target triple.
 2015-05-23 19:51:58 +02:00
Kim Alvefur
4e59c719df Perform all validation before allocating structures 
Check that all arguments are certificates before allocating OpenSSL
structures that require cleanup afterwards.

API of issued() changes (again) to root:issued(cert, [chain]*)
 2015-03-31 17:48:44 +02:00
Kim Alvefur
aa0c7ea1e5 Validate signatures too. 
API changes to root:issued([intermediate]*, cert)
 2015-03-20 16:36:05 +01:00
Bruno Silvestre
3862e76df9 Fix inet_ntop() on Windows. 2015-03-12 17:05:53 -03:00
Bruno Silvestre
1ab6fac919 Don't set globals from C. 2015-02-12 16:32:54 -02:00
Bruno Silvestre
91d378a86e Fix unpack(). 2015-02-12 16:29:02 -02:00
Bruno Silvestre
356e03a64d Stop using module(). 2015-02-06 18:07:29 -02:00
Bruno Silvestre
97b1974039 Change to luaL_newlib(). 2015-02-06 17:44:08 -02:00
Bruno Silvestre
9cb5220759 Remove luaL_optint() and luaL_checkint(). 2015-02-06 16:53:34 -02:00
Bruno Silvestre
acbf575420 BSD headers. 2015-01-28 16:38:00 -02:00
Bruno Silvestre
a9b81b1c10 Merge pull request #21 from Zash/zash/iPAddress-fix 
iPAddress encoding
 2015-01-28 16:24:02 -02:00
Bruno Silvestre
ab42d4ec86 Stop if we don't have a string. 2015-01-28 16:19:19 -02:00
Lluixhi Scura
5240c02f3d Changed for strict compiles. 2015-01-16 09:12:14 -08:00
Lluixhi Scura
4c7339cace Fix for LibreSSL/OPENSSL_NO_COMP 2015-01-16 08:55:22 -08:00
Bruno Silvestre
f514e9fb1b Problem on Win64, since double does not represent SOCKET_INVALID exactly. 2014-09-10 14:41:09 -03:00
Bruno Silvestre
84cb83b92f - Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context. 
- Add the method :getsniname() to retrieve the SNI hostname used.
 2014-09-09 21:48:26 -03:00
Kim Alvefur
f13aee5dac Encode iPAddress fields in human readable form 2014-06-08 13:20:47 +02:00
Kim Alvefur
b83d2c6a91 Don't try to encode IP addresses as UTF-8 2014-06-08 12:47:58 +02:00
Kim Alvefur
c276e9ff60 Return early if ASN1 string is invalid 2014-06-08 12:41:20 +02:00
Kim Alvefur
1ade1542d7 Push nil if unable to encode ASN1 string as UTF-8 2014-06-08 12:38:52 +02:00
Kim Alvefur
97e836696b Return human readable error message from cert:issued() 2014-04-22 01:17:34 +02:00
Bruno Silvestre
903efaf3b1 SNI support. 2014-04-21 13:20:17 -03:00
brunoos
77637e9d3c Merge pull request #17 from Zash/zash/checkkey 
Verify that certificate and key belong together
 2014-04-21 13:07:38 -03:00
brunoos
a481015217 Merge pull request #19 from Zash/zash/pubkey 
Zash/pubkey
 2014-04-21 11:52:40 -03:00
Kim Alvefur
11eaec6520 Add cert:pubkey() to methods registry 2014-04-19 23:11:32 +02:00
Kim Alvefur
d2c87d71f7 Add cert:issued(leafcert) for checking chains 2014-04-19 22:58:28 +02:00
Bruno Silvestre
8fd31f3ad2 Wrong type. 2014-04-18 22:50:40 -03:00
Kim Alvefur
55d45f0542 Check if private key matches cert only if both key and cert are set 2014-02-05 16:51:30 +01:00
Kim Alvefur
8e5bcefbb6 Check that certificate matches private key 2014-02-05 01:48:58 +01:00
Kim Alvefur
eb8cb33160 Add method for extracting public key, type and size from x509 objects 2014-02-05 01:39:30 +01:00
Bruno Silvestre
21aefcf67d Version number -> 0.5. 2014-01-29 18:43:33 -02:00
Bruno Silvestre
46d6078e82 Merge branch 'master' of https://github.com/brunoos/luasec 2013-10-23 13:53:43 -02:00
Bruno Silvestre
ce504d3554 Add x509:setencode() function to change the encode of ASN.1 string. 2013-10-23 13:42:34 -02:00
brunoos
4a95102cc8 Merge pull request #8 from xnyhps/protocol_version 
Report the actual TLS version used, not the version the cipher belongs to.
 2013-09-16 09:25:39 -07:00
Paul Aurich
1d920fc13c context: Don't leak DH* in dhparam_cb 
==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611
...
==1429==    by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1429==    by 0x4E39D8F: dhparam_cb (context.c:184)
==1429==    by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==1429==    by 0x4E3C00D: meth_handshake (ssl.c:103)
...
 2013-09-11 21:55:25 -07:00