dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-07-16 13:59:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dany:c297c5204ca6aa8eb15ce0c5ddb3bbfef0e66169
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2
..
compare: dany:ocsp
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2

2 Commits
c297c5204c ... ocsp

Author SHA1 Message Date
Bruno Silvestre
7ce63ad392 Return nil instead boolean 2021-06-25 19:59:22 -03:00
Bruno Silvestre
a3e74db781 Some work with OCSP 2021-06-25 19:50:47 -03:00
34 changed files with 455 additions and 545 deletions
Expand all files Collapse all files

35
CHANGELOG
View File

@ -1,38 +1,3 @@
--------------------------------------------------------------------------------
LuaSec 1.3.0
---------------
This version includes:
* Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
* Add Pre-Shared Key (PSK) support (@jclab-joseph)
--------------------------------------------------------------------------------
LuaSec 1.2.0
---------------
This version includes:
* Add key material export method
* Backguard compat for openssl on providers, like LTS linuxes
--------------------------------------------------------------------------------
LuaSec 1.1.0
---------------
This version includes:
* Fix missing DANE flag
* Remove unused parameter in https.lua
--------------------------------------------------------------------------------
LuaSec 1.0.2
---------------
This version includes:
* Fix handle SSL_send SYSCALL error without errno
* Fix off by one in cert:validat(notafter)
* Fix meth_get_{sinagure => signature}_name function name
* Fix update the Lua state reference on the selected SSL context after SNI
* Fix ignore SSL_OP_BIT(n) macro and update option.c
--------------------------------------------------------------------------------
LuaSec 1.0.1
---------------

4
INSTALL
View File

@ -1,9 +1,9 @@
LuaSec 1.3.0
LuaSec 1.0.1
------------
* OpenSSL options:
By default, this version includes options for OpenSSL 3.0.8
By default, this version includes options for OpenSSL 1.1.1.
If you need to generate the options for a different version of OpenSSL:

4
LICENSE
View File

@ -1,5 +1,5 @@
LuaSec 1.3.0 license
Copyright (C) 2006-2023 Bruno Silvestre, UFG
LuaSec 1.0.1 license
Copyright (C) 2006-2021 Bruno Silvestre, UFG
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

2
README.md
View File

@ -1,4 +1,4 @@
LuaSec 1.3.0
LuaSec 1.0.1
===============
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.

8
luasec-1.3.0-1.rockspec → luasec-1.0.1-1.rockspec
View File

@ -1,8 +1,8 @@
package = "LuaSec"
version = "1.3.0-1"
version = "1.0.1-1"
source = {
url = "git+https://github.com/brunoos/luasec",
tag = "v1.3.0",
url = "git://github.com/brunoos/luasec",
tag = "v1.0.1",
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
@ -87,7 +87,7 @@ build = {
"$(OPENSSL_BINDIR)",
},
libraries = {
"libssl", "libcrypto", "ws2_32"
"libssl32MD", "libcrypto32MD", "ws2_32"
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"

4
luasec.vcxproj
View File

@ -61,7 +61,7 @@
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)ssl.dll</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
@ -85,7 +85,7 @@
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>

3
samples/README
View File

@ -45,9 +45,6 @@ Directories:
* oneshot
A simple connection example.
* psk
PSK(Pre Shared Key) support.
* sni
Support to SNI (Server Name Indication).

2
samples/certs/all.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
./rootA.sh
./rootB.sh
./clientA.sh

2
samples/certs/clientA.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
-nodes -config ./clientA.cnf -days 365 -batch

2
samples/certs/clientB.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
-nodes -config ./clientB.cnf -days 365 -batch

2
samples/certs/rootA.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch

2
samples/certs/rootB.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch

4
samples/certs/serverA.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
-config ./serverA.cnf -nodes -days 365 -batch
openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \

4
samples/certs/serverB.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
#!/usr/bin/env sh
openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
-config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \

21
samples/chain/server.lua
View File

@ -31,27 +31,8 @@ util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
local peerchain = conn:getpeerchain()
assert(#peerchain == #expectedpeerchain)
for k, cert in ipairs( peerchain ) do
for k, cert in ipairs( conn:getpeerchain() ) do
util.show(cert)
local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
end
local expectedlocalchain = { "../certs/serverAcert.pem" }
local localchain = assert(conn:getlocalchain())
assert(#localchain == #expectedlocalchain)
for k, cert in ipairs( localchain ) do
util.show(cert)
local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
if k == 1 then
assert(cert:pem() == conn:getlocalcertificate():pem())
end
end
local f = io.open(params.certificate)

54
samples/ocsp/client.lua Normal file
View File

@ -0,0 +1,54 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local ocsp = ssl.ocsp
-- Parameters
-- * status:
-- * nil (no status was sent by server)
-- * ocsp.status.successful
-- * ocsp.status.malformedrequest
-- * ocsp.status.internalerror
-- * ocsp.status.trylater
-- * ocsp.status.sigrequired
-- * ocsp.status.unauthorized
--
-- Returns
-- * nil: on error
-- * true: status was accepted (continue the handshake)
-- * false: status not accepted (handshake stops with error)
--
local callback = function(status)
print("Status: ", status)
print("---")
if status == nil then
print("[WARN] No OCSP response")
return true
end
return (status == ocsp.status.successful)
end
local params = {
mode = "client",
protocol = "tlsv1_2",
verify = "none",
options = "all",
ocsp = callback,
}
while true do
local peer = socket.tcp()
peer:connect("127.0.0.1", 8443)
peer = assert(ssl.wrap(peer, params))
assert(peer:dohandshake())
print(peer:receive())
print("------------")
peer:close()
end

89
samples/ocsp/server.lua Normal file
View File

@ -0,0 +1,89 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local mime = require("mime")
local ltn12 = require("ltn12")
local http = require("socket.http")
local ocsp = ssl.ocsp
--------------------------------------------------------------------------------
local response
function loadresponse(certfile, cafile)
local f = io.open(cafile)
local ca = f:read("*a")
ca = ssl.loadcertificate(ca)
f:close()
f = io.open(certfile)
local cert = f:read("*a")
cert = ssl.loadcertificate(cert)
f:close()
local res = {}
local req = ocsp.buildrequest(cert, ca)
req = mime.b64(req)
local a, b = http.request {
url = "http://zerossl.ocsp.sectigo.com/" .. req,
method = "GET",
sink = ltn12.sink.table(res),
header = {
["Content-Type"] = "application/ocsp-request",
["Host"] = "zerossl.ocsp.sectigo.com",
},
}
response = table.concat(res)
local thisupd, nextupd = ocsp.responsetime(response)
print("This update: ", thisupd)
print("Next update: ", nextupd)
end
--------------------------------------------------------------------------------
local cafile = "ca.pem"
local certfile = "server.pem"
-- Remember to update 'response' before 'next update'
local callback = function()
if not response then
loadresponse(certfile, cafile)
end
return response
end
local params = {
mode = "server",
protocol = "any",
key = "server.key",
certificate = certfile,
verify = "none",
options = "all",
ocsp = callback,
}
--------------------------------------------------------------------------------
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert(server:bind("127.0.0.1", 8443))
server:listen()
while true do
local peer = server:accept()
peer = assert(ssl.wrap(peer, ctx))
local succ = peer:dohandshake()
if succ then
peer:send("OCSP test\n")
peer:close()
end
end

36
samples/psk/client.lua
View File

@ -1,36 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
-- @param hint (nil | string)
-- @param max_identity_len (number)
-- @param max_psk_len (number)
-- @return identity (string)
-- @return PSK (string)
local function pskcb(hint, max_identity_len, max_psk_len)
print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
return "abcd", "1234"
end
local params = {
mode = "client",
protocol = "tlsv1_2",
psk = pskcb,
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

55
samples/psk/server.lua
View File

@ -1,55 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
-- @param identity (string)
-- @param max_psk_len (number)
-- @return psk (string)
local function pskcb(identity, max_psk_len)
print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
if identity == "abcd" then
return "1234"
end
return nil
end
local params = {
mode = "server",
protocol = "any",
options = "all",
-- PSK with just a callback
psk = pskcb,
-- PSK with identity hint
-- psk = {
-- hint = "hintpsksample",
-- callback = pskcb,
-- },
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()
server:close()

4
src/compat.h
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

14
src/config.c
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -77,14 +77,14 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
#ifdef LSEC_ENABLE_DANE
// DANE
lua_pushstring(L, "dane");
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
lua_createtable(L, 0, 1);
lua_pushstring(L, "no_ee_namechecks");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#else
lua_pushboolean(L, 1);
#endif
#ifndef OPENSSL_NO_OCSP
// OCSP
lua_pushstring(L, "ocsp");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif

363
src/context.c
View File

@ -1,8 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2021 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -16,15 +17,19 @@
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
#endif
#include <lua.h>
#include <lauxlib.h>
#include "compat.h"
#include "context.h"
#include "options.h"
#include "x509.h"
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
@ -707,170 +712,207 @@ static int set_alpn_cb(lua_State *L)
return 1;
}
/**
* Callback to select the PSK.
*/
static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk,
unsigned int max_psk_len)
#ifndef OPENSSL_NO_OCSP
static int ocsp_server_cb(SSL *ssl, void *arg)
{
size_t psk_len;
const char *ret_psk;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
lua_State *L = pctx->L;
int len;
BIO *bio;
const char *data;
unsigned char *r = NULL;
OCSP_RESPONSE *resp = NULL;
p_context ctx = (p_context)arg;
lua_State *L = ctx->L;
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)pctx->context);
lua_gettable(L, -2);
// Retrieve the callback
luaL_getmetatable(L, "SSL:OCSP:Registry");
lua_pushlightuserdata(L, ctx->context);
lua_rawget(L, -2);
lua_pushstring(L, identity);
lua_pushinteger(L, max_psk_len);
lua_call(L, 2, 1);
if (!lua_isstring(L, -1)) {
lua_pop(L, 2);
return 0;
lua_call(L, 0, 1);
if (lua_type(L, -1) != LUA_TSTRING) {
return SSL_TLSEXT_ERR_NOACK;
}
ret_psk = lua_tolstring(L, -1, &psk_len);
data = lua_tostring(L, -1);
len = (int)lua_rawlen(L, -1);
if (psk_len == 0 || psk_len > max_psk_len)
psk_len = 0;
else
memcpy(psk, ret_psk, psk_len);
bio = BIO_new_mem_buf(data, len);
if (bio == NULL)
return SSL_TLSEXT_ERR_NOACK;
lua_pop(L, 2);
resp = d2i_OCSP_RESPONSE_bio(bio, NULL);
BIO_free(bio);
if (resp == NULL)
return SSL_TLSEXT_ERR_NOACK;
return psk_len;
len = i2d_OCSP_RESPONSE(resp, &r);
if (len <= 0) {
OCSP_RESPONSE_free(resp);
return SSL_TLSEXT_ERR_NOACK;
}
SSL_set_tlsext_status_ocsp_resp(ssl, r, len);
OCSP_RESPONSE_free(resp);
return SSL_TLSEXT_ERR_OK;
}
/**
* Set a PSK callback for server.
*/
static int set_server_psk_cb(lua_State *L)
static int ocsp_client_cb(SSL *ssl, void *arg)
{
p_context ctx = checkctx(L, 1);
long len;
const unsigned char *b;
OCSP_RESPONSE *ocsp = NULL;
p_context ctx = (p_context)arg;
lua_State *L = ctx->L;
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushvalue(L, 2);
lua_settable(L, -3);
// Retrieve the callback
luaL_getmetatable(L, "SSL:OCSP:Registry");
lua_pushlightuserdata(L, ctx->context);
lua_rawget(L, -2);
SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb);
lua_pushboolean(L, 1);
return 1;
}
/*
* Set the PSK indentity hint.
*/
static int set_psk_identity_hint(lua_State *L)
{
p_context ctx = checkctx(L, 1);
const char *hint = luaL_checkstring(L, 2);
int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint);
lua_pushboolean(L, ret);
return 1;
}
/*
* Client callback to PSK.
*/
static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
{
size_t psk_len;
size_t identity_len;
const char *ret_psk;
const char *ret_identity;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
lua_State *L = pctx->L;
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)pctx->context);
lua_gettable(L, -2);
if (hint)
lua_pushstring(L, hint);
else
len = SSL_get_tlsext_status_ocsp_resp(ssl, &b);
if (len == -1)
lua_pushnil(L);
// Leave space to '\0'
lua_pushinteger(L, max_identity_len-1);
lua_pushinteger(L, max_psk_len);
lua_call(L, 3, 2);
if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) {
lua_pop(L, 3);
return 0;
}
ret_identity = lua_tolstring(L, -2, &identity_len);
ret_psk = lua_tolstring(L, -1, &psk_len);
if (identity_len >= max_identity_len || psk_len > max_psk_len)
psk_len = 0;
else {
memcpy(identity, ret_identity, identity_len);
identity[identity_len] = 0;
memcpy(psk, ret_psk, psk_len);
ocsp = d2i_OCSP_RESPONSE(NULL, &b, len);
lua_pushinteger(L, OCSP_response_status(ocsp));
OCSP_RESPONSE_free(ocsp);
}
lua_pop(L, 3);
return psk_len;
lua_call(L, 1, 1);
return (lua_type(L, -1) != LUA_TBOOLEAN) ? -1 : (int)lua_toboolean(L, -1);
}
/**
* Set a PSK callback for client.
*/
static int set_client_psk_cb(lua_State *L) {
static int set_ocsp_cb(lua_State *L)
{
int ret;
p_context ctx = checkctx(L, 1);
luaL_getmetatable(L, "SSL:PSK:Registry");
luaL_getmetatable(L, "SSL:OCSP:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushvalue(L, 2);
lua_settable(L, -3);
SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb);
ret = (int)SSL_CTX_set_tlsext_status_type(ctx->context, TLSEXT_STATUSTYPE_ocsp);
if (ret == 0) {
lua_pushboolean(L, 0);
return 1;
}
lua_pushboolean(L, 1);
if (ctx->mode == LSEC_MODE_CLIENT)
ret = (int)SSL_CTX_set_tlsext_status_cb(ctx->context, ocsp_client_cb);
else
ret = (int)SSL_CTX_set_tlsext_status_cb(ctx->context, ocsp_server_cb);
if (ret == 0) {
lua_pushboolean(L, 0);
return 1;
}
ret = (int)SSL_CTX_set_tlsext_status_arg(ctx->context, ctx);
lua_pushboolean(L, ret == 1);
return 1;
}
static int ocsp_build_request(lua_State *L)
{
long len;
BIO *bio;
X509 *cert;
X509 *issuer;
OCSP_CERTID *cid;
OCSP_REQUEST *req;
char *buf;
cert = lsec_checkx509(L, 1);
issuer = lsec_checkx509(L, 2);
req = OCSP_REQUEST_new();
if (req == NULL) {
lua_pushnil(L);
return 1;
}
cid = OCSP_cert_to_id(NULL, cert, issuer);
if (cid == NULL) {
lua_pushnil(L);
return 1;
}
if (OCSP_request_add0_id(req, cid) == NULL) {
lua_pushnil(L);
return 1;
}
bio = BIO_new(BIO_s_mem());
i2d_OCSP_REQUEST_bio(bio, req);
len = BIO_get_mem_data(bio, &buf);
lua_pushlstring(L, buf, len);
BIO_free(bio);
OCSP_REQUEST_free(req);
return 1;
}
static int ocsp_response_time(lua_State *L)
{
long len;
BIO *bio;
char *buf;
int reason;
OCSP_BASICRESP *bs;
OCSP_SINGLERESP *sr;
OCSP_RESPONSE *res;
ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;
buf = (char*)lua_tostring(L, 1);
len = (long)lua_rawlen(L, 1);
res = d2i_OCSP_RESPONSE(NULL, (const unsigned char**)&buf, (int)len);
if (res == NULL) {
lua_pushnil(L);
lua_pushnil(L);
return 2;
}
bs = OCSP_response_get1_basic(res);
if (bs == NULL) {
lua_pushnil(L);
lua_pushnil(L);
return 2;
}
sr = OCSP_resp_get0(bs, 0);
OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
bio = BIO_new(BIO_s_mem());
ASN1_GENERALIZEDTIME_print(bio, thisupd);
len = BIO_get_mem_data(bio, &buf);
lua_pushlstring(L, buf, len);
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
ASN1_GENERALIZEDTIME_print(bio, nextupd);
len = BIO_get_mem_data(bio, &buf);
lua_pushlstring(L, buf, len);
BIO_free(bio);
OCSP_BASICRESP_free(bs);
OCSP_RESPONSE_free(res);
return 2;
}
#endif
#if defined(LSEC_ENABLE_DANE)
/*
* DANE
*/
static int dane_options[] = {
/* TODO move into options.c
* however this symbol is not from openssl/ssl.h but rather from
* openssl/x509_vfy.h
* */
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
DANE_FLAG_NO_DANE_EE_NAMECHECKS,
#endif
0
};
static const char *dane_option_names[] = {
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
"no_ee_namechecks",
#endif
NULL
};
static int set_dane(lua_State *L)
{
int ret, i;
int ret;
SSL_CTX *ctx = lsec_checkcontext(L, 1);
ret = SSL_CTX_dane_enable(ctx);
for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
}
lua_pushboolean(L, (ret > 0));
return 1;
}
@ -893,9 +935,6 @@ static luaL_Reg funcs[] = {
{"setdhparam", set_dhparam},
{"setverify", set_verify},
{"setoptions", set_options},
{"setpskhint", set_psk_identity_hint},
{"setserverpskcb", set_server_psk_cb},
{"setclientpskcb", set_client_psk_cb},
{"setmode", set_mode},
#if !defined(OPENSSL_NO_EC)
{"setcurve", set_curve},
@ -903,6 +942,9 @@ static luaL_Reg funcs[] = {
#endif
#if defined(LSEC_ENABLE_DANE)
{"setdane", set_dane},
#endif
#if !defined(OPENSSL_NO_OCSP)
{"setocspcb", set_ocsp_cb},
#endif
{NULL, NULL}
};
@ -929,7 +971,7 @@ static int meth_destroy(lua_State *L)
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
luaL_getmetatable(L, "SSL:PSK:Registry");
luaL_getmetatable(L, "SSL:OCSP:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
@ -1070,6 +1112,55 @@ void *lsec_testudata (lua_State *L, int ud, const char *tname) {
/*------------------------------ Initialization ------------------------------*/
#ifndef OPENSSL_NO_OCSP
struct ocsp_status_response_s {
const char *name;
int value;
};
typedef struct ocsp_status_response_s ocsp_status_response_t;
static ocsp_status_response_t status_response[] = {
{"successful", OCSP_RESPONSE_STATUS_SUCCESSFUL},
{"malformedrequest", OCSP_RESPONSE_STATUS_MALFORMEDREQUEST},
{"internalerror", OCSP_RESPONSE_STATUS_INTERNALERROR},
{"trylater", OCSP_RESPONSE_STATUS_TRYLATER},
{"sigrequired", OCSP_RESPONSE_STATUS_SIGREQUIRED},
{"unauthorized", OCSP_RESPONSE_STATUS_UNAUTHORIZED},
{NULL, 0}
};
static luaL_Reg ocsp_funcs[] = {
{"buildrequest", ocsp_build_request},
{"responsetime", ocsp_response_time},
{NULL, NULL}
};
/**
* OCSP module
*/
LSEC_API int luaopen_ssl_context_ocsp(lua_State *L)
{
ocsp_status_response_t *ptr;
luaL_newlib(L, ocsp_funcs);
lua_pushstring(L, "status");
lua_newtable(L);
for (ptr = status_response; ptr->name; ptr++) {
lua_pushstring(L, ptr->name);
lua_pushinteger(L, ptr->value);
lua_rawset(L, -3);
}
lua_rawset(L, -3);
return 1;
}
#endif
//------------------------------------------------------------------------------
/**
* Registre the module.
*/
@ -1077,8 +1168,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
{
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
luaL_newmetatable(L, "SSL:ALPN:Registry"); /* Keep all ALPN callbacks */
luaL_newmetatable(L, "SSL:PSK:Registry"); /* Keep all PSK callbacks */
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
luaL_newmetatable(L, "SSL:OCSP:Registry"); /* Keep all OCSP callbacks */
luaL_newmetatable(L, "SSL:Context");
setfuncs(L, meta);

4
src/context.h
View File

@ -2,9 +2,9 @@
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

7
src/ec.c
View File

@ -1,10 +1,3 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/objects.h>
#include "ec.h"

4
src/ec.h
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

11
src/https.lua
View File

@ -1,7 +1,6 @@
----------------------------------------------------------------------------
-- LuaSec 1.3.0
--
-- Copyright (C) 2009-2023 PUC-Rio
-- LuaSec 1.0.1
-- Copyright (C) 2009-2021 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
@ -19,8 +18,8 @@ local try = socket.try
-- Module
--
local _M = {
_VERSION = "1.3.0",
_COPYRIGHT = "LuaSec 1.3.0 - Copyright (C) 2009-2023 PUC-Rio",
_VERSION = "1.0.1",
_COPYRIGHT = "LuaSec 1.0.1 - Copyright (C) 2009-2021 PUC-Rio",
PORT = 443,
TIMEOUT = 60
}
@ -94,7 +93,7 @@ local function tcp(params)
self.sock:sni(host)
self.sock:settimeout(_M.TIMEOUT)
try(self.sock:dohandshake())
reg(self)
reg(self, getmetatable(self.sock))
return 1
end
return conn

24
src/options.c
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
@ -13,16 +13,13 @@
/*
OpenSSL version: OpenSSL 3.0.8
OpenSSL version: OpenSSL 1.1.1
*/
static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
{"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
@ -35,33 +32,21 @@ static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_CLEANSE_PLAINTEXT)
{"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
{"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_KTLS)
{"enable_ktls", SSL_OP_ENABLE_KTLS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
{"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
@ -104,9 +89,6 @@ static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
#endif
#if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
{"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif

4
src/options.h
View File

@ -2,9 +2,9 @@
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

11
src/options.lua
View File

@ -4,7 +4,7 @@ local function usage()
print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
print("* Examples:")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
print("* List options of your system:")
print(" lua options.lua -l /path/to/ssl.h\n")
@ -18,9 +18,9 @@ end
local function generate(options, version)
print([[
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
@ -60,14 +60,11 @@ local function loadoptions(file)
local options = {}
local f = assert(io.open(file, "r"))
for line in f:lines() do
local op = string.match(line, "define%s+(SSL_OP_BIT%()")
if not op then
op = string.match(line, "define%s+(SSL_OP_%S+)")
local op = string.match(line, "define%s+(SSL_OP_%S+)")
if op then
table.insert(options, op)
end
end
end
table.sort(options, function(a,b) return a<b end)
return options
end

136
src/ssl.c
View File

@ -1,8 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2021 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -529,58 +530,6 @@ static int meth_getpeercertificate(lua_State *L)
return 1;
}
/**
* Return the nth certificate of the chain sent to our peer.
*/
static int meth_getlocalcertificate(lua_State *L)
{
int n;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
/* Default to the first cert */
n = (int)luaL_optinteger(L, 2, 1);
/* This function is 1-based, but OpenSSL is 0-based */
--n;
if (n < 0) {
lua_pushnil(L);
lua_pushliteral(L, "invalid certificate index");
return 2;
}
if (n == 0) {
cert = SSL_get_certificate(ssl->ssl);
if (cert)
lsec_pushx509(L, cert);
else
lua_pushnil(L);
return 1;
}
/* In a server-context, the stack doesn't contain the peer cert,
* so adjust accordingly.
*/
if (SSL_is_server(ssl->ssl))
--n;
if(SSL_get0_chain_certs(ssl->ssl, &certs) != 1) {
lua_pushnil(L);
} else {
if (n >= sk_X509_num(certs)) {
lua_pushnil(L);
return 1;
}
cert = sk_X509_value(certs, n);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
X509_up_ref(cert);
lsec_pushx509(L, cert);
}
return 1;
}
/**
* Return the chain of certificate of the peer.
*/
@ -615,41 +564,6 @@ static int meth_getpeerchain(lua_State *L)
return 1;
}
/**
* Return the chain of certificates sent to the peer.
*/
static int meth_getlocalchain(lua_State *L)
{
int i;
int idx = 1;
int n_certs;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
lua_newtable(L);
if (SSL_is_server(ssl->ssl)) {
lsec_pushx509(L, SSL_get_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
if(SSL_get0_chain_certs(ssl->ssl, &certs)) {
n_certs = sk_X509_num(certs);
for (i = 0; i < n_certs; i++) {
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
X509_up_ref(cert);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
}
return 1;
}
/**
* Copy the table src to the table dst.
*/
@ -757,41 +671,6 @@ static int meth_getpeerfinished(lua_State *L)
return 1;
}
/**
* Get some shared keying material
*/
static int meth_exportkeyingmaterial(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if(ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 0;
}
size_t llen = 0;
size_t contextlen = 0;
const unsigned char *context = NULL;
const char *label = (const char*)luaL_checklstring(L, 2, &llen);
size_t olen = (size_t)luaL_checkinteger(L, 3);
if (!lua_isnoneornil(L, 4))
context = (const unsigned char*)luaL_checklstring(L, 4, &contextlen);
/* Temporary buffer memory-managed by Lua itself */
unsigned char *out = (unsigned char*)lua_newuserdata(L, olen);
if(SSL_export_keying_material(ssl->ssl, out, olen, label, llen, context, contextlen, context != NULL) != 1) {
lua_pushnil(L);
lua_pushstring(L, "error exporting keying material");
return 2;
}
lua_pushlstring(L, (char*)out, olen);
return 1;
}
/**
* Object information -- tostring metamethod
*/
@ -868,8 +747,6 @@ static int sni_cb(SSL *ssl, int *ad, void *arg)
lua_pop(L, 4);
/* Found, use this context */
if (newctx) {
p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
pctx->L = L;
SSL_set_SSL_CTX(ssl, newctx);
return SSL_TLSEXT_ERR_OK;
}
@ -947,7 +824,7 @@ static int meth_getalpn(lua_State *L)
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 1.3.0 - Copyright (C) 2006-2023 Bruno Silvestre, UFG"
lua_pushstring(L, "LuaSec 1.0.1 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
#if defined(WITH_LUASOCKET)
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
#endif
@ -994,12 +871,9 @@ static luaL_Reg methods[] = {
{"getfd", meth_getfd},
{"getfinished", meth_getfinished},
{"getpeercertificate", meth_getpeercertificate},
{"getlocalcertificate", meth_getlocalcertificate},
{"getpeerchain", meth_getpeerchain},
{"getlocalchain", meth_getlocalchain},
{"getpeerverification", meth_getpeerverification},
{"getpeerfinished", meth_getpeerfinished},
{"exportkeyingmaterial",meth_exportkeyingmaterial},
{"getsniname", meth_getsniname},
{"getstats", meth_getstats},
{"setstats", meth_setstats},

4
src/ssl.h
View File

@ -2,9 +2,9 @@
#define LSEC_SSL_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2021 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

49
src/ssl.lua
View File

@ -1,7 +1,7 @@
------------------------------------------------------------------------------
-- LuaSec 1.3.0
-- LuaSec 1.0.1
--
-- Copyright (C) 2006-2023 Bruno Silvestre
-- Copyright (C) 2006-2021 Bruno Silvestre
--
------------------------------------------------------------------------------
@ -10,6 +10,11 @@ local context = require("ssl.context")
local x509 = require("ssl.x509")
local config = require("ssl.config")
local ocsp
if config.capabilities.ocsp then
ocsp = require("ssl.context.ocsp")
end
local unpack = table.unpack or unpack
-- We must prevent the contexts to be collected before the connections,
@ -201,39 +206,16 @@ local function newcontext(cfg)
if not succ then return nil, msg end
end
-- PSK
if cfg.psk then
if cfg.mode == "client" then
if type(cfg.psk) ~= "function" then
return nil, "invalid PSK configuration"
end
succ = context.setclientpskcb(ctx, cfg.psk)
if not succ then return nil, msg end
elseif cfg.mode == "server" then
if type(cfg.psk) == "function" then
succ, msg = context.setserverpskcb(ctx, cfg.psk)
if not succ then return nil, msg end
elseif type(cfg.psk) == "table" then
if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then
succ, msg = context.setpskhint(ctx, cfg.psk.hint)
if not succ then return succ, msg end
succ = context.setserverpskcb(ctx, cfg.psk.callback)
if not succ then return succ, msg end
else
return nil, "invalid PSK configuration"
end
else
return nil, "invalid PSK configuration"
end
end
end
if config.capabilities.dane and cfg.dane then
if type(cfg.dane) == "table" then
context.setdane(ctx, unpack(cfg.dane))
else
context.setdane(ctx)
end
if config.capabilities.ocsp and cfg.ocsp then
msg = "error setting OCSP"
succ = type(cfg.ocsp) == "function"
if not succ then return nil, msg end
succ = context.setocspcb(ctx, cfg.ocsp)
if not succ then return nil, msg end
end
return ctx
@ -302,9 +284,10 @@ core.setmethod("info", info)
--
local _M = {
_VERSION = "1.3.0",
_VERSION = "1.0.1",
_COPYRIGHT = core.copyright(),
config = config,
ocsp = ocsp,
loadcertificate = x509.load,
newcontext = newcontext,
wrap = wrap,

14
src/x509.c
View File

@ -1,8 +1,8 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2014-2023 Bruno Silvestre
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -655,11 +655,10 @@ static int meth_set_encode(lua_State* L)
return 1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
/**
* Get signature name.
*/
static int meth_get_signature_name(lua_State* L)
static int meth_get_sinagure_name(lua_State* L)
{
p_x509 px = lsec_checkp_x509(L, 1);
int nid = X509_get_signature_nid(px->cert);
@ -670,7 +669,6 @@ static int meth_get_signature_name(lua_State* L)
lua_pushstring(L, name);
return 1;
}
#endif
/*---------------------------------------------------------------------------*/
@ -700,9 +698,7 @@ static luaL_Reg methods[] = {
{"digest", meth_digest},
{"setencode", meth_set_encode},
{"extensions", meth_extensions},
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
{"getsignaturename", meth_get_signature_name},
#endif
{"getsignaturename", meth_get_sinagure_name},
{"issuer", meth_issuer},
{"notbefore", meth_notbefore},
{"notafter", meth_notafter},

6
src/x509.h
View File

@ -1,8 +1,8 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.0
* LuaSec 1.0.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2013-2023 Bruno Silvestre
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/