mirror of
https://github.com/brunoos/luasec.git
synced 2025-07-16 13:59:52 +02:00
Compare commits
152 Commits
luasec-0.3
...
luasec-0.7
Author | SHA1 | Date | |
---|---|---|---|
3a5a3f6959 | |||
3c1af04dfa | |||
866e55f1ee | |||
8dafea410f | |||
de63f21f63 | |||
fbbaa866c3 | |||
bd87aafaaf | |||
be3c6d67e0 | |||
2f562e1399 | |||
7934e58b4b | |||
3a8d6e71c4 | |||
3d170e9f9d | |||
ea6a65de84 | |||
0d01b53461 | |||
8762441cd2 | |||
60f02f7701 | |||
fe1fb0b350 | |||
db42a5084a | |||
0b99832ec7 | |||
fc757e1fd0 | |||
64f11f515d | |||
e90a264c93 | |||
5299803bef | |||
9c41eaf09a | |||
31b7a4744b | |||
d9e7c5d466 | |||
6b82fa6104 | |||
9f6d623ccb | |||
67a2133e7d | |||
622ef3d6a6 | |||
231563682a | |||
3ec117667d | |||
98f8872743 | |||
77b88e0b0d | |||
4889830d53 | |||
80a527d630 | |||
53db804b9d | |||
22e6652d88 | |||
6bb007b75f | |||
3cfdb878dd | |||
4101af103e | |||
9efa963e35 | |||
4aa9ec3b60 | |||
d45c03a1ad | |||
0f4eaf06e4 | |||
5a98bb6adb | |||
20443861eb | |||
f09ce9fb44 | |||
3b5f4b0dc1 | |||
407ff6133c | |||
72e159149b | |||
2c0497e39a | |||
8eb48c2d8b | |||
27fbd70424 | |||
73a2c4ceda | |||
6a7a6f7f67 | |||
8be458ff8a | |||
5561ddfa3c | |||
63f7d46d00 | |||
ef28f7d20d | |||
64faf6322e | |||
49ea6b8ba6 | |||
96401bdf67 | |||
e9393e9891 | |||
bf1de60f00 | |||
67f0867277 | |||
9340ce0916 | |||
9514c751fa | |||
3f751d786b | |||
a89903535b | |||
008590ad28 | |||
4dd953e6f1 | |||
f17bee5371 | |||
d1fb889547 | |||
24e5ec13f3 | |||
0bdc3f1f32 | |||
8e9910cb15 | |||
2c2c9cf16f | |||
580d9b7ed8 | |||
dd9688cf12 | |||
7c02208590 | |||
4e59c719df | |||
aa0c7ea1e5 | |||
3862e76df9 | |||
9e93748671 | |||
148a56f26c | |||
9183cb724f | |||
b6327b95b4 | |||
a334f11abf | |||
932465c66a | |||
474b105087 | |||
65da178ca3 | |||
1ab6fac919 | |||
91d378a86e | |||
356e03a64d | |||
97b1974039 | |||
9cb5220759 | |||
acbf575420 | |||
a9b81b1c10 | |||
ab42d4ec86 | |||
12e1b1f1d9 | |||
5240c02f3d | |||
4c7339cace | |||
f514e9fb1b | |||
84cb83b92f | |||
0c58a8f9b8 | |||
3770f928d8 | |||
f13aee5dac | |||
b83d2c6a91 | |||
c276e9ff60 | |||
1ade1542d7 | |||
97e836696b | |||
903efaf3b1 | |||
cc2fb8ee75 | |||
77637e9d3c | |||
a481015217 | |||
11eaec6520 | |||
d2c87d71f7 | |||
8fd31f3ad2 | |||
55d45f0542 | |||
8e5bcefbb6 | |||
eb8cb33160 | |||
21aefcf67d | |||
89375f495a | |||
46d6078e82 | |||
ce504d3554 | |||
4a95102cc8 | |||
fe782fde14 | |||
1d920fc13c | |||
0dab860770 | |||
8cf7eb2d78 | |||
9c7c96f2a0 | |||
9262f9e7de | |||
3fb33cdc4e | |||
a344f58b20 | |||
1a75704ff0 | |||
063e8a8a5c | |||
9f16c6fb11 | |||
7532f3b729 | |||
2dae14877e | |||
4c5ce1b177 | |||
9bda3322fb | |||
f77fb40033 | |||
fceef56dce | |||
4aecd53dc1 | |||
1b899afd38 | |||
77ac210283 | |||
908fc346d2 | |||
67e5176b6b | |||
29c6bd65d2 | |||
d28c5e4f9e | |||
affd08cf05 |
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
/src/*.o
|
||||
/src/luasocket/*.o
|
||||
/*.dll
|
134
CHANGELOG
134
CHANGELOG
@ -1,13 +1,143 @@
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7.2
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix unexported 'ssl.config' table
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7.1
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix general_name leak in cert:extensions()
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7
|
||||
---------------
|
||||
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
|
||||
easy to add secure connections to any Lua applications or scripts.
|
||||
|
||||
Documentation: https://github.com/brunoos/luasec/wiki
|
||||
|
||||
This version includes:
|
||||
|
||||
* Add support to OpenSSL 1.1.0
|
||||
* Add support to elliptic curves list
|
||||
* Add ssl.config that exports some OpenSSL information
|
||||
* Add integration with luaossl
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.6
|
||||
------------
|
||||
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
|
||||
easy to add secure connections to any Lua applications or scripts.
|
||||
|
||||
Documentation: https://github.com/brunoos/luasec/wiki
|
||||
|
||||
This version includes:
|
||||
|
||||
* Lua 5.2 and 5.3 compatibility
|
||||
|
||||
* Context module:
|
||||
- Add ctx:checkkey()
|
||||
|
||||
* SSL module:
|
||||
- Add conn:sni() and conn:getsniname()
|
||||
|
||||
* Context options:
|
||||
- Add "any" protocol ("sslv23" is deprecated)
|
||||
|
||||
* HTTPS module:
|
||||
- Using "any" protocol without SSLv2/SSLv3, by default
|
||||
|
||||
* X509 module:
|
||||
- Human readable IP address
|
||||
- Add cert:issued()
|
||||
- Add cert:pubkey()
|
||||
|
||||
* Some bug fixes
|
||||
|
||||
|
||||
=> Thanks to everyone who collaborate with LuaSec <=
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.5
|
||||
------------
|
||||
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
|
||||
easy to add secure connections to any Lua applications or scripts.
|
||||
|
||||
This version includes:
|
||||
|
||||
* A new certificate (X509) API, which supports:
|
||||
- Reading the subject (identity) and issuer of the certificate.
|
||||
- Reading various X509 extensions, including email and dnsName.
|
||||
- Converting certificates to and from the standard ASCII PEM
|
||||
format.
|
||||
- Generating the fingerprint/digest of a certificate (using SHA1,
|
||||
SHA256 or SHA512).
|
||||
- Reading the certificate's expiration, serial number, and other
|
||||
info.
|
||||
|
||||
* The ability to get more detailed information from OpenSSL about
|
||||
why a certificate failed verification, for each certificate in the
|
||||
chain.
|
||||
|
||||
* Flags to force acceptance of invalid certificates, e.g. to allow
|
||||
the use of self-signed certificates in a Trust On First Use model.
|
||||
|
||||
* Flags to control checking CRLs for certificate revocation status.
|
||||
|
||||
* Support for ECDH cipher suites.
|
||||
|
||||
* An API to get the TLS 'finished' messages used for SASL channel
|
||||
binding (e.g. the SCRAM PLUS mechanisms).
|
||||
|
||||
The work in this release was undertaken by Kim Alvefur, Paul Aurich,
|
||||
Tobias Markmann, Bruno Silvestre and Matthew Wild.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.4.1
|
||||
------------
|
||||
- SSL options updated --- based on OpenSSL 1.0.0d.
|
||||
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
|
||||
(thanks Prosody project)
|
||||
|
||||
---------------------------------------------------------------------------------
|
||||
LuaSec 0.4
|
||||
------------
|
||||
- Add option 'no_ticket' (included in OpenSSL 0.9.8f).
|
||||
- Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.3.3
|
||||
------------
|
||||
- BUG: Clear the error queue before call I/O functions (see SSL_get_error
|
||||
manual).
|
||||
(thanks Matthew Wild)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.3.2
|
||||
------------
|
||||
- BUG: Windows uses a different way to report socket error.
|
||||
(thanks Sebastien Perin)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.3.1
|
||||
------------
|
||||
- BUG: receive("a") returns 'closed' error instead of the content when the
|
||||
SSL/TLS connection is shut down cleanly. (thanks Matthias Diener)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.3
|
||||
----------
|
||||
- Add functions ssl.rawcontext() and ssl.rawconnection()
|
||||
- Add support to encrypted key password.
|
||||
- Add support to encrypted key password. (thanks Norbert Kiesel)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.2.1
|
||||
------------
|
||||
- 'key' and 'certificate' configurations become optional.
|
||||
- 'key' and 'certificate' configurations become optional. (thanks René Rebe)
|
||||
- Add '_VERSION' variable to module.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
22
INSTALL
22
INSTALL
@ -1,10 +1,22 @@
|
||||
LuaSec 0.3
|
||||
-----------
|
||||
LuaSec 0.7.2
|
||||
------------
|
||||
|
||||
* OpenSSL options:
|
||||
|
||||
By default, this version includes options for OpenSSL 1.1.1.
|
||||
|
||||
If you need to generate the options for a different version of OpenSSL:
|
||||
|
||||
$ cd src
|
||||
$ lua options.lua -g /usr/include/openssl/ssl.h > options.c
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
* On Linux, BSD, and Mac OS X:
|
||||
|
||||
- Edit 'Makefile'
|
||||
* Inform the path to install the modules.
|
||||
* Inform the path to where install the Lua modules (LUAPATH) and binaries
|
||||
modules (LUACPATH)
|
||||
* If Lua or OpenSSL are not in the default path, set the
|
||||
variables INCDIR and LIBDIR.
|
||||
* For Mac OS X, set the variable MACOSX_VERSION.
|
||||
@ -14,6 +26,8 @@ LuaSec 0.3
|
||||
|
||||
- Use 'make install' to install the modules.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
* On Windows:
|
||||
|
||||
- Use the Visual C++ project to compile the library.
|
||||
@ -21,3 +35,5 @@ LuaSec 0.3
|
||||
- Copy the 'ssl.lua' file to some place in your LUA_PATH.
|
||||
|
||||
- Copy the 'ssl.dll' file to some place in your LUA_CPATH.
|
||||
|
||||
- Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.
|
||||
|
28
LICENSE
28
LICENSE
@ -1,5 +1,5 @@
|
||||
LuaSec 0.3 license
|
||||
Copyright (C) 2006-2008 Bruno Silvestre
|
||||
LuaSec 0.7.2 license
|
||||
Copyright (C) 2006-2019 Bruno Silvestre, UFG
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
@ -19,27 +19,3 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
LuaSocket 2.0.2 license
|
||||
Copyright <20> 2004-2007 Diego Nehab
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
36
Makefile
36
Makefile
@ -1,16 +1,22 @@
|
||||
# Inform the location to intall the modules
|
||||
LUAPATH=/usr/local/share/lua/5.1
|
||||
CPATH=/usr/local/lib/lua/5.1
|
||||
# Inform the location to install the modules
|
||||
LUAPATH ?= /usr/share/lua/5.1
|
||||
LUACPATH ?= /usr/lib/lua/5.1
|
||||
|
||||
# Edit the lines below to inform new path, if necessary
|
||||
#
|
||||
#INCDIR=-I/usr/local/lua-5.1/include -I/usr/local/openssl-0.9.8/include
|
||||
#LIBDIR=-L/usr/local/openssl-0.9.8/lib -R/usr/local/openssl-0.9.8/lib
|
||||
# Compile with build-in LuaSocket's help files.
|
||||
# Comment this lines if you will link with non-internal LuaSocket's help files
|
||||
# and edit INCDIR and LIBDIR properly.
|
||||
EXTRA = luasocket
|
||||
DEFS = -DWITH_LUASOCKET
|
||||
|
||||
# Edit the lines below to inform new path, if necessary.
|
||||
# Path below points to internal LuaSocket's help files.
|
||||
INC_PATH ?= -I/usr/include
|
||||
LIB_PATH ?= -L/usr/lib
|
||||
INCDIR = -I. $(INC_PATH)
|
||||
LIBDIR = -L./luasocket $(LIB_PATH)
|
||||
|
||||
# For Mac OS X: set the system version
|
||||
MACOSX_VERSION=10.4
|
||||
|
||||
DEFS=-DBUFFER_DEBUG
|
||||
MACOSX_VERSION=10.11
|
||||
|
||||
#----------------------
|
||||
# Do not edit this part
|
||||
@ -26,25 +32,25 @@ none:
|
||||
@echo " * macosx"
|
||||
|
||||
install:
|
||||
@cd src ; $(MAKE) CPATH="$(CPATH)" LUAPATH="$(LUAPATH)" install
|
||||
@cd src && $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
|
||||
|
||||
linux:
|
||||
@echo "---------------------"
|
||||
@echo "** Build for Linux **"
|
||||
@echo "---------------------"
|
||||
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
|
||||
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
|
||||
|
||||
bsd:
|
||||
@echo "-------------------"
|
||||
@echo "** Build for BSD **"
|
||||
@echo "-------------------"
|
||||
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
|
||||
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
|
||||
|
||||
macosx:
|
||||
@echo "------------------------------"
|
||||
@echo "** Build for Mac OS X $(MACOSX_VERSION) **"
|
||||
@echo "------------------------------"
|
||||
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" MACVER="$(MACOSX_VERSION)" $@
|
||||
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" MACVER="$(MACOSX_VERSION)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
|
||||
|
||||
clean:
|
||||
@cd src ; $(MAKE) clean
|
||||
@cd src && $(MAKE) clean
|
||||
|
@ -1,4 +1,6 @@
|
||||
luasec
|
||||
======
|
||||
LuaSec 0.7.2
|
||||
===============
|
||||
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
|
||||
easy to add secure connections to any Lua applications or scripts.
|
||||
|
||||
LuaSec
|
||||
Documentation: https://github.com/brunoos/luasec/wiki
|
||||
|
105
luasec-0.7.2-1.rockspec
Normal file
105
luasec-0.7.2-1.rockspec
Normal file
@ -0,0 +1,105 @@
|
||||
package = "LuaSec"
|
||||
version = "0.7.2-1"
|
||||
source = {
|
||||
url = "https://github.com/brunoos/luasec/archive/luasec-0.7.2.tar.gz",
|
||||
dir = "luasec-luasec-0.7.2"
|
||||
}
|
||||
description = {
|
||||
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
|
||||
detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
|
||||
homepage = "https://github.com/brunoos/luasec/wiki",
|
||||
license = "MIT"
|
||||
}
|
||||
dependencies = {
|
||||
"lua >= 5.1", "luasocket"
|
||||
}
|
||||
external_dependencies = {
|
||||
platforms = {
|
||||
unix = {
|
||||
OPENSSL = {
|
||||
header = "openssl/ssl.h",
|
||||
library = "ssl"
|
||||
}
|
||||
},
|
||||
windows = {
|
||||
OPENSSL = {
|
||||
header = "openssl/ssl.h",
|
||||
}
|
||||
},
|
||||
}
|
||||
}
|
||||
build = {
|
||||
type = "builtin",
|
||||
copy_directories = {
|
||||
"samples"
|
||||
},
|
||||
platforms = {
|
||||
unix = {
|
||||
install = {
|
||||
lib = {
|
||||
"ssl.so"
|
||||
},
|
||||
lua = {
|
||||
"src/ssl.lua", ['ssl.https'] = "src/https.lua"
|
||||
}
|
||||
},
|
||||
modules = {
|
||||
ssl = {
|
||||
defines = {
|
||||
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
|
||||
},
|
||||
incdirs = {
|
||||
"$(OPENSSL_INCDIR)", "src/", "src/luasocket",
|
||||
},
|
||||
libdirs = {
|
||||
"$(OPENSSL_LIBDIR)"
|
||||
},
|
||||
libraries = {
|
||||
"ssl", "crypto"
|
||||
},
|
||||
sources = {
|
||||
"src/options.c", "src/config.c", "src/ec.c",
|
||||
"src/x509.c", "src/context.c", "src/ssl.c",
|
||||
"src/luasocket/buffer.c", "src/luasocket/io.c",
|
||||
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
windows = {
|
||||
install = {
|
||||
lib = {
|
||||
"ssl.dll"
|
||||
},
|
||||
lua = {
|
||||
"src/ssl.lua", ['ssl.https'] = "src/https.lua"
|
||||
}
|
||||
},
|
||||
modules = {
|
||||
ssl = {
|
||||
defines = {
|
||||
"WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
|
||||
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
|
||||
"LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
|
||||
},
|
||||
libdirs = {
|
||||
"$(OPENSSL_LIBDIR)",
|
||||
"$(OPENSSL_BINDIR)",
|
||||
},
|
||||
libraries = {
|
||||
"libssl32MD", "libcrypto32MD", "ws2_32"
|
||||
},
|
||||
incdirs = {
|
||||
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
|
||||
},
|
||||
sources = {
|
||||
"src/options.c", "src/config.c", "src/ec.c",
|
||||
"src/x509.c", "src/context.c", "src/ssl.c",
|
||||
"src/luasocket/buffer.c", "src/luasocket/io.c",
|
||||
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
Microsoft Visual Studio Solution File, Format Version 10.00
|
||||
# Visual C++ Express 2008
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
|
||||
Microsoft Visual Studio Solution File, Format Version 11.00
|
||||
# Visual C++ Express 2010
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcxproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
|
||||
EndProject
|
||||
Global
|
||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||
|
BIN
luasec.suo
BIN
luasec.suo
Binary file not shown.
253
luasec.vcproj
253
luasec.vcproj
@ -1,253 +0,0 @@
|
||||
<?xml version="1.0" encoding="Windows-1252"?>
|
||||
<VisualStudioProject
|
||||
ProjectType="Visual C++"
|
||||
Version="9,00"
|
||||
Name="luasec"
|
||||
ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
|
||||
Keyword="Win32Proj"
|
||||
TargetFrameworkVersion="131072"
|
||||
>
|
||||
<Platforms>
|
||||
<Platform
|
||||
Name="Win32"
|
||||
/>
|
||||
</Platforms>
|
||||
<ToolFiles>
|
||||
</ToolFiles>
|
||||
<Configurations>
|
||||
<Configuration
|
||||
Name="Debug|Win32"
|
||||
OutputDirectory="Debug"
|
||||
IntermediateDirectory="Debug"
|
||||
ConfigurationType="2"
|
||||
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
|
||||
CharacterSet="2"
|
||||
>
|
||||
<Tool
|
||||
Name="VCPreBuildEventTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCCustomBuildTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCXMLDataGeneratorTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCWebServiceProxyGeneratorTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCMIDLTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
Optimization="0"
|
||||
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
|
||||
MinimalRebuild="true"
|
||||
BasicRuntimeChecks="3"
|
||||
RuntimeLibrary="3"
|
||||
UsePrecompiledHeader="0"
|
||||
WarningLevel="3"
|
||||
DebugInformationFormat="4"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCManagedResourceCompilerTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCResourceCompilerTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCPreLinkEventTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCLinkerTool"
|
||||
AdditionalDependencies="ws2_32.lib libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
|
||||
OutputFile="$(OutDir)/ssl.dll"
|
||||
LinkIncremental="2"
|
||||
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
|
||||
GenerateDebugInformation="true"
|
||||
ProgramDatabaseFile="$(OutDir)/luasec.pdb"
|
||||
SubSystem="2"
|
||||
RandomizedBaseAddress="1"
|
||||
DataExecutionPrevention="0"
|
||||
ImportLibrary="$(OutDir)/ssl.lib"
|
||||
TargetMachine="1"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCALinkTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCManifestTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCXDCMakeTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCBscMakeTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCFxCopTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCAppVerifierTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCPostBuildEventTool"
|
||||
/>
|
||||
</Configuration>
|
||||
<Configuration
|
||||
Name="Release|Win32"
|
||||
OutputDirectory="Release"
|
||||
IntermediateDirectory="Release"
|
||||
ConfigurationType="2"
|
||||
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
|
||||
CharacterSet="2"
|
||||
>
|
||||
<Tool
|
||||
Name="VCPreBuildEventTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCCustomBuildTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCXMLDataGeneratorTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCWebServiceProxyGeneratorTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCMIDLTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)"
|
||||
RuntimeLibrary="2"
|
||||
UsePrecompiledHeader="0"
|
||||
WarningLevel="3"
|
||||
DebugInformationFormat="3"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCManagedResourceCompilerTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCResourceCompilerTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCPreLinkEventTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCLinkerTool"
|
||||
AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
|
||||
OutputFile="$(OutDir)/ssl.dll"
|
||||
LinkIncremental="1"
|
||||
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
|
||||
GenerateDebugInformation="true"
|
||||
SubSystem="2"
|
||||
OptimizeReferences="2"
|
||||
EnableCOMDATFolding="2"
|
||||
RandomizedBaseAddress="1"
|
||||
DataExecutionPrevention="0"
|
||||
ImportLibrary="$(OutDir)/ssl.lib"
|
||||
TargetMachine="1"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCALinkTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCManifestTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCXDCMakeTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCBscMakeTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCFxCopTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCAppVerifierTool"
|
||||
/>
|
||||
<Tool
|
||||
Name="VCPostBuildEventTool"
|
||||
/>
|
||||
</Configuration>
|
||||
</Configurations>
|
||||
<References>
|
||||
</References>
|
||||
<Files>
|
||||
<Filter
|
||||
Name="Source Files"
|
||||
Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
||||
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
||||
>
|
||||
<File
|
||||
RelativePath=".\src\buffer.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\context.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\io.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\ssl.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\timeout.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\wsocket.c"
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="Header Files"
|
||||
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
||||
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
||||
>
|
||||
<File
|
||||
RelativePath=".\src\buffer.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\context.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\io.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\socket.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\ssl.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\timeout.h"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\src\wsocket.h"
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="Resource Files"
|
||||
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
|
||||
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
||||
>
|
||||
</Filter>
|
||||
</Files>
|
||||
<Globals>
|
||||
</Globals>
|
||||
</VisualStudioProject>
|
131
luasec.vcxproj
Normal file
131
luasec.vcxproj
Normal file
@ -0,0 +1,131 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<ProjectGuid>{A629932F-8819-4C0B-8835-CBF1FEED6376}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v140</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v140</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup>
|
||||
<_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</OutDir>
|
||||
<IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</IntDir>
|
||||
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
|
||||
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</OutDir>
|
||||
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</IntDir>
|
||||
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
|
||||
<TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ssl</TargetName>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<MinimalRebuild>true</MinimalRebuild>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<OutputFile>$(OutDir)ssl.dll</OutputFile>
|
||||
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<ProgramDatabaseFile>$(OutDir)luasec.pdb</ProgramDatabaseFile>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<DataExecutionPrevention>
|
||||
</DataExecutionPrevention>
|
||||
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<PrecompiledHeader>
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
|
||||
<AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<DataExecutionPrevention>
|
||||
</DataExecutionPrevention>
|
||||
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="src\config.c" />
|
||||
<ClCompile Include="src\context.c" />
|
||||
<ClCompile Include="src\ec.c" />
|
||||
<ClCompile Include="src\luasocket\buffer.c" />
|
||||
<ClCompile Include="src\luasocket\io.c" />
|
||||
<ClCompile Include="src\luasocket\timeout.c" />
|
||||
<ClCompile Include="src\luasocket\wsocket.c" />
|
||||
<ClCompile Include="src\options.c" />
|
||||
<ClCompile Include="src\ssl.c" />
|
||||
<ClCompile Include="src\x509.c" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="src\compat.h" />
|
||||
<ClInclude Include="src\config.h" />
|
||||
<ClInclude Include="src\context.h" />
|
||||
<ClInclude Include="src\ec.h" />
|
||||
<ClInclude Include="src\luasocket\buffer.h" />
|
||||
<ClInclude Include="src\luasocket\io.h" />
|
||||
<ClInclude Include="src\luasocket\socket.h" />
|
||||
<ClInclude Include="src\luasocket\timeout.h" />
|
||||
<ClInclude Include="src\luasocket\wsocket.h" />
|
||||
<ClInclude Include="src\options.h" />
|
||||
<ClInclude Include="src\ssl.h" />
|
||||
<ClInclude Include="src\x509.h" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
@ -1,17 +1,26 @@
|
||||
In all examples, the SSL/TLS layer can be disable just commenting the
|
||||
wrap section. In this case, the examples work with normal TCP
|
||||
communication.
|
||||
|
||||
Directories:
|
||||
------------
|
||||
* certs
|
||||
It contains a set of certificates used in the examples. You can use
|
||||
the scrits to recreate them if necessary (due to certificates
|
||||
expiration date, for example). First, generate the Root CA 'A' and
|
||||
'B', then the servers and clients.
|
||||
Contains scripts to generate the certificates used by the examples.
|
||||
Generate Root CA 'A' and 'B' first, then the servers and clients.
|
||||
|
||||
* oneshot
|
||||
A simple connection example.
|
||||
* chain
|
||||
Example of certificate chain in handshake.
|
||||
|
||||
* dhparam
|
||||
DH parameters for handshake.
|
||||
|
||||
* digest
|
||||
Certificate digest.
|
||||
|
||||
* ecdh
|
||||
Elliptic curve cipher.
|
||||
|
||||
* info
|
||||
Information about the connection.
|
||||
|
||||
* key
|
||||
Test encrypted private key.
|
||||
|
||||
* loop
|
||||
Test successive connections between the server and the client
|
||||
@ -19,7 +28,16 @@ Directories:
|
||||
|
||||
* loop-gc
|
||||
Same of above, but the connection is not explicit closed, the gabage
|
||||
collector is encharge of it.
|
||||
collector is encharge of that.
|
||||
|
||||
* oneshot
|
||||
A simple connection example.
|
||||
|
||||
* verification
|
||||
Retrieve the certificate verification errors from the handshake.
|
||||
|
||||
* verify
|
||||
Ignore handshake errors and proceed.
|
||||
|
||||
* wantread
|
||||
Test timeout in handshake() and receive().
|
||||
@ -28,7 +46,4 @@ Directories:
|
||||
Test timeout in send().
|
||||
|
||||
* want
|
||||
Test want().
|
||||
|
||||
* key
|
||||
Test encrypted private key.
|
||||
Test want() method.
|
||||
|
14
samples/certs/all.bat
Normal file
14
samples/certs/all.bat
Normal file
@ -0,0 +1,14 @@
|
||||
REM make sure the 'openssl.exe' commandline tool is in your path before starting!
|
||||
REM set the path below;
|
||||
set opensslpath=c:\program files (x86)\openssl-win32\bin
|
||||
|
||||
|
||||
|
||||
setlocal
|
||||
set path=%opensslpath%;%path%
|
||||
call roota.bat
|
||||
call rootb.bat
|
||||
call servera.bat
|
||||
call serverb.bat
|
||||
call clienta.bat
|
||||
call clientb.bat
|
9
samples/certs/clientA.bat
Normal file
9
samples/certs/clientA.bat
Normal file
@ -0,0 +1,9 @@
|
||||
rem #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
|
||||
|
||||
openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
|
||||
|
||||
copy clientAcert.pem + rootA.pem clientA.pem
|
||||
|
||||
openssl x509 -subject -issuer -noout -in clientA.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
|
9
samples/certs/clientB.bat
Normal file
9
samples/certs/clientB.bat
Normal file
@ -0,0 +1,9 @@
|
||||
rem #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
|
||||
|
||||
openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
|
||||
|
||||
copy clientBcert.pem + rootB.pem clientB.pem
|
||||
|
||||
openssl x509 -subject -issuer -noout -in clientB.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
|
7
samples/certs/rootA.bat
Normal file
7
samples/certs/rootA.bat
Normal file
@ -0,0 +1,7 @@
|
||||
REM #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
|
||||
|
||||
openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
|
||||
|
||||
openssl x509 -subject -issuer -noout -in rootA.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
|
7
samples/certs/rootB.bat
Normal file
7
samples/certs/rootB.bat
Normal file
@ -0,0 +1,7 @@
|
||||
rem #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
|
||||
|
||||
openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
|
||||
|
||||
openssl x509 -subject -issuer -noout -in rootB.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
|
9
samples/certs/serverA.bat
Normal file
9
samples/certs/serverA.bat
Normal file
@ -0,0 +1,9 @@
|
||||
rem #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
|
||||
|
||||
openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
|
||||
|
||||
copy serverAcert.pem + rootA.pem serverA.pem
|
||||
|
||||
openssl x509 -subject -issuer -noout -in serverA.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
9
samples/certs/serverB.bat
Normal file
9
samples/certs/serverB.bat
Normal file
@ -0,0 +1,9 @@
|
||||
rem #!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
|
||||
|
||||
openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
|
||||
|
||||
copy serverBcert.pem + rootB.pem serverB.pem
|
||||
|
||||
openssl x509 -subject -issuer -noout -in serverB.pem
|
@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
@ -102,7 +102,7 @@ default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
36
samples/chain/client.lua
Normal file
36
samples/chain/client.lua
Normal file
@ -0,0 +1,36 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
local util = require("util")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local conn = socket.tcp()
|
||||
conn:connect("127.0.0.1", 8888)
|
||||
|
||||
conn = assert( ssl.wrap(conn, params) )
|
||||
assert(conn:dohandshake())
|
||||
|
||||
util.show( conn:getpeercertificate() )
|
||||
|
||||
print("----------------------------------------------------------------------")
|
||||
|
||||
for k, cert in ipairs( conn:getpeerchain() ) do
|
||||
util.show(cert)
|
||||
end
|
||||
|
||||
local cert = conn:getpeercertificate()
|
||||
print( cert )
|
||||
print( cert:pem() )
|
||||
|
||||
conn:close()
|
53
samples/chain/server.lua
Normal file
53
samples/chain/server.lua
Normal file
@ -0,0 +1,53 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
local util = require("util")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local conn = server:accept()
|
||||
|
||||
conn = assert( ssl.wrap(conn, ctx) )
|
||||
assert( conn:dohandshake() )
|
||||
|
||||
util.show( conn:getpeercertificate() )
|
||||
|
||||
print("----------------------------------------------------------------------")
|
||||
|
||||
for k, cert in ipairs( conn:getpeerchain() ) do
|
||||
util.show(cert)
|
||||
end
|
||||
|
||||
local f = io.open(params.certificate)
|
||||
local str = f:read("*a")
|
||||
f:close()
|
||||
|
||||
util.show( ssl.loadcertificate(str) )
|
||||
|
||||
print("----------------------------------------------------------------------")
|
||||
local cert = conn:getpeercertificate()
|
||||
print( cert )
|
||||
print( cert:digest() )
|
||||
print( cert:digest("sha1") )
|
||||
print( cert:digest("sha256") )
|
||||
print( cert:digest("sha512") )
|
||||
|
||||
conn:close()
|
||||
server:close()
|
22
samples/chain/util.lua
Normal file
22
samples/chain/util.lua
Normal file
@ -0,0 +1,22 @@
|
||||
local print = print
|
||||
local ipairs = ipairs
|
||||
|
||||
local _ENV = {}
|
||||
|
||||
function _ENV.show(cert)
|
||||
print("Serial:", cert:serial())
|
||||
print("NotBefore:", cert:notbefore())
|
||||
print("NotAfter:", cert:notafter())
|
||||
print("--- Issuer ---")
|
||||
for k, v in ipairs(cert:issuer()) do
|
||||
print(v.name .. " = " .. v.value)
|
||||
end
|
||||
|
||||
print("--- Subject ---")
|
||||
for k, v in ipairs(cert:subject()) do
|
||||
print(v.name .. " = " .. v.value)
|
||||
end
|
||||
print("----------------------------------------------------------------------")
|
||||
end
|
||||
|
||||
return _ENV
|
28
samples/curve-negotiation/client.lua
Normal file
28
samples/curve-negotiation/client.lua
Normal file
@ -0,0 +1,28 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "any",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all"},
|
||||
--
|
||||
curve = "P-256:P-384",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
37
samples/curve-negotiation/server.lua
Normal file
37
samples/curve-negotiation/server.lua
Normal file
@ -0,0 +1,37 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all"},
|
||||
--
|
||||
curve = "P-384:P-256:P-521",
|
||||
}
|
||||
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
peer:send("oneshot with curve negotiation test\n")
|
||||
peer:close()
|
26
samples/dhparam/client.lua
Normal file
26
samples/dhparam/client.lua
Normal file
@ -0,0 +1,26 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
4
samples/dhparam/params.sh
Executable file
4
samples/dhparam/params.sh
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
|
||||
openssl dhparam -2 -out dh-512.pem -outform PEM 512
|
||||
openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
|
61
samples/dhparam/server.lua
Normal file
61
samples/dhparam/server.lua
Normal file
@ -0,0 +1,61 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local function readfile(filename)
|
||||
local fd = assert(io.open(filename))
|
||||
local dh = fd:read("*a")
|
||||
fd:close()
|
||||
return dh
|
||||
end
|
||||
|
||||
local function dhparam_cb(export, keylength)
|
||||
print("---")
|
||||
print("DH Callback")
|
||||
print("Export", export)
|
||||
print("Key length", keylength)
|
||||
print("---")
|
||||
local filename
|
||||
if keylength == 512 then
|
||||
filename = "dh-512.pem"
|
||||
elseif keylength == 1024 then
|
||||
filename = "dh-1024.pem"
|
||||
else
|
||||
-- No key
|
||||
return nil
|
||||
end
|
||||
return readfile(filename)
|
||||
end
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
dhparam = dhparam_cb,
|
||||
}
|
||||
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
26
samples/digest/client.lua
Normal file
26
samples/digest/client.lua
Normal file
@ -0,0 +1,26 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
44
samples/digest/server.lua
Normal file
44
samples/digest/server.lua
Normal file
@ -0,0 +1,44 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
local cert = peer:getpeercertificate()
|
||||
local sha1 = cert:digest("sha1")
|
||||
local sha256 = cert:digest("sha256")
|
||||
local sha512 = cert:digest("sha512")
|
||||
|
||||
print("SHA1", sha1)
|
||||
print("SHA256", sha256)
|
||||
print("SHA512", sha512)
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
33
samples/ecdh/client.lua
Normal file
33
samples/ecdh/client.lua
Normal file
@ -0,0 +1,33 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
--
|
||||
curve = "secp384r1",
|
||||
}
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
|
||||
print("--- INFO ---")
|
||||
local info = peer:info()
|
||||
for k, v in pairs(info) do
|
||||
print(k, v)
|
||||
end
|
||||
print("---")
|
||||
|
||||
peer:close()
|
40
samples/ecdh/server.lua
Normal file
40
samples/ecdh/server.lua
Normal file
@ -0,0 +1,40 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
--
|
||||
curve = "secp384r1",
|
||||
}
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
|
||||
print("--- INFO ---")
|
||||
local info = peer:info()
|
||||
for k, v in pairs(info) do
|
||||
print(k, v)
|
||||
end
|
||||
print("---")
|
||||
|
||||
peer:close()
|
||||
server:close()
|
26
samples/info/client.lua
Normal file
26
samples/info/client.lua
Normal file
@ -0,0 +1,26 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
48
samples/info/server.lua
Normal file
48
samples/info/server.lua
Normal file
@ -0,0 +1,48 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
|
||||
-- Before handshake: nil
|
||||
print( peer:info() )
|
||||
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
print("---")
|
||||
local info = peer:info()
|
||||
for k, v in pairs(info) do
|
||||
print(k, v)
|
||||
end
|
||||
|
||||
print("---")
|
||||
print("-> Compression", peer:info("compression"))
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
@ -1,7 +1,7 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("ssl")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local pass = "foobar"
|
||||
local cfg = {
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
while true do
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
while true do
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
|
40
samples/luaossl/client.lua
Normal file
40
samples/luaossl/client.lua
Normal file
@ -0,0 +1,40 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local pkey = require "openssl.pkey"
|
||||
local ssl_context = require "openssl.ssl.context"
|
||||
local x509 = require "openssl.x509"
|
||||
local x509_store = require "openssl.x509.store"
|
||||
|
||||
local function read_file(path)
|
||||
local file, err, errno = io.open(path, "rb")
|
||||
if not file then
|
||||
return nil, err, errno
|
||||
end
|
||||
local contents
|
||||
contents, err, errno = file:read "*a"
|
||||
file:close()
|
||||
return contents, err, errno
|
||||
end
|
||||
|
||||
local ctx = ssl_context.new("TLSv1_2", false)
|
||||
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
|
||||
ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
|
||||
local store = x509_store.new()
|
||||
store:add("../certs/rootA.pem")
|
||||
ctx:setStore(store)
|
||||
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
58
samples/luaossl/server.lua
Normal file
58
samples/luaossl/server.lua
Normal file
@ -0,0 +1,58 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local pkey = require "openssl.pkey"
|
||||
local ssl_context = require "openssl.ssl.context"
|
||||
local x509 = require "openssl.x509"
|
||||
local x509_store = require "openssl.x509.store"
|
||||
|
||||
local function read_file(path)
|
||||
local file, err, errno = io.open(path, "rb")
|
||||
if not file then
|
||||
return nil, err, errno
|
||||
end
|
||||
local contents
|
||||
contents, err, errno = file:read "*a"
|
||||
file:close()
|
||||
return contents, err, errno
|
||||
end
|
||||
|
||||
local ctx = ssl_context.new("TLSv1_2", true)
|
||||
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
|
||||
ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
|
||||
local store = x509_store.new()
|
||||
store:add("../certs/rootA.pem")
|
||||
ctx:setStore(store)
|
||||
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
|
||||
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
|
||||
-- Before handshake: nil
|
||||
print( peer:info() )
|
||||
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
print("---")
|
||||
local info = peer:info()
|
||||
for k, v in pairs(info) do
|
||||
print(k, v)
|
||||
end
|
||||
|
||||
print("---")
|
||||
print("-> Compression", peer:info("compression"))
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
|
35
samples/sni/client.lua
Normal file
35
samples/sni/client.lua
Normal file
@ -0,0 +1,35 @@
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = "peer",
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local conn = socket.tcp()
|
||||
conn:connect("127.0.0.1", 8888)
|
||||
|
||||
-- TLS/SSL initialization
|
||||
conn = ssl.wrap(conn, params)
|
||||
|
||||
-- Comment the lines to not send a name
|
||||
--conn:sni("servera.br")
|
||||
--conn:sni("serveraa.br")
|
||||
conn:sni("serverb.br")
|
||||
|
||||
assert(conn:dohandshake())
|
||||
--
|
||||
local cert = conn:getpeercertificate()
|
||||
for k, v in pairs(cert:subject()) do
|
||||
for i, j in pairs(v) do
|
||||
print(i, j)
|
||||
end
|
||||
end
|
||||
--
|
||||
print(conn:receive("*l"))
|
||||
conn:close()
|
52
samples/sni/server.lua
Normal file
52
samples/sni/server.lua
Normal file
@ -0,0 +1,52 @@
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params01 = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = "none",
|
||||
options = "all",
|
||||
ciphers = "ALL:!ADH:@STRENGTH",
|
||||
}
|
||||
|
||||
local params02 = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAAkey.pem",
|
||||
certificate = "../certs/serverAA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = "none",
|
||||
options = "all",
|
||||
ciphers = "ALL:!ADH:@STRENGTH",
|
||||
}
|
||||
|
||||
--
|
||||
local ctx01 = ssl.newcontext(params01)
|
||||
local ctx02 = ssl.newcontext(params02)
|
||||
|
||||
--
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
server:bind("127.0.0.1", 8888)
|
||||
server:listen()
|
||||
local conn = server:accept()
|
||||
--
|
||||
|
||||
-- Default context (when client does not send a name) is ctx01
|
||||
conn = ssl.wrap(conn, ctx01)
|
||||
|
||||
-- Configure the name map
|
||||
local sni_map = {
|
||||
["servera.br"] = ctx01,
|
||||
["serveraa.br"] = ctx02,
|
||||
}
|
||||
|
||||
conn:sni(sni_map, true)
|
||||
|
||||
assert(conn:dohandshake())
|
||||
--
|
||||
conn:send("one line\n")
|
||||
conn:close()
|
29
samples/verification/fail-string/client.lua
Normal file
29
samples/verification/fail-string/client.lua
Normal file
@ -0,0 +1,29 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/clientBkey.pem",
|
||||
certificate = "../../certs/clientB.pem",
|
||||
cafile = "../../certs/rootB.pem",
|
||||
verify = "none",
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
local err, msg = peer:getpeerverification()
|
||||
print(err, msg)
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
37
samples/verification/fail-string/server.lua
Normal file
37
samples/verification/fail-string/server.lua
Normal file
@ -0,0 +1,37 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/serverAkey.pem",
|
||||
certificate = "../../certs/serverA.pem",
|
||||
cafile = "../../certs/rootA.pem",
|
||||
verify = "none",
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
local err, msg = peer:getpeerverification()
|
||||
print(err, msg)
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
39
samples/verification/fail-table/client.lua
Normal file
39
samples/verification/fail-table/client.lua
Normal file
@ -0,0 +1,39 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/clientBkey.pem",
|
||||
certificate = "../../certs/clientB.pem",
|
||||
cafile = "../../certs/rootB.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
verifyext = "lsec_continue",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
local succ, errs = peer:getpeerverification()
|
||||
print(succ, errs)
|
||||
for i, err in pairs(errs) do
|
||||
for j, msg in ipairs(err) do
|
||||
print("depth = " .. i, "error = " .. msg)
|
||||
end
|
||||
end
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
43
samples/verification/fail-table/server.lua
Normal file
43
samples/verification/fail-table/server.lua
Normal file
@ -0,0 +1,43 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/serverAkey.pem",
|
||||
certificate = "../../certs/serverA.pem",
|
||||
cafile = "../../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
local succ, errs = peer:getpeerverification()
|
||||
print(succ, errs)
|
||||
for i, err in pairs(errs) do
|
||||
for j, msg in ipairs(err) do
|
||||
print("depth = " .. i, "error = " .. msg)
|
||||
end
|
||||
end
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
29
samples/verification/success/client.lua
Normal file
29
samples/verification/success/client.lua
Normal file
@ -0,0 +1,29 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/clientAkey.pem",
|
||||
certificate = "../../certs/clientA.pem",
|
||||
cafile = "../../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, params) )
|
||||
assert(peer:dohandshake())
|
||||
--]]
|
||||
|
||||
local err, msg = peer:getpeerverification()
|
||||
print(err, msg)
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
38
samples/verification/success/server.lua
Normal file
38
samples/verification/success/server.lua
Normal file
@ -0,0 +1,38 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "tlsv1",
|
||||
key = "../../certs/serverAkey.pem",
|
||||
certificate = "../../certs/serverA.pem",
|
||||
cafile = "../../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
-- [[ SSL context
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
--]]
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
-- [[ SSL wrapper
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
--]]
|
||||
|
||||
local err, msg = peer:getpeerverification()
|
||||
print(err, msg)
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
35
samples/verify/client.lua
Normal file
35
samples/verify/client.lua
Normal file
@ -0,0 +1,35 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/serverBkey.pem",
|
||||
certificate = "../certs/serverB.pem",
|
||||
cafile = "../certs/rootB.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
verifyext = {"lsec_continue", "lsec_ignore_purpose"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8888)
|
||||
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert(peer:dohandshake())
|
||||
|
||||
local succ, errs = peer:getpeerverification()
|
||||
print(succ, errs)
|
||||
for i, err in pairs(errs) do
|
||||
for j, msg in ipairs(err) do
|
||||
print("depth = " .. i, "error = " .. msg)
|
||||
end
|
||||
end
|
||||
|
||||
print(peer:receive("*l"))
|
||||
peer:close()
|
40
samples/verify/server.lua
Normal file
40
samples/verify/server.lua
Normal file
@ -0,0 +1,40 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
verifyext = {"lsec_continue", "lsec_ignore_purpose"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert( server:bind("127.0.0.1", 8888) )
|
||||
server:listen()
|
||||
|
||||
local peer = server:accept()
|
||||
|
||||
peer = assert( ssl.wrap(peer, ctx) )
|
||||
assert( peer:dohandshake() )
|
||||
|
||||
local succ, errs = peer:getpeerverification()
|
||||
print(succ, errs)
|
||||
for i, err in pairs(errs) do
|
||||
for j, msg in ipairs(err) do
|
||||
print("depth = " .. i, "error = " .. msg)
|
||||
end
|
||||
end
|
||||
|
||||
peer:send("oneshot test\n")
|
||||
peer:close()
|
@ -3,17 +3,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- Wait until socket is ready (for reading or writing)
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
|
@ -3,17 +3,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
-- [[ SSL context
|
||||
|
@ -1,17 +1,17 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "sslv3",
|
||||
protocol = "tlsv1_2",
|
||||
key = "../certs/clientAkey.pem",
|
||||
certificate = "../certs/clientA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
local function wait(peer, err)
|
||||
|
@ -1,19 +1,19 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
require("socket")
|
||||
require("ssl")
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "sslv3",
|
||||
protocol = "any",
|
||||
key = "../certs/serverAkey.pem",
|
||||
certificate = "../certs/serverA.pem",
|
||||
cafile = "../certs/rootA.pem",
|
||||
verify = {"peer", "fail_if_no_peer_cert"},
|
||||
options = {"all", "no_sslv2"},
|
||||
options = "all",
|
||||
}
|
||||
|
||||
|
||||
|
61
src/Makefile
61
src/Makefile
@ -2,60 +2,65 @@ CMOD=ssl.so
|
||||
LMOD=ssl.lua
|
||||
|
||||
OBJS= \
|
||||
timeout.o \
|
||||
buffer.o \
|
||||
io.o \
|
||||
usocket.o \
|
||||
options.o \
|
||||
x509.o \
|
||||
context.o \
|
||||
ssl.o
|
||||
ssl.o \
|
||||
config.o \
|
||||
ec.o
|
||||
|
||||
LIBS=-lssl -lcrypto
|
||||
LIBS=-lssl -lcrypto -lluasocket
|
||||
|
||||
WARN=-Wall -pedantic
|
||||
|
||||
BSD_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
|
||||
BSD_LDFLAGS=-O -shared -fpic $(LIBDIR)
|
||||
BSD_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
|
||||
BSD_LDFLAGS=-O -fPIC -shared $(LIBDIR)
|
||||
|
||||
LNX_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
|
||||
LNX_LDFLAGS=-O -shared -fpic $(LIBDIR)
|
||||
LNX_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
|
||||
LNX_LDFLAGS=-O -fPIC -shared $(LIBDIR)
|
||||
|
||||
MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
|
||||
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
|
||||
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
|
||||
|
||||
CP=cp
|
||||
CC=gcc
|
||||
LD=$(MYENV) gcc
|
||||
CFLAGS=$(MYCFLAGS)
|
||||
LDFLAGS=$(MYLDFLAGS)
|
||||
INSTALL = install
|
||||
CC ?= cc
|
||||
LD ?= $(MYENV) cc
|
||||
CFLAGS += $(MYCFLAGS)
|
||||
LDFLAGS += $(MYLDFLAGS)
|
||||
|
||||
.PHONY: all clean install none linux bsd macosx
|
||||
.PHONY: all clean install none linux bsd macosx luasocket
|
||||
|
||||
all:
|
||||
|
||||
install: $(CMOD) $(LMOD)
|
||||
$(CP) $(CMOD) $(CPATH)
|
||||
$(CP) $(LMOD) $(LUAPATH)
|
||||
$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
|
||||
$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
|
||||
$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
|
||||
$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
|
||||
|
||||
linux:
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
|
||||
|
||||
bsd:
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)" EXTRA="$(EXTRA)"
|
||||
|
||||
macosx:
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
|
||||
@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)" EXTRA="$(EXTRA)"
|
||||
|
||||
luasocket:
|
||||
@cd luasocket && $(MAKE)
|
||||
|
||||
$(CMOD): $(OBJS)
|
||||
$(CMOD): $(EXTRA) $(OBJS)
|
||||
$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
|
||||
|
||||
clean:
|
||||
cd luasocket && $(MAKE) clean
|
||||
rm -f $(OBJS) $(CMOD)
|
||||
|
||||
buffer.o: buffer.c buffer.h io.h timeout.h
|
||||
io.o: io.c io.h timeout.h
|
||||
timeout.o: timeout.c timeout.h
|
||||
usocket.o: usocket.c socket.h io.h timeout.h usocket.h
|
||||
context.o: context.c context.h
|
||||
ssl.o: ssl.c socket.h io.h timeout.h usocket.h buffer.h context.h context.c
|
||||
options.o: options.h options.c
|
||||
ec.o: ec.c ec.h
|
||||
x509.o: x509.c x509.h compat.h
|
||||
context.o: context.c context.h ec.h compat.h
|
||||
ssl.o: ssl.c ssl.h context.h x509.h compat.h
|
||||
config.o: config.c ec.h options.h compat.h
|
||||
|
31
src/compat.h
Normal file
31
src/compat.h
Normal file
@ -0,0 +1,31 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#ifndef LSEC_COMPAT_H
|
||||
#define LSEC_COMPAT_H
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define LSEC_API __declspec(dllexport)
|
||||
#else
|
||||
#define LSEC_API extern
|
||||
#endif
|
||||
|
||||
#if (LUA_VERSION_NUM == 501)
|
||||
|
||||
#define luaL_testudata(L, ud, tname) lsec_testudata(L, ud, tname)
|
||||
#define setfuncs(L, R) luaL_register(L, NULL, R)
|
||||
#define lua_rawlen(L, i) lua_objlen(L, i)
|
||||
|
||||
#ifndef luaL_newlib
|
||||
#define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
|
||||
#endif
|
||||
|
||||
#else
|
||||
#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
|
||||
#endif
|
||||
|
||||
#endif
|
88
src/config.c
Normal file
88
src/config.c
Normal file
@ -0,0 +1,88 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include "compat.h"
|
||||
#include "options.h"
|
||||
#include "ec.h"
|
||||
|
||||
/**
|
||||
* Registre the module.
|
||||
*/
|
||||
LSEC_API int luaopen_ssl_config(lua_State *L)
|
||||
{
|
||||
lsec_ssl_option_t *opt;
|
||||
|
||||
lua_newtable(L);
|
||||
|
||||
// Options
|
||||
lua_pushstring(L, "options");
|
||||
lua_newtable(L);
|
||||
for (opt = lsec_get_ssl_options(); opt->name; opt++) {
|
||||
lua_pushstring(L, opt->name);
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
}
|
||||
lua_rawset(L, -3);
|
||||
|
||||
// Protocols
|
||||
lua_pushstring(L, "protocols");
|
||||
lua_newtable(L);
|
||||
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
lua_pushstring(L, "sslv3");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
lua_pushstring(L, "tlsv1");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
|
||||
lua_pushstring(L, "tlsv1_1");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
lua_pushstring(L, "tlsv1_2");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
lua_rawset(L, -3);
|
||||
|
||||
// Algorithms
|
||||
lua_pushstring(L, "algorithms");
|
||||
lua_newtable(L);
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
lua_pushstring(L, "ec");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
lua_rawset(L, -3);
|
||||
|
||||
// Curves
|
||||
lua_pushstring(L, "curves");
|
||||
lsec_get_curves(L);
|
||||
lua_rawset(L, -3);
|
||||
|
||||
// Capabilities
|
||||
lua_pushstring(L, "capabilities");
|
||||
lua_newtable(L);
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
|
||||
lua_pushstring(L, "curves_list");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#ifdef SSL_CTRL_SET_ECDH_AUTO
|
||||
lua_pushstring(L, "ecdh_auto");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
lua_rawset(L, -3);
|
||||
|
||||
return 1;
|
||||
}
|
559
src/context.c
559
src/context.c
@ -1,59 +1,39 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.3
|
||||
* Copyright (C) 2006-2008 Bruno Silvestre
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Matthew Wild.
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(WIN32)
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
|
||||
#include "context.h"
|
||||
#include "options.h"
|
||||
|
||||
struct ssl_option_s {
|
||||
const char *name;
|
||||
unsigned long code;
|
||||
};
|
||||
typedef struct ssl_option_s ssl_option_t;
|
||||
|
||||
|
||||
static ssl_option_t ssl_options[] = {
|
||||
/* OpenSSL 0.9.7 and 0.9.8 */
|
||||
{"all", SSL_OP_ALL},
|
||||
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
|
||||
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
|
||||
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
|
||||
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
|
||||
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
|
||||
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
|
||||
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
|
||||
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
|
||||
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
|
||||
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
|
||||
{"no_session_resumption_on_renegotiation",
|
||||
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
|
||||
{"no_sslv2", SSL_OP_NO_SSLv2},
|
||||
{"no_sslv3", SSL_OP_NO_SSLv3},
|
||||
{"no_tlsv1", SSL_OP_NO_TLSv1},
|
||||
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
|
||||
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
|
||||
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
|
||||
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
|
||||
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
|
||||
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
|
||||
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
|
||||
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
|
||||
/* OpenSSL 0.9.8 only */
|
||||
#if OPENSSL_VERSION_NUMBER > 0x00908000L
|
||||
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
|
||||
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
|
||||
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#include <openssl/ec.h>
|
||||
#include "ec.h"
|
||||
#endif
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
|
||||
typedef const SSL_METHOD LSEC_SSL_METHOD;
|
||||
#else
|
||||
typedef SSL_METHOD LSEC_SSL_METHOD;
|
||||
#endif
|
||||
{NULL, 0L}
|
||||
};
|
||||
|
||||
/*--------------------------- Auxiliary Functions ----------------------------*/
|
||||
|
||||
@ -65,13 +45,18 @@ static p_context checkctx(lua_State *L, int idx)
|
||||
return (p_context)luaL_checkudata(L, idx, "SSL:Context");
|
||||
}
|
||||
|
||||
static p_context testctx(lua_State *L, int idx)
|
||||
{
|
||||
return (p_context)luaL_testudata(L, idx, "SSL:Context");
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepare the SSL options flag.
|
||||
*/
|
||||
static int set_option_flag(const char *opt, unsigned long *flag)
|
||||
{
|
||||
ssl_option_t *p;
|
||||
for (p = ssl_options; p->name; p++) {
|
||||
lsec_ssl_option_t *p;
|
||||
for (p = lsec_get_ssl_options(); p->name; p++) {
|
||||
if (!strcmp(opt, p->name)) {
|
||||
*flag |= p->code;
|
||||
return 1;
|
||||
@ -83,11 +68,18 @@ static int set_option_flag(const char *opt, unsigned long *flag)
|
||||
/**
|
||||
* Find the protocol.
|
||||
*/
|
||||
static SSL_METHOD* str2method(const char *method)
|
||||
static LSEC_SSL_METHOD* str2method(const char *method)
|
||||
{
|
||||
if (!strcmp(method, "sslv3")) return SSLv3_method();
|
||||
if (!strcmp(method, "tlsv1")) return TLSv1_method();
|
||||
if (!strcmp(method, "sslv23")) return SSLv23_method();
|
||||
if (!strcmp(method, "any")) return SSLv23_method();
|
||||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
if (!strcmp(method, "sslv3")) return SSLv3_method();
|
||||
#endif
|
||||
if (!strcmp(method, "tlsv1")) return TLSv1_method();
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
|
||||
if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
|
||||
if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
|
||||
#endif
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -125,17 +117,167 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
|
||||
case LUA_TFUNCTION:
|
||||
lua_pushvalue(L, 3);
|
||||
lua_call(L, 0, 1);
|
||||
if (lua_type(L, -1) != LUA_TSTRING)
|
||||
if (lua_type(L, -1) != LUA_TSTRING) {
|
||||
lua_pop(L, 1); /* Remove the result from the stack */
|
||||
return 0;
|
||||
}
|
||||
/* fallback */
|
||||
case LUA_TSTRING:
|
||||
strncpy(buf, lua_tostring(L, -1), size);
|
||||
lua_pop(L, 1); /* Remove the result from the stack */
|
||||
buf[size-1] = '\0';
|
||||
return (int)strlen(buf);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an error related to a depth certificate of the chain.
|
||||
*/
|
||||
static void add_cert_error(lua_State *L, SSL *ssl, int err, int depth)
|
||||
{
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl);
|
||||
lua_gettable(L, -2);
|
||||
if (lua_isnil(L, -1)) {
|
||||
lua_pop(L, 1);
|
||||
/* Create an error table for this connection */
|
||||
lua_newtable(L);
|
||||
lua_pushlightuserdata(L, (void*)ssl);
|
||||
lua_pushvalue(L, -2); /* keep the table on stack */
|
||||
lua_settable(L, -4);
|
||||
}
|
||||
lua_rawgeti(L, -1, depth+1);
|
||||
/* If the table doesn't exist, create it */
|
||||
if (lua_isnil(L, -1)) {
|
||||
lua_pop(L, 1); /* remove 'nil' from stack */
|
||||
lua_newtable(L);
|
||||
lua_pushvalue(L, -1); /* keep the table on stack */
|
||||
lua_rawseti(L, -3, depth+1);
|
||||
}
|
||||
lua_pushstring(L, X509_verify_cert_error_string(err));
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
|
||||
/* Clear the stack */
|
||||
lua_pop(L, 3);
|
||||
}
|
||||
|
||||
/**
|
||||
* Call Lua user function to get the DH key.
|
||||
*/
|
||||
static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
|
||||
{
|
||||
BIO *bio;
|
||||
lua_State *L;
|
||||
DH *dh_tmp = NULL;
|
||||
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
|
||||
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||
|
||||
L = pctx->L;
|
||||
|
||||
/* Get the callback */
|
||||
luaL_getmetatable(L, "SSL:DH:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_gettable(L, -2);
|
||||
|
||||
/* Invoke the callback */
|
||||
lua_pushboolean(L, is_export);
|
||||
lua_pushnumber(L, keylength);
|
||||
lua_call(L, 2, 1);
|
||||
|
||||
/* Load parameters from returned value */
|
||||
if (lua_type(L, -1) != LUA_TSTRING) {
|
||||
lua_pop(L, 2); /* Remove values from stack */
|
||||
return NULL;
|
||||
}
|
||||
bio = BIO_new_mem_buf((void*)lua_tostring(L, -1),
|
||||
lua_rawlen(L, -1));
|
||||
if (bio) {
|
||||
dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||
BIO_free(bio);
|
||||
}
|
||||
|
||||
/*
|
||||
* OpenSSL exepcts the callback to maintain a reference to the DH*. So,
|
||||
* cache it here, and clean up the previous set of parameters. Any remaining
|
||||
* set is cleaned up when destroying the LuaSec context.
|
||||
*/
|
||||
if (pctx->dh_param)
|
||||
DH_free(pctx->dh_param);
|
||||
pctx->dh_param = dh_tmp;
|
||||
|
||||
lua_pop(L, 2); /* Remove values from stack */
|
||||
return dh_tmp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the "ignore purpose" before to start verifing the certificate chain.
|
||||
*/
|
||||
static int cert_verify_cb(X509_STORE_CTX *x509_ctx, void *ptr)
|
||||
{
|
||||
int verify;
|
||||
lua_State *L;
|
||||
SSL_CTX *ctx = (SSL_CTX*)ptr;
|
||||
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||
|
||||
L = pctx->L;
|
||||
|
||||
/* Get verify flags */
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_gettable(L, -2);
|
||||
verify = (int)lua_tonumber(L, -1);
|
||||
|
||||
lua_pop(L, 2); /* Remove values from stack */
|
||||
|
||||
if (verify & LSEC_VERIFY_IGNORE_PURPOSE) {
|
||||
/* Set parameters to ignore the server purpose */
|
||||
X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(x509_ctx);
|
||||
if (param) {
|
||||
X509_VERIFY_PARAM_set_purpose(param, X509_PURPOSE_SSL_SERVER);
|
||||
X509_VERIFY_PARAM_set_trust(param, X509_TRUST_SSL_SERVER);
|
||||
}
|
||||
}
|
||||
/* Call OpenSSL standard verification function */
|
||||
return X509_verify_cert(x509_ctx);
|
||||
}
|
||||
|
||||
/**
|
||||
* This callback implements the "continue on error" flag and log the errors.
|
||||
*/
|
||||
static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
{
|
||||
int err;
|
||||
int verify;
|
||||
SSL *ssl;
|
||||
SSL_CTX *ctx;
|
||||
p_context pctx;
|
||||
lua_State *L;
|
||||
|
||||
/* Short-circuit optimization */
|
||||
if (preverify_ok)
|
||||
return 1;
|
||||
|
||||
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
|
||||
SSL_get_ex_data_X509_STORE_CTX_idx());
|
||||
ctx = SSL_get_SSL_CTX(ssl);
|
||||
pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||
L = pctx->L;
|
||||
|
||||
/* Get verify flags */
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_gettable(L, -2);
|
||||
verify = (int)lua_tonumber(L, -1);
|
||||
|
||||
lua_pop(L, 2); /* Remove values from stack */
|
||||
|
||||
err = X509_STORE_CTX_get_error(x509_ctx);
|
||||
if (err != X509_V_OK)
|
||||
add_cert_error(L, ssl, err, X509_STORE_CTX_get_error_depth(x509_ctx));
|
||||
|
||||
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
|
||||
}
|
||||
|
||||
/*------------------------------ Lua Functions -------------------------------*/
|
||||
|
||||
/**
|
||||
@ -144,12 +286,14 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
|
||||
static int create(lua_State *L)
|
||||
{
|
||||
p_context ctx;
|
||||
SSL_METHOD *method;
|
||||
const char *str_method;
|
||||
LSEC_SSL_METHOD *method;
|
||||
|
||||
method = str2method(luaL_checkstring(L, 1));
|
||||
str_method = luaL_checkstring(L, 1);
|
||||
method = str2method(str_method);
|
||||
if (!method) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "invalid protocol");
|
||||
lua_pushfstring(L, "invalid protocol (%s)", str_method);
|
||||
return 2;
|
||||
}
|
||||
ctx = (p_context) lua_newuserdata(L, sizeof(t_context));
|
||||
@ -157,18 +301,25 @@ static int create(lua_State *L)
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "error creating context");
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
memset(ctx, 0, sizeof(t_context));
|
||||
ctx->context = SSL_CTX_new(method);
|
||||
if (!ctx->context) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "error creating context");
|
||||
lua_pushfstring(L, "error creating context (%s)",
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
ctx->mode = MD_CTX_INVALID;
|
||||
/* No session support */
|
||||
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
|
||||
ctx->mode = LSEC_MODE_INVALID;
|
||||
ctx->L = L;
|
||||
luaL_getmetatable(L, "SSL:Context");
|
||||
lua_setmetatable(L, -2);
|
||||
|
||||
/* No session support */
|
||||
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
|
||||
/* Link LuaSec context with the OpenSSL context */
|
||||
SSL_CTX_set_app_data(ctx->context, ctx);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -177,7 +328,7 @@ static int create(lua_State *L)
|
||||
*/
|
||||
static int load_locations(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *cafile = luaL_optstring(L, 2, NULL);
|
||||
const char *capath = luaL_optstring(L, 3, NULL);
|
||||
if (SSL_CTX_load_verify_locations(ctx, cafile, capath) != 1) {
|
||||
@ -195,7 +346,7 @@ static int load_locations(lua_State *L)
|
||||
*/
|
||||
static int load_cert(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *filename = luaL_checkstring(L, 2);
|
||||
if (SSL_CTX_use_certificate_chain_file(ctx, filename) != 1) {
|
||||
lua_pushboolean(L, 0);
|
||||
@ -213,7 +364,7 @@ static int load_cert(lua_State *L)
|
||||
static int load_key(lua_State *L)
|
||||
{
|
||||
int ret = 1;
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *filename = luaL_checkstring(L, 2);
|
||||
switch (lua_type(L, 3)) {
|
||||
case LUA_TSTRING:
|
||||
@ -240,12 +391,23 @@ static int load_key(lua_State *L)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check that the certificate public key matches the private key
|
||||
*/
|
||||
|
||||
static int check_key(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the cipher list.
|
||||
*/
|
||||
static int set_cipher(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *list = luaL_checkstring(L, 2);
|
||||
if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
|
||||
lua_pushboolean(L, 0);
|
||||
@ -262,8 +424,8 @@ static int set_cipher(lua_State *L)
|
||||
*/
|
||||
static int set_depth(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
SSL_CTX_set_verify_depth(ctx, (int)luaL_checkinteger(L, 2));
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
@ -274,20 +436,19 @@ static int set_depth(lua_State *L)
|
||||
static int set_verify(lua_State *L)
|
||||
{
|
||||
int i;
|
||||
const char *str;
|
||||
int flag = 0;
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
int max = lua_gettop(L);
|
||||
/* any flag? */
|
||||
if (max > 1) {
|
||||
for (i = 2; i <= max; i++) {
|
||||
if (!set_verify_flag(luaL_checkstring(L, i), &flag)) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushstring(L, "invalid verify option");
|
||||
return 2;
|
||||
}
|
||||
for (i = 2; i <= max; i++) {
|
||||
str = luaL_checkstring(L, i);
|
||||
if (!set_verify_flag(str, &flag)) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushfstring(L, "invalid verify option (%s)", str);
|
||||
return 2;
|
||||
}
|
||||
SSL_CTX_set_verify(ctx, flag, NULL);
|
||||
}
|
||||
if (flag) SSL_CTX_set_verify(ctx, flag, NULL);
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
@ -298,15 +459,23 @@ static int set_verify(lua_State *L)
|
||||
static int set_options(lua_State *L)
|
||||
{
|
||||
int i;
|
||||
const char *str;
|
||||
unsigned long flag = 0L;
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
int max = lua_gettop(L);
|
||||
/* any option? */
|
||||
if (max > 1) {
|
||||
for (i = 2; i <= max; i++) {
|
||||
if (!set_option_flag(luaL_checkstring(L, i), &flag)) {
|
||||
str = luaL_checkstring(L, i);
|
||||
#if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
|
||||
/* Version 0.9.8 has a different way to disable compression */
|
||||
if (!strcmp(str, "no_compression"))
|
||||
ctx->comp_methods = NULL;
|
||||
else
|
||||
#endif
|
||||
if (!set_option_flag(str, &flag)) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushstring(L, "invalid option");
|
||||
lua_pushfstring(L, "invalid option (%s)", str);
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
@ -324,44 +493,123 @@ static int set_mode(lua_State *L)
|
||||
p_context ctx = checkctx(L, 1);
|
||||
const char *str = luaL_checkstring(L, 2);
|
||||
if (!strcmp("server", str)) {
|
||||
ctx->mode = MD_CTX_SERVER;
|
||||
ctx->mode = LSEC_MODE_SERVER;
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
if(!strcmp("client", str)) {
|
||||
ctx->mode = MD_CTX_CLIENT;
|
||||
if (!strcmp("client", str)) {
|
||||
ctx->mode = LSEC_MODE_CLIENT;
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushstring(L, "invalid mode");
|
||||
lua_pushfstring(L, "invalid mode (%s)", str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a pointer to SSL_CTX structure.
|
||||
* Configure DH parameters.
|
||||
*/
|
||||
static int raw_ctx(lua_State *L)
|
||||
static int set_dhparam(lua_State *L)
|
||||
{
|
||||
p_context ctx = checkctx(L, 1);
|
||||
lua_pushlightuserdata(L, (void*)ctx->context);
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
SSL_CTX_set_tmp_dh_callback(ctx, dhparam_cb);
|
||||
|
||||
/* Save callback */
|
||||
luaL_getmetatable(L, "SSL:DH:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_pushvalue(L, 2);
|
||||
lua_settable(L, -3);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
/**
|
||||
* Set elliptic curve.
|
||||
*/
|
||||
static int set_curve(lua_State *L)
|
||||
{
|
||||
long ret;
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *str = luaL_checkstring(L, 2);
|
||||
|
||||
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||
|
||||
EC_KEY *key = lsec_find_ec_key(L, str);
|
||||
|
||||
if (!key) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushfstring(L, "elliptic curve '%s' not supported", str);
|
||||
return 2;
|
||||
}
|
||||
|
||||
ret = SSL_CTX_set_tmp_ecdh(ctx, key);
|
||||
/* SSL_CTX_set_tmp_ecdh takes its own reference */
|
||||
EC_KEY_free(key);
|
||||
|
||||
if (!ret) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushfstring(L, "error setting elliptic curve (%s)",
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
|
||||
/**
|
||||
* Set elliptic curves list.
|
||||
*/
|
||||
static int set_curves_list(lua_State *L)
|
||||
{
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
const char *str = luaL_checkstring(L, 2);
|
||||
|
||||
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||
|
||||
if (SSL_CTX_set1_curves_list(ctx, str) != 1) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushfstring(L, "unknown elliptic curve in \"%s\"", str);
|
||||
return 2;
|
||||
}
|
||||
|
||||
#ifdef SSL_CTRL_SET_ECDH_AUTO
|
||||
SSL_CTX_set_ecdh_auto(ctx, 1);
|
||||
#endif
|
||||
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Package functions
|
||||
*/
|
||||
static luaL_Reg funcs[] = {
|
||||
{"create", create},
|
||||
{"locations", load_locations},
|
||||
{"loadcert", load_cert},
|
||||
{"loadkey", load_key},
|
||||
{"setcipher", set_cipher},
|
||||
{"setdepth", set_depth},
|
||||
{"setverify", set_verify},
|
||||
{"setoptions", set_options},
|
||||
{"setmode", set_mode},
|
||||
{"rawcontext", raw_ctx},
|
||||
{"create", create},
|
||||
{"locations", load_locations},
|
||||
{"loadcert", load_cert},
|
||||
{"loadkey", load_key},
|
||||
{"checkkey", check_key},
|
||||
{"setcipher", set_cipher},
|
||||
{"setdepth", set_depth},
|
||||
{"setdhparam", set_dhparam},
|
||||
{"setverify", set_verify},
|
||||
{"setoptions", set_options},
|
||||
{"setmode", set_mode},
|
||||
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
{"setcurve", set_curve},
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
|
||||
{"setcurveslist", set_curves_list},
|
||||
#endif
|
||||
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
@ -374,9 +622,24 @@ static int meth_destroy(lua_State *L)
|
||||
{
|
||||
p_context ctx = checkctx(L, 1);
|
||||
if (ctx->context) {
|
||||
/* Clear registries */
|
||||
luaL_getmetatable(L, "SSL:DH:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx->context);
|
||||
lua_pushnil(L);
|
||||
lua_settable(L, -3);
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx->context);
|
||||
lua_pushnil(L);
|
||||
lua_settable(L, -3);
|
||||
|
||||
SSL_CTX_free(ctx->context);
|
||||
ctx->context = NULL;
|
||||
}
|
||||
if (ctx->dh_param) {
|
||||
DH_free(ctx->dh_param);
|
||||
ctx->dh_param = NULL;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -390,6 +653,60 @@ static int meth_tostring(lua_State *L)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set extra flags for handshake verification.
|
||||
*/
|
||||
static int meth_set_verify_ext(lua_State *L)
|
||||
{
|
||||
int i;
|
||||
const char *str;
|
||||
int crl_flag = 0;
|
||||
int lsec_flag = 0;
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
int max = lua_gettop(L);
|
||||
for (i = 2; i <= max; i++) {
|
||||
str = luaL_checkstring(L, i);
|
||||
if (!strcmp(str, "lsec_continue")) {
|
||||
lsec_flag |= LSEC_VERIFY_CONTINUE;
|
||||
} else if (!strcmp(str, "lsec_ignore_purpose")) {
|
||||
lsec_flag |= LSEC_VERIFY_IGNORE_PURPOSE;
|
||||
} else if (!strcmp(str, "crl_check")) {
|
||||
crl_flag |= X509_V_FLAG_CRL_CHECK;
|
||||
} else if (!strcmp(str, "crl_check_chain")) {
|
||||
crl_flag |= X509_V_FLAG_CRL_CHECK_ALL;
|
||||
} else {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushfstring(L, "invalid verify option (%s)", str);
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
/* Set callback? */
|
||||
if (lsec_flag) {
|
||||
SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), verify_cb);
|
||||
SSL_CTX_set_cert_verify_callback(ctx, cert_verify_cb, (void*)ctx);
|
||||
/* Save flag */
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_pushnumber(L, lsec_flag);
|
||||
lua_settable(L, -3);
|
||||
} else {
|
||||
SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), NULL);
|
||||
SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
|
||||
/* Remove flag */
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ctx);
|
||||
lua_pushnil(L);
|
||||
lua_settable(L, -3);
|
||||
}
|
||||
|
||||
/* X509 flag */
|
||||
X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), crl_flag);
|
||||
|
||||
/* Ok */
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Context metamethods.
|
||||
*/
|
||||
@ -399,36 +716,80 @@ static luaL_Reg meta[] = {
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* Index metamethods.
|
||||
*/
|
||||
static luaL_Reg meta_index[] = {
|
||||
{"setverifyext", meth_set_verify_ext},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
|
||||
/*----------------------------- Public Functions ---------------------------*/
|
||||
|
||||
/**
|
||||
* Retrieve the SSL context from the Lua stack.
|
||||
*/
|
||||
SSL_CTX* ctx_getcontext(lua_State *L, int idx)
|
||||
SSL_CTX* lsec_checkcontext(lua_State *L, int idx)
|
||||
{
|
||||
p_context ctx = checkctx(L, idx);
|
||||
return ctx->context;
|
||||
}
|
||||
|
||||
SSL_CTX* lsec_testcontext(lua_State *L, int idx)
|
||||
{
|
||||
p_context ctx = testctx(L, idx);
|
||||
return (ctx) ? ctx->context : NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the mode from the context in the Lua stack.
|
||||
*/
|
||||
char ctx_getmode(lua_State *L, int idx)
|
||||
int lsec_getmode(lua_State *L, int idx)
|
||||
{
|
||||
p_context ctx = checkctx(L, idx);
|
||||
return ctx->mode;
|
||||
}
|
||||
|
||||
/*-- Compat - Lua 5.1 --*/
|
||||
#if (LUA_VERSION_NUM == 501)
|
||||
|
||||
void *lsec_testudata (lua_State *L, int ud, const char *tname) {
|
||||
void *p = lua_touserdata(L, ud);
|
||||
if (p != NULL) { /* value is a userdata? */
|
||||
if (lua_getmetatable(L, ud)) { /* does it have a metatable? */
|
||||
luaL_getmetatable(L, tname); /* get correct metatable */
|
||||
if (!lua_rawequal(L, -1, -2)) /* not the same? */
|
||||
p = NULL; /* value is a userdata with wrong metatable */
|
||||
lua_pop(L, 2); /* remove both metatables */
|
||||
return p;
|
||||
}
|
||||
}
|
||||
return NULL; /* value is not a userdata with a metatable */
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/*------------------------------ Initialization ------------------------------*/
|
||||
|
||||
/**
|
||||
* Registre the module.
|
||||
*/
|
||||
int luaopen_ssl_context(lua_State *L)
|
||||
LSEC_API int luaopen_ssl_context(lua_State *L)
|
||||
{
|
||||
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
|
||||
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
|
||||
luaL_newmetatable(L, "SSL:Context");
|
||||
luaL_register(L, NULL, meta);
|
||||
luaL_register(L, "ssl.context", funcs);
|
||||
setfuncs(L, meta);
|
||||
|
||||
/* Create __index metamethods for context */
|
||||
luaL_newlib(L, meta_index);
|
||||
lua_setfield(L, -2, "__index");
|
||||
|
||||
lsec_load_curves(L);
|
||||
|
||||
/* Return the module */
|
||||
luaL_newlib(L, funcs);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -1,35 +1,46 @@
|
||||
#ifndef __CONTEXT_H__
|
||||
#define __CONTEXT_H__
|
||||
#ifndef LSEC_CONTEXT_H
|
||||
#define LSEC_CONTEXT_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.3
|
||||
* Copyright (C) 2006-2008 Bruno Silvestre
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <lua.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#ifndef LUASEC_API
|
||||
#define LUASEC_API extern
|
||||
#endif
|
||||
#include "compat.h"
|
||||
|
||||
#define MD_CTX_INVALID 0
|
||||
#define MD_CTX_SERVER 1
|
||||
#define MD_CTX_CLIENT 2
|
||||
#define LSEC_MODE_INVALID 0
|
||||
#define LSEC_MODE_SERVER 1
|
||||
#define LSEC_MODE_CLIENT 2
|
||||
|
||||
#define LSEC_VERIFY_CONTINUE 1
|
||||
#define LSEC_VERIFY_IGNORE_PURPOSE 2
|
||||
|
||||
typedef struct t_context_ {
|
||||
SSL_CTX *context;
|
||||
char mode;
|
||||
lua_State *L;
|
||||
DH *dh_param;
|
||||
int mode;
|
||||
} t_context;
|
||||
typedef t_context* p_context;
|
||||
|
||||
/* Retrieve the SSL context from the Lua stack */
|
||||
SSL_CTX *ctx_getcontext(lua_State *L, int idx);
|
||||
SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
|
||||
SSL_CTX *lsec_testcontext(lua_State *L, int idx);
|
||||
|
||||
/* Retrieve the mode from the context in the Lua stack */
|
||||
char ctx_getmode(lua_State *L, int idx);
|
||||
int lsec_getmode(lua_State *L, int idx);
|
||||
|
||||
/* Registre the module. */
|
||||
LUASEC_API int luaopen_ssl_context(lua_State *L);
|
||||
LSEC_API int luaopen_ssl_context(lua_State *L);
|
||||
|
||||
/* Compat - Lua 5.1 */
|
||||
#if (LUA_VERSION_NUM == 501)
|
||||
void *lsec_testudata (lua_State *L, int ud, const char *tname);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
110
src/ec.c
Normal file
110
src/ec.c
Normal file
@ -0,0 +1,110 @@
|
||||
#include <openssl/objects.h>
|
||||
|
||||
#include "ec.h"
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
|
||||
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
|
||||
{
|
||||
int nid;
|
||||
lua_pushstring(L, "SSL:EC:CURVES");
|
||||
lua_rawget(L, LUA_REGISTRYINDEX);
|
||||
lua_pushstring(L, str);
|
||||
lua_rawget(L, -2);
|
||||
|
||||
if (!lua_isnumber(L, -1))
|
||||
return NULL;
|
||||
|
||||
nid = (int)lua_tonumber(L, -1);
|
||||
return EC_KEY_new_by_curve_name(nid);
|
||||
}
|
||||
|
||||
void lsec_load_curves(lua_State *L)
|
||||
{
|
||||
size_t i;
|
||||
size_t size;
|
||||
const char *name;
|
||||
EC_builtin_curve *curves = NULL;
|
||||
|
||||
lua_pushstring(L, "SSL:EC:CURVES");
|
||||
lua_newtable(L);
|
||||
|
||||
size = EC_get_builtin_curves(NULL, 0);
|
||||
if (size > 0) {
|
||||
curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
|
||||
EC_get_builtin_curves(curves, size);
|
||||
for (i = 0; i < size; i++) {
|
||||
name = OBJ_nid2sn(curves[i].nid);
|
||||
if (name != NULL) {
|
||||
lua_pushstring(L, name);
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
}
|
||||
switch (curves[i].nid) {
|
||||
case NID_X9_62_prime256v1:
|
||||
lua_pushstring(L, "P-256");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
case NID_secp384r1:
|
||||
lua_pushstring(L, "P-384");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
case NID_secp521r1:
|
||||
lua_pushstring(L, "P-521");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#ifdef NID_X25519
|
||||
case NID_X25519:
|
||||
lua_pushstring(L, "X25519");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#endif
|
||||
#ifdef NID_X448
|
||||
case NID_X448:
|
||||
lua_pushstring(L, "X448");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
free(curves);
|
||||
}
|
||||
|
||||
lua_rawset(L, LUA_REGISTRYINDEX);
|
||||
}
|
||||
|
||||
void lsec_get_curves(lua_State *L)
|
||||
{
|
||||
lua_newtable(L);
|
||||
|
||||
lua_pushstring(L, "SSL:EC:CURVES");
|
||||
lua_rawget(L, LUA_REGISTRYINDEX);
|
||||
|
||||
lua_pushnil(L);
|
||||
while (lua_next(L, -2) != 0) {
|
||||
lua_pop(L, 1);
|
||||
lua_pushvalue(L, -1);
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -5);
|
||||
}
|
||||
lua_pop(L, 1);
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
void lsec_load_curves(lua_State *L)
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
void lsec_get_curves(lua_State *L)
|
||||
{
|
||||
lua_newtable(L);
|
||||
}
|
||||
|
||||
#endif
|
22
src/ec.h
Normal file
22
src/ec.h
Normal file
@ -0,0 +1,22 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#ifndef LSEC_EC_H
|
||||
#define LSEC_EC_H
|
||||
|
||||
#include <lua.h>
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
#include <openssl/ec.h>
|
||||
|
||||
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
|
||||
#endif
|
||||
|
||||
void lsec_get_curves(lua_State *L);
|
||||
void lsec_load_curves(lua_State *L);
|
||||
|
||||
#endif
|
143
src/https.lua
Normal file
143
src/https.lua
Normal file
@ -0,0 +1,143 @@
|
||||
----------------------------------------------------------------------------
|
||||
-- LuaSec 0.7.2
|
||||
-- Copyright (C) 2009-2019 PUC-Rio
|
||||
--
|
||||
-- Author: Pablo Musa
|
||||
-- Author: Tomas Guisasola
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
local ltn12 = require("ltn12")
|
||||
local http = require("socket.http")
|
||||
local url = require("socket.url")
|
||||
|
||||
local try = socket.try
|
||||
|
||||
--
|
||||
-- Module
|
||||
--
|
||||
local _M = {
|
||||
_VERSION = "0.7.2",
|
||||
_COPYRIGHT = "LuaSec 0.7.2 - Copyright (C) 2009-2019 PUC-Rio",
|
||||
PORT = 443,
|
||||
}
|
||||
|
||||
-- TLS configuration
|
||||
local cfg = {
|
||||
protocol = "any",
|
||||
options = {"all", "no_sslv2", "no_sslv3"},
|
||||
verify = "none",
|
||||
}
|
||||
|
||||
--------------------------------------------------------------------
|
||||
-- Auxiliar Functions
|
||||
--------------------------------------------------------------------
|
||||
|
||||
-- Insert default HTTPS port.
|
||||
local function default_https_port(u)
|
||||
return url.build(url.parse(u, {port = _M.PORT}))
|
||||
end
|
||||
|
||||
-- Convert an URL to a table according to Luasocket needs.
|
||||
local function urlstring_totable(url, body, result_table)
|
||||
url = {
|
||||
url = default_https_port(url),
|
||||
method = body and "POST" or "GET",
|
||||
sink = ltn12.sink.table(result_table)
|
||||
}
|
||||
if body then
|
||||
url.source = ltn12.source.string(body)
|
||||
url.headers = {
|
||||
["content-length"] = #body,
|
||||
["content-type"] = "application/x-www-form-urlencoded",
|
||||
}
|
||||
end
|
||||
return url
|
||||
end
|
||||
|
||||
-- Forward calls to the real connection object.
|
||||
local function reg(conn)
|
||||
local mt = getmetatable(conn.sock).__index
|
||||
for name, method in pairs(mt) do
|
||||
if type(method) == "function" then
|
||||
conn[name] = function (self, ...)
|
||||
return method(self.sock, ...)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
-- Return a function which performs the SSL/TLS connection.
|
||||
local function tcp(params)
|
||||
params = params or {}
|
||||
-- Default settings
|
||||
for k, v in pairs(cfg) do
|
||||
params[k] = params[k] or v
|
||||
end
|
||||
-- Force client mode
|
||||
params.mode = "client"
|
||||
-- 'create' function for LuaSocket
|
||||
return function ()
|
||||
local conn = {}
|
||||
conn.sock = try(socket.tcp())
|
||||
local st = getmetatable(conn.sock).__index.settimeout
|
||||
function conn:settimeout(...)
|
||||
return st(self.sock, ...)
|
||||
end
|
||||
-- Replace TCP's connection function
|
||||
function conn:connect(host, port)
|
||||
try(self.sock:connect(host, port))
|
||||
self.sock = try(ssl.wrap(self.sock, params))
|
||||
self.sock:sni(host)
|
||||
try(self.sock:dohandshake())
|
||||
reg(self, getmetatable(self.sock))
|
||||
return 1
|
||||
end
|
||||
return conn
|
||||
end
|
||||
end
|
||||
|
||||
--------------------------------------------------------------------
|
||||
-- Main Function
|
||||
--------------------------------------------------------------------
|
||||
|
||||
-- Make a HTTP request over secure connection. This function receives
|
||||
-- the same parameters of LuaSocket's HTTP module (except 'proxy' and
|
||||
-- 'redirect') plus LuaSec parameters.
|
||||
--
|
||||
-- @param url mandatory (string or table)
|
||||
-- @param body optional (string)
|
||||
-- @return (string if url == string or 1), code, headers, status
|
||||
--
|
||||
local function request(url, body)
|
||||
local result_table = {}
|
||||
local stringrequest = type(url) == "string"
|
||||
if stringrequest then
|
||||
url = urlstring_totable(url, body, result_table)
|
||||
else
|
||||
url.url = default_https_port(url.url)
|
||||
end
|
||||
if http.PROXY or url.proxy then
|
||||
return nil, "proxy not supported"
|
||||
elseif url.redirect then
|
||||
return nil, "redirect not supported"
|
||||
elseif url.create then
|
||||
return nil, "create function not permitted"
|
||||
end
|
||||
-- New 'create' function to establish a secure connection
|
||||
url.create = tcp(url)
|
||||
local res, code, headers, status = http.request(url)
|
||||
if res and stringrequest then
|
||||
return table.concat(result_table), code, headers, status
|
||||
end
|
||||
return res, code, headers, status
|
||||
end
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
-- Export module
|
||||
--
|
||||
|
||||
_M.request = request
|
||||
|
||||
return _M
|
21
src/luasocket/LICENSE
Normal file
21
src/luasocket/LICENSE
Normal file
@ -0,0 +1,21 @@
|
||||
LuaSocket 3.0-RC1 license
|
||||
Copyright (C) 2004-2013 Diego Nehab
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
26
src/luasocket/Makefile
Normal file
26
src/luasocket/Makefile
Normal file
@ -0,0 +1,26 @@
|
||||
OBJS= \
|
||||
io.o \
|
||||
buffer.o \
|
||||
timeout.o \
|
||||
usocket.o
|
||||
|
||||
CC ?= cc
|
||||
CFLAGS += $(MYCFLAGS) -DLUASOCKET_DEBUG
|
||||
AR ?= ar
|
||||
RANLIB ?= ranlib
|
||||
|
||||
.PHONY: all clean
|
||||
|
||||
all: libluasocket.a
|
||||
|
||||
libluasocket.a: $(OBJS)
|
||||
$(AR) rcu $@ $(OBJS)
|
||||
$(RANLIB) $@
|
||||
|
||||
clean:
|
||||
rm -f $(OBJS) libluasocket.a
|
||||
|
||||
buffer.o: buffer.c buffer.h io.h timeout.h
|
||||
io.o: io.c io.h timeout.h
|
||||
timeout.o: timeout.c timeout.h
|
||||
usocket.o: usocket.c socket.h io.h timeout.h usocket.h
|
@ -1,10 +1,6 @@
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Input/Output interface for Lua programs
|
||||
*
|
||||
* RCS ID: $Id: buffer.c,v 1.28 2007/06/11 23:44:54 diego Exp $
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
#include "lua.h"
|
||||
#include "lauxlib.h"
|
||||
@ -32,6 +28,14 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent);
|
||||
/*=========================================================================*\
|
||||
* Exported functions
|
||||
\*=========================================================================*/
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int buffer_open(lua_State *L) {
|
||||
(void) L;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes C structure
|
||||
\*-------------------------------------------------------------------------*/
|
||||
@ -39,6 +43,29 @@ void buffer_init(p_buffer buf, p_io io, p_timeout tm) {
|
||||
buf->first = buf->last = 0;
|
||||
buf->io = io;
|
||||
buf->tm = tm;
|
||||
buf->received = buf->sent = 0;
|
||||
buf->birthday = timeout_gettime();
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* object:getstats() interface
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int buffer_meth_getstats(lua_State *L, p_buffer buf) {
|
||||
lua_pushnumber(L, (lua_Number) buf->received);
|
||||
lua_pushnumber(L, (lua_Number) buf->sent);
|
||||
lua_pushnumber(L, timeout_gettime() - buf->birthday);
|
||||
return 3;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* object:setstats() interface
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int buffer_meth_setstats(lua_State *L, p_buffer buf) {
|
||||
buf->received = (long) luaL_optnumber(L, 2, (lua_Number) buf->received);
|
||||
buf->sent = (long) luaL_optnumber(L, 3, (lua_Number) buf->sent);
|
||||
if (lua_isnumber(L, 4)) buf->birthday = timeout_gettime() - lua_tonumber(L, 4);
|
||||
lua_pushnumber(L, 1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
@ -51,7 +78,9 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
|
||||
const char *data = luaL_checklstring(L, 2, &size);
|
||||
long start = (long) luaL_optnumber(L, 3, 1);
|
||||
long end = (long) luaL_optnumber(L, 4, -1);
|
||||
#ifdef LUASOCKET_DEBUG
|
||||
p_timeout tm = timeout_markstart(buf->tm);
|
||||
#endif
|
||||
if (start < 0) start = (long) (size+start+1);
|
||||
if (end < 0) end = (long) (size+end+1);
|
||||
if (start < 1) start = (long) 1;
|
||||
@ -61,13 +90,13 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
|
||||
if (err != IO_DONE) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, buf->io->error(buf->io->ctx, err));
|
||||
lua_pushnumber(L, sent+start-1);
|
||||
lua_pushnumber(L, (lua_Number) (sent+start-1));
|
||||
} else {
|
||||
lua_pushnumber(L, sent+start-1);
|
||||
lua_pushnumber(L, (lua_Number) (sent+start-1));
|
||||
lua_pushnil(L);
|
||||
lua_pushnil(L);
|
||||
}
|
||||
#ifdef BUFFER_DEBUG
|
||||
#ifdef LUASOCKET_DEBUG
|
||||
/* push time elapsed during operation as the last return value */
|
||||
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
|
||||
#endif
|
||||
@ -82,7 +111,9 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
|
||||
luaL_Buffer b;
|
||||
size_t size;
|
||||
const char *part = luaL_optlstring(L, 3, "", &size);
|
||||
#ifdef LUASOCKET_DEBUG
|
||||
p_timeout tm = timeout_markstart(buf->tm);
|
||||
#endif
|
||||
/* initialize buffer with optional extra prefix
|
||||
* (useful for concatenating previous partial results) */
|
||||
luaL_buffinit(L, &b);
|
||||
@ -93,12 +124,18 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
|
||||
if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b);
|
||||
else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b);
|
||||
else luaL_argcheck(L, 0, 2, "invalid receive pattern");
|
||||
/* get a fixed number of bytes (minus what was already partially
|
||||
* received) */
|
||||
} else err = recvraw(buf, (size_t) lua_tonumber(L, 2)-size, &b);
|
||||
/* get a fixed number of bytes (minus what was already partially
|
||||
* received) */
|
||||
} else {
|
||||
double n = lua_tonumber(L, 2);
|
||||
size_t wanted = (size_t) n;
|
||||
luaL_argcheck(L, n >= 0, 2, "invalid receive pattern");
|
||||
if (size == 0 || wanted > size)
|
||||
err = recvraw(buf, wanted-size, &b);
|
||||
}
|
||||
/* check if there was an error */
|
||||
if (err != IO_DONE) {
|
||||
/* we can't push anyting in the stack before pushing the
|
||||
/* we can't push anything in the stack before pushing the
|
||||
* contents of the buffer. this is the reason for the complication */
|
||||
luaL_pushresult(&b);
|
||||
lua_pushstring(L, buf->io->error(buf->io->ctx, err));
|
||||
@ -110,7 +147,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
|
||||
lua_pushnil(L);
|
||||
lua_pushnil(L);
|
||||
}
|
||||
#ifdef BUFFER_DEBUG
|
||||
#ifdef LUASOCKET_DEBUG
|
||||
/* push time elapsed during operation as the last return value */
|
||||
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
|
||||
#endif
|
||||
@ -137,12 +174,13 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent) {
|
||||
size_t total = 0;
|
||||
int err = IO_DONE;
|
||||
while (total < count && err == IO_DONE) {
|
||||
size_t done;
|
||||
size_t done = 0;
|
||||
size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE;
|
||||
err = io->send(io->ctx, data+total, step, &done, tm);
|
||||
total += done;
|
||||
}
|
||||
*sent = total;
|
||||
buf->sent += total;
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -195,7 +233,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
|
||||
pos = 0;
|
||||
while (pos < count && data[pos] != '\n') {
|
||||
/* we ignore all \r's */
|
||||
if (data[pos] != '\r') luaL_putchar(b, data[pos]);
|
||||
if (data[pos] != '\r') luaL_addchar(b, data[pos]);
|
||||
pos++;
|
||||
}
|
||||
if (pos < count) { /* found '\n' */
|
||||
@ -212,6 +250,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
|
||||
* transport layer
|
||||
\*-------------------------------------------------------------------------*/
|
||||
static void buffer_skip(p_buffer buf, size_t count) {
|
||||
buf->received += count;
|
||||
buf->first += count;
|
||||
if (buffer_isempty(buf))
|
||||
buf->first = buf->last = 0;
|
@ -1,10 +1,8 @@
|
||||
#ifndef BUF_H
|
||||
#define BUF_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Input/Output interface for Lua programs
|
||||
* LuaSocket toolkit
|
||||
*
|
||||
* Line patterns require buffering. Reading one character at a time involves
|
||||
* too many system calls and is very slow. This module implements the
|
||||
@ -16,11 +14,8 @@
|
||||
*
|
||||
* The module is built on top of the I/O abstraction defined in io.h and the
|
||||
* timeout management is done with the timeout.h interface.
|
||||
*
|
||||
*
|
||||
* RCS ID: $Id: buffer.h,v 1.12 2005/10/07 04:40:59 diego Exp $
|
||||
\*=========================================================================*/
|
||||
#include <lua.h>
|
||||
#include "lua.h"
|
||||
|
||||
#include "io.h"
|
||||
#include "timeout.h"
|
||||
@ -30,6 +25,8 @@
|
||||
|
||||
/* buffer control structure */
|
||||
typedef struct t_buffer_ {
|
||||
double birthday; /* throttle support info: creation time, */
|
||||
size_t sent, received; /* bytes sent, and bytes received */
|
||||
p_io io; /* IO driver used for this buffer */
|
||||
p_timeout tm; /* timeout management for this buffer */
|
||||
size_t first, last; /* index of first and last bytes of stored data */
|
||||
@ -37,9 +34,12 @@ typedef struct t_buffer_ {
|
||||
} t_buffer;
|
||||
typedef t_buffer *p_buffer;
|
||||
|
||||
int buffer_open(lua_State *L);
|
||||
void buffer_init(p_buffer buf, p_io io, p_timeout tm);
|
||||
int buffer_meth_send(lua_State *L, p_buffer buf);
|
||||
int buffer_meth_receive(lua_State *L, p_buffer buf);
|
||||
int buffer_meth_getstats(lua_State *L, p_buffer buf);
|
||||
int buffer_meth_setstats(lua_State *L, p_buffer buf);
|
||||
int buffer_isempty(p_buffer buf);
|
||||
|
||||
#endif /* BUF_H */
|
@ -1,10 +1,6 @@
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Input/Output abstraction
|
||||
*
|
||||
* RCS ID: $Id: io.c 2 2006-04-30 19:30:47Z brunoos $
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
#include "io.h"
|
||||
|
@ -1,10 +1,8 @@
|
||||
#ifndef IO_H
|
||||
#define IO_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Input/Output abstraction
|
||||
* LuaSocket toolkit
|
||||
*
|
||||
* This module defines the interface that LuaSocket expects from the
|
||||
* transport layer for streamed input/output. The idea is that if any
|
||||
@ -13,21 +11,18 @@
|
||||
*
|
||||
* The module socket.h implements this interface, and thus the module tcp.h
|
||||
* is very simple.
|
||||
*
|
||||
* RCS ID: $Id: io.h 6 2006-04-30 20:33:05Z brunoos $
|
||||
\*=========================================================================*/
|
||||
#include <stdio.h>
|
||||
#include <lua.h>
|
||||
#include "lua.h"
|
||||
|
||||
#include "timeout.h"
|
||||
|
||||
/* IO error codes */
|
||||
enum {
|
||||
IO_DONE = 0, /* operation completed successfully */
|
||||
IO_TIMEOUT = -1, /* operation timed out */
|
||||
IO_CLOSED = -2, /* the connection has been closed */
|
||||
IO_UNKNOWN = -3, /* Unknown error */
|
||||
IO_SSL = -4 /* SSL error */
|
||||
IO_DONE = 0, /* operation completed successfully */
|
||||
IO_TIMEOUT = -1, /* operation timed out */
|
||||
IO_CLOSED = -2, /* the connection has been closed */
|
||||
IO_UNKNOWN = -3
|
||||
};
|
||||
|
||||
/* interface to error message function */
|
||||
@ -48,7 +43,7 @@ typedef int (*p_send) (
|
||||
/* interface to recv function */
|
||||
typedef int (*p_recv) (
|
||||
void *ctx, /* context needed by recv */
|
||||
char *data, /* pointer to buffer where data will be writen */
|
||||
char *data, /* pointer to buffer where data will be written */
|
||||
size_t count, /* number of bytes to receive into buffer */
|
||||
size_t *got, /* number of bytes received uppon return */
|
||||
p_timeout tm /* timeout control */
|
@ -1,17 +1,13 @@
|
||||
#ifndef SOCKET_H
|
||||
#define SOCKET_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Socket compatibilization module
|
||||
* LuaSocket toolkit
|
||||
*
|
||||
* BSD Sockets and WinSock are similar, but there are a few irritating
|
||||
* differences. Also, not all *nix platforms behave the same. This module
|
||||
* (and the associated usocket.h and wsocket.h) factor these differences and
|
||||
* creates a interface compatible with the io.h module.
|
||||
*
|
||||
* RCS ID: $Id: socket.h 2 2006-04-30 19:30:47Z brunoos $
|
||||
\*=========================================================================*/
|
||||
#include "io.h"
|
||||
|
||||
@ -32,16 +28,51 @@
|
||||
\*=========================================================================*/
|
||||
#include "timeout.h"
|
||||
|
||||
/* we are lazy... */
|
||||
typedef struct sockaddr SA;
|
||||
|
||||
/*=========================================================================*\
|
||||
* Functions bellow implement a comfortable platform independent
|
||||
* Functions below implement a comfortable platform independent
|
||||
* interface to sockets
|
||||
\*=========================================================================*/
|
||||
int socket_open(void);
|
||||
int socket_close(void);
|
||||
void socket_destroy(p_socket ps);
|
||||
void socket_shutdown(p_socket ps, int how);
|
||||
int socket_sendto(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, SA *addr, socklen_t addr_len, p_timeout tm);
|
||||
int socket_recvfrom(p_socket ps, char *data, size_t count,
|
||||
size_t *got, SA *addr, socklen_t *addr_len, p_timeout tm);
|
||||
|
||||
void socket_setnonblocking(p_socket ps);
|
||||
void socket_setblocking(p_socket ps);
|
||||
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm);
|
||||
int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds,
|
||||
p_timeout tm);
|
||||
|
||||
int socket_connect(p_socket ps, SA *addr, socklen_t addr_len, p_timeout tm);
|
||||
int socket_create(p_socket ps, int domain, int type, int protocol);
|
||||
int socket_bind(p_socket ps, SA *addr, socklen_t addr_len);
|
||||
int socket_listen(p_socket ps, int backlog);
|
||||
int socket_accept(p_socket ps, p_socket pa, SA *addr,
|
||||
socklen_t *addr_len, p_timeout tm);
|
||||
|
||||
const char *socket_hoststrerror(int err);
|
||||
const char *socket_gaistrerror(int err);
|
||||
const char *socket_strerror(int err);
|
||||
|
||||
/* these are perfect to use with the io abstraction module
|
||||
and the buffered input module */
|
||||
int socket_send(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, p_timeout tm);
|
||||
int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
|
||||
int socket_write(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, p_timeout tm);
|
||||
int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
|
||||
const char *socket_ioerror(p_socket ps, int err);
|
||||
|
||||
int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp);
|
||||
int socket_gethostbyname(const char *addr, struct hostent **hp);
|
||||
|
||||
#endif /* SOCKET_H */
|
@ -1,12 +1,15 @@
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Timeout management functions
|
||||
*
|
||||
* RCS ID: $Id: timeout.c,v 1.30 2005/10/07 04:40:59 diego Exp $
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include <float.h>
|
||||
|
||||
#include "lua.h"
|
||||
#include "lauxlib.h"
|
||||
|
||||
#include "timeout.h"
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
@ -15,11 +18,6 @@
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
|
||||
#include "timeout.h"
|
||||
|
||||
/* min and max macros */
|
||||
#ifndef MIN
|
||||
#define MIN(x, y) ((x) < (y) ? x : y)
|
||||
@ -28,6 +26,18 @@
|
||||
#define MAX(x, y) ((x) > (y) ? x : y)
|
||||
#endif
|
||||
|
||||
/*=========================================================================*\
|
||||
* Internal function prototypes
|
||||
\*=========================================================================*/
|
||||
static int timeout_lua_gettime(lua_State *L);
|
||||
static int timeout_lua_sleep(lua_State *L);
|
||||
|
||||
static luaL_Reg func[] = {
|
||||
{ "gettime", timeout_lua_gettime },
|
||||
{ "sleep", timeout_lua_sleep },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
/*=========================================================================*\
|
||||
* Exported functions.
|
||||
\*=========================================================================*/
|
||||
@ -129,6 +139,18 @@ double timeout_gettime(void) {
|
||||
}
|
||||
#endif
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int timeout_open(lua_State *L) {
|
||||
#if LUA_VERSION_NUM > 501 && !defined(LUA_COMPAT_MODULE)
|
||||
luaL_setfuncs(L, func, 0);
|
||||
#else
|
||||
luaL_openlib(L, NULL, func, 0);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Sets timeout values for IO operations
|
||||
* Lua Input: base, time [, mode]
|
||||
@ -153,3 +175,46 @@ int timeout_meth_settimeout(lua_State *L, p_timeout tm) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*=========================================================================*\
|
||||
* Test support functions
|
||||
\*=========================================================================*/
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Returns the time the system has been up, in secconds.
|
||||
\*-------------------------------------------------------------------------*/
|
||||
static int timeout_lua_gettime(lua_State *L)
|
||||
{
|
||||
lua_pushnumber(L, timeout_gettime());
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Sleep for n seconds.
|
||||
\*-------------------------------------------------------------------------*/
|
||||
#ifdef _WIN32
|
||||
int timeout_lua_sleep(lua_State *L)
|
||||
{
|
||||
double n = luaL_checknumber(L, 1);
|
||||
if (n < 0.0) n = 0.0;
|
||||
if (n < DBL_MAX/1000.0) n *= 1000.0;
|
||||
if (n > INT_MAX) n = INT_MAX;
|
||||
Sleep((int)n);
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
int timeout_lua_sleep(lua_State *L)
|
||||
{
|
||||
double n = luaL_checknumber(L, 1);
|
||||
struct timespec t, r;
|
||||
if (n < 0.0) n = 0.0;
|
||||
if (n > INT_MAX) n = INT_MAX;
|
||||
t.tv_sec = (int) n;
|
||||
n -= t.tv_sec;
|
||||
t.tv_nsec = (int) (n * 1000000000);
|
||||
if (t.tv_nsec >= 1000000000) t.tv_nsec = 999999999;
|
||||
while (nanosleep(&t, &r) != 0) {
|
||||
t.tv_sec = r.tv_sec;
|
||||
t.tv_nsec = r.tv_nsec;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif
|
@ -1,19 +1,15 @@
|
||||
#ifndef TIMEOUT_H
|
||||
#define TIMEOUT_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Timeout management functions
|
||||
*
|
||||
* RCS ID: $Id: timeout.h 2 2006-04-30 19:30:47Z brunoos $
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
#include <lua.h>
|
||||
#include "lua.h"
|
||||
|
||||
/* timeout control structure */
|
||||
typedef struct t_timeout_ {
|
||||
double block; /* maximum time for blocking calls */
|
||||
double total; /* total number of miliseconds for operation */
|
||||
double total; /* total number of milliseconds for operation */
|
||||
double start; /* time of start of operation */
|
||||
} t_timeout;
|
||||
typedef t_timeout *p_timeout;
|
439
src/luasocket/usocket.c
Normal file
439
src/luasocket/usocket.c
Normal file
@ -0,0 +1,439 @@
|
||||
/*=========================================================================*\
|
||||
* Socket compatibilization module for Unix
|
||||
* LuaSocket toolkit
|
||||
*
|
||||
* The code is now interrupt-safe.
|
||||
* The penalty of calling select to avoid busy-wait is only paid when
|
||||
* the I/O call fail in the first place.
|
||||
\*=========================================================================*/
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "socket.h"
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Wait for readable/writable/connected socket with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
#ifndef SOCKET_SELECT
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
struct pollfd pfd;
|
||||
pfd.fd = *ps;
|
||||
pfd.events = sw;
|
||||
pfd.revents = 0;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
do {
|
||||
int t = (int)(timeout_getretry(tm)*1e3);
|
||||
ret = poll(&pfd, 1, t >= 0? t: -1);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
if (ret == -1) return errno;
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
#else
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
fd_set rfds, wfds, *rp, *wp;
|
||||
struct timeval tv, *tp;
|
||||
double t;
|
||||
if (*ps >= FD_SETSIZE) return EINVAL;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
do {
|
||||
/* must set bits within loop, because select may have modified them */
|
||||
rp = wp = NULL;
|
||||
if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
|
||||
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
|
||||
t = timeout_getretry(tm);
|
||||
tp = NULL;
|
||||
if (t >= 0.0) {
|
||||
tv.tv_sec = (int)t;
|
||||
tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
|
||||
tp = &tv;
|
||||
}
|
||||
ret = select(*ps+1, rp, wp, NULL, tp);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
if (ret == -1) return errno;
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_open(void) {
|
||||
/* instals a handler to ignore sigpipe or it will crash us */
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_close(void) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close and inutilize socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_destroy(p_socket ps) {
|
||||
if (*ps != SOCKET_INVALID) {
|
||||
socket_setblocking(ps);
|
||||
close(*ps);
|
||||
*ps = SOCKET_INVALID;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Select with timeout control
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds,
|
||||
p_timeout tm) {
|
||||
int ret;
|
||||
do {
|
||||
struct timeval tv;
|
||||
double t = timeout_getretry(tm);
|
||||
tv.tv_sec = (int) t;
|
||||
tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
|
||||
/* timeout = 0 means no wait */
|
||||
ret = select(n, rfds, wfds, efds, t >= 0.0 ? &tv: NULL);
|
||||
} while (ret < 0 && errno == EINTR);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Creates and sets up a socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_create(p_socket ps, int domain, int type, int protocol) {
|
||||
*ps = socket(domain, type, protocol);
|
||||
if (*ps != SOCKET_INVALID) return IO_DONE;
|
||||
else return errno;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Binds or returns error message
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_bind(p_socket ps, SA *addr, socklen_t len) {
|
||||
int err = IO_DONE;
|
||||
socket_setblocking(ps);
|
||||
if (bind(*ps, addr, len) < 0) err = errno;
|
||||
socket_setnonblocking(ps);
|
||||
return err;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
*
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_listen(p_socket ps, int backlog) {
|
||||
int err = IO_DONE;
|
||||
socket_setblocking(ps);
|
||||
if (listen(*ps, backlog)) err = errno;
|
||||
socket_setnonblocking(ps);
|
||||
return err;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
*
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_shutdown(p_socket ps, int how) {
|
||||
socket_setblocking(ps);
|
||||
shutdown(*ps, how);
|
||||
socket_setnonblocking(ps);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Connects or returns error message
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
|
||||
int err;
|
||||
/* avoid calling on closed sockets */
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
/* call connect until done or failed without being interrupted */
|
||||
do if (connect(*ps, addr, len) == 0) return IO_DONE;
|
||||
while ((err = errno) == EINTR);
|
||||
/* if connection failed immediately, return error code */
|
||||
if (err != EINPROGRESS && err != EAGAIN) return err;
|
||||
/* zero timeout case optimization */
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT;
|
||||
/* wait until we have the result of the connection attempt or timeout */
|
||||
err = socket_waitfd(ps, WAITFD_C, tm);
|
||||
if (err == IO_CLOSED) {
|
||||
if (recv(*ps, (char *) &err, 0, 0) == 0) return IO_DONE;
|
||||
else return errno;
|
||||
} else return err;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Accept with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, p_timeout tm) {
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
int err;
|
||||
if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
|
||||
err = errno;
|
||||
if (err == EINTR) continue;
|
||||
if (err != EAGAIN && err != ECONNABORTED) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
/* can't reach here */
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Send with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_send(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, p_timeout tm)
|
||||
{
|
||||
int err;
|
||||
*sent = 0;
|
||||
/* avoid making system calls on closed sockets */
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
/* loop until we send something or we give up on error */
|
||||
for ( ;; ) {
|
||||
long put = (long) send(*ps, data, count, 0);
|
||||
/* if we sent anything, we are done */
|
||||
if (put >= 0) {
|
||||
*sent = put;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
/* EPIPE means the connection was closed */
|
||||
if (err == EPIPE) return IO_CLOSED;
|
||||
/* we call was interrupted, just try again */
|
||||
if (err == EINTR) continue;
|
||||
/* if failed fatal reason, report error */
|
||||
if (err != EAGAIN) return err;
|
||||
/* wait until we can send something or we timeout */
|
||||
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
|
||||
}
|
||||
/* can't reach here */
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Sendto with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent,
|
||||
SA *addr, socklen_t len, p_timeout tm)
|
||||
{
|
||||
int err;
|
||||
*sent = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
long put = (long) sendto(*ps, data, count, 0, addr, len);
|
||||
if (put >= 0) {
|
||||
*sent = put;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
if (err == EPIPE) return IO_CLOSED;
|
||||
if (err == EINTR) continue;
|
||||
if (err != EAGAIN) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Receive with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
|
||||
int err;
|
||||
*got = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
long taken = (long) recv(*ps, data, count, 0);
|
||||
if (taken > 0) {
|
||||
*got = taken;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
if (taken == 0) return IO_CLOSED;
|
||||
if (err == EINTR) continue;
|
||||
if (err != EAGAIN) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Recvfrom with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got,
|
||||
SA *addr, socklen_t *len, p_timeout tm) {
|
||||
int err;
|
||||
*got = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
long taken = (long) recvfrom(*ps, data, count, 0, addr, len);
|
||||
if (taken > 0) {
|
||||
*got = taken;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
if (taken == 0) return IO_CLOSED;
|
||||
if (err == EINTR) continue;
|
||||
if (err != EAGAIN) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Write with timeout
|
||||
*
|
||||
* socket_read and socket_write are cut-n-paste of socket_send and socket_recv,
|
||||
* with send/recv replaced with write/read. We can't just use write/read
|
||||
* in the socket version, because behaviour when size is zero is different.
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_write(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, p_timeout tm)
|
||||
{
|
||||
int err;
|
||||
*sent = 0;
|
||||
/* avoid making system calls on closed sockets */
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
/* loop until we send something or we give up on error */
|
||||
for ( ;; ) {
|
||||
long put = (long) write(*ps, data, count);
|
||||
/* if we sent anything, we are done */
|
||||
if (put >= 0) {
|
||||
*sent = put;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
/* EPIPE means the connection was closed */
|
||||
if (err == EPIPE) return IO_CLOSED;
|
||||
/* we call was interrupted, just try again */
|
||||
if (err == EINTR) continue;
|
||||
/* if failed fatal reason, report error */
|
||||
if (err != EAGAIN) return err;
|
||||
/* wait until we can send something or we timeout */
|
||||
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
|
||||
}
|
||||
/* can't reach here */
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Read with timeout
|
||||
* See note for socket_write
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
|
||||
int err;
|
||||
*got = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
long taken = (long) read(*ps, data, count);
|
||||
if (taken > 0) {
|
||||
*got = taken;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = errno;
|
||||
if (taken == 0) return IO_CLOSED;
|
||||
if (err == EINTR) continue;
|
||||
if (err != EAGAIN) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setblocking(p_socket ps) {
|
||||
int flags = fcntl(*ps, F_GETFL, 0);
|
||||
flags &= (~(O_NONBLOCK));
|
||||
fcntl(*ps, F_SETFL, flags);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into non-blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setnonblocking(p_socket ps) {
|
||||
int flags = fcntl(*ps, F_GETFL, 0);
|
||||
flags |= O_NONBLOCK;
|
||||
fcntl(*ps, F_SETFL, flags);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* DNS helpers
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
|
||||
*hp = gethostbyaddr(addr, len, AF_INET);
|
||||
if (*hp) return IO_DONE;
|
||||
else if (h_errno) return h_errno;
|
||||
else if (errno) return errno;
|
||||
else return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
int socket_gethostbyname(const char *addr, struct hostent **hp) {
|
||||
*hp = gethostbyname(addr);
|
||||
if (*hp) return IO_DONE;
|
||||
else if (h_errno) return h_errno;
|
||||
else if (errno) return errno;
|
||||
else return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Error translation functions
|
||||
* Make sure important error messages are standard
|
||||
\*-------------------------------------------------------------------------*/
|
||||
const char *socket_hoststrerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case HOST_NOT_FOUND: return "host not found";
|
||||
default: return hstrerror(err);
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_strerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case EADDRINUSE: return "address already in use";
|
||||
case EISCONN: return "already connected";
|
||||
case EACCES: return "permission denied";
|
||||
case ECONNREFUSED: return "connection refused";
|
||||
case ECONNABORTED: return "closed";
|
||||
case ECONNRESET: return "closed";
|
||||
case ETIMEDOUT: return "timeout";
|
||||
default: return strerror(err);
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_ioerror(p_socket ps, int err) {
|
||||
(void) ps;
|
||||
return socket_strerror(err);
|
||||
}
|
||||
|
||||
const char *socket_gaistrerror(int err) {
|
||||
if (err == 0) return NULL;
|
||||
switch (err) {
|
||||
case EAI_AGAIN: return "temporary failure in name resolution";
|
||||
case EAI_BADFLAGS: return "invalid value for ai_flags";
|
||||
#ifdef EAI_BADHINTS
|
||||
case EAI_BADHINTS: return "invalid value for hints";
|
||||
#endif
|
||||
case EAI_FAIL: return "non-recoverable failure in name resolution";
|
||||
case EAI_FAMILY: return "ai_family not supported";
|
||||
case EAI_MEMORY: return "memory allocation failure";
|
||||
case EAI_NONAME:
|
||||
return "host or service not provided, or not known";
|
||||
case EAI_OVERFLOW: return "argument buffer overflow";
|
||||
#ifdef EAI_PROTOCOL
|
||||
case EAI_PROTOCOL: return "resolved protocol is unknown";
|
||||
#endif
|
||||
case EAI_SERVICE: return "service not supported for socket type";
|
||||
case EAI_SOCKTYPE: return "ai_socktype not supported";
|
||||
case EAI_SYSTEM: return strerror(errno);
|
||||
default: return gai_strerror(err);
|
||||
}
|
||||
}
|
||||
|
70
src/luasocket/usocket.h
Normal file
70
src/luasocket/usocket.h
Normal file
@ -0,0 +1,70 @@
|
||||
#ifndef USOCKET_H
|
||||
#define USOCKET_H
|
||||
/*=========================================================================*\
|
||||
* Socket compatibilization module for Unix
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
|
||||
/*=========================================================================*\
|
||||
* BSD include files
|
||||
\*=========================================================================*/
|
||||
/* error codes */
|
||||
#include <errno.h>
|
||||
/* close function */
|
||||
#include <unistd.h>
|
||||
/* fnctnl function and associated constants */
|
||||
#include <fcntl.h>
|
||||
/* struct sockaddr */
|
||||
#include <sys/types.h>
|
||||
/* socket function */
|
||||
#include <sys/socket.h>
|
||||
/* struct timeval */
|
||||
#include <sys/time.h>
|
||||
/* gethostbyname and gethostbyaddr functions */
|
||||
#include <netdb.h>
|
||||
/* sigpipe handling */
|
||||
#include <signal.h>
|
||||
/* IP stuff*/
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
/* TCP options (nagle algorithm disable) */
|
||||
#include <netinet/tcp.h>
|
||||
#include <net/if.h>
|
||||
|
||||
#ifndef SOCKET_SELECT
|
||||
#include <sys/poll.h>
|
||||
#define WAITFD_R POLLIN
|
||||
#define WAITFD_W POLLOUT
|
||||
#define WAITFD_C (POLLIN|POLLOUT)
|
||||
#else
|
||||
#define WAITFD_R 1
|
||||
#define WAITFD_W 2
|
||||
#define WAITFD_C (WAITFD_R|WAITFD_W)
|
||||
#endif
|
||||
|
||||
#ifndef SO_REUSEPORT
|
||||
#define SO_REUSEPORT SO_REUSEADDR
|
||||
#endif
|
||||
|
||||
/* Some platforms use IPV6_JOIN_GROUP instead if
|
||||
* IPV6_ADD_MEMBERSHIP. The semantics are same, though. */
|
||||
#ifndef IPV6_ADD_MEMBERSHIP
|
||||
#ifdef IPV6_JOIN_GROUP
|
||||
#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
|
||||
#endif /* IPV6_JOIN_GROUP */
|
||||
#endif /* !IPV6_ADD_MEMBERSHIP */
|
||||
|
||||
/* Same with IPV6_DROP_MEMBERSHIP / IPV6_LEAVE_GROUP. */
|
||||
#ifndef IPV6_DROP_MEMBERSHIP
|
||||
#ifdef IPV6_LEAVE_GROUP
|
||||
#define IPV6_DROP_MEMBERSHIP IPV6_LEAVE_GROUP
|
||||
#endif /* IPV6_LEAVE_GROUP */
|
||||
#endif /* !IPV6_DROP_MEMBERSHIP */
|
||||
|
||||
typedef int t_socket;
|
||||
typedef t_socket *p_socket;
|
||||
typedef struct sockaddr_storage t_sockaddr_storage;
|
||||
|
||||
#define SOCKET_INVALID (-1)
|
||||
|
||||
#endif /* USOCKET_H */
|
429
src/luasocket/wsocket.c
Normal file
429
src/luasocket/wsocket.c
Normal file
@ -0,0 +1,429 @@
|
||||
/*=========================================================================*\
|
||||
* Socket compatibilization module for Win32
|
||||
* LuaSocket toolkit
|
||||
*
|
||||
* The penalty of calling select to avoid busy-wait is only paid when
|
||||
* the I/O call fail in the first place.
|
||||
\*=========================================================================*/
|
||||
#include <string.h>
|
||||
|
||||
#include "socket.h"
|
||||
|
||||
/* WinSock doesn't have a strerror... */
|
||||
static const char *wstrerror(int err);
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_open(void) {
|
||||
WSADATA wsaData;
|
||||
WORD wVersionRequested = MAKEWORD(2, 0);
|
||||
int err = WSAStartup(wVersionRequested, &wsaData );
|
||||
if (err != 0) return 0;
|
||||
if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
|
||||
(LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
|
||||
WSACleanup();
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_close(void) {
|
||||
WSACleanup();
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Wait for readable/writable/connected socket with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
|
||||
struct timeval tv, *tp = NULL;
|
||||
double t;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
if (sw & WAITFD_R) {
|
||||
FD_ZERO(&rfds);
|
||||
FD_SET(*ps, &rfds);
|
||||
rp = &rfds;
|
||||
}
|
||||
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
|
||||
if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
|
||||
if ((t = timeout_get(tm)) >= 0.0) {
|
||||
tv.tv_sec = (int) t;
|
||||
tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
|
||||
tp = &tv;
|
||||
}
|
||||
ret = select(0, rp, wp, ep, tp);
|
||||
if (ret == -1) return WSAGetLastError();
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Select with int timeout in ms
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds,
|
||||
p_timeout tm) {
|
||||
struct timeval tv;
|
||||
double t = timeout_get(tm);
|
||||
tv.tv_sec = (int) t;
|
||||
tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
|
||||
if (n <= 0) {
|
||||
Sleep((DWORD) (1000*t));
|
||||
return 0;
|
||||
} else return select(0, rfds, wfds, efds, t >= 0.0? &tv: NULL);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close and inutilize socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_destroy(p_socket ps) {
|
||||
if (*ps != SOCKET_INVALID) {
|
||||
socket_setblocking(ps); /* close can take a long time on WIN32 */
|
||||
closesocket(*ps);
|
||||
*ps = SOCKET_INVALID;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
*
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_shutdown(p_socket ps, int how) {
|
||||
socket_setblocking(ps);
|
||||
shutdown(*ps, how);
|
||||
socket_setnonblocking(ps);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Creates and sets up a socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_create(p_socket ps, int domain, int type, int protocol) {
|
||||
*ps = socket(domain, type, protocol);
|
||||
if (*ps != SOCKET_INVALID) return IO_DONE;
|
||||
else return WSAGetLastError();
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Connects or returns error message
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
|
||||
int err;
|
||||
/* don't call on closed socket */
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
/* ask system to connect */
|
||||
if (connect(*ps, addr, len) == 0) return IO_DONE;
|
||||
/* make sure the system is trying to connect */
|
||||
err = WSAGetLastError();
|
||||
if (err != WSAEWOULDBLOCK && err != WSAEINPROGRESS) return err;
|
||||
/* zero timeout case optimization */
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT;
|
||||
/* we wait until something happens */
|
||||
err = socket_waitfd(ps, WAITFD_C, tm);
|
||||
if (err == IO_CLOSED) {
|
||||
int len = sizeof(err);
|
||||
/* give windows time to set the error (yes, disgusting) */
|
||||
Sleep(10);
|
||||
/* find out why we failed */
|
||||
getsockopt(*ps, SOL_SOCKET, SO_ERROR, (char *)&err, &len);
|
||||
/* we KNOW there was an error. if 'why' is 0, we will return
|
||||
* "unknown error", but it's not really our fault */
|
||||
return err > 0? err: IO_UNKNOWN;
|
||||
} else return err;
|
||||
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Binds or returns error message
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_bind(p_socket ps, SA *addr, socklen_t len) {
|
||||
int err = IO_DONE;
|
||||
socket_setblocking(ps);
|
||||
if (bind(*ps, addr, len) < 0) err = WSAGetLastError();
|
||||
socket_setnonblocking(ps);
|
||||
return err;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
*
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_listen(p_socket ps, int backlog) {
|
||||
int err = IO_DONE;
|
||||
socket_setblocking(ps);
|
||||
if (listen(*ps, backlog) < 0) err = WSAGetLastError();
|
||||
socket_setnonblocking(ps);
|
||||
return err;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Accept with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len,
|
||||
p_timeout tm) {
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
int err;
|
||||
/* try to get client socket */
|
||||
if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
|
||||
/* find out why we failed */
|
||||
err = WSAGetLastError();
|
||||
/* if we failed because there was no connectoin, keep trying */
|
||||
if (err != WSAEWOULDBLOCK && err != WSAECONNABORTED) return err;
|
||||
/* call select to avoid busy wait */
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Send with timeout
|
||||
* On windows, if you try to send 10MB, the OS will buffer EVERYTHING
|
||||
* this can take an awful lot of time and we will end up blocked.
|
||||
* Therefore, whoever calls this function should not pass a huge buffer.
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_send(p_socket ps, const char *data, size_t count,
|
||||
size_t *sent, p_timeout tm)
|
||||
{
|
||||
int err;
|
||||
*sent = 0;
|
||||
/* avoid making system calls on closed sockets */
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
/* loop until we send something or we give up on error */
|
||||
for ( ;; ) {
|
||||
/* try to send something */
|
||||
int put = send(*ps, data, (int) count, 0);
|
||||
/* if we sent something, we are done */
|
||||
if (put > 0) {
|
||||
*sent = put;
|
||||
return IO_DONE;
|
||||
}
|
||||
/* deal with failure */
|
||||
err = WSAGetLastError();
|
||||
/* we can only proceed if there was no serious error */
|
||||
if (err != WSAEWOULDBLOCK) return err;
|
||||
/* avoid busy wait */
|
||||
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Sendto with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent,
|
||||
SA *addr, socklen_t len, p_timeout tm)
|
||||
{
|
||||
int err;
|
||||
*sent = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
int put = sendto(*ps, data, (int) count, 0, addr, len);
|
||||
if (put > 0) {
|
||||
*sent = put;
|
||||
return IO_DONE;
|
||||
}
|
||||
err = WSAGetLastError();
|
||||
if (err != WSAEWOULDBLOCK) return err;
|
||||
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Receive with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_recv(p_socket ps, char *data, size_t count, size_t *got,
|
||||
p_timeout tm)
|
||||
{
|
||||
int err, prev = IO_DONE;
|
||||
*got = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
int taken = recv(*ps, data, (int) count, 0);
|
||||
if (taken > 0) {
|
||||
*got = taken;
|
||||
return IO_DONE;
|
||||
}
|
||||
if (taken == 0) return IO_CLOSED;
|
||||
err = WSAGetLastError();
|
||||
/* On UDP, a connreset simply means the previous send failed.
|
||||
* So we try again.
|
||||
* On TCP, it means our socket is now useless, so the error passes.
|
||||
* (We will loop again, exiting because the same error will happen) */
|
||||
if (err != WSAEWOULDBLOCK) {
|
||||
if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
|
||||
prev = err;
|
||||
}
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Recvfrom with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got,
|
||||
SA *addr, socklen_t *len, p_timeout tm)
|
||||
{
|
||||
int err, prev = IO_DONE;
|
||||
*got = 0;
|
||||
if (*ps == SOCKET_INVALID) return IO_CLOSED;
|
||||
for ( ;; ) {
|
||||
int taken = recvfrom(*ps, data, (int) count, 0, addr, len);
|
||||
if (taken > 0) {
|
||||
*got = taken;
|
||||
return IO_DONE;
|
||||
}
|
||||
if (taken == 0) return IO_CLOSED;
|
||||
err = WSAGetLastError();
|
||||
/* On UDP, a connreset simply means the previous send failed.
|
||||
* So we try again.
|
||||
* On TCP, it means our socket is now useless, so the error passes.
|
||||
* (We will loop again, exiting because the same error will happen) */
|
||||
if (err != WSAEWOULDBLOCK) {
|
||||
if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
|
||||
prev = err;
|
||||
}
|
||||
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setblocking(p_socket ps) {
|
||||
u_long argp = 0;
|
||||
ioctlsocket(*ps, FIONBIO, &argp);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into non-blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setnonblocking(p_socket ps) {
|
||||
u_long argp = 1;
|
||||
ioctlsocket(*ps, FIONBIO, &argp);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* DNS helpers
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
|
||||
*hp = gethostbyaddr(addr, len, AF_INET);
|
||||
if (*hp) return IO_DONE;
|
||||
else return WSAGetLastError();
|
||||
}
|
||||
|
||||
int socket_gethostbyname(const char *addr, struct hostent **hp) {
|
||||
*hp = gethostbyname(addr);
|
||||
if (*hp) return IO_DONE;
|
||||
else return WSAGetLastError();
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Error translation functions
|
||||
\*-------------------------------------------------------------------------*/
|
||||
const char *socket_hoststrerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case WSAHOST_NOT_FOUND: return "host not found";
|
||||
default: return wstrerror(err);
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_strerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case WSAEADDRINUSE: return "address already in use";
|
||||
case WSAECONNREFUSED: return "connection refused";
|
||||
case WSAEISCONN: return "already connected";
|
||||
case WSAEACCES: return "permission denied";
|
||||
case WSAECONNABORTED: return "closed";
|
||||
case WSAECONNRESET: return "closed";
|
||||
case WSAETIMEDOUT: return "timeout";
|
||||
default: return wstrerror(err);
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_ioerror(p_socket ps, int err) {
|
||||
(void) ps;
|
||||
return socket_strerror(err);
|
||||
}
|
||||
|
||||
static const char *wstrerror(int err) {
|
||||
switch (err) {
|
||||
case WSAEINTR: return "Interrupted function call";
|
||||
case WSAEACCES: return "Permission denied";
|
||||
case WSAEFAULT: return "Bad address";
|
||||
case WSAEINVAL: return "Invalid argument";
|
||||
case WSAEMFILE: return "Too many open files";
|
||||
case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
|
||||
case WSAEINPROGRESS: return "Operation now in progress";
|
||||
case WSAEALREADY: return "Operation already in progress";
|
||||
case WSAENOTSOCK: return "Socket operation on nonsocket";
|
||||
case WSAEDESTADDRREQ: return "Destination address required";
|
||||
case WSAEMSGSIZE: return "Message too long";
|
||||
case WSAEPROTOTYPE: return "Protocol wrong type for socket";
|
||||
case WSAENOPROTOOPT: return "Bad protocol option";
|
||||
case WSAEPROTONOSUPPORT: return "Protocol not supported";
|
||||
case WSAESOCKTNOSUPPORT: return "Socket type not supported";
|
||||
case WSAEOPNOTSUPP: return "Operation not supported";
|
||||
case WSAEPFNOSUPPORT: return "Protocol family not supported";
|
||||
case WSAEAFNOSUPPORT:
|
||||
return "Address family not supported by protocol family";
|
||||
case WSAEADDRINUSE: return "Address already in use";
|
||||
case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
|
||||
case WSAENETDOWN: return "Network is down";
|
||||
case WSAENETUNREACH: return "Network is unreachable";
|
||||
case WSAENETRESET: return "Network dropped connection on reset";
|
||||
case WSAECONNABORTED: return "Software caused connection abort";
|
||||
case WSAECONNRESET: return "Connection reset by peer";
|
||||
case WSAENOBUFS: return "No buffer space available";
|
||||
case WSAEISCONN: return "Socket is already connected";
|
||||
case WSAENOTCONN: return "Socket is not connected";
|
||||
case WSAESHUTDOWN: return "Cannot send after socket shutdown";
|
||||
case WSAETIMEDOUT: return "Connection timed out";
|
||||
case WSAECONNREFUSED: return "Connection refused";
|
||||
case WSAEHOSTDOWN: return "Host is down";
|
||||
case WSAEHOSTUNREACH: return "No route to host";
|
||||
case WSAEPROCLIM: return "Too many processes";
|
||||
case WSASYSNOTREADY: return "Network subsystem is unavailable";
|
||||
case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
|
||||
case WSANOTINITIALISED:
|
||||
return "Successful WSAStartup not yet performed";
|
||||
case WSAEDISCON: return "Graceful shutdown in progress";
|
||||
case WSAHOST_NOT_FOUND: return "Host not found";
|
||||
case WSATRY_AGAIN: return "Nonauthoritative host not found";
|
||||
case WSANO_RECOVERY: return "Nonrecoverable name lookup error";
|
||||
case WSANO_DATA: return "Valid name, no data record of requested type";
|
||||
default: return "Unknown error";
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_gaistrerror(int err) {
|
||||
if (err == 0) return NULL;
|
||||
switch (err) {
|
||||
case EAI_AGAIN: return "temporary failure in name resolution";
|
||||
case EAI_BADFLAGS: return "invalid value for ai_flags";
|
||||
#ifdef EAI_BADHINTS
|
||||
case EAI_BADHINTS: return "invalid value for hints";
|
||||
#endif
|
||||
case EAI_FAIL: return "non-recoverable failure in name resolution";
|
||||
case EAI_FAMILY: return "ai_family not supported";
|
||||
case EAI_MEMORY: return "memory allocation failure";
|
||||
case EAI_NONAME:
|
||||
return "host or service not provided, or not known";
|
||||
#ifdef EAI_OVERFLOW
|
||||
case EAI_OVERFLOW: return "argument buffer overflow";
|
||||
#endif
|
||||
#ifdef EAI_PROTOCOL
|
||||
case EAI_PROTOCOL: return "resolved protocol is unknown";
|
||||
#endif
|
||||
case EAI_SERVICE: return "service not supported for socket type";
|
||||
case EAI_SOCKTYPE: return "ai_socktype not supported";
|
||||
#ifdef EAI_SYSTEM
|
||||
case EAI_SYSTEM: return strerror(errno);
|
||||
#endif
|
||||
default: return gai_strerror(err);
|
||||
}
|
||||
}
|
||||
|
@ -1,28 +1,38 @@
|
||||
#ifndef WSOCKET_H
|
||||
#define WSOCKET_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Socket compatibilization module for Win32
|
||||
*
|
||||
* RCS ID: $Id: wsocket.h 2 2006-04-30 19:30:47Z brunoos $
|
||||
* LuaSocket toolkit
|
||||
\*=========================================================================*/
|
||||
|
||||
/*=========================================================================*\
|
||||
* WinSock include files
|
||||
\*=========================================================================*/
|
||||
#include <winsock.h>
|
||||
#include <winsock2.h>
|
||||
#include <ws2tcpip.h>
|
||||
|
||||
typedef int socklen_t;
|
||||
typedef SOCKADDR_STORAGE t_sockaddr_storage;
|
||||
typedef SOCKET t_socket;
|
||||
typedef t_socket *p_socket;
|
||||
|
||||
#define WAITFD_R 1
|
||||
#define WAITFD_W 2
|
||||
#define WAITFD_E 4
|
||||
#define WAITFD_C (WAITFD_E|WAITFD_W)
|
||||
|
||||
#ifndef IPV6_V6ONLY
|
||||
#define IPV6_V6ONLY 27
|
||||
#endif
|
||||
|
||||
#define SOCKET_INVALID (INVALID_SOCKET)
|
||||
|
||||
typedef int socklen_t;
|
||||
typedef SOCKET t_socket;
|
||||
typedef t_socket *p_socket;
|
||||
#ifndef SO_REUSEPORT
|
||||
#define SO_REUSEPORT SO_REUSEADDR
|
||||
#endif
|
||||
|
||||
#ifndef AI_NUMERICSERV
|
||||
#define AI_NUMERICSERV (0)
|
||||
#endif
|
||||
|
||||
#endif /* WSOCKET_H */
|
167
src/options.c
Normal file
167
src/options.c
Normal file
@ -0,0 +1,167 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include "options.h"
|
||||
|
||||
/* If you need to generate these options again, see options.lua */
|
||||
|
||||
|
||||
/*
|
||||
OpenSSL version: OpenSSL 1.1.1
|
||||
*/
|
||||
|
||||
static lsec_ssl_option_t ssl_options[] = {
|
||||
#if defined(SSL_OP_ALL)
|
||||
{"all", SSL_OP_ALL},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
|
||||
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
|
||||
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CISCO_ANYCONNECT)
|
||||
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_COOKIE_EXCHANGE)
|
||||
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
|
||||
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
||||
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
|
||||
#endif
|
||||
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
|
||||
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
|
||||
#endif
|
||||
#if defined(SSL_OP_EPHEMERAL_RSA)
|
||||
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
|
||||
#endif
|
||||
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
|
||||
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
|
||||
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
|
||||
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
|
||||
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
|
||||
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
|
||||
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
|
||||
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
|
||||
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ANTI_REPLAY)
|
||||
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_COMPRESSION)
|
||||
{"no_compression", SSL_OP_NO_COMPRESSION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLS_MASK)
|
||||
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1)
|
||||
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
|
||||
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_QUERY_MTU)
|
||||
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_RENEGOTIATION)
|
||||
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
|
||||
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSL_MASK)
|
||||
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv2)
|
||||
{"no_sslv2", SSL_OP_NO_SSLv2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv3)
|
||||
{"no_sslv3", SSL_OP_NO_SSLv3},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TICKET)
|
||||
{"no_ticket", SSL_OP_NO_TICKET},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1)
|
||||
{"no_tlsv1", SSL_OP_NO_TLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_1)
|
||||
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_2)
|
||||
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_3)
|
||||
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_1)
|
||||
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_2)
|
||||
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_PRIORITIZE_CHACHA)
|
||||
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
|
||||
#endif
|
||||
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
|
||||
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_DH_USE)
|
||||
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_ECDH_USE)
|
||||
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
|
||||
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
|
||||
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLSEXT_PADDING)
|
||||
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_D5_BUG)
|
||||
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
|
||||
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
|
||||
#endif
|
||||
{NULL, 0L}
|
||||
};
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
|
||||
return ssl_options;
|
||||
}
|
||||
|
22
src/options.h
Normal file
22
src/options.h
Normal file
@ -0,0 +1,22 @@
|
||||
#ifndef LSEC_OPTIONS_H
|
||||
#define LSEC_OPTIONS_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include "compat.h"
|
||||
|
||||
struct lsec_ssl_option_s {
|
||||
const char *name;
|
||||
unsigned long code;
|
||||
};
|
||||
|
||||
typedef struct lsec_ssl_option_s lsec_ssl_option_t;
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
|
||||
|
||||
#endif
|
90
src/options.lua
Normal file
90
src/options.lua
Normal file
@ -0,0 +1,90 @@
|
||||
local function usage()
|
||||
print("Usage:")
|
||||
print("* Generate options of your system:")
|
||||
print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
|
||||
print("* Examples:")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
|
||||
|
||||
print("* List options of your system:")
|
||||
print(" lua options.lua -l /path/to/ssl.h\n")
|
||||
end
|
||||
|
||||
--
|
||||
local function printf(str, ...)
|
||||
print(string.format(str, ...))
|
||||
end
|
||||
|
||||
local function generate(options, version)
|
||||
print([[
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include "options.h"
|
||||
|
||||
/* If you need to generate these options again, see options.lua */
|
||||
|
||||
]])
|
||||
|
||||
printf([[
|
||||
/*
|
||||
OpenSSL version: %s
|
||||
*/
|
||||
]], version)
|
||||
|
||||
print([[static lsec_ssl_option_t ssl_options[] = {]])
|
||||
|
||||
for k, option in ipairs(options) do
|
||||
local name = string.lower(string.sub(option, 8))
|
||||
print(string.format([[#if defined(%s)]], option))
|
||||
print(string.format([[ {"%s", %s},]], name, option))
|
||||
print([[#endif]])
|
||||
end
|
||||
print([[ {NULL, 0L}]])
|
||||
print([[
|
||||
};
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
|
||||
return ssl_options;
|
||||
}
|
||||
]])
|
||||
end
|
||||
|
||||
local function loadoptions(file)
|
||||
local options = {}
|
||||
local f = assert(io.open(file, "r"))
|
||||
for line in f:lines() do
|
||||
local op = string.match(line, "define%s+(SSL_OP_%S+)")
|
||||
if op then
|
||||
table.insert(options, op)
|
||||
end
|
||||
end
|
||||
table.sort(options, function(a,b) return a<b end)
|
||||
return options
|
||||
end
|
||||
--
|
||||
|
||||
local options
|
||||
local flag, file, version = ...
|
||||
|
||||
version = version or "Unknown"
|
||||
|
||||
if not file then
|
||||
usage()
|
||||
elseif flag == "-g" then
|
||||
options = loadoptions(file)
|
||||
generate(options, version)
|
||||
elseif flag == "-l" then
|
||||
options = loadoptions(file)
|
||||
for k, option in ipairs(options) do
|
||||
print(option)
|
||||
end
|
||||
else
|
||||
usage()
|
||||
end
|
706
src/ssl.c
706
src/ssl.c
@ -1,31 +1,62 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.3
|
||||
* Copyright (C) 2006-2008 Bruno Silvestre
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Matthew Wild.
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(WIN32)
|
||||
#include <Winsock2.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
|
||||
#include "io.h"
|
||||
#include "buffer.h"
|
||||
#include "timeout.h"
|
||||
#include "socket.h"
|
||||
#include <luasocket/io.h>
|
||||
#include <luasocket/buffer.h>
|
||||
#include <luasocket/timeout.h>
|
||||
#include <luasocket/socket.h>
|
||||
|
||||
#include "x509.h"
|
||||
#include "context.h"
|
||||
#include "ssl.h"
|
||||
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
|
||||
#define SSL_is_server(s) (s->server)
|
||||
#define SSL_up_ref(ssl) CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
|
||||
#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* Underline socket error.
|
||||
*/
|
||||
static int lsec_socket_error()
|
||||
{
|
||||
#if defined(WIN32)
|
||||
return WSAGetLastError();
|
||||
#else
|
||||
return errno;
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
* Map error code into string.
|
||||
*/
|
||||
static const char *ssl_ioerror(void *ctx, int err)
|
||||
{
|
||||
if (err == IO_SSL) {
|
||||
if (err == LSEC_IO_SSL) {
|
||||
p_ssl ssl = (p_ssl) ctx;
|
||||
switch(ssl->error) {
|
||||
case SSL_ERROR_NONE: return "No error";
|
||||
@ -48,11 +79,26 @@ static const char *ssl_ioerror(void *ctx, int err)
|
||||
*/
|
||||
static int meth_destroy(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) lua_touserdata(L, 1);
|
||||
if (ssl->ssl) {
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state == LSEC_STATE_CONNECTED) {
|
||||
socket_setblocking(&ssl->sock);
|
||||
SSL_shutdown(ssl->ssl);
|
||||
}
|
||||
if (ssl->sock != SOCKET_INVALID) {
|
||||
socket_destroy(&ssl->sock);
|
||||
}
|
||||
ssl->state = LSEC_STATE_CLOSED;
|
||||
if (ssl->ssl) {
|
||||
/* Clear the registries */
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||
lua_pushnil(L);
|
||||
lua_settable(L, -3);
|
||||
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||
lua_pushnil(L);
|
||||
lua_settable(L, -3);
|
||||
/* Destroy the object */
|
||||
SSL_free(ssl->ssl);
|
||||
ssl->ssl = NULL;
|
||||
}
|
||||
@ -64,36 +110,38 @@ static int meth_destroy(lua_State *L)
|
||||
*/
|
||||
static int handshake(p_ssl ssl)
|
||||
{
|
||||
int err;
|
||||
p_timeout tm = timeout_markstart(&ssl->tm);
|
||||
if (ssl->state == ST_SSL_CLOSED)
|
||||
if (ssl->state == LSEC_STATE_CLOSED)
|
||||
return IO_CLOSED;
|
||||
for ( ; ; ) {
|
||||
int err = SSL_do_handshake(ssl->ssl);
|
||||
ERR_clear_error();
|
||||
err = SSL_do_handshake(ssl->ssl);
|
||||
ssl->error = SSL_get_error(ssl->ssl, err);
|
||||
switch(ssl->error) {
|
||||
switch (ssl->error) {
|
||||
case SSL_ERROR_NONE:
|
||||
ssl->state = ST_SSL_CONNECTED;
|
||||
ssl->state = LSEC_STATE_CONNECTED;
|
||||
return IO_DONE;
|
||||
case SSL_ERROR_WANT_READ:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
if (ERR_peek_error()) {
|
||||
ssl->error = SSL_ERROR_SSL;
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
if (err == 0)
|
||||
return IO_CLOSED;
|
||||
return errno;
|
||||
return lsec_socket_error();
|
||||
default:
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
@ -105,37 +153,39 @@ static int handshake(p_ssl ssl)
|
||||
static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
|
||||
p_timeout tm)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) ctx;
|
||||
if (ssl->state == ST_SSL_CLOSED)
|
||||
int err;
|
||||
p_ssl ssl = (p_ssl)ctx;
|
||||
if (ssl->state != LSEC_STATE_CONNECTED)
|
||||
return IO_CLOSED;
|
||||
*sent = 0;
|
||||
for ( ; ; ) {
|
||||
int err = SSL_write(ssl->ssl, data, (int) count);
|
||||
ERR_clear_error();
|
||||
err = SSL_write(ssl->ssl, data, (int)count);
|
||||
ssl->error = SSL_get_error(ssl->ssl, err);
|
||||
switch(ssl->error) {
|
||||
switch (ssl->error) {
|
||||
case SSL_ERROR_NONE:
|
||||
*sent = err;
|
||||
return IO_DONE;
|
||||
case SSL_ERROR_WANT_READ:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
if (ERR_peek_error()) {
|
||||
ssl->error = SSL_ERROR_SSL;
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
if (err == 0)
|
||||
return IO_CLOSED;
|
||||
return errno;
|
||||
return lsec_socket_error();
|
||||
default:
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
@ -147,78 +197,120 @@ static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
|
||||
static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
|
||||
p_timeout tm)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) ctx;
|
||||
if (ssl->state == ST_SSL_CLOSED)
|
||||
return IO_CLOSED;
|
||||
int err;
|
||||
p_ssl ssl = (p_ssl)ctx;
|
||||
*got = 0;
|
||||
if (ssl->state != LSEC_STATE_CONNECTED)
|
||||
return IO_CLOSED;
|
||||
for ( ; ; ) {
|
||||
int err = SSL_read(ssl->ssl, data, (int) count);
|
||||
ERR_clear_error();
|
||||
err = SSL_read(ssl->ssl, data, (int)count);
|
||||
ssl->error = SSL_get_error(ssl->ssl, err);
|
||||
switch(ssl->error) {
|
||||
switch (ssl->error) {
|
||||
case SSL_ERROR_NONE:
|
||||
*got = err;
|
||||
return IO_DONE;
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
return IO_CLOSED;
|
||||
case SSL_ERROR_WANT_READ:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
|
||||
if (err == IO_TIMEOUT) return IO_SSL;
|
||||
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
|
||||
if (err != IO_DONE) return err;
|
||||
break;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
if (ERR_peek_error()) {
|
||||
ssl->error = SSL_ERROR_SSL;
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
if (err == 0)
|
||||
return IO_CLOSED;
|
||||
return errno;
|
||||
return lsec_socket_error();
|
||||
default:
|
||||
return IO_SSL;
|
||||
return LSEC_IO_SSL;
|
||||
}
|
||||
}
|
||||
return IO_UNKNOWN;
|
||||
}
|
||||
|
||||
static SSL_CTX* luaossl_testcontext(lua_State *L, int arg) {
|
||||
SSL_CTX **ctx = luaL_testudata(L, arg, "SSL_CTX*");
|
||||
if (ctx)
|
||||
return *ctx;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static SSL* luaossl_testssl(lua_State *L, int arg) {
|
||||
SSL **ssl = luaL_testudata(L, arg, "SSL*");
|
||||
if (ssl)
|
||||
return *ssl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a new TLS/SSL object and mark it as new.
|
||||
*/
|
||||
static int meth_create(lua_State *L)
|
||||
{
|
||||
p_ssl ssl;
|
||||
int mode = ctx_getmode(L, 1);
|
||||
SSL_CTX *ctx = ctx_getcontext(L, 1);
|
||||
int mode;
|
||||
SSL_CTX *ctx;
|
||||
|
||||
if (mode == MD_CTX_INVALID) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "invalid mode");
|
||||
return 2;
|
||||
}
|
||||
ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl));
|
||||
lua_settop(L, 1);
|
||||
|
||||
ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl));
|
||||
if (!ssl) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "error creating SSL object");
|
||||
return 2;
|
||||
}
|
||||
ssl->ssl = SSL_new(ctx);
|
||||
if (!ssl->ssl) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "error creating SSL object");
|
||||
return 2;;
|
||||
|
||||
if ((ctx = lsec_testcontext(L, 1))) {
|
||||
mode = lsec_getmode(L, 1);
|
||||
if (mode == LSEC_MODE_INVALID) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "invalid mode");
|
||||
return 2;
|
||||
}
|
||||
ssl->ssl = SSL_new(ctx);
|
||||
if (!ssl->ssl) {
|
||||
lua_pushnil(L);
|
||||
lua_pushfstring(L, "error creating SSL object (%s)",
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
} else if ((ctx = luaossl_testcontext(L, 1))) {
|
||||
ssl->ssl = SSL_new(ctx);
|
||||
if (!ssl->ssl) {
|
||||
lua_pushnil(L);
|
||||
lua_pushfstring(L, "error creating SSL object (%s)",
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
|
||||
} else if ((ssl->ssl = luaossl_testssl(L, 1))) {
|
||||
SSL_up_ref(ssl->ssl);
|
||||
mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
|
||||
} else {
|
||||
return luaL_argerror(L, 1, "invalid context");
|
||||
}
|
||||
ssl->state = ST_SSL_NEW;
|
||||
SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
|
||||
ssl->state = LSEC_STATE_NEW;
|
||||
SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
|
||||
SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
|
||||
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
if (mode == MD_CTX_SERVER)
|
||||
#if defined(SSL_MODE_RELEASE_BUFFERS)
|
||||
SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
|
||||
#endif
|
||||
if (mode == LSEC_MODE_SERVER)
|
||||
SSL_set_accept_state(ssl->ssl);
|
||||
else
|
||||
SSL_set_connect_state(ssl->ssl);
|
||||
|
||||
io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv,
|
||||
io_init(&ssl->io, (p_send)ssl_send, (p_recv)ssl_recv,
|
||||
(p_error) ssl_ioerror, ssl);
|
||||
timeout_init(&ssl->tm, -1, -1);
|
||||
buffer_init(&ssl->buf, &ssl->io, &ssl->tm);
|
||||
@ -232,7 +324,7 @@ static int meth_create(lua_State *L)
|
||||
* Buffer send function
|
||||
*/
|
||||
static int meth_send(lua_State *L) {
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
return buffer_meth_send(L, &ssl->buf);
|
||||
}
|
||||
|
||||
@ -240,30 +332,46 @@ static int meth_send(lua_State *L) {
|
||||
* Buffer receive function
|
||||
*/
|
||||
static int meth_receive(lua_State *L) {
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
return buffer_meth_receive(L, &ssl->buf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the buffer's statistics.
|
||||
*/
|
||||
static int meth_getstats(lua_State *L) {
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
return buffer_meth_getstats(L, &ssl->buf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the buffer's statistics.
|
||||
*/
|
||||
static int meth_setstats(lua_State *L) {
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
return buffer_meth_setstats(L, &ssl->buf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Select support methods
|
||||
*/
|
||||
static int meth_getfd(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
lua_pushnumber(L, ssl->sock);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the TLS/SSL file descriptor.
|
||||
* This is done *before* the handshake.
|
||||
* Call it *before* the handshake.
|
||||
*/
|
||||
static int meth_setfd(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != ST_SSL_NEW)
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_NEW)
|
||||
luaL_argerror(L, 1, "invalid SSL object state");
|
||||
ssl->sock = luaL_checkint(L, 2);
|
||||
ssl->sock = (t_socket)luaL_checkinteger(L, 2);
|
||||
socket_setnonblocking(&ssl->sock);
|
||||
SSL_set_fd(ssl->ssl, (int)ssl->sock);
|
||||
return 0;
|
||||
@ -274,7 +382,7 @@ static int meth_setfd(lua_State *L)
|
||||
*/
|
||||
static int meth_handshake(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
int err = handshake(ssl);
|
||||
if (err == IO_DONE) {
|
||||
lua_pushboolean(L, 1);
|
||||
@ -290,9 +398,7 @@ static int meth_handshake(lua_State *L)
|
||||
*/
|
||||
static int meth_close(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
meth_destroy(L);
|
||||
ssl->state = ST_SSL_CLOSED;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -301,7 +407,7 @@ static int meth_close(lua_State *L)
|
||||
*/
|
||||
static int meth_settimeout(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
return timeout_meth_settimeout(L, &ssl->tm);
|
||||
}
|
||||
|
||||
@ -311,8 +417,8 @@ static int meth_settimeout(lua_State *L)
|
||||
static int meth_dirty(lua_State *L)
|
||||
{
|
||||
int res = 0;
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != ST_SSL_CLOSED)
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CLOSED)
|
||||
res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl);
|
||||
lua_pushboolean(L, res);
|
||||
return 1;
|
||||
@ -323,8 +429,10 @@ static int meth_dirty(lua_State *L)
|
||||
*/
|
||||
static int meth_want(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
|
||||
int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl);
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
int code = (ssl->state == LSEC_STATE_CLOSED)
|
||||
? SSL_NOTHING
|
||||
: SSL_want(ssl->ssl);
|
||||
switch(code) {
|
||||
case SSL_NOTHING: lua_pushstring(L, "nothing"); break;
|
||||
case SSL_READING: lua_pushstring(L, "read"); break;
|
||||
@ -333,72 +441,462 @@ static int meth_want(lua_State *L)
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return a pointer to SSL structure.
|
||||
* Return the compression method used.
|
||||
*/
|
||||
static int meth_rawconn(lua_State *L)
|
||||
static int meth_compression(lua_State *L)
|
||||
{
|
||||
#ifdef OPENSSL_NO_COMP
|
||||
const void *comp;
|
||||
#else
|
||||
const COMP_METHOD *comp;
|
||||
#endif
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "closed");
|
||||
return 2;
|
||||
}
|
||||
comp = SSL_get_current_compression(ssl->ssl);
|
||||
if (comp)
|
||||
lua_pushstring(L, SSL_COMP_get_name(comp));
|
||||
else
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the nth certificate of the peer's chain.
|
||||
*/
|
||||
static int meth_getpeercertificate(lua_State *L)
|
||||
{
|
||||
int n;
|
||||
X509 *cert;
|
||||
STACK_OF(X509) *certs;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "closed");
|
||||
return 2;
|
||||
}
|
||||
/* Default to the first cert */
|
||||
n = (int)luaL_optinteger(L, 2, 1);
|
||||
/* This function is 1-based, but OpenSSL is 0-based */
|
||||
--n;
|
||||
if (n < 0) {
|
||||
lua_pushnil(L);
|
||||
lua_pushliteral(L, "invalid certificate index");
|
||||
return 2;
|
||||
}
|
||||
if (n == 0) {
|
||||
cert = SSL_get_peer_certificate(ssl->ssl);
|
||||
if (cert)
|
||||
lsec_pushx509(L, cert);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
/* In a server-context, the stack doesn't contain the peer cert,
|
||||
* so adjust accordingly.
|
||||
*/
|
||||
if (SSL_is_server(ssl->ssl))
|
||||
--n;
|
||||
certs = SSL_get_peer_cert_chain(ssl->ssl);
|
||||
if (n >= sk_X509_num(certs)) {
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
cert = sk_X509_value(certs, n);
|
||||
/* Increment the reference counting of the object. */
|
||||
/* See SSL_get_peer_certificate() source code. */
|
||||
X509_up_ref(cert);
|
||||
lsec_pushx509(L, cert);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the chain of certificate of the peer.
|
||||
*/
|
||||
static int meth_getpeerchain(lua_State *L)
|
||||
{
|
||||
int i;
|
||||
int idx = 1;
|
||||
int n_certs;
|
||||
X509 *cert;
|
||||
STACK_OF(X509) *certs;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "closed");
|
||||
return 2;
|
||||
}
|
||||
lua_newtable(L);
|
||||
if (SSL_is_server(ssl->ssl)) {
|
||||
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
|
||||
lua_rawseti(L, -2, idx++);
|
||||
}
|
||||
certs = SSL_get_peer_cert_chain(ssl->ssl);
|
||||
n_certs = sk_X509_num(certs);
|
||||
for (i = 0; i < n_certs; i++) {
|
||||
cert = sk_X509_value(certs, i);
|
||||
/* Increment the reference counting of the object. */
|
||||
/* See SSL_get_peer_certificate() source code. */
|
||||
X509_up_ref(cert);
|
||||
lsec_pushx509(L, cert);
|
||||
lua_rawseti(L, -2, idx++);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Copy the table src to the table dst.
|
||||
*/
|
||||
static void copy_error_table(lua_State *L, int src, int dst)
|
||||
{
|
||||
lua_pushnil(L);
|
||||
while (lua_next(L, src) != 0) {
|
||||
if (lua_istable(L, -1)) {
|
||||
/* Replace the table with its copy */
|
||||
lua_newtable(L);
|
||||
copy_error_table(L, dst+2, dst+3);
|
||||
lua_remove(L, dst+2);
|
||||
}
|
||||
lua_pushvalue(L, -2);
|
||||
lua_pushvalue(L, -2);
|
||||
lua_rawset(L, dst);
|
||||
/* Remove the value and leave the key */
|
||||
lua_pop(L, 1);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the verification state of the peer chain.
|
||||
*/
|
||||
static int meth_getpeerverification(lua_State *L)
|
||||
{
|
||||
long err;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushstring(L, "closed");
|
||||
return 2;
|
||||
}
|
||||
err = SSL_get_verify_result(ssl->ssl);
|
||||
if (err == X509_V_OK) {
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
}
|
||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||
lua_gettable(L, -2);
|
||||
if (lua_isnil(L, -1))
|
||||
lua_pushstring(L, X509_verify_cert_error_string(err));
|
||||
else {
|
||||
/* Copy the table of errors to avoid modifications */
|
||||
lua_newtable(L);
|
||||
copy_error_table(L, lua_gettop(L)-1, lua_gettop(L));
|
||||
}
|
||||
lua_pushboolean(L, 0);
|
||||
lua_pushvalue(L, -2);
|
||||
return 2;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the latest "Finished" message sent out.
|
||||
*/
|
||||
static int meth_getfinished(lua_State *L)
|
||||
{
|
||||
size_t len = 0;
|
||||
char *buffer = NULL;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "closed");
|
||||
return 2;
|
||||
}
|
||||
if ((len = SSL_get_finished(ssl->ssl, NULL, 0)) == 0)
|
||||
return 0;
|
||||
buffer = (char*)malloc(len);
|
||||
if (!buffer) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "out of memory");
|
||||
return 2;
|
||||
}
|
||||
SSL_get_finished(ssl->ssl, buffer, len);
|
||||
lua_pushlstring(L, buffer, len);
|
||||
free(buffer);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the latest "Finished" message received.
|
||||
*/
|
||||
static int meth_getpeerfinished(lua_State *L)
|
||||
{
|
||||
size_t len = 0;
|
||||
char *buffer = NULL;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
if (ssl->state != LSEC_STATE_CONNECTED) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "closed");
|
||||
return 0;
|
||||
}
|
||||
if ((len = SSL_get_peer_finished(ssl->ssl, NULL, 0)) == 0)
|
||||
return 0;
|
||||
buffer = (char*)malloc(len);
|
||||
if (!buffer) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "out of memory");
|
||||
return 2;
|
||||
}
|
||||
SSL_get_peer_finished(ssl->ssl, buffer, len);
|
||||
lua_pushlstring(L, buffer, len);
|
||||
free(buffer);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Object information -- tostring metamethod
|
||||
*/
|
||||
static int meth_tostring(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||
lua_pushfstring(L, "SSL connection: %p%s", ssl,
|
||||
ssl->state == LSEC_STATE_CLOSED ? " (closed)" : "");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a method in the SSL metatable.
|
||||
*/
|
||||
static int meth_setmethod(lua_State *L)
|
||||
{
|
||||
luaL_getmetatable(L, "SSL:Connection");
|
||||
lua_pushstring(L, "__index");
|
||||
lua_gettable(L, -2);
|
||||
lua_pushvalue(L, 1);
|
||||
lua_pushvalue(L, 2);
|
||||
lua_settable(L, -3);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return information about the connection.
|
||||
*/
|
||||
static int meth_info(lua_State *L)
|
||||
{
|
||||
int bits = 0;
|
||||
int algbits = 0;
|
||||
char buf[256] = {0};
|
||||
const SSL_CIPHER *cipher;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
cipher = SSL_get_current_cipher(ssl->ssl);
|
||||
if (!cipher)
|
||||
return 0;
|
||||
SSL_CIPHER_description(cipher, buf, sizeof(buf));
|
||||
bits = SSL_CIPHER_get_bits(cipher, &algbits);
|
||||
lua_pushstring(L, buf);
|
||||
lua_pushnumber(L, bits);
|
||||
lua_pushnumber(L, algbits);
|
||||
lua_pushstring(L, SSL_get_version(ssl->ssl));
|
||||
return 4;
|
||||
}
|
||||
|
||||
static int sni_cb(SSL *ssl, int *ad, void *arg)
|
||||
{
|
||||
int strict;
|
||||
SSL_CTX *newctx = NULL;
|
||||
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
|
||||
lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
|
||||
const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
||||
/* No name, use default context */
|
||||
if (!name)
|
||||
return SSL_TLSEXT_ERR_NOACK;
|
||||
/* Retrieve struct from registry */
|
||||
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl);
|
||||
lua_gettable(L, -2);
|
||||
/* Strict search? */
|
||||
lua_pushstring(L, "strict");
|
||||
lua_gettable(L, -2);
|
||||
strict = lua_toboolean(L, -1);
|
||||
lua_pop(L, 1);
|
||||
/* Search for the name in the map */
|
||||
lua_pushstring(L, "map");
|
||||
lua_gettable(L, -2);
|
||||
lua_pushstring(L, name);
|
||||
lua_gettable(L, -2);
|
||||
if (lua_isuserdata(L, -1))
|
||||
newctx = lsec_checkcontext(L, -1);
|
||||
lua_pop(L, 4);
|
||||
/* Found, use this context */
|
||||
if (newctx) {
|
||||
SSL_set_SSL_CTX(ssl, newctx);
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
/* Not found, but use initial context */
|
||||
if (!strict)
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||
}
|
||||
|
||||
static int meth_sni(lua_State *L)
|
||||
{
|
||||
int strict;
|
||||
SSL_CTX *aux;
|
||||
const char *name;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
|
||||
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||
if (pctx->mode == LSEC_MODE_CLIENT) {
|
||||
name = luaL_checkstring(L, 2);
|
||||
SSL_set_tlsext_host_name(ssl->ssl, name);
|
||||
return 0;
|
||||
} else if (pctx->mode == LSEC_MODE_SERVER) {
|
||||
luaL_checktype(L, 2, LUA_TTABLE);
|
||||
strict = lua_toboolean(L, 3);
|
||||
/* Check if the table contains only (string -> context) */
|
||||
lua_pushnil(L);
|
||||
while (lua_next(L, 2)) {
|
||||
luaL_checkstring(L, -2);
|
||||
aux = lsec_checkcontext(L, -1);
|
||||
/* Set callback in every context */
|
||||
SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
|
||||
/* leave the next key on the stack */
|
||||
lua_pop(L, 1);
|
||||
}
|
||||
/* Save table in the register */
|
||||
luaL_getmetatable(L, "SSL:SNI:Registry");
|
||||
lua_pushlightuserdata(L, (void*)ssl->ssl);
|
||||
lua_newtable(L);
|
||||
lua_pushstring(L, "map");
|
||||
lua_pushvalue(L, 2);
|
||||
lua_settable(L, -3);
|
||||
lua_pushstring(L, "strict");
|
||||
lua_pushboolean(L, strict);
|
||||
lua_settable(L, -3);
|
||||
lua_settable(L, -3);
|
||||
/* Set callback in the default context */
|
||||
SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int meth_getsniname(lua_State *L)
|
||||
{
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
const char *name = SSL_get_servername(ssl->ssl, TLSEXT_NAMETYPE_host_name);
|
||||
if (name)
|
||||
lua_pushstring(L, name);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int meth_copyright(lua_State *L)
|
||||
{
|
||||
lua_pushstring(L, "LuaSec 0.7.2 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
|
||||
#if defined(WITH_LUASOCKET)
|
||||
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
|
||||
#endif
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
* SSL methods
|
||||
*/
|
||||
static luaL_Reg methods[] = {
|
||||
{"close", meth_close},
|
||||
{"getfd", meth_getfd},
|
||||
{"getfinished", meth_getfinished},
|
||||
{"getpeercertificate", meth_getpeercertificate},
|
||||
{"getpeerchain", meth_getpeerchain},
|
||||
{"getpeerverification", meth_getpeerverification},
|
||||
{"getpeerfinished", meth_getpeerfinished},
|
||||
{"getsniname", meth_getsniname},
|
||||
{"getstats", meth_getstats},
|
||||
{"setstats", meth_setstats},
|
||||
{"dirty", meth_dirty},
|
||||
{"dohandshake", meth_handshake},
|
||||
{"receive", meth_receive},
|
||||
{"send", meth_send},
|
||||
{"settimeout", meth_settimeout},
|
||||
{"sni", meth_sni},
|
||||
{"want", meth_want},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* SSL metamethods
|
||||
* SSL metamethods.
|
||||
*/
|
||||
static luaL_Reg meta[] = {
|
||||
{"close", meth_close},
|
||||
{"getfd", meth_getfd},
|
||||
{"dirty", meth_dirty},
|
||||
{"dohandshake", meth_handshake},
|
||||
{"receive", meth_receive},
|
||||
{"send", meth_send},
|
||||
{"settimeout", meth_settimeout},
|
||||
{"want", meth_want},
|
||||
{"__gc", meth_destroy},
|
||||
{"__tostring", meth_tostring},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* SSL functions.
|
||||
*/
|
||||
static luaL_Reg funcs[] = {
|
||||
{"compression", meth_compression},
|
||||
{"create", meth_create},
|
||||
{"info", meth_info},
|
||||
{"setfd", meth_setfd},
|
||||
{"setmethod", meth_setmethod},
|
||||
{"copyright", meth_copyright},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* SSL functions
|
||||
* Initialize modules.
|
||||
*/
|
||||
static luaL_Reg funcs[] = {
|
||||
{"create", meth_create},
|
||||
{"setfd", meth_setfd},
|
||||
{"rawconnection", meth_rawconn},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* Initialize modules
|
||||
*/
|
||||
LUASEC_API int luaopen_ssl_core(lua_State *L)
|
||||
LSEC_API int luaopen_ssl_core(lua_State *L)
|
||||
{
|
||||
/* Initialize SSL */
|
||||
if (!SSL_library_init()) {
|
||||
lua_pushstring(L, "unable to initialize SSL library");
|
||||
lua_error(L);
|
||||
}
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_load_error_strings();
|
||||
|
||||
#if defined(WITH_LUASOCKET)
|
||||
/* Initialize internal library */
|
||||
socket_open();
|
||||
|
||||
/* Registre the functions and tables */
|
||||
luaL_newmetatable(L, "SSL:Connection");
|
||||
lua_newtable(L);
|
||||
luaL_register(L, NULL, meta);
|
||||
lua_setfield(L, -2, "__index");
|
||||
lua_pushcfunction(L, meth_destroy);
|
||||
lua_setfield(L, -2, "__gc");
|
||||
#endif
|
||||
|
||||
luaL_register(L, "ssl.core", funcs);
|
||||
luaL_newmetatable(L, "SSL:SNI:Registry");
|
||||
|
||||
/* Register the functions and tables */
|
||||
luaL_newmetatable(L, "SSL:Connection");
|
||||
setfuncs(L, meta);
|
||||
|
||||
luaL_newlib(L, methods);
|
||||
lua_setfield(L, -2, "__index");
|
||||
|
||||
luaL_newlib(L, funcs);
|
||||
|
||||
lua_pushstring(L, "SOCKET_INVALID");
|
||||
lua_pushnumber(L, SOCKET_INVALID);
|
||||
lua_setfield(L, -2, "invalidfd");
|
||||
lua_rawset(L, -3);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
|
||||
/* Empty implementation to allow building with LuaRocks and MS compilers */
|
||||
LSEC_API int luaopen_ssl(lua_State *L) {
|
||||
lua_pushstring(L, "you should not call this function");
|
||||
lua_error(L);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
33
src/ssl.h
33
src/ssl.h
@ -1,26 +1,29 @@
|
||||
#ifndef __SSL_H__
|
||||
#define __SSL_H__
|
||||
#ifndef LSEC_SSL_H
|
||||
#define LSEC_SSL_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.3
|
||||
* Copyright (C) 2006-2008 Bruno Silvestre
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <lua.h>
|
||||
|
||||
#include "io.h"
|
||||
#include "buffer.h"
|
||||
#include "timeout.h"
|
||||
#include <luasocket/io.h>
|
||||
#include <luasocket/buffer.h>
|
||||
#include <luasocket/timeout.h>
|
||||
#include <luasocket/socket.h>
|
||||
|
||||
#ifndef LUASEC_API
|
||||
#define LUASEC_API extern
|
||||
#endif
|
||||
#include "compat.h"
|
||||
#include "context.h"
|
||||
|
||||
#define ST_SSL_NEW 1
|
||||
#define ST_SSL_CONNECTED 2
|
||||
#define ST_SSL_CLOSED 3
|
||||
#define LSEC_STATE_NEW 1
|
||||
#define LSEC_STATE_CONNECTED 2
|
||||
#define LSEC_STATE_CLOSED 3
|
||||
|
||||
#define LSEC_IO_SSL -100
|
||||
|
||||
typedef struct t_ssl_ {
|
||||
t_socket sock;
|
||||
@ -28,11 +31,11 @@ typedef struct t_ssl_ {
|
||||
t_buffer buf;
|
||||
t_timeout tm;
|
||||
SSL *ssl;
|
||||
char state;
|
||||
int state;
|
||||
int error;
|
||||
} t_ssl;
|
||||
typedef t_ssl* p_ssl;
|
||||
|
||||
LUASEC_API int luaopen_ssl_core(lua_State *L);
|
||||
LSEC_API int luaopen_ssl_core(lua_State *L);
|
||||
|
||||
#endif
|
||||
|
133
src/ssl.lua
133
src/ssl.lua
@ -1,22 +1,20 @@
|
||||
------------------------------------------------------------------------------
|
||||
-- LuaSec 0.3
|
||||
-- Copyright (C) 2006-2008 Bruno Silvestre
|
||||
-- LuaSec 0.7.2
|
||||
--
|
||||
-- Copyright (C) 2006-2019 Bruno Silvestre
|
||||
--
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
module("ssl", package.seeall)
|
||||
local core = require("ssl.core")
|
||||
local context = require("ssl.context")
|
||||
local x509 = require("ssl.x509")
|
||||
local config = require("ssl.config")
|
||||
|
||||
require("ssl.core")
|
||||
require("ssl.context")
|
||||
local unpack = table.unpack or unpack
|
||||
|
||||
|
||||
_VERSION = "0.3"
|
||||
_COPYRIGHT = "LuaSec 0.3 - Copyright (C) 2006-2008 Bruno Silvestre\n" ..
|
||||
"LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
|
||||
|
||||
-- Export functions
|
||||
rawconnection = core.rawconnection
|
||||
rawcontext = context.rawcontext
|
||||
-- We must prevent the contexts to be collected before the connections,
|
||||
-- otherwise the C registry will be cleared.
|
||||
local registry = setmetatable({}, {__mode="k"})
|
||||
|
||||
--
|
||||
--
|
||||
@ -35,7 +33,7 @@ end
|
||||
--
|
||||
--
|
||||
--
|
||||
function newcontext(cfg)
|
||||
local function newcontext(cfg)
|
||||
local succ, msg, ctx
|
||||
-- Create the context
|
||||
ctx, msg = context.create(cfg.protocol)
|
||||
@ -45,19 +43,34 @@ function newcontext(cfg)
|
||||
if not succ then return nil, msg end
|
||||
-- Load the key
|
||||
if cfg.key then
|
||||
if cfg.password and
|
||||
type(cfg.password) ~= "function" and
|
||||
type(cfg.password) ~= "string"
|
||||
then
|
||||
return nil, "invalid password type"
|
||||
end
|
||||
succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
-- Load the certificate
|
||||
if cfg.certificate then
|
||||
succ, msg = context.loadcert(ctx, cfg.certificate)
|
||||
if not succ then return nil, msg end
|
||||
succ, msg = context.loadcert(ctx, cfg.certificate)
|
||||
if not succ then return nil, msg end
|
||||
if cfg.key and context.checkkey then
|
||||
succ = context.checkkey(ctx)
|
||||
if not succ then return nil, "private key does not match public key" end
|
||||
end
|
||||
end
|
||||
-- Load the CA certificates
|
||||
if cfg.cafile or cfg.capath then
|
||||
succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
-- Set SSL ciphers
|
||||
if cfg.ciphers then
|
||||
succ, msg = context.setcipher(ctx, cfg.ciphers)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
-- Set the verification options
|
||||
succ, msg = optexec(context.setverify, cfg.verify, ctx)
|
||||
if not succ then return nil, msg end
|
||||
@ -69,13 +82,44 @@ function newcontext(cfg)
|
||||
succ, msg = context.setdepth(ctx, cfg.depth)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
|
||||
-- NOTE: Setting DH parameters and elliptic curves needs to come after
|
||||
-- setoptions(), in case the user has specified the single_{dh,ecdh}_use
|
||||
-- options.
|
||||
|
||||
-- Set DH parameters
|
||||
if cfg.dhparam then
|
||||
if type(cfg.dhparam) ~= "function" then
|
||||
return nil, "invalid DH parameter type"
|
||||
end
|
||||
context.setdhparam(ctx, cfg.dhparam)
|
||||
end
|
||||
|
||||
-- Set elliptic curves
|
||||
if (not config.algorithms.ec) and (cfg.curve or cfg.curveslist) then
|
||||
return false, "elliptic curves not supported"
|
||||
end
|
||||
if config.capabilities.curves_list and cfg.curveslist then
|
||||
succ, msg = context.setcurveslist(ctx, cfg.curveslist)
|
||||
if not succ then return nil, msg end
|
||||
elseif cfg.curve then
|
||||
succ, msg = context.setcurve(ctx, cfg.curve)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
|
||||
-- Set extra verification options
|
||||
if cfg.verifyext and ctx.setverifyext then
|
||||
succ, msg = optexec(ctx.setverifyext, cfg.verifyext, ctx)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
|
||||
return ctx
|
||||
end
|
||||
|
||||
--
|
||||
--
|
||||
--
|
||||
function wrap(sock, cfg)
|
||||
local function wrap(sock, cfg)
|
||||
local ctx, msg
|
||||
if type(cfg) == "table" then
|
||||
ctx, msg = newcontext(cfg)
|
||||
@ -86,8 +130,61 @@ function wrap(sock, cfg)
|
||||
local s, msg = core.create(ctx)
|
||||
if s then
|
||||
core.setfd(s, sock:getfd())
|
||||
sock:setfd(core.invalidfd)
|
||||
sock:setfd(core.SOCKET_INVALID)
|
||||
registry[s] = ctx
|
||||
return s
|
||||
end
|
||||
return nil, msg
|
||||
end
|
||||
|
||||
--
|
||||
-- Extract connection information.
|
||||
--
|
||||
local function info(ssl, field)
|
||||
local str, comp, err, protocol
|
||||
comp, err = core.compression(ssl)
|
||||
if err then
|
||||
return comp, err
|
||||
end
|
||||
-- Avoid parser
|
||||
if field == "compression" then
|
||||
return comp
|
||||
end
|
||||
local info = {compression = comp}
|
||||
str, info.bits, info.algbits, protocol = core.info(ssl)
|
||||
if str then
|
||||
info.cipher, info.protocol, info.key,
|
||||
info.authentication, info.encryption, info.mac =
|
||||
string.match(str,
|
||||
"^(%S+)%s+(%S+)%s+Kx=(%S+)%s+Au=(%S+)%s+Enc=(%S+)%s+Mac=(%S+)")
|
||||
info.export = (string.match(str, "%sexport%s*$") ~= nil)
|
||||
end
|
||||
if protocol then
|
||||
info.protocol = protocol
|
||||
end
|
||||
if field then
|
||||
return info[field]
|
||||
end
|
||||
-- Empty?
|
||||
return ( (next(info)) and info )
|
||||
end
|
||||
|
||||
--
|
||||
-- Set method for SSL connections.
|
||||
--
|
||||
core.setmethod("info", info)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
-- Export module
|
||||
--
|
||||
|
||||
local _M = {
|
||||
_VERSION = "0.7.2",
|
||||
_COPYRIGHT = core.copyright(),
|
||||
config = config,
|
||||
loadcertificate = x509.load,
|
||||
newcontext = newcontext,
|
||||
wrap = wrap,
|
||||
}
|
||||
|
||||
return _M
|
||||
|
137
src/usocket.c
137
src/usocket.c
@ -1,137 +0,0 @@
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Socket compatibilization module for Unix
|
||||
*
|
||||
* The code is now interrupt-safe.
|
||||
* The penalty of calling select to avoid busy-wait is only paid when
|
||||
* the I/O call fail in the first place.
|
||||
*
|
||||
* RCS ID: $Id: usocket.c,v 1.38 2007/10/13 23:55:20 diego Exp $
|
||||
\*=========================================================================*/
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/socket.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#include "socket.h"
|
||||
#include "usocket.h"
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Wait for readable/writable/connected socket with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
#ifdef SOCKET_POLL
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
struct pollfd pfd;
|
||||
pfd.fd = *ps;
|
||||
pfd.events = sw;
|
||||
pfd.revents = 0;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
do {
|
||||
int t = (int)(timeout_getretry(tm)*1e3);
|
||||
ret = poll(&pfd, 1, t >= 0? t: -1);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
if (ret == -1) return errno;
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
#else
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
fd_set rfds, wfds, *rp, *wp;
|
||||
struct timeval tv, *tp;
|
||||
double t;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
do {
|
||||
/* must set bits within loop, because select may have modifed them */
|
||||
rp = wp = NULL;
|
||||
if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
|
||||
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
|
||||
t = timeout_getretry(tm);
|
||||
tp = NULL;
|
||||
if (t >= 0.0) {
|
||||
tv.tv_sec = (int)t;
|
||||
tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
|
||||
tp = &tv;
|
||||
}
|
||||
ret = select(*ps+1, rp, wp, NULL, tp);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
if (ret == -1) return errno;
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_open(void) {
|
||||
/* instals a handler to ignore sigpipe or it will crash us */
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_close(void) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close and inutilize socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_destroy(p_socket ps) {
|
||||
if (*ps != SOCKET_INVALID) {
|
||||
socket_setblocking(ps);
|
||||
close(*ps);
|
||||
*ps = SOCKET_INVALID;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setblocking(p_socket ps) {
|
||||
int flags = fcntl(*ps, F_GETFL, 0);
|
||||
flags &= (~(O_NONBLOCK));
|
||||
fcntl(*ps, F_SETFL, flags);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into non-blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setnonblocking(p_socket ps) {
|
||||
int flags = fcntl(*ps, F_GETFL, 0);
|
||||
flags |= O_NONBLOCK;
|
||||
fcntl(*ps, F_SETFL, flags);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Error translation functions
|
||||
* Make sure important error messages are standard
|
||||
\*-------------------------------------------------------------------------*/
|
||||
const char *socket_strerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case EADDRINUSE: return "address already in use";
|
||||
case EISCONN: return "already connected";
|
||||
case EACCES: return "permission denied";
|
||||
case ECONNREFUSED: return "connection refused";
|
||||
case ECONNABORTED: return "closed";
|
||||
case ECONNRESET: return "closed";
|
||||
case EPIPE: return "closed";
|
||||
case ETIMEDOUT: return "timeout";
|
||||
default: return strerror(errno);
|
||||
}
|
||||
}
|
||||
|
@ -1,28 +0,0 @@
|
||||
#ifndef USOCKET_H
|
||||
#define USOCKET_H
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Socket compatibilization module for Unix
|
||||
*
|
||||
* RCS ID: $Id: usocket.h 6 2006-04-30 20:33:05Z brunoos $
|
||||
\*=========================================================================*/
|
||||
|
||||
#ifdef SOCKET_POLL
|
||||
#include <sys/poll.h>
|
||||
#define WAITFD_R POLLIN
|
||||
#define WAITFD_W POLLOUT
|
||||
#define WAITFD_C (POLLIN|POLLOUT)
|
||||
#else
|
||||
#define WAITFD_R 1
|
||||
#define WAITFD_W 2
|
||||
#define WAITFD_C (WAITFD_R|WAITFD_W)
|
||||
#endif
|
||||
|
||||
typedef int t_socket;
|
||||
typedef t_socket *p_socket;
|
||||
|
||||
#define SOCKET_INVALID (-1)
|
||||
|
||||
#endif /* USOCKET_H */
|
164
src/wsocket.c
164
src/wsocket.c
@ -1,164 +0,0 @@
|
||||
/*=========================================================================*\
|
||||
* LuaSocket 2.0.2
|
||||
* Copyright (C) 2004-2007 Diego Nehab
|
||||
*
|
||||
* Socket compatibilization module for Win32
|
||||
*
|
||||
* The penalty of calling select to avoid busy-wait is only paid when
|
||||
* the I/O call fail in the first place.
|
||||
*
|
||||
* RCS ID: $Id: wsocket.c,v 1.36 2007/06/11 23:44:54 diego Exp $
|
||||
\*=========================================================================*/
|
||||
#include <string.h>
|
||||
|
||||
#include "socket.h"
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Initializes module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_open(void) {
|
||||
WSADATA wsaData;
|
||||
WORD wVersionRequested = MAKEWORD(2, 0);
|
||||
int err = WSAStartup(wVersionRequested, &wsaData );
|
||||
if (err != 0) return 0;
|
||||
if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
|
||||
(LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
|
||||
WSACleanup();
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close module
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_close(void) {
|
||||
WSACleanup();
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Wait for readable/writable/connected socket with timeout
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
|
||||
int ret;
|
||||
fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
|
||||
struct timeval tv, *tp = NULL;
|
||||
double t;
|
||||
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
|
||||
if (sw & WAITFD_R) {
|
||||
FD_ZERO(&rfds);
|
||||
FD_SET(*ps, &rfds);
|
||||
rp = &rfds;
|
||||
}
|
||||
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
|
||||
if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
|
||||
if ((t = timeout_get(tm)) >= 0.0) {
|
||||
tv.tv_sec = (int) t;
|
||||
tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
|
||||
tp = &tv;
|
||||
}
|
||||
ret = select(0, rp, wp, ep, tp);
|
||||
if (ret == -1) return WSAGetLastError();
|
||||
if (ret == 0) return IO_TIMEOUT;
|
||||
if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
|
||||
return IO_DONE;
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Close and inutilize socket
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_destroy(p_socket ps) {
|
||||
if (*ps != SOCKET_INVALID) {
|
||||
socket_setblocking(ps); /* close can take a long time on WIN32 */
|
||||
closesocket(*ps);
|
||||
*ps = SOCKET_INVALID;
|
||||
}
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setblocking(p_socket ps) {
|
||||
u_long argp = 0;
|
||||
ioctlsocket(*ps, FIONBIO, &argp);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Put socket into non-blocking mode
|
||||
\*-------------------------------------------------------------------------*/
|
||||
void socket_setnonblocking(p_socket ps) {
|
||||
u_long argp = 1;
|
||||
ioctlsocket(*ps, FIONBIO, &argp);
|
||||
}
|
||||
|
||||
/*-------------------------------------------------------------------------*\
|
||||
* Error translation functions
|
||||
\*-------------------------------------------------------------------------*/
|
||||
|
||||
/* WinSock doesn't have a strerror... */
|
||||
static const char *wstrerror(int err) {
|
||||
switch (err) {
|
||||
case WSAEINTR: return "Interrupted function call";
|
||||
case WSAEACCES: return "Permission denied";
|
||||
case WSAEFAULT: return "Bad address";
|
||||
case WSAEINVAL: return "Invalid argument";
|
||||
case WSAEMFILE: return "Too many open files";
|
||||
case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
|
||||
case WSAEINPROGRESS: return "Operation now in progress";
|
||||
case WSAEALREADY: return "Operation already in progress";
|
||||
case WSAENOTSOCK: return "Socket operation on nonsocket";
|
||||
case WSAEDESTADDRREQ: return "Destination address required";
|
||||
case WSAEMSGSIZE: return "Message too long";
|
||||
case WSAEPROTOTYPE: return "Protocol wrong type for socket";
|
||||
case WSAENOPROTOOPT: return "Bad protocol option";
|
||||
case WSAEPROTONOSUPPORT: return "Protocol not supported";
|
||||
case WSAESOCKTNOSUPPORT: return "Socket type not supported";
|
||||
case WSAEOPNOTSUPP: return "Operation not supported";
|
||||
case WSAEPFNOSUPPORT: return "Protocol family not supported";
|
||||
case WSAEAFNOSUPPORT:
|
||||
return "Address family not supported by protocol family";
|
||||
case WSAEADDRINUSE: return "Address already in use";
|
||||
case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
|
||||
case WSAENETDOWN: return "Network is down";
|
||||
case WSAENETUNREACH: return "Network is unreachable";
|
||||
case WSAENETRESET: return "Network dropped connection on reset";
|
||||
case WSAECONNABORTED: return "Software caused connection abort";
|
||||
case WSAECONNRESET: return "Connection reset by peer";
|
||||
case WSAENOBUFS: return "No buffer space available";
|
||||
case WSAEISCONN: return "Socket is already connected";
|
||||
case WSAENOTCONN: return "Socket is not connected";
|
||||
case WSAESHUTDOWN: return "Cannot send after socket shutdown";
|
||||
case WSAETIMEDOUT: return "Connection timed out";
|
||||
case WSAECONNREFUSED: return "Connection refused";
|
||||
case WSAEHOSTDOWN: return "Host is down";
|
||||
case WSAEHOSTUNREACH: return "No route to host";
|
||||
case WSAEPROCLIM: return "Too many processes";
|
||||
case WSASYSNOTREADY: return "Network subsystem is unavailable";
|
||||
case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
|
||||
case WSANOTINITIALISED:
|
||||
return "Successful WSAStartup not yet performed";
|
||||
case WSAEDISCON: return "Graceful shutdown in progress";
|
||||
case WSAHOST_NOT_FOUND: return "Host not found";
|
||||
case WSATRY_AGAIN: return "Nonauthoritative host not found";
|
||||
case WSANO_RECOVERY: return "Nonrecoverable name lookup error";
|
||||
case WSANO_DATA: return "Valid name, no data record of requested type";
|
||||
default: return "Unknown error";
|
||||
}
|
||||
}
|
||||
|
||||
const char *socket_strerror(int err) {
|
||||
if (err <= 0) return io_strerror(err);
|
||||
switch (err) {
|
||||
case ERROR_FILE_NOT_FOUND: return "closed";
|
||||
case WSAEADDRINUSE: return "address already in use";
|
||||
case WSAECONNREFUSED: return "connection refused";
|
||||
case WSAEISCONN: return "already connected";
|
||||
case WSAEACCES: return "permission denied";
|
||||
case WSAECONNABORTED: return "closed";
|
||||
case WSAECONNRESET: return "closed";
|
||||
case WSAETIMEDOUT: return "timeout";
|
||||
default: return wstrerror(err);
|
||||
}
|
||||
}
|
||||
|
727
src/x509.c
Normal file
727
src/x509.c
Normal file
@ -0,0 +1,727 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Matthew Wild, Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(WIN32)
|
||||
#include <ws2tcpip.h>
|
||||
#include <windows.h>
|
||||
#else
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
|
||||
#include "x509.h"
|
||||
|
||||
|
||||
/*
|
||||
* ASN1_STRING_data is deprecated in OpenSSL 1.1.0
|
||||
*/
|
||||
#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
|
||||
#else
|
||||
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
|
||||
#endif
|
||||
|
||||
|
||||
static const char* hex_tab = "0123456789abcdef";
|
||||
|
||||
/**
|
||||
* Push the certificate on the stack.
|
||||
*/
|
||||
void lsec_pushx509(lua_State* L, X509 *cert)
|
||||
{
|
||||
p_x509 cert_obj = (p_x509)lua_newuserdata(L, sizeof(t_x509));
|
||||
cert_obj->cert = cert;
|
||||
cert_obj->encode = LSEC_AI5_STRING;
|
||||
luaL_getmetatable(L, "SSL:Certificate");
|
||||
lua_setmetatable(L, -2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the OpenSSL certificate X509.
|
||||
*/
|
||||
X509* lsec_checkx509(lua_State* L, int idx)
|
||||
{
|
||||
return ((p_x509)luaL_checkudata(L, idx, "SSL:Certificate"))->cert;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return LuaSec certificate X509 representation.
|
||||
*/
|
||||
p_x509 lsec_checkp_x509(lua_State* L, int idx)
|
||||
{
|
||||
return (p_x509)luaL_checkudata(L, idx, "SSL:Certificate");
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
#if defined(LUASEC_INET_NTOP)
|
||||
/*
|
||||
* For WinXP (SP3), set the following preprocessor macros:
|
||||
* LUASEC_INET_NTOP
|
||||
* WINVER=0x0501
|
||||
* _WIN32_WINNT=0x0501
|
||||
* NTDDI_VERSION=0x05010300
|
||||
*
|
||||
* For IPv6 addresses, you need to add IPv6 Protocol to your interface.
|
||||
*
|
||||
*/
|
||||
static const char *inet_ntop(int af, const char *src, char *dst, socklen_t size)
|
||||
{
|
||||
int addrsize;
|
||||
struct sockaddr *addr;
|
||||
struct sockaddr_in addr4;
|
||||
struct sockaddr_in6 addr6;
|
||||
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
memset((void*)&addr4, 0, sizeof(addr4));
|
||||
addr4.sin_family = AF_INET;
|
||||
memcpy((void*)&addr4.sin_addr, src, sizeof(struct in_addr));
|
||||
addr = (struct sockaddr*)&addr4;
|
||||
addrsize = sizeof(struct sockaddr_in);
|
||||
break;
|
||||
case AF_INET6:
|
||||
memset((void*)&addr6, 0, sizeof(addr6));
|
||||
addr6.sin6_family = AF_INET6;
|
||||
memcpy((void*)&addr6.sin6_addr, src, sizeof(struct in6_addr));
|
||||
addr = (struct sockaddr*)&addr6;
|
||||
addrsize = sizeof(struct sockaddr_in6);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(getnameinfo(addr, addrsize, dst, size, NULL, 0, NI_NUMERICHOST) != 0)
|
||||
return NULL;
|
||||
return dst;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
* Convert the buffer 'in' to hexadecimal.
|
||||
*/
|
||||
static void to_hex(const char* in, int length, char* out)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < length; i++) {
|
||||
out[i*2] = hex_tab[(in[i] >> 4) & 0xF];
|
||||
out[i*2+1] = hex_tab[(in[i]) & 0xF];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts the ASN1_OBJECT into a textual representation and put it
|
||||
* on the Lua stack.
|
||||
*/
|
||||
static void push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name)
|
||||
{
|
||||
char buffer[256];
|
||||
int len = OBJ_obj2txt(buffer, sizeof(buffer), object, no_name);
|
||||
len = (len < sizeof(buffer)) ? len : sizeof(buffer);
|
||||
lua_pushlstring(L, buffer, len);
|
||||
}
|
||||
|
||||
/**
|
||||
* Push the ASN1 string on the stack.
|
||||
*/
|
||||
static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
|
||||
{
|
||||
int len;
|
||||
unsigned char *data;
|
||||
if (!string) {
|
||||
lua_pushnil(L);
|
||||
return;
|
||||
}
|
||||
switch (encode) {
|
||||
case LSEC_AI5_STRING:
|
||||
lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
|
||||
ASN1_STRING_length(string));
|
||||
break;
|
||||
case LSEC_UTF8_STRING:
|
||||
len = ASN1_STRING_to_UTF8(&data, string);
|
||||
if (len >= 0) {
|
||||
lua_pushlstring(L, (char*)data, len);
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
else
|
||||
lua_pushnil(L);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a human readable time.
|
||||
*/
|
||||
static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
|
||||
{
|
||||
char *tmp;
|
||||
long size;
|
||||
BIO *out = BIO_new(BIO_s_mem());
|
||||
ASN1_TIME_print(out, tm);
|
||||
size = BIO_get_mem_data(out, &tmp);
|
||||
lua_pushlstring(L, tmp, size);
|
||||
BIO_free(out);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a human readable IP address.
|
||||
*/
|
||||
static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
|
||||
{
|
||||
int af;
|
||||
char dst[INET6_ADDRSTRLEN];
|
||||
unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
|
||||
switch(ASN1_STRING_length(string)) {
|
||||
case 4:
|
||||
af = AF_INET;
|
||||
break;
|
||||
case 16:
|
||||
af = AF_INET6;
|
||||
break;
|
||||
default:
|
||||
lua_pushnil(L);
|
||||
return;
|
||||
}
|
||||
if(inet_ntop(af, ip, dst, INET6_ADDRSTRLEN))
|
||||
lua_pushstring(L, dst);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
static int push_subtable(lua_State* L, int idx)
|
||||
{
|
||||
lua_pushvalue(L, -1);
|
||||
lua_gettable(L, idx-1);
|
||||
if (lua_isnil(L, -1)) {
|
||||
lua_pop(L, 1);
|
||||
lua_newtable(L);
|
||||
lua_pushvalue(L, -2);
|
||||
lua_pushvalue(L, -2);
|
||||
lua_settable(L, idx-3);
|
||||
lua_replace(L, -2); /* Replace key with table */
|
||||
return 1;
|
||||
}
|
||||
lua_replace(L, -2); /* Replace key with table */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the general names from the object.
|
||||
*/
|
||||
static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
|
||||
{
|
||||
int i;
|
||||
int n_entries;
|
||||
ASN1_OBJECT *object;
|
||||
X509_NAME_ENTRY *entry;
|
||||
lua_newtable(L);
|
||||
n_entries = X509_NAME_entry_count(name);
|
||||
for (i = 0; i < n_entries; i++) {
|
||||
entry = X509_NAME_get_entry(name, i);
|
||||
object = X509_NAME_ENTRY_get_object(entry);
|
||||
lua_newtable(L);
|
||||
push_asn1_objname(L, object, 1);
|
||||
lua_setfield(L, -2, "oid");
|
||||
push_asn1_objname(L, object, 0);
|
||||
lua_setfield(L, -2, "name");
|
||||
push_asn1_string(L, X509_NAME_ENTRY_get_data(entry), encode);
|
||||
lua_setfield(L, -2, "value");
|
||||
lua_rawseti(L, -2, i+1);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
* Retrieve the Subject from the certificate.
|
||||
*/
|
||||
static int meth_subject(lua_State* L)
|
||||
{
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
return push_x509_name(L, X509_get_subject_name(px->cert), px->encode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the Issuer from the certificate.
|
||||
*/
|
||||
static int meth_issuer(lua_State* L)
|
||||
{
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
return push_x509_name(L, X509_get_issuer_name(px->cert), px->encode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the extensions from the certificate.
|
||||
*/
|
||||
int meth_extensions(lua_State* L)
|
||||
{
|
||||
int j;
|
||||
int i = -1;
|
||||
int n_general_names;
|
||||
OTHERNAME *otherName;
|
||||
X509_EXTENSION *extension;
|
||||
GENERAL_NAME *general_name;
|
||||
STACK_OF(GENERAL_NAME) *values;
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
X509 *peer = px->cert;
|
||||
|
||||
/* Return (ret) */
|
||||
lua_newtable(L);
|
||||
|
||||
while ((i = X509_get_ext_by_NID(peer, NID_subject_alt_name, i)) != -1) {
|
||||
extension = X509_get_ext(peer, i);
|
||||
if (extension == NULL)
|
||||
break;
|
||||
values = X509V3_EXT_d2i(extension);
|
||||
if (values == NULL)
|
||||
break;
|
||||
|
||||
/* Push ret[oid] */
|
||||
push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
|
||||
push_subtable(L, -2);
|
||||
|
||||
/* Set ret[oid].name = name */
|
||||
push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
|
||||
lua_setfield(L, -2, "name");
|
||||
|
||||
n_general_names = sk_GENERAL_NAME_num(values);
|
||||
for (j = 0; j < n_general_names; j++) {
|
||||
general_name = sk_GENERAL_NAME_value(values, j);
|
||||
switch (general_name->type) {
|
||||
case GEN_OTHERNAME:
|
||||
otherName = general_name->d.otherName;
|
||||
push_asn1_objname(L, otherName->type_id, 1);
|
||||
if (push_subtable(L, -2)) {
|
||||
push_asn1_objname(L, otherName->type_id, 0);
|
||||
lua_setfield(L, -2, "name");
|
||||
}
|
||||
push_asn1_string(L, otherName->value->value.asn1_string, px->encode);
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
|
||||
lua_pop(L, 1);
|
||||
break;
|
||||
case GEN_DNS:
|
||||
lua_pushstring(L, "dNSName");
|
||||
push_subtable(L, -2);
|
||||
push_asn1_string(L, general_name->d.dNSName, px->encode);
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
|
||||
lua_pop(L, 1);
|
||||
break;
|
||||
case GEN_EMAIL:
|
||||
lua_pushstring(L, "rfc822Name");
|
||||
push_subtable(L, -2);
|
||||
push_asn1_string(L, general_name->d.rfc822Name, px->encode);
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
|
||||
lua_pop(L, 1);
|
||||
break;
|
||||
case GEN_URI:
|
||||
lua_pushstring(L, "uniformResourceIdentifier");
|
||||
push_subtable(L, -2);
|
||||
push_asn1_string(L, general_name->d.uniformResourceIdentifier, px->encode);
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
|
||||
lua_pop(L, 1);
|
||||
break;
|
||||
case GEN_IPADD:
|
||||
lua_pushstring(L, "iPAddress");
|
||||
push_subtable(L, -2);
|
||||
push_asn1_ip(L, general_name->d.iPAddress);
|
||||
lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
|
||||
lua_pop(L, 1);
|
||||
break;
|
||||
case GEN_X400:
|
||||
/* x400Address */
|
||||
/* not supported */
|
||||
break;
|
||||
case GEN_DIRNAME:
|
||||
/* directoryName */
|
||||
/* not supported */
|
||||
break;
|
||||
case GEN_EDIPARTY:
|
||||
/* ediPartyName */
|
||||
/* not supported */
|
||||
break;
|
||||
case GEN_RID:
|
||||
/* registeredID */
|
||||
/* not supported */
|
||||
break;
|
||||
}
|
||||
GENERAL_NAME_free(general_name);
|
||||
}
|
||||
sk_GENERAL_NAME_free(values);
|
||||
lua_pop(L, 1); /* ret[oid] */
|
||||
i++; /* Next extension */
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert the certificate to PEM format.
|
||||
*/
|
||||
static int meth_pem(lua_State* L)
|
||||
{
|
||||
char* data;
|
||||
long bytes;
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
if (!PEM_write_bio_X509(bio, cert)) {
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
bytes = BIO_get_mem_data(bio, &data);
|
||||
if (bytes > 0)
|
||||
lua_pushlstring(L, data, bytes);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
BIO_free(bio);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract public key in PEM format.
|
||||
*/
|
||||
static int meth_pubkey(lua_State* L)
|
||||
{
|
||||
char* data;
|
||||
long bytes;
|
||||
int ret = 1;
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
EVP_PKEY *pkey = X509_get_pubkey(cert);
|
||||
if(PEM_write_bio_PUBKEY(bio, pkey)) {
|
||||
bytes = BIO_get_mem_data(bio, &data);
|
||||
if (bytes > 0) {
|
||||
lua_pushlstring(L, data, bytes);
|
||||
switch(EVP_PKEY_base_id(pkey)) {
|
||||
case EVP_PKEY_RSA:
|
||||
lua_pushstring(L, "RSA");
|
||||
break;
|
||||
case EVP_PKEY_DSA:
|
||||
lua_pushstring(L, "DSA");
|
||||
break;
|
||||
case EVP_PKEY_DH:
|
||||
lua_pushstring(L, "DH");
|
||||
break;
|
||||
case EVP_PKEY_EC:
|
||||
lua_pushstring(L, "EC");
|
||||
break;
|
||||
default:
|
||||
lua_pushstring(L, "Unknown");
|
||||
break;
|
||||
}
|
||||
lua_pushinteger(L, EVP_PKEY_bits(pkey));
|
||||
ret = 3;
|
||||
}
|
||||
else
|
||||
lua_pushnil(L);
|
||||
}
|
||||
else
|
||||
lua_pushnil(L);
|
||||
/* Cleanup */
|
||||
BIO_free(bio);
|
||||
EVP_PKEY_free(pkey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute the fingerprint.
|
||||
*/
|
||||
static int meth_digest(lua_State* L)
|
||||
{
|
||||
unsigned int bytes;
|
||||
const EVP_MD *digest = NULL;
|
||||
unsigned char buffer[EVP_MAX_MD_SIZE];
|
||||
char hex_buffer[EVP_MAX_MD_SIZE*2];
|
||||
X509 *cert = lsec_checkx509(L, 1);
|
||||
const char *str = luaL_optstring(L, 2, NULL);
|
||||
if (!str)
|
||||
digest = EVP_sha1();
|
||||
else {
|
||||
if (!strcmp(str, "sha1"))
|
||||
digest = EVP_sha1();
|
||||
else if (!strcmp(str, "sha256"))
|
||||
digest = EVP_sha256();
|
||||
else if (!strcmp(str, "sha512"))
|
||||
digest = EVP_sha512();
|
||||
}
|
||||
if (!digest) {
|
||||
lua_pushnil(L);
|
||||
lua_pushfstring(L, "digest algorithm not supported (%s)", str);
|
||||
return 2;
|
||||
}
|
||||
if (!X509_digest(cert, digest, buffer, &bytes)) {
|
||||
lua_pushnil(L);
|
||||
lua_pushfstring(L, "error processing the certificate (%s)",
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
to_hex((char*)buffer, bytes, hex_buffer);
|
||||
lua_pushlstring(L, hex_buffer, bytes*2);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the certificate is valid in a given time.
|
||||
*/
|
||||
static int meth_valid_at(lua_State* L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
time_t time = luaL_checkinteger(L, 2);
|
||||
lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
|
||||
&& X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the serial number.
|
||||
*/
|
||||
static int meth_serial(lua_State *L)
|
||||
{
|
||||
char *tmp;
|
||||
BIGNUM *bn;
|
||||
ASN1_INTEGER *serial;
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
serial = X509_get_serialNumber(cert);
|
||||
bn = ASN1_INTEGER_to_BN(serial, NULL);
|
||||
tmp = BN_bn2hex(bn);
|
||||
lua_pushstring(L, tmp);
|
||||
BN_free(bn);
|
||||
OPENSSL_free(tmp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return not before date.
|
||||
*/
|
||||
static int meth_notbefore(lua_State *L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
return push_asn1_time(L, X509_get_notBefore(cert));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return not after date.
|
||||
*/
|
||||
static int meth_notafter(lua_State *L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
return push_asn1_time(L, X509_get_notAfter(cert));
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this certificate issued some other certificate
|
||||
*/
|
||||
static int meth_issued(lua_State* L)
|
||||
{
|
||||
int ret, i, len;
|
||||
|
||||
X509_STORE_CTX* ctx = NULL;
|
||||
X509_STORE* root = NULL;
|
||||
STACK_OF(X509)* chain = NULL;
|
||||
|
||||
X509* issuer = lsec_checkx509(L, 1);
|
||||
X509* subject = lsec_checkx509(L, 2);
|
||||
X509* cert = NULL;
|
||||
|
||||
len = lua_gettop(L);
|
||||
|
||||
/* Check that all arguments are certificates */
|
||||
|
||||
for (i = 3; i <= len; i++) {
|
||||
lsec_checkx509(L, i);
|
||||
}
|
||||
|
||||
/* Before allocating things that require freeing afterwards */
|
||||
|
||||
chain = sk_X509_new_null();
|
||||
ctx = X509_STORE_CTX_new();
|
||||
root = X509_STORE_new();
|
||||
|
||||
if (ctx == NULL || root == NULL) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "X509_STORE_new() or X509_STORE_CTX_new() error");
|
||||
ret = 2;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = X509_STORE_add_cert(root, issuer);
|
||||
|
||||
if(!ret) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "X509_STORE_add_cert() error");
|
||||
ret = 2;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
for (i = 3; i <= len && lua_isuserdata(L, i); i++) {
|
||||
cert = lsec_checkx509(L, i);
|
||||
sk_X509_push(chain, cert);
|
||||
}
|
||||
|
||||
ret = X509_STORE_CTX_init(ctx, root, subject, chain);
|
||||
|
||||
if(!ret) {
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, "X509_STORE_CTX_init() error");
|
||||
ret = 2;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Actual verification */
|
||||
if (X509_verify_cert(ctx) <= 0) {
|
||||
ret = X509_STORE_CTX_get_error(ctx);
|
||||
lua_pushnil(L);
|
||||
lua_pushstring(L, X509_verify_cert_error_string(ret));
|
||||
ret = 2;
|
||||
} else {
|
||||
lua_pushboolean(L, 1);
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
if (ctx != NULL) {
|
||||
X509_STORE_CTX_free(ctx);
|
||||
}
|
||||
|
||||
if (chain != NULL) {
|
||||
X509_STORE_free(root);
|
||||
}
|
||||
|
||||
sk_X509_free(chain);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Collect X509 objects.
|
||||
*/
|
||||
static int meth_destroy(lua_State* L)
|
||||
{
|
||||
X509_free(lsec_checkx509(L, 1));
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int meth_tostring(lua_State *L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
lua_pushfstring(L, "X509 certificate: %p", cert);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the encode for ASN.1 string.
|
||||
*/
|
||||
static int meth_set_encode(lua_State* L)
|
||||
{
|
||||
int succ = 0;
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
const char *enc = luaL_checkstring(L, 2);
|
||||
if (strncmp(enc, "ai5", 3) == 0) {
|
||||
succ = 1;
|
||||
px->encode = LSEC_AI5_STRING;
|
||||
} else if (strncmp(enc, "utf8", 4) == 0) {
|
||||
succ = 1;
|
||||
px->encode = LSEC_UTF8_STRING;
|
||||
}
|
||||
lua_pushboolean(L, succ);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
static int load_cert(lua_State* L)
|
||||
{
|
||||
X509 *cert;
|
||||
size_t bytes;
|
||||
const char* data;
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
data = luaL_checklstring(L, 1, &bytes);
|
||||
BIO_write(bio, data, bytes);
|
||||
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
||||
if (cert)
|
||||
lsec_pushx509(L, cert);
|
||||
else
|
||||
lua_pushnil(L);
|
||||
BIO_free(bio);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
* Certificate methods.
|
||||
*/
|
||||
static luaL_Reg methods[] = {
|
||||
{"digest", meth_digest},
|
||||
{"setencode", meth_set_encode},
|
||||
{"extensions", meth_extensions},
|
||||
{"issuer", meth_issuer},
|
||||
{"notbefore", meth_notbefore},
|
||||
{"notafter", meth_notafter},
|
||||
{"issued", meth_issued},
|
||||
{"pem", meth_pem},
|
||||
{"pubkey", meth_pubkey},
|
||||
{"serial", meth_serial},
|
||||
{"subject", meth_subject},
|
||||
{"validat", meth_valid_at},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* X509 metamethods.
|
||||
*/
|
||||
static luaL_Reg meta[] = {
|
||||
{"__gc", meth_destroy},
|
||||
{"__tostring", meth_tostring},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* X509 functions.
|
||||
*/
|
||||
static luaL_Reg funcs[] = {
|
||||
{"load", load_cert},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/*--------------------------------------------------------------------------*/
|
||||
|
||||
LSEC_API int luaopen_ssl_x509(lua_State *L)
|
||||
{
|
||||
/* Register the functions and tables */
|
||||
luaL_newmetatable(L, "SSL:Certificate");
|
||||
setfuncs(L, meta);
|
||||
|
||||
luaL_newlib(L, methods);
|
||||
lua_setfield(L, -2, "__index");
|
||||
|
||||
luaL_newlib(L, funcs);
|
||||
|
||||
return 1;
|
||||
}
|
31
src/x509.h
Normal file
31
src/x509.h
Normal file
@ -0,0 +1,31 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 0.7.2
|
||||
*
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Matthew Wild, Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#ifndef LSEC_X509_H
|
||||
#define LSEC_X509_H
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
#include <lua.h>
|
||||
|
||||
#include "compat.h"
|
||||
|
||||
/* We do not support UniversalString nor BMPString as ASN.1 String types */
|
||||
enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };
|
||||
|
||||
typedef struct t_x509_ {
|
||||
X509 *cert;
|
||||
int encode;
|
||||
} t_x509;
|
||||
typedef t_x509* p_x509;
|
||||
|
||||
void lsec_pushx509(lua_State* L, X509* cert);
|
||||
X509* lsec_checkx509(lua_State* L, int idx);
|
||||
|
||||
LSEC_API int luaopen_ssl_x509(lua_State *L);
|
||||
|
||||
#endif
|
Reference in New Issue
Block a user