dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-07-19 07:19:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dany:luasec-0.3.2
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2
...
compare: dany:luasec-0.4.1
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2

3 Commits
luasec-0.3 ... luasec-0.4

Author SHA1 Message Date
Bruno Silvestre
908fc346d2 LuaSec 0.4.1 2012-09-02 11:40:59 -03:00
Bruno Silvestre
67e5176b6b LuaSec 0.4 2012-09-02 11:32:26 -03:00
Bruno Silvestre
29c6bd65d2 LuaSec 0.3.3 2012-09-02 11:31:22 -03:00
16 changed files with 369 additions and 84 deletions
Expand all files Collapse all files

20
CHANGELOG
View File

@ -1,3 +1,23 @@
--------------------------------------------------------------------------------
LuaSec 0.4.1
------------
- SSL options updated --- based on OpenSSL 1.0.0d.
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
(thanks Prosody project)
---------------------------------------------------------------------------------
LuaSec 0.4
------------
- Add option 'no_ticket' (included in OpenSSL 0.9.8f).
- Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
--------------------------------------------------------------------------------
LuaSec 0.3.3
------------
- BUG: Clear the error queue before call I/O functions (see SSL_get_error
manual).
(thanks Matthew Wild)
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
LuaSec 0.3.2 LuaSec 0.3.2
------------ ------------

7
INSTALL
View File

@ -1,10 +1,11 @@
LuaSec 0.3.2 LuaSec 0.4.1
------------ ------------
* On Linux, BSD, and Mac OS X: * On Linux, BSD, and Mac OS X:
- Edit 'Makefile' - Edit 'Makefile'
* Inform the path to install the modules. * Inform the path to where install the Lua modules (LUAPATH) and binaries
modules (LUACPATH)
* If Lua or OpenSSL are not in the default path, set the * If Lua or OpenSSL are not in the default path, set the
variables INCDIR and LIBDIR. variables INCDIR and LIBDIR.
* For Mac OS X, set the variable MACOSX_VERSION. * For Mac OS X, set the variable MACOSX_VERSION.
@ -21,3 +22,5 @@ LuaSec 0.3.2
- Copy the 'ssl.lua' file to some place in your LUA_PATH. - Copy the 'ssl.lua' file to some place in your LUA_PATH.
- Copy the 'ssl.dll' file to some place in your LUA_CPATH. - Copy the 'ssl.dll' file to some place in your LUA_CPATH.
- Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.

4
LICENSE
View File

@ -1,5 +1,5 @@
LuaSec 0.3.2 license LuaSec 0.4.1 license
Copyright (C) 2006-2009 Bruno Silvestre Copyright (C) 2006-2011 Bruno Silvestre, PUC-Rio
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the a copy of this software and associated documentation files (the

4
Makefile
View File

@ -1,6 +1,6 @@
# Inform the location to intall the modules # Inform the location to intall the modules
LUAPATH=/usr/local/share/lua/5.1 LUAPATH=/usr/local/share/lua/5.1
CPATH=/usr/local/lib/lua/5.1 LUACPATH=/usr/local/lib/lua/5.1
# Edit the lines below to inform new path, if necessary # Edit the lines below to inform new path, if necessary
# #
@ -26,7 +26,7 @@ none:
@echo " * macosx" @echo " * macosx"
install: install:
@cd src ; $(MAKE) CPATH="$(CPATH)" LUAPATH="$(LUAPATH)" install @cd src ; $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
linux: linux:
@echo "---------------------" @echo "---------------------"

BIN
luasec.suo
View File

Binary file not shown.

4
luasec.vcproj
View File

@ -121,7 +121,7 @@
<Tool <Tool
Name="VCCLCompilerTool" Name="VCCLCompilerTool"
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include" AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;BUFFER_DEBUG"
RuntimeLibrary="2" RuntimeLibrary="2"
UsePrecompiledHeader="0" UsePrecompiledHeader="0"
WarningLevel="3" WarningLevel="3"
@ -141,7 +141,7 @@
AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib" AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
OutputFile="$(OutDir)/ssl.dll" OutputFile="$(OutDir)/ssl.dll"
LinkIncremental="1" LinkIncremental="1"
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9" AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9\lib"
GenerateDebugInformation="true" GenerateDebugInformation="true"
SubSystem="2" SubSystem="2"
OptimizeReferences="2" OptimizeReferences="2"

12
samples/README
View File

@ -1,14 +1,8 @@
In all examples, the SSL/TLS layer can be disable just commenting the
wrap section. In this case, the examples work with normal TCP
communication.
Directories: Directories:
------------ ------------
* certs * certs
It contains a set of certificates used in the examples. You can use Contains scripts to generate the certificates used by the examples.
the scrits to recreate them if necessary (due to certificates Generate Root CA 'A' and 'B' first, then the servers and clients.
expiration date, for example). First, generate the Root CA 'A' and
'B', then the servers and clients.
* oneshot * oneshot
A simple connection example. A simple connection example.
@ -19,7 +13,7 @@ Directories:
* loop-gc * loop-gc
Same of above, but the connection is not explicit closed, the gabage Same of above, but the connection is not explicit closed, the gabage
collector is encharge of it. collector is encharge of that.
* wantread * wantread
Test timeout in handshake() and receive(). Test timeout in handshake() and receive().

7
src/Makefile
View File

@ -23,7 +23,6 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS) MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR) MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
CP=cp
CC=gcc CC=gcc
LD=$(MYENV) gcc LD=$(MYENV) gcc
CFLAGS=$(MYCFLAGS) CFLAGS=$(MYCFLAGS)
@ -34,8 +33,10 @@ LDFLAGS=$(MYLDFLAGS)
all: all:
install: $(CMOD) $(LMOD) install: $(CMOD) $(LMOD)
$(CP) $(CMOD) $(CPATH) mkdir -p $(LUAPATH)/ssl
$(CP) $(LMOD) $(LUAPATH) cp $(CMOD) $(LUACPATH)
cp $(LMOD) $(LUAPATH)
cp https.lua $(LUAPATH)/ssl
linux: linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" @$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"

2
src/buffer.c
View File

@ -195,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
pos = 0; pos = 0;
while (pos < count && data[pos] != '\n') { while (pos < count && data[pos] != '\n') {
/* we ignore all \r's */ /* we ignore all \r's */
if (data[pos] != '\r') luaL_putchar(b, data[pos]); if (data[pos] != '\r') luaL_addchar(b, data[pos]);
pos++; pos++;
} }
if (pos < count) { /* found '\n' */ if (pos < count) { /* found '\n' */

47
src/context.c
View File

@ -1,6 +1,6 @@
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.3.2 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
@ -12,48 +12,7 @@
#include <lauxlib.h> #include <lauxlib.h>
#include "context.h" #include "context.h"
#include "options.h"
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
static ssl_option_t ssl_options[] = {
/* OpenSSL 0.9.7 and 0.9.8 */
{"all", SSL_OP_ALL},
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
{"no_session_resumption_on_renegotiation",
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
{"no_sslv2", SSL_OP_NO_SSLv2},
{"no_sslv3", SSL_OP_NO_SSLv3},
{"no_tlsv1", SSL_OP_NO_TLSv1},
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
/* OpenSSL 0.9.8 only */
#if OPENSSL_VERSION_NUMBER > 0x00908000L
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
{NULL, 0L}
};
/*--------------------------- Auxiliary Functions ----------------------------*/ /*--------------------------- Auxiliary Functions ----------------------------*/

8
src/context.h
View File

@ -2,15 +2,17 @@
#define __CONTEXT_H__ #define __CONTEXT_H__
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.3.2 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
#include <lua.h> #include <lua.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifndef LUASEC_API #if defined(_WIN32)
#define LUASEC_API __declspec(dllexport)
#else
#define LUASEC_API extern #define LUASEC_API extern
#endif #endif

138
src/https.lua Normal file
View File

@ -0,0 +1,138 @@
----------------------------------------------------------------------------
-- LuaSec 0.4.1
-- Copyright (C) 2009-2011 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
---------------------------------------------------------------------------
local socket = require("socket")
local ssl = require("ssl")
local ltn12 = require("ltn12")
local http = require("socket.http")
local url = require("socket.url")
local table = require("table")
local string = require("string")
local try = socket.try
local type = type
local pairs = pairs
local getmetatable = getmetatable
module("ssl.https")
_VERSION = "0.4.1"
_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2009-2011 PUC-Rio"
-- Default settings
PORT = 443
local cfg = {
protocol = "tlsv1",
options = "all",
verify = "none",
}
--------------------------------------------------------------------
-- Auxiliar Functions
--------------------------------------------------------------------
-- Insert default HTTPS port.
local function default_https_port(u)
return url.build(url.parse(u, {port = PORT}))
end
-- Convert an URL to a table according to Luasocket needs.
local function urlstring_totable(url, body, result_table)
url = {
url = default_https_port(url),
method = body and "POST" or "GET",
sink = ltn12.sink.table(result_table)
}
if body then
url.source = ltn12.source.string(body)
url.headers = {
["content-length"] = #body,
["content-type"] = "application/x-www-form-urlencoded",
}
end
return url
end
-- Forward calls to the real connection object.
local function reg(conn)
local mt = getmetatable(conn.sock).__index
for name, method in pairs(mt) do
if type(method) == "function" then
conn[name] = function (self, ...)
return method(self.sock, ...)
end
end
end
end
-- Return a function which performs the SSL/TLS connection.
local function tcp(params)
params = params or {}
-- Default settings
for k, v in pairs(cfg) do
params[k] = params[k] or v
end
-- Force client mode
params.mode = "client"
-- 'create' function for LuaSocket
return function ()
local conn = {}
conn.sock = try(socket.tcp())
local st = getmetatable(conn.sock).__index.settimeout
function conn:settimeout(...)
return st(self.sock, ...)
end
-- Replace TCP's connection function
function conn:connect(host, port)
try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params))
try(self.sock:dohandshake())
reg(self, getmetatable(self.sock))
return 1
end
return conn
end
end
--------------------------------------------------------------------
-- Main Function
--------------------------------------------------------------------
-- Make a HTTP request over secure connection. This function receives
-- the same parameters of LuaSocket's HTTP module (except 'proxy' and
-- 'redirect') plus LuaSec parameters.
--
-- @param url mandatory (string or table)
-- @param body optional (string)
-- @return (string if url == string or 1), code, headers, status
--
function request(url, body)
local result_table = {}
local stringrequest = type(url) == "string"
if stringrequest then
url = urlstring_totable(url, body, result_table)
else
url.url = default_https_port(url.url)
end
if http.PROXY or url.proxy then
return nil, "proxy not supported"
elseif url.redirect then
return nil, "redirect not supported"
elseif url.create then
return nil, "create function not permitted"
end
-- New 'create' function to establish a secure connection
url.create = tcp(url)
local res, code, headers, status = http.request(url)
if res and stringrequest then
return table.concat(result_table), code, headers, status
end
return res, code, headers, status
end

163
src/options.h Normal file
View File

@ -0,0 +1,163 @@
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2006-2011 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
/*
-- Supported SSL options and script in Lua 5.1 to generate the file.
-- Ugly, but easier to maintain.
local options = [[
SSL_OP_ALL
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_CISCO_ANYCONNECT
SSL_OP_COOKIE_EXCHANGE
SSL_OP_CRYPTOPRO_TLSEXT_BUG
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_EPHEMERAL_RSA
SSL_OP_LEGACY_SERVER_CONNECT
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NO_COMPRESSION
SSL_OP_NO_QUERY_MTU
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_OP_NO_SSLv2
SSL_OP_NO_SSLv3
SSL_OP_NO_TICKET
SSL_OP_NO_TLSv1
SSL_OP_PKCS1_CHECK_1
SSL_OP_PKCS1_CHECK_2
SSL_OP_SINGLE_DH_USE
SSL_OP_SINGLE_ECDH_USE
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_TLS_ROLLBACK_BUG
]]
print([[static ssl_option_t ssl_options[] = {]])
for option in string.gmatch(options, "(%S+)") do
local name = string.lower(string.sub(option, 8))
print(string.format([[#if defined(%s)]], option))
print(string.format([[ {"%s", %s},]], name, option))
print([[#endif]])
end
print([[ {NULL, 0L}]])
print([[};]])
*/
static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};

20
src/ssl.c
View File

@ -1,6 +1,6 @@
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.3.2 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
@ -16,7 +16,6 @@
#include "buffer.h" #include "buffer.h"
#include "timeout.h" #include "timeout.h"
#include "socket.h" #include "socket.h"
#include "context.h"
#include "ssl.h" #include "ssl.h"
/** /**
@ -63,11 +62,13 @@ static int meth_destroy(lua_State *L)
*/ */
static int handshake(p_ssl ssl) static int handshake(p_ssl ssl)
{ {
int err;
p_timeout tm = timeout_markstart(&ssl->tm); p_timeout tm = timeout_markstart(&ssl->tm);
if (ssl->state == ST_SSL_CLOSED) if (ssl->state == ST_SSL_CLOSED)
return IO_CLOSED; return IO_CLOSED;
for ( ; ; ) { for ( ; ; ) {
int err = SSL_do_handshake(ssl->ssl); ERR_clear_error();
err = SSL_do_handshake(ssl->ssl);
ssl->error = SSL_get_error(ssl->ssl, err); ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) { switch(ssl->error) {
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
@ -104,12 +105,14 @@ static int handshake(p_ssl ssl)
static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent, static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
p_timeout tm) p_timeout tm)
{ {
int err;
p_ssl ssl = (p_ssl) ctx; p_ssl ssl = (p_ssl) ctx;
if (ssl->state == ST_SSL_CLOSED) if (ssl->state == ST_SSL_CLOSED)
return IO_CLOSED; return IO_CLOSED;
*sent = 0; *sent = 0;
for ( ; ; ) { for ( ; ; ) {
int err = SSL_write(ssl->ssl, data, (int) count); ERR_clear_error();
err = SSL_write(ssl->ssl, data, (int) count);
ssl->error = SSL_get_error(ssl->ssl, err); ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) { switch(ssl->error) {
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
@ -146,12 +149,14 @@ static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
static int ssl_recv(void *ctx, char *data, size_t count, size_t *got, static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
p_timeout tm) p_timeout tm)
{ {
int err;
p_ssl ssl = (p_ssl) ctx; p_ssl ssl = (p_ssl) ctx;
if (ssl->state == ST_SSL_CLOSED) if (ssl->state == ST_SSL_CLOSED)
return IO_CLOSED; return IO_CLOSED;
*got = 0; *got = 0;
for ( ; ; ) { for ( ; ; ) {
int err = SSL_read(ssl->ssl, data, (int) count); ERR_clear_error();
err = SSL_read(ssl->ssl, data, (int) count);
ssl->error = SSL_get_error(ssl->ssl, err); ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) { switch(ssl->error) {
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
@ -215,6 +220,9 @@ static int meth_create(lua_State *L)
SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#if defined(SSL_MODE_RELEASE_BUFFERS)
SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
#endif
if (mode == MD_CTX_SERVER) if (mode == MD_CTX_SERVER)
SSL_set_accept_state(ssl->ssl); SSL_set_accept_state(ssl->ssl);
else else

9
src/ssl.h
View File

@ -2,8 +2,8 @@
#define __SSL_H__ #define __SSL_H__
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 0.3.2 * LuaSec 0.4.1
* Copyright (C) 2006-2009 Bruno Silvestre * Copyright (C) 2006-2011 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
@ -13,10 +13,7 @@
#include "io.h" #include "io.h"
#include "buffer.h" #include "buffer.h"
#include "timeout.h" #include "timeout.h"
#include "context.h"
#ifndef LUASEC_API
#define LUASEC_API extern
#endif
#define ST_SSL_NEW 1 #define ST_SSL_NEW 1
#define ST_SSL_CONNECTED 2 #define ST_SSL_CONNECTED 2

8
src/ssl.lua
View File

@ -1,6 +1,6 @@
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
-- LuaSec 0.3.2 -- LuaSec 0.4.1
-- Copyright (C) 2006-2008 Bruno Silvestre -- Copyright (C) 2006-2011 Bruno Silvestre
-- --
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
@ -10,8 +10,8 @@ require("ssl.core")
require("ssl.context") require("ssl.context")
_VERSION = "0.3.2" _VERSION = "0.4.1"
_COPYRIGHT = "LuaSec 0.3.2 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. _COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" ..
"LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
-- Export functions -- Export functions