Update rockspec

Update version number
Merge pull request #164 from murillopaula/master
2025-07-17 14:29:47 +02:00 · 2021-01-30 10:32:28 -03:00 · 2021-01-30 10:29:53 -03:00 · 2021-01-16 10:13:29 -03:00 · 2021-01-12 10:49:27 -03:00 · 2020-03-06 13:44:42 -03:00
32 changed files with 276 additions and 100 deletions
--- a/42
+++ b/42
@ -1,16 +1,40 @@
 --------------------------------------------------------------------------------
 LuaSec 1.0
 ---------------
 This version includes:
 * Add cert:getsignaturename()
 --------------------------------------------------------------------------------
 LuaSec 0.9
 ---------------
 This version includes:
 * Add DNS-based Authentication of Named Entities (DANE) support
 * Add __close() metamethod
 * Fix deprecation warnings with OpenSSL 1.1
 * Fix special case listing of TLS 1.3 EC curves
 * Fix general_name leak in cert:extensions()
 * Fix unexported 'ssl.config' table
 * Replace $(LD) with $(CCLD) variable
 * Remove multiple definitions of 'ssl_options' variable
 * Use tag in git format: v0.9
 --------------------------------------------------------------------------------
 LuaSec 0.8.2
 ---------------
 This version includes:
-* Fix unexported 'ssl.config' table
+* Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8.1
 ---------------
 This version includes:
-* Fix another memory leak when get certficate extensions
+* Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8
@ -26,6 +50,20 @@ This version includes:
 * Fix invalid reference to Lua state
 * Fix memory leak when get certficate extensions
 --------------------------------------------------------------------------------
 LuaSec 0.7.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7
 ---------------
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-LuaSec 0.8.2
+LuaSec 1.0
 ------------
 * OpenSSL options:
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-LuaSec 0.8.2 license
+LuaSec 1.0 license
-Copyright (C) 2006-2019 Bruno Silvestre, UFG
+Copyright (C) 2006-2021 Bruno Silvestre, UFG
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
--- a/README.md
+++ b/README.md
@ -1,9 +1,6 @@
-LuaSec 0.8.2
+LuaSec 1.0
 ===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 Important: This version requires at least OpenSSL 1.0.2.
           For old versions of OpenSSL, use LuaSec 0.7.
 Documentation: https://github.com/brunoos/luasec/wiki
--- a/luasec-0.8.2-1.rockspec
+++ b/luasec-0.8.2-1.rockspec
@ -1,8 +1,8 @@
 package = "LuaSec"
-version = "0.8.2-1"
+version = "1.0-1"
 source = {
-   url = "https://github.com/brunoos/luasec/archive/luasec-0.8.2.tar.gz",
+  url = "git://github.com/brunoos/luasec",
-   dir = "luasec-luasec-0.8.2"
+  tag = "v1.0",
 }
 description = {
   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
--- a/samples/certs/all.sh
+++ b/samples/certs/all.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env sh
 ./rootA.sh
 ./rootB.sh
 ./clientA.sh
--- a/samples/certs/clientA.sh
+++ b/samples/certs/clientA.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
  -nodes -config ./clientA.cnf -days 365 -batch
--- a/samples/certs/clientB.sh
+++ b/samples/certs/clientB.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
  -nodes -config ./clientB.cnf -days 365 -batch
--- a/samples/certs/rootA.sh
+++ b/samples/certs/rootA.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
--- a/samples/certs/serverA.sh
+++ b/samples/certs/serverA.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
   -config ./serverA.cnf -nodes -days 365 -batch
--- a/samples/certs/serverB.sh
+++ b/samples/certs/serverB.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
   -config ./serverB.cnf -nodes -days 365 -batch
--- a/samples/dane/client.lua
+++ b/samples/dane/client.lua
@ -0,0 +1,40 @@
 local socket = require "socket";
 local ssl = require "ssl";
 local dns = require "lunbound".new();
 local cfg = {
 	protocol = "tlsv1_2",
 	mode = "client",
 	ciphers = "DEFAULT",
 	capath = "/etc/ssl/certs",
 	verify = "peer",
 	dane = true,
 };
 local function daneconnect(host, port)
   port = port or "443";
 	local conn = ssl.wrap(socket.connect(host, port), cfg);
 	local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
 	assert(tlsa.secure, "Insecure DNS");
 	assert(conn:setdane(host));
 	for i = 1, tlsa.n do
 		local usage, selector, mtype = tlsa[i] :byte(1, 3);
 		assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
 	end
 	assert(conn:dohandshake());
 	return conn;
 end
 if not ... then
   print("Usage: client.lua example.com [port]");
   return os.exit(1);
 end
 local conn = daneconnect(...);
 print(conn:getpeerverification());
--- a/samples/dhparam/params.sh
+++ b/samples/dhparam/params.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl dhparam -2 -out dh-512.pem  -outform PEM 512
 openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
--- a/samples/key/genkey.sh
+++ b/samples/key/genkey.sh
@ -1,3 +1,3 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl genrsa -des3 -out key.pem -passout pass:foobar 2048
--- a/samples/multicert/gencerts.sh
+++ b/samples/multicert/gencerts.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 mkdir -p certs
--- a/src/Makefile
+++ b/src/Makefile
@ -25,7 +25,7 @@ MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
 INSTALL  = install
 CC      ?= cc
-LD      ?= $(MYENV) cc
+CCLD      ?= $(MYENV) $(CC)
 CFLAGS  += $(MYCFLAGS)
 LDFLAGS += $(MYLDFLAGS)
@ -52,15 +52,15 @@ luasocket:
 	@cd luasocket && $(MAKE)
 $(CMOD): $(EXTRA) $(OBJS)
-	$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+	$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
-options.o: options.c options.h
+options.o: options.h options.c
 ec.o: ec.c ec.h
 x509.o: x509.c x509.h compat.h
-context.o: context.c context.h ec.h compat.h
+context.o: context.c context.h ec.h compat.h options.h
 ssl.o: ssl.c ssl.h context.h x509.h compat.h
 config.o: config.c ec.h options.h compat.h
--- a/src/compat.h
+++ b/src/compat.h
@ -1,19 +1,25 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_COMPAT_H
 #define LSEC_COMPAT_H
 #include <openssl/ssl.h>
 //------------------------------------------------------------------------------
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 //------------------------------------------------------------------------------
 #if (LUA_VERSION_NUM == 501)
 #define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
@ -28,4 +34,18 @@
 #define setfuncs(L, R) luaL_setfuncs(L, R, 0)
 #endif
 //------------------------------------------------------------------------------
 #if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
 #define LSEC_ENABLE_DANE
 #endif
 //------------------------------------------------------------------------------
 #if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
 #define LSEC_API_OPENSSL_1_1_0
 #endif
 //------------------------------------------------------------------------------
 #endif
--- a/src/config.c
+++ b/src/config.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre.
+ * Copyright (C) 2006-2021 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -41,7 +41,7 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushstring(L, "tlsv1_2");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
-#if defined(TLS1_3_VERSION)
+#ifdef TLS1_3_VERSION
  lua_pushstring(L, "tlsv1_3");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
@ -74,6 +74,13 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef LSEC_ENABLE_DANE
  // DANE
  lua_pushstring(L, "dane");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
 #ifndef OPENSSL_NO_EC
  lua_pushstring(L, "curves_list");
  lua_pushboolean(L, 1);
--- a/src/context.c
+++ b/src/context.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2019 Bruno Silvestre.
+ * Copyright (C) 2006-2021 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -17,10 +17,12 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
 #include "compat.h"
 #include "context.h"
 #include "options.h"
@ -59,7 +61,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
  return 0;
 }
-#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#ifndef LSEC_API_OPENSSL_1_1_0
 /**
 * Find the protocol.
 */
@ -331,7 +333,7 @@ static int create(lua_State *L)
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
-#if ! ((defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
+#ifdef LSEC_API_OPENSSL_1_1_0
  SSL_CTX_set_min_proto_version(ctx->context, vmin);
  SSL_CTX_set_max_proto_version(ctx->context, vmax);
 #endif
@ -612,7 +614,9 @@ static int set_curves_list(lua_State *L)
    return 2;
  }
 #if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
  (void)SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
  lua_pushboolean(L, 1);
  return 1;
@ -703,6 +707,19 @@ static int set_alpn_cb(lua_State *L)
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 /*
 * DANE
 */
 static int set_dane(lua_State *L)
 {
  int ret;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  ret = SSL_CTX_dane_enable(ctx);
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /**
 * Package functions
@ -722,12 +739,13 @@ static luaL_Reg funcs[] = {
  {"setverify",       set_verify},
  {"setoptions",      set_options},
  {"setmode",         set_mode},
 #if !defined(OPENSSL_NO_EC)
-  {"setcurve",      set_curve},
+  {"setcurve",        set_curve},
-  {"setcurveslist", set_curves_list},
+  {"setcurveslist",   set_curves_list},
 #endif
 #if defined(LSEC_ENABLE_DANE)
  {"setdane",         set_dane},
 #endif
  {NULL, NULL}
 };
@ -828,6 +846,7 @@ static int meth_set_verify_ext(lua_State *L)
 * Context metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
--- a/src/context.h
+++ b/src/context.h
@ -2,9 +2,9 @@
 #define LSEC_CONTEXT_H
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ec.c
+++ b/src/ec.c
@ -56,25 +56,24 @@ void lsec_load_curves(lua_State *L)
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #ifdef NID_X25519
     case NID_X25519:
        lua_pushstring(L, "X25519");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
 #ifdef NID_X448
     case NID_X448:
        lua_pushstring(L, "X448");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
      }
    }
    free(curves);
  }
  /* These are special so are manually added here */
 #ifdef NID_X25519
  lua_pushstring(L, "X25519");
  lua_pushnumber(L, NID_X25519);
  lua_rawset(L, -3);
 #endif
 #ifdef NID_X448
  lua_pushstring(L, "X448");
  lua_pushnumber(L, NID_X448);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L,  LUA_REGISTRYINDEX);
 }
--- a/src/ec.h
+++ b/src/ec.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/https.lua
+++ b/src/https.lua
@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 0.8.2
+-- LuaSec 1.0
-- Copyright (C) 2009-2019 PUC-Rio
+-- Copyright (C) 2009-2021 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -18,8 +18,8 @@ local try    = socket.try
 -- Module
 --
 local _M = {
-  _VERSION   = "0.8.2",
+  _VERSION   = "1.0",
-  _COPYRIGHT = "LuaSec 0.8.2 - Copyright (C) 2009-2019 PUC-Rio",
+  _COPYRIGHT = "LuaSec 1.0 - Copyright (C) 2009-2021 PUC-Rio",
  PORT       = 443,
  TIMEOUT    = 60
 }
--- a/src/options.c
+++ b/src/options.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/options.h
+++ b/src/options.h
@ -2,9 +2,9 @@
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/options.lua
+++ b/src/options.lua
@ -18,9 +18,9 @@ end
 local function generate(options, version)
  print([[
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2019 Bruno Silvestre.
+ * Copyright (C) 2006-2021 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -18,6 +18,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/err.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
@ -32,7 +33,7 @@
 #include "ssl.h"
-#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#ifndef LSEC_API_OPENSSL_1_1_0
 #define SSL_is_server(s) (s->server)
 #define SSL_up_ref(ssl)  CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
 #define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
@ -818,7 +819,7 @@ static int meth_getalpn(lua_State *L)
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 0.8.2 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 1.0 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
@ -826,6 +827,34 @@ static int meth_copyright(lua_State *L)
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 static int meth_dane(lua_State *L)
 {
  int ret;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 static int meth_tlsa(lua_State *L)
 {
  int ret;
  size_t len;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
  uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
  uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
  unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
  ERR_clear_error();
  ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 /**
@ -850,6 +879,10 @@ static luaL_Reg methods[] = {
  {"settimeout",          meth_settimeout},
  {"sni",                 meth_sni},
  {"want",                meth_want},
 #if defined(LSEC_ENABLE_DANE)
  {"setdane",             meth_dane},
  {"settlsa",             meth_tlsa},
 #endif
  {NULL,                  NULL}
 };
@ -857,6 +890,7 @@ static luaL_Reg methods[] = {
 * SSL metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -880,6 +914,7 @@ static luaL_Reg funcs[] = {
 */
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
 #ifndef LSEC_API_OPENSSL_1_1_0
  /* Initialize SSL */
  if (!SSL_library_init()) {
    lua_pushstring(L, "unable to initialize SSL library");
@ -887,6 +922,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  }
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
 #endif
 #if defined(WITH_LUASOCKET)
  /* Initialize internal library */
@ -905,7 +941,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  luaL_newlib(L, funcs);
  lua_pushstring(L, "SOCKET_INVALID");
-  lua_pushnumber(L, SOCKET_INVALID);
+  lua_pushinteger(L, SOCKET_INVALID);
  lua_rawset(L, -3);
  return 1;
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,9 +2,9 @@
 #define LSEC_SSL_H
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2006-2019 Bruno Silvestre
+ * Copyright (C) 2006-2021 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,7 +1,7 @@
 ------------------------------------------------------------------------------
-- LuaSec 0.8.2
+-- LuaSec 1.0
 --
-- Copyright (C) 2006-2019 Bruno Silvestre
+-- Copyright (C) 2006-2021 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
@ -201,6 +201,10 @@ local function newcontext(cfg)
      if not succ then return nil, msg end
   end
   if config.capabilities.dane and cfg.dane then
      context.setdane(ctx)
   end
   return ctx
 end
@ -267,7 +271,7 @@ core.setmethod("info", info)
 --
 local _M = {
-  _VERSION        = "0.8.2",
+  _VERSION        = "1.0",
  _COPYRIGHT      = core.copyright(),
  config          = config,
  loadcertificate = x509.load,
--- a/src/x509.c
+++ b/src/x509.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -33,16 +33,12 @@
 #include "x509.h"
-/*
+#ifndef LSEC_API_OPENSSL_1_1_0
- * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
+#define X509_get0_notBefore   X509_get_notBefore
- */
+#define X509_get0_notAfter    X509_get_notAfter
-#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+#define ASN1_STRING_get0_data ASN1_STRING_data
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
 #else
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 #endif
 static const char* hex_tab = "0123456789abcdef";
 /**
@ -157,8 +153,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
  }
  switch (encode) {
  case LSEC_AI5_STRING:
-    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
+    lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
                       ASN1_STRING_length(string));
    break;
  case LSEC_UTF8_STRING:
    len = ASN1_STRING_to_UTF8(&data, string);
@ -174,7 +169,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 /**
 * Return a human readable time.
 */
-static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
+static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
 {
  char *tmp;
  long size;
@ -193,7 +188,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
 {
  int af;
  char dst[INET6_ADDRSTRLEN];
-  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
+  unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
  switch(ASN1_STRING_length(string)) {
  case 4:
    af = AF_INET;
@ -492,8 +487,8 @@ static int meth_valid_at(lua_State* L)
 {
  X509* cert = lsec_checkx509(L, 1);
  time_t time = luaL_checkinteger(L, 2);
-  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
+  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
-                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
+                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
  return 1;
 }
@ -521,7 +516,7 @@ static int meth_serial(lua_State *L)
 static int meth_notbefore(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get_notBefore(cert));
+  return push_asn1_time(L, X509_get0_notBefore(cert));
 }
 /**
@ -530,7 +525,7 @@ static int meth_notbefore(lua_State *L)
 static int meth_notafter(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get_notAfter(cert));
+  return push_asn1_time(L, X509_get0_notAfter(cert));
 }
 /**
@ -623,7 +618,11 @@ cleanup:
 */
 static int meth_destroy(lua_State* L)
 {
-  X509_free(lsec_checkx509(L, 1));
+  p_x509 px = lsec_checkp_x509(L, 1);
  if (px->cert) {
    X509_free(px->cert);
    px->cert = NULL;
  }
  return 0;
 }
@ -653,6 +652,21 @@ static int meth_set_encode(lua_State* L)
  return 1;
 }
 /**
 * Get signature name.
 */
 static int meth_get_sinagure_name(lua_State* L)
 {
  p_x509 px = lsec_checkp_x509(L, 1);
  int nid = X509_get_signature_nid(px->cert);
  const char *name = OBJ_nid2sn(nid);
  if (!name)
    lua_pushnil(L);
  else
    lua_pushstring(L, name);
  return 1;
 }
 /*---------------------------------------------------------------------------*/
 static int load_cert(lua_State* L)
@ -681,6 +695,7 @@ static luaL_Reg methods[] = {
  {"digest",     meth_digest},
  {"setencode",  meth_set_encode},
  {"extensions", meth_extensions},
  {"getsignaturename", meth_get_sinagure_name},
  {"issuer",     meth_issuer},
  {"notbefore",  meth_notbefore},
  {"notafter",   meth_notafter},
@ -697,6 +712,7 @@ static luaL_Reg methods[] = {
 * X509 metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
--- a/src/x509.h
+++ b/src/x509.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.8.2
+ * LuaSec 1.0
 *
- * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
Author	SHA1	Message	Date
Bruno Silvestre	711a98b760	Update rockspec	2021-01-30 10:32:28 -03:00
Bruno Silvestre	4894c2f6a4	Update version number	2021-01-30 10:29:53 -03:00
Bruno Silvestre	ae774258c5	Merge pull request #164 from murillopaula/master feature: getsignaturename	2021-01-16 10:13:29 -03:00
Murillo Paula	de393417b7	feature: getsignaturename	2021-01-12 10:49:27 -03:00
Bruno Silvestre	22eadbd20e	Merge pull request #156 from Petr-kk/upstream SOCKET_INVALID pushed as integer, not as number	2020-03-06 13:44:42 -03:00
Petr Kristan	63e35c161f	SOCKET_INVALID pushed as integer, not as number winsock define INVALID_SOCKET as (UINT_PTR)(~0) in win64 it is 0xffffffffffffffff if pushed by lua_pushnumber, then ssl.core.SOCKET_INVALID is 1.84467440737096E19 tested in win32/64, linux32/64 lua5.1 and lua5.3	2020-03-04 17:05:06 +01:00
Bruno Silvestre	c6704919bd	Typo	2019-10-31 11:43:53 -03:00
Bruno Silvestre	d7ccfad97f	Fix source in rockspec	2019-10-31 11:39:37 -03:00
Bruno Silvestre	43feb51c5e	Update 0.8 -> 0.9	2019-10-31 11:34:27 -03:00
Bruno Silvestre	860b2a8b5f	Use a more generic form	2019-10-19 10:22:21 -03:00
Bruno Silvestre	caeaa5ffda	Use a more generic form	2019-10-19 10:12:20 -03:00
Bruno Silvestre	9d84469912	Use a more generic form	2019-10-19 10:04:30 -03:00
Bruno Silvestre	87e51d99ea	Add __close metamethod	2019-10-15 13:25:12 -03:00
Bruno Silvestre	7898bd2043	Remove warning from cast.	2019-10-14 10:00:47 -03:00
Bruno Silvestre	c810df6839	Cleanup of #if expression	2019-10-13 22:21:05 -03:00
Bruno Silvestre	1e2f342006	Using same form to ifdefs	2019-10-13 22:11:55 -03:00
Bruno Silvestre	8ef33e33cf	Some adjusts to OpenSSL 1.1.1 with --api=1.1.0	2019-10-13 22:10:03 -03:00
Bruno Silvestre	3490d8d1c0	Merge pull request #126 from neheb/master Get rid of some deprecation warnings with OpenSSL 1.1	2019-10-13 19:42:19 -03:00
Bruno Silvestre	86c8fa40c9	Merge pull request #134 from neheb/patch-1 use $(CC) for LD definition.	2019-10-13 19:11:48 -03:00
Bruno Silvestre	4903e2f2c1	Export 'config' table (#149 ) Avoid duplicating variable 'ssl_options'.	2019-10-09 14:49:58 -03:00
Bruno Silvestre	2480572bdf	Merge pull request #147 from Zash/issue146 Special case listing of TLS 1.3 EC curves	2019-08-28 11:10:37 -03:00
Kim Alvefur	c26513f4f7	Special case listing of TLS 1.3 EC curves (fixes #146 )	2019-08-21 20:58:01 +02:00
Bruno Silvestre	f64e660de0	Disable DANE for LibreSSL	2019-07-11 11:19:21 -03:00
Bruno Silvestre	8722f83e8f	Fix check for error in DANE functions	2019-07-11 10:20:53 -03:00
Bruno Silvestre	a2dcfffcfa	Enable DANE only for OpenSSL 1.1.0 or higher	2019-07-11 10:09:39 -03:00
Bruno Silvestre	18fa0118be	Merge pull request #122 from Zash/dane DANE support	2019-07-11 09:50:25 -03:00
Bruno Silvestre	9f3a97e397	Merge pull request #144 from Zash/fix-general-name-leak Fix general_name leak in cert:extensions()	2019-07-11 09:42:23 -03:00
Kim Alvefur	daf728fec2	Fix general_name leak in cert:extensions() Thanks to @zeen for identifying and @horazont for providing test environment.	2019-07-07 23:03:54 +02:00
Rosen Penev	57f2f1363f	Replace LD with CCLD variable When cross compiling, the LD variable typically gets overriden.	2019-04-08 09:45:40 -07:00
Rosen Penev	79c629956e	Get rid of some deprecation warnings with OpenSSL 1.1	2018-11-20 20:12:39 -08:00
Kim Alvefur	5ffe22e98e	Add sample DANE usage	2018-10-06 19:37:43 +02:00
Kim Alvefur	6359275c5f	Add support for setting DANE TLSA information	2018-09-29 21:38:18 +02:00
`@ -1,4 +1,4 @@`
	`#!/bin/sh`	`#!/usr/bin/env sh`

	`openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch`	`openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch`
`@ -1,3 +1,3 @@`
	`#!/bin/sh`	`#!/usr/bin/env sh`

	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`