dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-04-20 23:46:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dany:master
Branches Tags
dany:master
dany:dev
dany:ocsp
dany:luasec-dev-0.8
dany:luasec-dev-0.7
dany:luasec-dev-0.5
dany:v1.3.2
dany:v1.3.1
dany:v1.3.0
dany:v1.2.0
dany:v1.1.0
dany:v1.0.2
dany:v1.0.1
dany:v1.0
dany:v0.9
dany:luasec-0.8.2
dany:luasec-0.7.2
dany:luasec-0.8.1
dany:luasec-0.7.1
dany:luasec-0.8
dany:luasec-0.7
dany:luasec-0.6
dany:luasec-0.5.1
dany:luasec-0.5
dany:luasec-0.4.1
dany:luasec-0.4
dany:luasec-0.3.3
dany:luasec-0.3.2
dany:luasec-0.3.1
dany:luasec-0.3
dany:luasec-0.2
..
compare: dany:luasec-0.3.3
Branches Tags
dany:master
dany:dev
dany:ocsp
dany:luasec-dev-0.8
dany:luasec-dev-0.7
dany:luasec-dev-0.5
dany:v1.3.2
dany:v1.3.1
dany:v1.3.0
dany:v1.2.0
dany:v1.1.0
dany:v1.0.2
dany:v1.0.1
dany:v1.0
dany:v0.9
dany:luasec-0.8.2
dany:luasec-0.7.2
dany:luasec-0.8.1
dany:luasec-0.7.1
dany:luasec-0.8
dany:luasec-0.7
dany:luasec-0.6
dany:luasec-0.5.1
dany:luasec-0.5
dany:luasec-0.4.1
dany:luasec-0.4
dany:luasec-0.3.3
dany:luasec-0.3.2
dany:luasec-0.3.1
dany:luasec-0.3
dany:luasec-0.2

No commits in common. "master" and "luasec-0.3.3" have entirely different histories.
master ... luasec-0.3

113 changed files with 1104 additions and 6652 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +0,0 @@
/src/*.o
/src/luasocket/*.o
/*.dll

224
CHANGELOG
View File

@ -1,225 +1,3 @@
--------------------------------------------------------------------------------
LuaSec 1.3.2
---------------
This version includes:
* Fix: place EAI_OVERFLOW inside macro, unbreak build on <10.7 (Sergey Fedorov)
* Fix: Expand workaround for zero errno to OpenSSL 3.0.x (Kim Alvefur)
* Fix: reset block timeout at send or receive (MartinDahlberg)
--------------------------------------------------------------------------------
LuaSec 1.3.1
---------------
This version includes:
* Fix: check if PSK is available
--------------------------------------------------------------------------------
LuaSec 1.3.0
---------------
This version includes:
* Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
* Add Pre-Shared Key (PSK) support (@jclab-joseph)
--------------------------------------------------------------------------------
LuaSec 1.2.0
---------------
This version includes:
* Add key material export method
* Backguard compat for openssl on providers, like LTS linuxes
--------------------------------------------------------------------------------
LuaSec 1.1.0
---------------
This version includes:
* Fix missing DANE flag
* Remove unused parameter in https.lua
--------------------------------------------------------------------------------
LuaSec 1.0.2
---------------
This version includes:
* Fix handle SSL_send SYSCALL error without errno
* Fix off by one in cert:validat(notafter)
* Fix meth_get_{sinagure => signature}_name function name
* Fix update the Lua state reference on the selected SSL context after SNI
* Fix ignore SSL_OP_BIT(n) macro and update option.c
--------------------------------------------------------------------------------
LuaSec 1.0.1
---------------
This version includes:
* Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
--------------------------------------------------------------------------------
LuaSec 1.0
---------------
This version includes:
* Add cert:getsignaturename()
--------------------------------------------------------------------------------
LuaSec 0.9
---------------
This version includes:
* Add DNS-based Authentication of Named Entities (DANE) support
* Add __close() metamethod
* Fix deprecation warnings with OpenSSL 1.1
* Fix special case listing of TLS 1.3 EC curves
* Fix general_name leak in cert:extensions()
* Fix unexported 'ssl.config' table
* Replace $(LD) with $(CCLD) variable
* Remove multiple definitions of 'ssl_options' variable
* Use tag in git format: v0.9
--------------------------------------------------------------------------------
LuaSec 0.8.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------------
LuaSec 0.8.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
--------------------------------------------------------------------------------
LuaSec 0.8
---------------
This version includes:
* Add support to ALPN
* Add support to TLS 1.3
* Add support to multiple certificates
* Add timeout to https module (https.TIMEOUT)
* Drop support to SSL 3.0
* Drop support to TLS 1.0 from https module
* Fix invalid reference to Lua state
* Fix memory leak when get certficate extensions
--------------------------------------------------------------------------------
LuaSec 0.7.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------------
LuaSec 0.7.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
--------------------------------------------------------------------------------
LuaSec 0.7
---------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki
This version includes:
* Add support to OpenSSL 1.1.0
* Add support to elliptic curves list
* Add ssl.config that exports some OpenSSL information
* Add integration with luaossl
--------------------------------------------------------------------------------
LuaSec 0.6
------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki
This version includes:
* Lua 5.2 and 5.3 compatibility
* Context module:
- Add ctx:checkkey()
* SSL module:
- Add conn:sni() and conn:getsniname()
* Context options:
- Add "any" protocol ("sslv23" is deprecated)
* HTTPS module:
- Using "any" protocol without SSLv2/SSLv3, by default
* X509 module:
- Human readable IP address
- Add cert:issued()
- Add cert:pubkey()
* Some bug fixes
=> Thanks to everyone who collaborate with LuaSec <=
--------------------------------------------------------------------------------
LuaSec 0.5
------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
This version includes:
* A new certificate (X509) API, which supports:
- Reading the subject (identity) and issuer of the certificate.
- Reading various X509 extensions, including email and dnsName.
- Converting certificates to and from the standard ASCII PEM
format.
- Generating the fingerprint/digest of a certificate (using SHA1,
SHA256 or SHA512).
- Reading the certificate's expiration, serial number, and other
info.
* The ability to get more detailed information from OpenSSL about
why a certificate failed verification, for each certificate in the
chain.
* Flags to force acceptance of invalid certificates, e.g. to allow
the use of self-signed certificates in a Trust On First Use model.
* Flags to control checking CRLs for certificate revocation status.
* Support for ECDH cipher suites.
* An API to get the TLS 'finished' messages used for SASL channel
binding (e.g. the SCRAM PLUS mechanisms).
The work in this release was undertaken by Kim Alvefur, Paul Aurich,
Tobias Markmann, Bruno Silvestre and Matthew Wild.
--------------------------------------------------------------------------------
LuaSec 0.4.1
------------
- SSL options updated --- based on OpenSSL 1.0.0d.
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
(thanks Prosody project)
---------------------------------------------------------------------------------
LuaSec 0.4
------------
- Add option 'no_ticket' (included in OpenSSL 0.9.8f).
- Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
LuaSec 0.3.3 LuaSec 0.3.3
------------ ------------
@ -248,7 +26,7 @@ LuaSec 0.3
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
LuaSec 0.2.1 LuaSec 0.2.1
------------ ------------
- 'key' and 'certificate' configurations become optional. (thanks René Rebe) - 'key' and 'certificate' configurations become optional. (thanks René Rebe)
- Add '_VERSION' variable to module. - Add '_VERSION' variable to module.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

20
INSTALL
View File

@ -1,22 +1,10 @@
LuaSec 1.3.2 LuaSec 0.3.3
------------ ------------
* OpenSSL options:
By default, this version includes options for OpenSSL 3.0.8
If you need to generate the options for a different version of OpenSSL:
$ cd src
$ lua options.lua -g /usr/include/openssl/ssl.h > options.c
--------------------------------------------------------------------------------
* On Linux, BSD, and Mac OS X: * On Linux, BSD, and Mac OS X:
- Edit 'Makefile' - Edit 'Makefile'
* Inform the path to where install the Lua modules (LUAPATH) and binaries * Inform the path to install the modules.
modules (LUACPATH)
* If Lua or OpenSSL are not in the default path, set the * If Lua or OpenSSL are not in the default path, set the
variables INCDIR and LIBDIR. variables INCDIR and LIBDIR.
* For Mac OS X, set the variable MACOSX_VERSION. * For Mac OS X, set the variable MACOSX_VERSION.
@ -26,8 +14,6 @@ LuaSec 1.3.2
- Use 'make install' to install the modules. - Use 'make install' to install the modules.
--------------------------------------------------------------------------------
* On Windows: * On Windows:
- Use the Visual C++ project to compile the library. - Use the Visual C++ project to compile the library.
@ -35,5 +21,3 @@ LuaSec 1.3.2
- Copy the 'ssl.lua' file to some place in your LUA_PATH. - Copy the 'ssl.lua' file to some place in your LUA_PATH.
- Copy the 'ssl.dll' file to some place in your LUA_CPATH. - Copy the 'ssl.dll' file to some place in your LUA_CPATH.
- Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.

28
LICENSE
View File

@ -1,5 +1,5 @@
LuaSec 1.3.2 license LuaSec 0.3.3 license
Copyright (C) 2006-2023 Bruno Silvestre, UFG Copyright (C) 2006-2009 Bruno Silvestre
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the a copy of this software and associated documentation files (the
@ -19,3 +19,27 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
----------------------------------------------------------------------
LuaSocket 2.0.2 license
Copyright © 2004-2007 Diego Nehab
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

36
Makefile
View File

@ -1,22 +1,16 @@
# Inform the location to install the modules # Inform the location to intall the modules
LUAPATH ?= /usr/share/lua/5.1 LUAPATH=/usr/local/share/lua/5.1
LUACPATH ?= /usr/lib/lua/5.1 CPATH=/usr/local/lib/lua/5.1
# Compile with build-in LuaSocket's help files. # Edit the lines below to inform new path, if necessary
# Comment this lines if you will link with non-internal LuaSocket's help files #
# and edit INCDIR and LIBDIR properly. #INCDIR=-I/usr/local/lua-5.1/include -I/usr/local/openssl-0.9.8/include
EXTRA = luasocket #LIBDIR=-L/usr/local/openssl-0.9.8/lib -R/usr/local/openssl-0.9.8/lib
DEFS = -DWITH_LUASOCKET
# Edit the lines below to inform new path, if necessary.
# Path below points to internal LuaSocket's help files.
INC_PATH ?= -I/usr/include
LIB_PATH ?= -L/usr/lib
INCDIR = -I. $(INC_PATH)
LIBDIR = -L./luasocket $(LIB_PATH)
# For Mac OS X: set the system version # For Mac OS X: set the system version
MACOSX_VERSION=10.11 MACOSX_VERSION=10.4
DEFS=-DBUFFER_DEBUG
#---------------------- #----------------------
# Do not edit this part # Do not edit this part
@ -32,25 +26,25 @@ none:
@echo " * macosx" @echo " * macosx"
install: install:
@cd src && $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install @cd src ; $(MAKE) CPATH="$(CPATH)" LUAPATH="$(LUAPATH)" install
linux: linux:
@echo "---------------------" @echo "---------------------"
@echo "** Build for Linux **" @echo "** Build for Linux **"
@echo "---------------------" @echo "---------------------"
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@ @cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
bsd: bsd:
@echo "-------------------" @echo "-------------------"
@echo "** Build for BSD **" @echo "** Build for BSD **"
@echo "-------------------" @echo "-------------------"
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@ @cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
macosx: macosx:
@echo "------------------------------" @echo "------------------------------"
@echo "** Build for Mac OS X $(MACOSX_VERSION) **" @echo "** Build for Mac OS X $(MACOSX_VERSION) **"
@echo "------------------------------" @echo "------------------------------"
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" MACVER="$(MACOSX_VERSION)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@ @cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" MACVER="$(MACOSX_VERSION)" $@
clean: clean:
@cd src && $(MAKE) clean @cd src ; $(MAKE) clean

8
README.md
View File

@ -1,6 +1,4 @@
LuaSec 1.3.2 luasec
=============== ======
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki LuaSec

105
luasec-1.3.2-1.rockspec
View File

@ -1,105 +0,0 @@
package = "LuaSec"
version = "1.3.2-1"
source = {
url = "git+https://github.com/brunoos/luasec",
tag = "v1.3.2",
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
homepage = "https://github.com/brunoos/luasec/wiki",
license = "MIT"
}
dependencies = {
"lua >= 5.1", "luasocket"
}
external_dependencies = {
platforms = {
unix = {
OPENSSL = {
header = "openssl/ssl.h",
library = "ssl"
}
},
windows = {
OPENSSL = {
header = "openssl/ssl.h",
}
},
}
}
build = {
type = "builtin",
copy_directories = {
"samples"
},
platforms = {
unix = {
install = {
lib = {
"ssl.so"
},
lua = {
"src/ssl.lua", ['ssl.https'] = "src/https.lua"
}
},
modules = {
ssl = {
defines = {
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket",
},
libdirs = {
"$(OPENSSL_LIBDIR)"
},
libraries = {
"ssl", "crypto"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
}
}
}
},
windows = {
install = {
lib = {
"ssl.dll"
},
lua = {
"src/ssl.lua", ['ssl.https'] = "src/https.lua"
}
},
modules = {
ssl = {
defines = {
"WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
"LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
},
libdirs = {
"$(OPENSSL_LIBDIR)",
"$(OPENSSL_BINDIR)",
},
libraries = {
"libssl", "libcrypto", "ws2_32"
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"
}
}
}
}
}
}

6
luasec.sln
View File

@ -1,6 +1,6 @@
Microsoft Visual Studio Solution File, Format Version 11.00 Microsoft Visual Studio Solution File, Format Version 10.00
# Visual C++ Express 2010 # Visual C++ Express 2008
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcxproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
EndProject EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution

BIN
luasec.suo Normal file
View File

Binary file not shown.

253
luasec.vcproj Normal file
View File

@ -0,0 +1,253 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9,00"
Name="luasec"
ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
Keyword="Win32Proj"
TargetFrameworkVersion="131072"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="Debug"
IntermediateDirectory="Debug"
ConfigurationType="2"
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ws2_32.lib libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
OutputFile="$(OutDir)/ssl.dll"
LinkIncremental="2"
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
GenerateDebugInformation="true"
ProgramDatabaseFile="$(OutDir)/luasec.pdb"
SubSystem="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
ImportLibrary="$(OutDir)/ssl.lib"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="Release"
IntermediateDirectory="Release"
ConfigurationType="2"
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)"
RuntimeLibrary="2"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
OutputFile="$(OutDir)/ssl.dll"
LinkIncremental="1"
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
GenerateDebugInformation="true"
SubSystem="2"
OptimizeReferences="2"
EnableCOMDATFolding="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
ImportLibrary="$(OutDir)/ssl.lib"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\src\buffer.c"
>
</File>
<File
RelativePath=".\src\context.c"
>
</File>
<File
RelativePath=".\src\io.c"
>
</File>
<File
RelativePath=".\src\ssl.c"
>
</File>
<File
RelativePath=".\src\timeout.c"
>
</File>
<File
RelativePath=".\src\wsocket.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath=".\src\buffer.h"
>
</File>
<File
RelativePath=".\src\context.h"
>
</File>
<File
RelativePath=".\src\io.h"
>
</File>
<File
RelativePath=".\src\socket.h"
>
</File>
<File
RelativePath=".\src\ssl.h"
>
</File>
<File
RelativePath=".\src\timeout.h"
>
</File>
<File
RelativePath=".\src\wsocket.h"
>
</File>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

131
luasec.vcxproj
View File

@ -1,131 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{A629932F-8819-4C0B-8835-CBF1FEED6376}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</OutDir>
<IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</IntDir>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</OutDir>
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</IntDir>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
<TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ssl</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)ssl.dll</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ProgramDatabaseFile>$(OutDir)luasec.pdb</ProgramDatabaseFile>
<SubSystem>Windows</SubSystem>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="src\config.c" />
<ClCompile Include="src\context.c" />
<ClCompile Include="src\ec.c" />
<ClCompile Include="src\luasocket\buffer.c" />
<ClCompile Include="src\luasocket\io.c" />
<ClCompile Include="src\luasocket\timeout.c" />
<ClCompile Include="src\luasocket\wsocket.c" />
<ClCompile Include="src\options.c" />
<ClCompile Include="src\ssl.c" />
<ClCompile Include="src\x509.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\compat.h" />
<ClInclude Include="src\config.h" />
<ClInclude Include="src\context.h" />
<ClInclude Include="src\ec.h" />
<ClInclude Include="src\luasocket\buffer.h" />
<ClInclude Include="src\luasocket\io.h" />
<ClInclude Include="src\luasocket\socket.h" />
<ClInclude Include="src\luasocket\timeout.h" />
<ClInclude Include="src\luasocket\wsocket.h" />
<ClInclude Include="src\options.h" />
<ClInclude Include="src\ssl.h" />
<ClInclude Include="src\x509.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

67
samples/README
View File

@ -1,32 +1,17 @@
In all examples, the SSL/TLS layer can be disable just commenting the
wrap section. In this case, the examples work with normal TCP
communication.
Directories: Directories:
------------ ------------
* alpn
Test ALPN (Application-Layer Protocol Negotiation) support.
* certs * certs
Contains scripts to generate the certificates used by the examples. It contains a set of certificates used in the examples. You can use
Generate Root CA 'A' and 'B' first, then the servers and clients. the scrits to recreate them if necessary (due to certificates
expiration date, for example). First, generate the Root CA 'A' and
'B', then the servers and clients.
* chain * oneshot
Example of certificate chain in handshake. A simple connection example.
* curve-negotiation
Elliptic curve negotiation.
* dhparam
DH parameters for handshake.
* digest
Certificate digest.
* ecdh
Elliptic curve cipher.
* info
Information about the connection.
* key
Test encrypted private key.
* loop * loop
Test successive connections between the server and the client Test successive connections between the server and the client
@ -34,34 +19,16 @@ Directories:
* loop-gc * loop-gc
Same of above, but the connection is not explicit closed, the gabage Same of above, but the connection is not explicit closed, the gabage
collector is encharge of that. collector is encharge of it.
* luaossl
Integration with luaossl.
* multicert
Support to multiple certificate for dual RSA/ECDSA.
* oneshot
A simple connection example.
* psk
PSK(Pre Shared Key) support.
* sni
Support to SNI (Server Name Indication).
* verification
Retrieve the certificate verification errors from the handshake.
* verify
Ignore handshake errors and proceed.
* want
Test want() method.
* wantread * wantread
Test timeout in handshake() and receive(). Test timeout in handshake() and receive().
* wantwrite * wantwrite
Test timeout in send(). Test timeout in send().
* want
Test want().
* key
Test encrypted private key.

27
samples/alpn/client.lua
View File

@ -1,27 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--alpn = {"foo","bar","baz"}
alpn = "foo"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("ALPN", peer:getalpn())
peer:close()

77
samples/alpn/server.lua
View File

@ -1,77 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
--
-- Callback that selects one protocol from client's list.
--
local function alpncb01(protocols)
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
end
print("--- Selecting:", protocols[1])
return protocols[1]
end
--
-- Callback that returns a fixed list, ignoring the client's list.
--
local function alpncb02(protocols)
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
end
print("--- Returning a fixed list")
return {"bar", "foo"}
end
--
-- Callback that generates a list as it whishes.
--
local function alpncb03(protocols)
local resp = {}
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
if k%2 ~= 0 then resp[#resp+1] = v end
end
print("--- Returning an odd list")
return resp
end
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--alpn = alpncb01,
--alpn = alpncb02,
--alpn = alpncb03,
alpn = {"bar", "baz", "foo"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("ALPN", peer:getalpn())
peer:close()
server:close()

14
samples/certs/all.bat
View File

@ -1,14 +0,0 @@
REM make sure the 'openssl.exe' commandline tool is in your path before starting!
REM set the path below;
set opensslpath=c:\program files (x86)\openssl-win32\bin
setlocal
set path=%opensslpath%;%path%
call roota.bat
call rootb.bat
call servera.bat
call serverb.bat
call clienta.bat
call clientb.bat

7
samples/certs/all.sh
View File

@ -1,7 +0,0 @@
#!/bin/sh
./rootA.sh
./rootB.sh
./clientA.sh
./clientB.sh
./serverA.sh
./serverB.sh

9
samples/certs/clientA.bat
View File

@ -1,9 +0,0 @@
rem #!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
copy clientAcert.pem + rootA.pem clientA.pem
openssl x509 -subject -issuer -noout -in clientA.pem

4
samples/certs/clientA.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret

4
samples/certs/clientA.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \ openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \
-nodes -config ./clientA.cnf -days 365 -batch -nodes -config ./clientA.cnf -days 365 -batch
openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \ openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \
-extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \ -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
-out clientAcert.pem -days 365 -out clientAcert.pem -days 365

9
samples/certs/clientB.bat
View File

@ -1,9 +0,0 @@
rem #!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
copy clientBcert.pem + rootB.pem clientB.pem
openssl x509 -subject -issuer -noout -in clientB.pem

4
samples/certs/clientB.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret

4
samples/certs/clientB.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \ openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem \
-nodes -config ./clientB.cnf -days 365 -batch -nodes -config ./clientB.cnf -days 365 -batch
openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \ openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf \
-extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \ -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
-out clientBcert.pem -days 365 -out clientBcert.pem -days 365

7
samples/certs/rootA.bat
View File

@ -1,7 +0,0 @@
REM #!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
openssl x509 -subject -issuer -noout -in rootA.pem

4
samples/certs/rootA.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret

4
samples/certs/rootA.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
openssl x509 -subject -issuer -noout -in rootA.pem openssl x509 -subject -issuer -noout -in rootA.pem

7
samples/certs/rootB.bat
View File

@ -1,7 +0,0 @@
rem #!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
openssl x509 -subject -issuer -noout -in rootB.pem

4
samples/certs/rootB.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret

4
samples/certs/rootB.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365 openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
openssl x509 -subject -issuer -noout -in rootB.pem openssl x509 -subject -issuer -noout -in rootB.pem

9
samples/certs/serverA.bat
View File

@ -1,9 +0,0 @@
rem #!/bin/sh
openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
copy serverAcert.pem + rootA.pem serverA.pem
openssl x509 -subject -issuer -noout -in serverA.pem

10
samples/certs/serverA.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret
@ -118,7 +118,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert
# so use this option with caution! # so use this option with caution!
string_mask = nombstr string_mask = nombstr
# req_extensions = v3_ext # The extensions to add to a certificate request # req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing. # the certificate can be used for anything *except* object signing.
# This is OK for an SSL server. # This is OK for an SSL server.
nsCertType = server # nsCertType = server
# For an object signing certificate this would be used. # For an object signing certificate this would be used.
# nsCertType = objsign # nsCertType = objsign
@ -198,7 +198,7 @@ authorityKeyIdentifier=keyid,issuer
# subjectAltName=email:copy # subjectAltName=email:copy
# An alternative to produce certificates that aren't # An alternative to produce certificates that aren't
# deprecated according to PKIX. # deprecated according to PKIX.
subjectAltName=DNS:foo.bar.example # subjectAltName=email:move
# Copy subject details # Copy subject details
# issuerAltName=issuer:copy # issuerAltName=issuer:copy

4
samples/certs/serverA.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \ openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem \
-config ./serverA.cnf -nodes -days 365 -batch -config ./serverA.cnf -nodes -days 365 -batch
openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \ openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf \
-extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \ -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
-out serverAcert.pem -days 365 -out serverAcert.pem -days 365

9
samples/certs/serverB.bat
View File

@ -1,9 +0,0 @@
rem #!/bin/sh
openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
copy serverBcert.pem + rootB.pem serverB.pem
openssl x509 -subject -issuer -noout -in serverB.pem

8
samples/certs/serverB.cnf
View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional" # Comment out the following two lines for the "traditional"
# (and highly broken) format. # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for # Passwords for private keys if not present they will be prompted for
# input_password = secret # input_password = secret
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing. # the certificate can be used for anything *except* object signing.
# This is OK for an SSL server. # This is OK for an SSL server.
nsCertType = server # nsCertType = server
# For an object signing certificate this would be used. # For an object signing certificate this would be used.
# nsCertType = objsign # nsCertType = objsign
@ -195,7 +195,7 @@ authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname. # This stuff is for subjectAltName and issuerAltname.
# Import the email address. # Import the email address.
subjectAltName=DNS:fnord.bar.example # subjectAltName=email:copy
# An alternative to produce certificates that aren't # An alternative to produce certificates that aren't
# deprecated according to PKIX. # deprecated according to PKIX.
# subjectAltName=email:move # subjectAltName=email:move

4
samples/certs/serverB.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \ openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem \
-config ./serverB.cnf -nodes -days 365 -batch -config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \ openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf \
-extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \ -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
-out serverBcert.pem -days 365 -out serverBcert.pem -days 365

36
samples/chain/client.lua
View File

@ -1,36 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local util = require("util")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local conn = socket.tcp()
conn:connect("127.0.0.1", 8888)
conn = assert( ssl.wrap(conn, params) )
assert(conn:dohandshake())
util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
for k, cert in ipairs( conn:getpeerchain() ) do
util.show(cert)
end
local cert = conn:getpeercertificate()
print( cert )
print( cert:pem() )
conn:close()

72
samples/chain/server.lua
View File

@ -1,72 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local util = require("util")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local conn = server:accept()
conn = assert( ssl.wrap(conn, ctx) )
assert( conn:dohandshake() )
util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
local peerchain = conn:getpeerchain()
assert(#peerchain == #expectedpeerchain)
for k, cert in ipairs( peerchain ) do
util.show(cert)
local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
end
local expectedlocalchain = { "../certs/serverAcert.pem" }
local localchain = assert(conn:getlocalchain())
assert(#localchain == #expectedlocalchain)
for k, cert in ipairs( localchain ) do
util.show(cert)
local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
if k == 1 then
assert(cert:pem() == conn:getlocalcertificate():pem())
end
end
local f = io.open(params.certificate)
local str = f:read("*a")
f:close()
util.show( ssl.loadcertificate(str) )
print("----------------------------------------------------------------------")
local cert = conn:getpeercertificate()
print( cert )
print( cert:digest() )
print( cert:digest("sha1") )
print( cert:digest("sha256") )
print( cert:digest("sha512") )
conn:close()
server:close()

22
samples/chain/util.lua
View File

@ -1,22 +0,0 @@
local print = print
local ipairs = ipairs
local _ENV = {}
function _ENV.show(cert)
print("Serial:", cert:serial())
print("NotBefore:", cert:notbefore())
print("NotAfter:", cert:notafter())
print("--- Issuer ---")
for k, v in ipairs(cert:issuer()) do
print(v.name .. " = " .. v.value)
end
print("--- Subject ---")
for k, v in ipairs(cert:subject()) do
print(v.name .. " = " .. v.value)
end
print("----------------------------------------------------------------------")
end
return _ENV

28
samples/curve-negotiation/client.lua
View File

@ -1,28 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "any",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-256:P-384",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

37
samples/curve-negotiation/server.lua
View File

@ -1,37 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-384:P-256:P-521",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot with curve negotiation test\n")
peer:close()

40
samples/dane/client.lua
View File

@ -1,40 +0,0 @@
local socket = require "socket";
local ssl = require "ssl";
local dns = require "lunbound".new();
local cfg = {
protocol = "tlsv1_2",
mode = "client",
ciphers = "DEFAULT",
capath = "/etc/ssl/certs",
verify = "peer",
dane = true,
};
local function daneconnect(host, port)
port = port or "443";
local conn = ssl.wrap(socket.connect(host, port), cfg);
local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
assert(tlsa.secure, "Insecure DNS");
assert(conn:setdane(host));
for i = 1, tlsa.n do
local usage, selector, mtype = tlsa[i] :byte(1, 3);
assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
end
assert(conn:dohandshake());
return conn;
end
if not ... then
print("Usage: client.lua example.com [port]");
return os.exit(1);
end
local conn = daneconnect(...);
print(conn:getpeerverification());

27
samples/dhparam/client.lua
View File

@ -1,27 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "any",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
ciphers = "EDH+AESGCM"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

4
samples/dhparam/params.sh
View File

@ -1,4 +0,0 @@
#!/usr/bin/env sh
openssl dhparam -2 -out dh-512.pem -outform PEM 512
openssl dhparam -2 -out dh-1024.pem -outform PEM 1024

62
samples/dhparam/server.lua
View File

@ -1,62 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local function readfile(filename)
local fd = assert(io.open(filename))
local dh = fd:read("*a")
fd:close()
return dh
end
local function dhparam_cb(export, keylength)
print("---")
print("DH Callback")
print("Export", export)
print("Key length", keylength)
print("---")
local filename
if keylength == 512 then
filename = "dh-512.pem"
elseif keylength == 1024 then
filename = "dh-1024.pem"
else
-- No key
return nil
end
return readfile(filename)
end
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
dhparam = dhparam_cb,
ciphers = "EDH+AESGCM"
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot test\n")
peer:close()

26
samples/digest/client.lua
View File

@ -1,26 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

44
samples/digest/server.lua
View File

@ -1,44 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local cert = peer:getpeercertificate()
local sha1 = cert:digest("sha1")
local sha256 = cert:digest("sha256")
local sha512 = cert:digest("sha512")
print("SHA1", sha1)
print("SHA256", sha256)
print("SHA512", sha512)
peer:send("oneshot test\n")
peer:close()

33
samples/ecdh/client.lua
View File

@ -1,33 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--
curve = "secp384r1",
}
--------------------------------------------------------------------------------
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

40
samples/ecdh/server.lua
View File

@ -1,40 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--
curve = "secp384r1",
}
------------------------------------------------------------------------------
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()
server:close()

26
samples/info/client.lua
View File

@ -1,26 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

48
samples/info/server.lua
View File

@ -1,48 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
-- Before handshake: nil
print( peer:info() )
assert( peer:dohandshake() )
--]]
print("---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
print("-> Compression", peer:info("compression"))
peer:send("oneshot test\n")
peer:close()

2
samples/key/genkey.sh Executable file → Normal file
View File

@ -1,3 +1,3 @@
#!/usr/bin/env sh #!/bin/sh
openssl genrsa -des3 -out key.pem -passout pass:foobar 2048 openssl genrsa -des3 -out key.pem -passout pass:foobar 2048

2
samples/key/loadkey.lua
View File

@ -1,7 +1,7 @@
-- --
-- Public domain -- Public domain
-- --
local ssl = require("ssl") require("ssl")
local pass = "foobar" local pass = "foobar"
local cfg = { local cfg = {

8
samples/loop-gc/client.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
while true do while true do

8
samples/loop-gc/server.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
-- [[ SSL context -- [[ SSL context

10
samples/loop/client.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
while true do while true do
@ -23,8 +23,6 @@ while true do
assert( peer:dohandshake() ) assert( peer:dohandshake() )
--]] --]]
peer:getpeercertificate():extensions()
print(peer:receive("*l")) print(peer:receive("*l"))
peer:close() peer:close()
end end

8
samples/loop/server.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
-- [[ SSL context -- [[ SSL context

40
samples/luaossl/client.lua
View File

@ -1,40 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local pkey = require "openssl.pkey"
local ssl_context = require "openssl.ssl.context"
local x509 = require "openssl.x509"
local x509_store = require "openssl.x509.store"
local function read_file(path)
local file, err, errno = io.open(path, "rb")
if not file then
return nil, err, errno
end
local contents
contents, err, errno = file:read "*a"
file:close()
return contents, err, errno
end
local ctx = ssl_context.new("TLSv1_2", false)
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
local store = x509_store.new()
store:add("../certs/rootA.pem")
ctx:setStore(store)
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

58
samples/luaossl/server.lua
View File

@ -1,58 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local pkey = require "openssl.pkey"
local ssl_context = require "openssl.ssl.context"
local x509 = require "openssl.x509"
local x509_store = require "openssl.x509.store"
local function read_file(path)
local file, err, errno = io.open(path, "rb")
if not file then
return nil, err, errno
end
local contents
contents, err, errno = file:read "*a"
file:close()
return contents, err, errno
end
local ctx = ssl_context.new("TLSv1_2", true)
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
local store = x509_store.new()
store:add("../certs/rootA.pem")
ctx:setStore(store)
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
-- Before handshake: nil
print( peer:info() )
assert( peer:dohandshake() )
--]]
print("---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
print("-> Compression", peer:info("compression"))
peer:send("oneshot test\n")
peer:close()

29
samples/multicert/client-ecdsa.lua
View File

@ -1,29 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientECDSAkey.pem",
certificate = "certs/clientECDSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!aRSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()

29
samples/multicert/client-rsa.lua
View File

@ -1,29 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientRSAkey.pem",
certificate = "certs/clientRSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!ECDSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()

13
samples/multicert/gencerts.sh
View File

@ -1,13 +0,0 @@
#!/usr/bin/env sh
mkdir -p certs
openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch

38
samples/multicert/server.lua
View File

@ -1,38 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
certificates = {
-- Comment line below and 'client-rsa' stop working
{ certificate = "certs/serverRSA.pem", key = "certs/serverRSAkey.pem" },
-- Comment line below and 'client-ecdsa' stop working
{ certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
},
verify = "none",
options = "all"
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot test\n")
peer:close()

8
samples/oneshot/client.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
local peer = socket.tcp() local peer = socket.tcp()

8
samples/oneshot/server.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }

41
samples/psk/client.lua
View File

@ -1,41 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
if not ssl.config.capabilities.psk then
print("[ERRO] PSK not available")
os.exit(1)
end
-- @param hint (nil | string)
-- @param max_identity_len (number)
-- @param max_psk_len (number)
-- @return identity (string)
-- @return PSK (string)
local function pskcb(hint, max_identity_len, max_psk_len)
print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
return "abcd", "1234"
end
local params = {
mode = "client",
protocol = "tlsv1_2",
psk = pskcb,
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

60
samples/psk/server.lua
View File

@ -1,60 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
if not ssl.config.capabilities.psk then
print("[ERRO] PSK not available")
os.exit(1)
end
-- @param identity (string)
-- @param max_psk_len (number)
-- @return psk (string)
local function pskcb(identity, max_psk_len)
print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
if identity == "abcd" then
return "1234"
end
return nil
end
local params = {
mode = "server",
protocol = "any",
options = "all",
-- PSK with just a callback
psk = pskcb,
-- PSK with identity hint
-- psk = {
-- hint = "hintpsksample",
-- callback = pskcb,
-- },
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()
server:close()

35
samples/sni/client.lua
View File

@ -1,35 +0,0 @@
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = "peer",
options = "all",
}
local conn = socket.tcp()
conn:connect("127.0.0.1", 8888)
-- TLS/SSL initialization
conn = ssl.wrap(conn, params)
-- Comment the lines to not send a name
--conn:sni("servera.br")
--conn:sni("serveraa.br")
conn:sni("serverb.br")
assert(conn:dohandshake())
--
local cert = conn:getpeercertificate()
for k, v in pairs(cert:subject()) do
for i, j in pairs(v) do
print(i, j)
end
end
--
print(conn:receive("*l"))
conn:close()

52
samples/sni/server.lua
View File

@ -1,52 +0,0 @@
local socket = require("socket")
local ssl = require("ssl")
local params01 = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!ADH:@STRENGTH",
}
local params02 = {
mode = "server",
protocol = "any",
key = "../certs/serverAAkey.pem",
certificate = "../certs/serverAA.pem",
cafile = "../certs/rootA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!ADH:@STRENGTH",
}
--
local ctx01 = ssl.newcontext(params01)
local ctx02 = ssl.newcontext(params02)
--
local server = socket.tcp()
server:setoption('reuseaddr', true)
server:bind("127.0.0.1", 8888)
server:listen()
local conn = server:accept()
--
-- Default context (when client does not send a name) is ctx01
conn = ssl.wrap(conn, ctx01)
-- Configure the name map
local sni_map = {
["servera.br"] = ctx01,
["serveraa.br"] = ctx02,
}
conn:sni(sni_map, true)
assert(conn:dohandshake())
--
conn:send("one line\n")
conn:close()

29
samples/verification/fail-string/client.lua
View File

@ -1,29 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1",
key = "../../certs/clientBkey.pem",
certificate = "../../certs/clientB.pem",
cafile = "../../certs/rootB.pem",
verify = "none",
options = "all",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
print(peer:receive("*l"))
peer:close()

37
samples/verification/fail-string/server.lua
View File

@ -1,37 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "tlsv1",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = "none",
options = "all",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
peer:send("oneshot test\n")
peer:close()

39
samples/verification/fail-table/client.lua
View File

@ -1,39 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1",
key = "../../certs/clientBkey.pem",
certificate = "../../certs/clientB.pem",
cafile = "../../certs/rootB.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
verifyext = "lsec_continue",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
--]]
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
print(peer:receive("*l"))
peer:close()

43
samples/verification/fail-table/server.lua
View File

@ -1,43 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "tlsv1",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
peer:send("oneshot test\n")
peer:close()

29
samples/verification/success/client.lua
View File

@ -1,29 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1",
key = "../../certs/clientAkey.pem",
certificate = "../../certs/clientA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
print(peer:receive("*l"))
peer:close()

38
samples/verification/success/server.lua
View File

@ -1,38 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "tlsv1",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
peer:send("oneshot test\n")
peer:close()

35
samples/verify/client.lua
View File

@ -1,35 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/serverBkey.pem",
certificate = "../certs/serverB.pem",
cafile = "../certs/rootB.pem",
verify = {"peer", "fail_if_no_peer_cert"},
verifyext = {"lsec_continue", "lsec_ignore_purpose"},
options = "all",
}
local ctx = assert(ssl.newcontext(params))
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
print(peer:receive("*l"))
peer:close()

40
samples/verify/server.lua
View File

@ -1,40 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
verifyext = {"lsec_continue", "lsec_ignore_purpose"},
options = "all",
}
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
peer:send("oneshot test\n")
peer:close()

8
samples/want/client.lua
View File

@ -3,17 +3,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
-- Wait until socket is ready (for reading or writing) -- Wait until socket is ready (for reading or writing)

8
samples/want/server.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
-- [[ SSL context -- [[ SSL context

8
samples/wantread/client.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }

8
samples/wantread/server.lua
View File

@ -3,17 +3,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
-- [[ SSL context -- [[ SSL context

8
samples/wantwrite/client.lua
View File

@ -1,17 +1,17 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
local params = { local params = {
mode = "client", mode = "client",
protocol = "tlsv1_2", protocol = "sslv3",
key = "../certs/clientAkey.pem", key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem", certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }
local function wait(peer, err) local function wait(peer, err)

8
samples/wantwrite/server.lua
View File

@ -1,19 +1,19 @@
-- --
-- Public domain -- Public domain
-- --
local socket = require("socket") require("socket")
local ssl = require("ssl") require("ssl")
print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.") print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")
local params = { local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "sslv3",
key = "../certs/serverAkey.pem", key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem", certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem", cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"}, verify = {"peer", "fail_if_no_peer_cert"},
options = "all", options = {"all", "no_sslv2"},
} }

63
src/Makefile
View File

@ -2,65 +2,60 @@ CMOD=ssl.so
LMOD=ssl.lua LMOD=ssl.lua
OBJS= \ OBJS= \
options.o \ timeout.o \
x509.o \ buffer.o \
io.o \
usocket.o \
context.o \ context.o \
ssl.o \ ssl.o
config.o \
ec.o
LIBS=-lssl -lcrypto -lluasocket LIBS=-lssl -lcrypto
WARN=-Wall -pedantic WARN=-Wall -pedantic
BSD_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS) BSD_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
BSD_LDFLAGS=-O -fPIC -shared $(LIBDIR) BSD_LDFLAGS=-O -shared -fpic $(LIBDIR)
LNX_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS) LNX_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
LNX_LDFLAGS=-O -fPIC -shared $(LIBDIR) LNX_LDFLAGS=-O -shared -fpic $(LIBDIR)
MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)' MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS) MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR) MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
INSTALL = install CP=cp
CC ?= cc CC=gcc
CCLD ?= $(MYENV) $(CC) LD=$(MYENV) gcc
CFLAGS += $(MYCFLAGS) CFLAGS=$(MYCFLAGS)
LDFLAGS += $(MYLDFLAGS) LDFLAGS=$(MYLDFLAGS)
.PHONY: all clean install none linux bsd macosx luasocket .PHONY: all clean install none linux bsd macosx
all: all:
install: $(CMOD) $(LMOD) install: $(CMOD) $(LMOD)
$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH) $(CP) $(CMOD) $(CPATH)
$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH) $(CP) $(LMOD) $(LUAPATH)
$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
linux: linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)" @$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
bsd: bsd:
@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)" EXTRA="$(EXTRA)" @$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
macosx: macosx:
@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)" EXTRA="$(EXTRA)" @$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
luasocket:
@cd luasocket && $(MAKE)
$(CMOD): $(EXTRA) $(OBJS) $(CMOD): $(OBJS)
$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
clean: clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD) rm -f $(OBJS) $(CMOD)
options.o: options.h options.c buffer.o: buffer.c buffer.h io.h timeout.h
ec.o: ec.c ec.h io.o: io.c io.h timeout.h
x509.o: x509.c x509.h compat.h timeout.o: timeout.c timeout.h
context.o: context.c context.h ec.h compat.h options.h usocket.o: usocket.c socket.h io.h timeout.h usocket.h
ssl.o: ssl.c ssl.h context.h x509.h compat.h context.o: context.c context.h
config.o: config.c ec.h options.h compat.h ssl.o: ssl.c socket.h io.h timeout.h usocket.h buffer.h context.h context.c

83
src/luasocket/buffer.c → src/buffer.c
View File

@ -1,6 +1,10 @@
/*=========================================================================*\ /*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output interface for Lua programs * Input/Output interface for Lua programs
* LuaSocket toolkit *
* RCS ID: $Id: buffer.c,v 1.28 2007/06/11 23:44:54 diego Exp $
\*=========================================================================*/ \*=========================================================================*/
#include "lua.h" #include "lua.h"
#include "lauxlib.h" #include "lauxlib.h"
@ -28,14 +32,6 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent);
/*=========================================================================*\ /*=========================================================================*\
* Exported functions * Exported functions
\*=========================================================================*/ \*=========================================================================*/
/*-------------------------------------------------------------------------*\
* Initializes module
\*-------------------------------------------------------------------------*/
int buffer_open(lua_State *L) {
(void) L;
return 0;
}
/*-------------------------------------------------------------------------*\ /*-------------------------------------------------------------------------*\
* Initializes C structure * Initializes C structure
\*-------------------------------------------------------------------------*/ \*-------------------------------------------------------------------------*/
@ -43,29 +39,6 @@ void buffer_init(p_buffer buf, p_io io, p_timeout tm) {
buf->first = buf->last = 0; buf->first = buf->last = 0;
buf->io = io; buf->io = io;
buf->tm = tm; buf->tm = tm;
buf->received = buf->sent = 0;
buf->birthday = timeout_gettime();
}
/*-------------------------------------------------------------------------*\
* object:getstats() interface
\*-------------------------------------------------------------------------*/
int buffer_meth_getstats(lua_State *L, p_buffer buf) {
lua_pushnumber(L, (lua_Number) buf->received);
lua_pushnumber(L, (lua_Number) buf->sent);
lua_pushnumber(L, timeout_gettime() - buf->birthday);
return 3;
}
/*-------------------------------------------------------------------------*\
* object:setstats() interface
\*-------------------------------------------------------------------------*/
int buffer_meth_setstats(lua_State *L, p_buffer buf) {
buf->received = (long) luaL_optnumber(L, 2, (lua_Number) buf->received);
buf->sent = (long) luaL_optnumber(L, 3, (lua_Number) buf->sent);
if (lua_isnumber(L, 4)) buf->birthday = timeout_gettime() - lua_tonumber(L, 4);
lua_pushnumber(L, 1);
return 1;
} }
/*-------------------------------------------------------------------------*\ /*-------------------------------------------------------------------------*\
@ -78,7 +51,7 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
const char *data = luaL_checklstring(L, 2, &size); const char *data = luaL_checklstring(L, 2, &size);
long start = (long) luaL_optnumber(L, 3, 1); long start = (long) luaL_optnumber(L, 3, 1);
long end = (long) luaL_optnumber(L, 4, -1); long end = (long) luaL_optnumber(L, 4, -1);
timeout_markstart(buf->tm); p_timeout tm = timeout_markstart(buf->tm);
if (start < 0) start = (long) (size+start+1); if (start < 0) start = (long) (size+start+1);
if (end < 0) end = (long) (size+end+1); if (end < 0) end = (long) (size+end+1);
if (start < 1) start = (long) 1; if (start < 1) start = (long) 1;
@ -88,15 +61,15 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
if (err != IO_DONE) { if (err != IO_DONE) {
lua_pushnil(L); lua_pushnil(L);
lua_pushstring(L, buf->io->error(buf->io->ctx, err)); lua_pushstring(L, buf->io->error(buf->io->ctx, err));
lua_pushnumber(L, (lua_Number) (sent+start-1)); lua_pushnumber(L, sent+start-1);
} else { } else {
lua_pushnumber(L, (lua_Number) (sent+start-1)); lua_pushnumber(L, sent+start-1);
lua_pushnil(L); lua_pushnil(L);
lua_pushnil(L); lua_pushnil(L);
} }
#ifdef LUASOCKET_DEBUG #ifdef BUFFER_DEBUG
/* push time elapsed during operation as the last return value */ /* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm)); lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif #endif
return lua_gettop(L) - top; return lua_gettop(L) - top;
} }
@ -105,17 +78,11 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
* object:receive() interface * object:receive() interface
\*-------------------------------------------------------------------------*/ \*-------------------------------------------------------------------------*/
int buffer_meth_receive(lua_State *L, p_buffer buf) { int buffer_meth_receive(lua_State *L, p_buffer buf) {
int err = IO_DONE, top = lua_gettop(L);
luaL_Buffer b; luaL_Buffer b;
size_t size; size_t size;
const char *part; const char *part = luaL_optlstring(L, 3, "", &size);
int err = IO_DONE; p_timeout tm = timeout_markstart(buf->tm);
int top = lua_gettop(L);
if (top < 3) {
lua_settop(L, 3);
top = 3;
}
part = luaL_optlstring(L, 3, "", &size);
timeout_markstart(buf->tm);
/* initialize buffer with optional extra prefix /* initialize buffer with optional extra prefix
* (useful for concatenating previous partial results) */ * (useful for concatenating previous partial results) */
luaL_buffinit(L, &b); luaL_buffinit(L, &b);
@ -126,18 +93,12 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b); if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b);
else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b); else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b);
else luaL_argcheck(L, 0, 2, "invalid receive pattern"); else luaL_argcheck(L, 0, 2, "invalid receive pattern");
/* get a fixed number of bytes (minus what was already partially /* get a fixed number of bytes (minus what was already partially
* received) */ * received) */
} else { } else err = recvraw(buf, (size_t) lua_tonumber(L, 2)-size, &b);
double n = lua_tonumber(L, 2);
size_t wanted = (size_t) n;
luaL_argcheck(L, n >= 0, 2, "invalid receive pattern");
if (size == 0 || wanted > size)
err = recvraw(buf, wanted-size, &b);
}
/* check if there was an error */ /* check if there was an error */
if (err != IO_DONE) { if (err != IO_DONE) {
/* we can't push anything in the stack before pushing the /* we can't push anyting in the stack before pushing the
* contents of the buffer. this is the reason for the complication */ * contents of the buffer. this is the reason for the complication */
luaL_pushresult(&b); luaL_pushresult(&b);
lua_pushstring(L, buf->io->error(buf->io->ctx, err)); lua_pushstring(L, buf->io->error(buf->io->ctx, err));
@ -149,9 +110,9 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
lua_pushnil(L); lua_pushnil(L);
lua_pushnil(L); lua_pushnil(L);
} }
#ifdef LUASOCKET_DEBUG #ifdef BUFFER_DEBUG
/* push time elapsed during operation as the last return value */ /* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm)); lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif #endif
return lua_gettop(L) - top; return lua_gettop(L) - top;
} }
@ -176,13 +137,12 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent) {
size_t total = 0; size_t total = 0;
int err = IO_DONE; int err = IO_DONE;
while (total < count && err == IO_DONE) { while (total < count && err == IO_DONE) {
size_t done = 0; size_t done;
size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE; size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE;
err = io->send(io->ctx, data+total, step, &done, tm); err = io->send(io->ctx, data+total, step, &done, tm);
total += done; total += done;
} }
*sent = total; *sent = total;
buf->sent += total;
return err; return err;
} }
@ -235,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
pos = 0; pos = 0;
while (pos < count && data[pos] != '\n') { while (pos < count && data[pos] != '\n') {
/* we ignore all \r's */ /* we ignore all \r's */
if (data[pos] != '\r') luaL_addchar(b, data[pos]); if (data[pos] != '\r') luaL_putchar(b, data[pos]);
pos++; pos++;
} }
if (pos < count) { /* found '\n' */ if (pos < count) { /* found '\n' */
@ -252,7 +212,6 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
* transport layer * transport layer
\*-------------------------------------------------------------------------*/ \*-------------------------------------------------------------------------*/
static void buffer_skip(p_buffer buf, size_t count) { static void buffer_skip(p_buffer buf, size_t count) {
buf->received += count;
buf->first += count; buf->first += count;
if (buffer_isempty(buf)) if (buffer_isempty(buf))
buf->first = buf->last = 0; buf->first = buf->last = 0;

14
src/luasocket/buffer.h → src/buffer.h
View File

@ -1,8 +1,10 @@
#ifndef BUF_H #ifndef BUF_H
#define BUF_H #define BUF_H
/*=========================================================================*\ /*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output interface for Lua programs * Input/Output interface for Lua programs
* LuaSocket toolkit
* *
* Line patterns require buffering. Reading one character at a time involves * Line patterns require buffering. Reading one character at a time involves
* too many system calls and is very slow. This module implements the * too many system calls and is very slow. This module implements the
@ -14,8 +16,11 @@
* *
* The module is built on top of the I/O abstraction defined in io.h and the * The module is built on top of the I/O abstraction defined in io.h and the
* timeout management is done with the timeout.h interface. * timeout management is done with the timeout.h interface.
*
*
* RCS ID: $Id: buffer.h,v 1.12 2005/10/07 04:40:59 diego Exp $
\*=========================================================================*/ \*=========================================================================*/
#include "lua.h" #include <lua.h>
#include "io.h" #include "io.h"
#include "timeout.h" #include "timeout.h"
@ -25,8 +30,6 @@
/* buffer control structure */ /* buffer control structure */
typedef struct t_buffer_ { typedef struct t_buffer_ {
double birthday; /* throttle support info: creation time, */
size_t sent, received; /* bytes sent, and bytes received */
p_io io; /* IO driver used for this buffer */ p_io io; /* IO driver used for this buffer */
p_timeout tm; /* timeout management for this buffer */ p_timeout tm; /* timeout management for this buffer */
size_t first, last; /* index of first and last bytes of stored data */ size_t first, last; /* index of first and last bytes of stored data */
@ -34,12 +37,9 @@ typedef struct t_buffer_ {
} t_buffer; } t_buffer;
typedef t_buffer *p_buffer; typedef t_buffer *p_buffer;
int buffer_open(lua_State *L);
void buffer_init(p_buffer buf, p_io io, p_timeout tm); void buffer_init(p_buffer buf, p_io io, p_timeout tm);
int buffer_meth_send(lua_State *L, p_buffer buf); int buffer_meth_send(lua_State *L, p_buffer buf);
int buffer_meth_receive(lua_State *L, p_buffer buf); int buffer_meth_receive(lua_State *L, p_buffer buf);
int buffer_meth_getstats(lua_State *L, p_buffer buf);
int buffer_meth_setstats(lua_State *L, p_buffer buf);
int buffer_isempty(p_buffer buf); int buffer_isempty(p_buffer buf);
#endif /* BUF_H */ #endif /* BUF_H */

63
src/compat.h
View File

@ -1,63 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_COMPAT_H
#define LSEC_COMPAT_H
#include <openssl/ssl.h>
//------------------------------------------------------------------------------
#if defined(_WIN32)
#define LSEC_API __declspec(dllexport)
#else
#define LSEC_API extern
#endif
//------------------------------------------------------------------------------
#if (LUA_VERSION_NUM == 501)
#define luaL_testudata(L, ud, tname) lsec_testudata(L, ud, tname)
#define setfuncs(L, R) luaL_register(L, NULL, R)
#define lua_rawlen(L, i) lua_objlen(L, i)
#ifndef luaL_newlib
#define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
#endif
#else
#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
#endif
//------------------------------------------------------------------------------
#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
#define LSEC_ENABLE_DANE
#endif
//------------------------------------------------------------------------------
#if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
#define LSEC_API_OPENSSL_1_1_0
#endif
//------------------------------------------------------------------------------
#if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L || (OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x30000000L)
#define LSEC_OPENSSL_ERRNO_BUG
#endif
//------------------------------------------------------------------------------
#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_PSK)
#define LSEC_ENABLE_PSK
#endif
//------------------------------------------------------------------------------
#endif

108
src/config.c
View File

@ -1,108 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include "compat.h"
#include "options.h"
#include "ec.h"
/**
* Registre the module.
*/
LSEC_API int luaopen_ssl_config(lua_State *L)
{
lsec_ssl_option_t *opt;
lua_newtable(L);
// Options
lua_pushstring(L, "options");
lua_newtable(L);
for (opt = lsec_get_ssl_options(); opt->name; opt++) {
lua_pushstring(L, opt->name);
lua_pushboolean(L, 1);
lua_rawset(L, -3);
}
lua_rawset(L, -3);
// Protocols
lua_pushstring(L, "protocols");
lua_newtable(L);
lua_pushstring(L, "tlsv1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
lua_pushstring(L, "tlsv1_1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
lua_pushstring(L, "tlsv1_2");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef TLS1_3_VERSION
lua_pushstring(L, "tlsv1_3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
// Algorithms
lua_pushstring(L, "algorithms");
lua_newtable(L);
#ifndef OPENSSL_NO_EC
lua_pushstring(L, "ec");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
// Curves
lua_pushstring(L, "curves");
lsec_get_curves(L);
lua_rawset(L, -3);
// Capabilities
lua_pushstring(L, "capabilities");
lua_newtable(L);
// ALPN
lua_pushstring(L, "alpn");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef LSEC_ENABLE_PSK
lua_pushstring(L, "psk");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
#ifdef LSEC_ENABLE_DANE
// DANE
lua_pushstring(L, "dane");
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
lua_createtable(L, 0, 1);
lua_pushstring(L, "no_ee_namechecks");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#else
lua_pushboolean(L, 1);
#endif
lua_rawset(L, -3);
#endif
#ifndef OPENSSL_NO_EC
lua_pushstring(L, "curves_list");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
lua_pushstring(L, "ecdh_auto");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
return 1;
}

863
src/context.c
View File

File diff suppressed because it is too large Load Diff

40
src/context.h
View File

@ -1,47 +1,35 @@
#ifndef LSEC_CONTEXT_H #ifndef __CONTEXT_H__
#define LSEC_CONTEXT_H #define __CONTEXT_H__
/*-------------------------------------------------------------------------- /*--------------------------------------------------------------------------
* LuaSec 1.3.2 * LuaSec 0.3.3
* * Copyright (C) 2006-2009 Bruno Silvestre
* Copyright (C) 2006-2023 Bruno Silvestre
* *
*--------------------------------------------------------------------------*/ *--------------------------------------------------------------------------*/
#include <lua.h> #include <lua.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include "compat.h" #ifndef LUASEC_API
#define LUASEC_API extern
#endif
#define LSEC_MODE_INVALID 0 #define MD_CTX_INVALID 0
#define LSEC_MODE_SERVER 1 #define MD_CTX_SERVER 1
#define LSEC_MODE_CLIENT 2 #define MD_CTX_CLIENT 2
#define LSEC_VERIFY_CONTINUE 1
#define LSEC_VERIFY_IGNORE_PURPOSE 2
typedef struct t_context_ { typedef struct t_context_ {
SSL_CTX *context; SSL_CTX *context;
lua_State *L; char mode;
DH *dh_param;
void *alpn;
int mode;
} t_context; } t_context;
typedef t_context* p_context; typedef t_context* p_context;
/* Retrieve the SSL context from the Lua stack */ /* Retrieve the SSL context from the Lua stack */
SSL_CTX *lsec_checkcontext(lua_State *L, int idx); SSL_CTX *ctx_getcontext(lua_State *L, int idx);
SSL_CTX *lsec_testcontext(lua_State *L, int idx);
/* Retrieve the mode from the context in the Lua stack */ /* Retrieve the mode from the context in the Lua stack */
int lsec_getmode(lua_State *L, int idx); char ctx_getmode(lua_State *L, int idx);
/* Registre the module. */ /* Registre the module. */
LSEC_API int luaopen_ssl_context(lua_State *L); LUASEC_API int luaopen_ssl_context(lua_State *L);
/* Compat - Lua 5.1 */
#if (LUA_VERSION_NUM == 501)
void *lsec_testudata (lua_State *L, int ud, const char *tname);
#endif
#endif #endif

116
src/ec.c
View File

@ -1,116 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/objects.h>
#include "ec.h"
#ifndef OPENSSL_NO_EC
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
{
int nid;
lua_pushstring(L, "SSL:EC:CURVES");
lua_rawget(L, LUA_REGISTRYINDEX);
lua_pushstring(L, str);
lua_rawget(L, -2);
if (!lua_isnumber(L, -1))
return NULL;
nid = (int)lua_tonumber(L, -1);
return EC_KEY_new_by_curve_name(nid);
}
void lsec_load_curves(lua_State *L)
{
size_t i;
size_t size;
const char *name;
EC_builtin_curve *curves = NULL;
lua_pushstring(L, "SSL:EC:CURVES");
lua_newtable(L);
size = EC_get_builtin_curves(NULL, 0);
if (size > 0) {
curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
EC_get_builtin_curves(curves, size);
for (i = 0; i < size; i++) {
name = OBJ_nid2sn(curves[i].nid);
if (name != NULL) {
lua_pushstring(L, name);
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
}
switch (curves[i].nid) {
case NID_X9_62_prime256v1:
lua_pushstring(L, "P-256");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
case NID_secp384r1:
lua_pushstring(L, "P-384");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
case NID_secp521r1:
lua_pushstring(L, "P-521");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
}
}
free(curves);
}
/* These are special so are manually added here */
#ifdef NID_X25519
lua_pushstring(L, "X25519");
lua_pushnumber(L, NID_X25519);
lua_rawset(L, -3);
#endif
#ifdef NID_X448
lua_pushstring(L, "X448");
lua_pushnumber(L, NID_X448);
lua_rawset(L, -3);
#endif
lua_rawset(L, LUA_REGISTRYINDEX);
}
void lsec_get_curves(lua_State *L)
{
lua_newtable(L);
lua_pushstring(L, "SSL:EC:CURVES");
lua_rawget(L, LUA_REGISTRYINDEX);
lua_pushnil(L);
while (lua_next(L, -2) != 0) {
lua_pop(L, 1);
lua_pushvalue(L, -1);
lua_pushboolean(L, 1);
lua_rawset(L, -5);
}
lua_pop(L, 1);
}
#else
void lsec_load_curves(lua_State *L)
{
// do nothing
}
void lsec_get_curves(lua_State *L)
{
lua_newtable(L);
}
#endif

22
src/ec.h
View File

@ -1,22 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_EC_H
#define LSEC_EC_H
#include <lua.h>
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
#endif
void lsec_get_curves(lua_State *L);
void lsec_load_curves(lua_State *L);
#endif

147
src/https.lua
View File

@ -1,147 +0,0 @@
----------------------------------------------------------------------------
-- LuaSec 1.3.2
--
-- Copyright (C) 2009-2023 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
---------------------------------------------------------------------------
local socket = require("socket")
local ssl = require("ssl")
local ltn12 = require("ltn12")
local http = require("socket.http")
local url = require("socket.url")
local try = socket.try
--
-- Module
--
local _M = {
_VERSION = "1.3.2",
_COPYRIGHT = "LuaSec 1.3.2 - Copyright (C) 2009-2023 PUC-Rio",
PORT = 443,
TIMEOUT = 60
}
-- TLS configuration
local cfg = {
protocol = "any",
options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"},
verify = "none",
}
--------------------------------------------------------------------
-- Auxiliar Functions
--------------------------------------------------------------------
-- Insert default HTTPS port.
local function default_https_port(u)
return url.build(url.parse(u, {port = _M.PORT}))
end
-- Convert an URL to a table according to Luasocket needs.
local function urlstring_totable(url, body, result_table)
url = {
url = default_https_port(url),
method = body and "POST" or "GET",
sink = ltn12.sink.table(result_table)
}
if body then
url.source = ltn12.source.string(body)
url.headers = {
["content-length"] = #body,
["content-type"] = "application/x-www-form-urlencoded",
}
end
return url
end
-- Forward calls to the real connection object.
local function reg(conn)
local mt = getmetatable(conn.sock).__index
for name, method in pairs(mt) do
if type(method) == "function" then
conn[name] = function (self, ...)
return method(self.sock, ...)
end
end
end
end
-- Return a function which performs the SSL/TLS connection.
local function tcp(params)
params = params or {}
-- Default settings
for k, v in pairs(cfg) do
params[k] = params[k] or v
end
-- Force client mode
params.mode = "client"
-- 'create' function for LuaSocket
return function ()
local conn = {}
conn.sock = try(socket.tcp())
local st = getmetatable(conn.sock).__index.settimeout
function conn:settimeout(...)
return st(self.sock, _M.TIMEOUT)
end
-- Replace TCP's connection function
function conn:connect(host, port)
try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params))
self.sock:sni(host)
self.sock:settimeout(_M.TIMEOUT)
try(self.sock:dohandshake())
reg(self)
return 1
end
return conn
end
end
--------------------------------------------------------------------
-- Main Function
--------------------------------------------------------------------
-- Make a HTTP request over secure connection. This function receives
-- the same parameters of LuaSocket's HTTP module (except 'proxy' and
-- 'redirect') plus LuaSec parameters.
--
-- @param url mandatory (string or table)
-- @param body optional (string)
-- @return (string if url == string or 1), code, headers, status
--
local function request(url, body)
local result_table = {}
local stringrequest = type(url) == "string"
if stringrequest then
url = urlstring_totable(url, body, result_table)
else
url.url = default_https_port(url.url)
end
if http.PROXY or url.proxy then
return nil, "proxy not supported"
elseif url.redirect then
return nil, "redirect not supported"
elseif url.create then
return nil, "create function not permitted"
end
-- New 'create' function to establish a secure connection
url.create = tcp(url)
local res, code, headers, status = http.request(url)
if res and stringrequest then
return table.concat(result_table), code, headers, status
end
return res, code, headers, status
end
--------------------------------------------------------------------------------
-- Export module
--
_M.request = request
_M.tcp = tcp
return _M

6
src/luasocket/io.c → src/io.c
View File

@ -1,6 +1,10 @@
/*=========================================================================*\ /*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output abstraction * Input/Output abstraction
* LuaSocket toolkit *
* RCS ID: $Id: io.c 2 2006-04-30 19:30:47Z brunoos $
\*=========================================================================*/ \*=========================================================================*/
#include "io.h" #include "io.h"

19
src/luasocket/io.h → src/io.h
View File

@ -1,8 +1,10 @@
#ifndef IO_H #ifndef IO_H
#define IO_H #define IO_H
/*=========================================================================*\ /*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output abstraction * Input/Output abstraction
* LuaSocket toolkit
* *
* This module defines the interface that LuaSocket expects from the * This module defines the interface that LuaSocket expects from the
* transport layer for streamed input/output. The idea is that if any * transport layer for streamed input/output. The idea is that if any
@ -11,18 +13,21 @@
* *
* The module socket.h implements this interface, and thus the module tcp.h * The module socket.h implements this interface, and thus the module tcp.h
* is very simple. * is very simple.
*
* RCS ID: $Id: io.h 6 2006-04-30 20:33:05Z brunoos $
\*=========================================================================*/ \*=========================================================================*/
#include <stdio.h> #include <stdio.h>
#include "lua.h" #include <lua.h>
#include "timeout.h" #include "timeout.h"
/* IO error codes */ /* IO error codes */
enum { enum {
IO_DONE = 0, /* operation completed successfully */ IO_DONE = 0, /* operation completed successfully */
IO_TIMEOUT = -1, /* operation timed out */ IO_TIMEOUT = -1, /* operation timed out */
IO_CLOSED = -2, /* the connection has been closed */ IO_CLOSED = -2, /* the connection has been closed */
IO_UNKNOWN = -3 IO_UNKNOWN = -3, /* Unknown error */
IO_SSL = -4 /* SSL error */
}; };
/* interface to error message function */ /* interface to error message function */
@ -43,7 +48,7 @@ typedef int (*p_send) (
/* interface to recv function */ /* interface to recv function */
typedef int (*p_recv) ( typedef int (*p_recv) (
void *ctx, /* context needed by recv */ void *ctx, /* context needed by recv */
char *data, /* pointer to buffer where data will be written */ char *data, /* pointer to buffer where data will be writen */
size_t count, /* number of bytes to receive into buffer */ size_t count, /* number of bytes to receive into buffer */
size_t *got, /* number of bytes received uppon return */ size_t *got, /* number of bytes received uppon return */
p_timeout tm /* timeout control */ p_timeout tm /* timeout control */

21
src/luasocket/LICENSE
View File

@ -1,21 +0,0 @@
LuaSocket 3.0-RC1 license
Copyright (C) 2004-2013 Diego Nehab
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

26
src/luasocket/Makefile
View File

@ -1,26 +0,0 @@
OBJS= \
io.o \
buffer.o \
timeout.o \
usocket.o
CC ?= cc
CFLAGS += $(MYCFLAGS) -DLUASOCKET_DEBUG
AR ?= ar
RANLIB ?= ranlib
.PHONY: all clean
all: libluasocket.a
libluasocket.a: $(OBJS)
$(AR) rcu $@ $(OBJS)
$(RANLIB) $@
clean:
rm -f $(OBJS) libluasocket.a
buffer.o: buffer.c buffer.h io.h timeout.h
io.o: io.c io.h timeout.h
timeout.o: timeout.c timeout.h
usocket.o: usocket.c socket.h io.h timeout.h usocket.h

441
src/luasocket/usocket.c
View File

@ -1,441 +0,0 @@
/*=========================================================================*\
* Socket compatibilization module for Unix
* LuaSocket toolkit
*
* The code is now interrupt-safe.
* The penalty of calling select to avoid busy-wait is only paid when
* the I/O call fail in the first place.
\*=========================================================================*/
#include <string.h>
#include <signal.h>
#include "socket.h"
/*-------------------------------------------------------------------------*\
* Wait for readable/writable/connected socket with timeout
\*-------------------------------------------------------------------------*/
#ifndef SOCKET_SELECT
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
struct pollfd pfd;
pfd.fd = *ps;
pfd.events = sw;
pfd.revents = 0;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
do {
int t = (int)(timeout_getretry(tm)*1e3);
ret = poll(&pfd, 1, t >= 0? t: -1);
} while (ret == -1 && errno == EINTR);
if (ret == -1) return errno;
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
return IO_DONE;
}
#else
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
fd_set rfds, wfds, *rp, *wp;
struct timeval tv, *tp;
double t;
if (*ps >= FD_SETSIZE) return EINVAL;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
do {
/* must set bits within loop, because select may have modified them */
rp = wp = NULL;
if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
t = timeout_getretry(tm);
tp = NULL;
if (t >= 0.0) {
tv.tv_sec = (int)t;
tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
tp = &tv;
}
ret = select(*ps+1, rp, wp, NULL, tp);
} while (ret == -1 && errno == EINTR);
if (ret == -1) return errno;
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
return IO_DONE;
}
#endif
/*-------------------------------------------------------------------------*\
* Initializes module
\*-------------------------------------------------------------------------*/
int socket_open(void) {
/* instals a handler to ignore sigpipe or it will crash us */
signal(SIGPIPE, SIG_IGN);
return 1;
}
/*-------------------------------------------------------------------------*\
* Close module
\*-------------------------------------------------------------------------*/
int socket_close(void) {
return 1;
}
/*-------------------------------------------------------------------------*\
* Close and inutilize socket
\*-------------------------------------------------------------------------*/
void socket_destroy(p_socket ps) {
if (*ps != SOCKET_INVALID) {
socket_setblocking(ps);
close(*ps);
*ps = SOCKET_INVALID;
}
}
/*-------------------------------------------------------------------------*\
* Select with timeout control
\*-------------------------------------------------------------------------*/
int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds,
p_timeout tm) {
int ret;
do {
struct timeval tv;
double t = timeout_getretry(tm);
tv.tv_sec = (int) t;
tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
/* timeout = 0 means no wait */
ret = select(n, rfds, wfds, efds, t >= 0.0 ? &tv: NULL);
} while (ret < 0 && errno == EINTR);
return ret;
}
/*-------------------------------------------------------------------------*\
* Creates and sets up a socket
\*-------------------------------------------------------------------------*/
int socket_create(p_socket ps, int domain, int type, int protocol) {
*ps = socket(domain, type, protocol);
if (*ps != SOCKET_INVALID) return IO_DONE;
else return errno;
}
/*-------------------------------------------------------------------------*\
* Binds or returns error message
\*-------------------------------------------------------------------------*/
int socket_bind(p_socket ps, SA *addr, socklen_t len) {
int err = IO_DONE;
socket_setblocking(ps);
if (bind(*ps, addr, len) < 0) err = errno;
socket_setnonblocking(ps);
return err;
}
/*-------------------------------------------------------------------------*\
*
\*-------------------------------------------------------------------------*/
int socket_listen(p_socket ps, int backlog) {
int err = IO_DONE;
socket_setblocking(ps);
if (listen(*ps, backlog)) err = errno;
socket_setnonblocking(ps);
return err;
}
/*-------------------------------------------------------------------------*\
*
\*-------------------------------------------------------------------------*/
void socket_shutdown(p_socket ps, int how) {
socket_setblocking(ps);
shutdown(*ps, how);
socket_setnonblocking(ps);
}
/*-------------------------------------------------------------------------*\
* Connects or returns error message
\*-------------------------------------------------------------------------*/
int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
int err;
/* avoid calling on closed sockets */
if (*ps == SOCKET_INVALID) return IO_CLOSED;
/* call connect until done or failed without being interrupted */
do if (connect(*ps, addr, len) == 0) return IO_DONE;
while ((err = errno) == EINTR);
/* if connection failed immediately, return error code */
if (err != EINPROGRESS && err != EAGAIN) return err;
/* zero timeout case optimization */
if (timeout_iszero(tm)) return IO_TIMEOUT;
/* wait until we have the result of the connection attempt or timeout */
err = socket_waitfd(ps, WAITFD_C, tm);
if (err == IO_CLOSED) {
if (recv(*ps, (char *) &err, 0, 0) == 0) return IO_DONE;
else return errno;
} else return err;
}
/*-------------------------------------------------------------------------*\
* Accept with timeout
\*-------------------------------------------------------------------------*/
int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, p_timeout tm) {
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
int err;
if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
err = errno;
if (err == EINTR) continue;
if (err != EAGAIN && err != ECONNABORTED) return err;
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
/* can't reach here */
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Send with timeout
\*-------------------------------------------------------------------------*/
int socket_send(p_socket ps, const char *data, size_t count,
size_t *sent, p_timeout tm)
{
int err;
*sent = 0;
/* avoid making system calls on closed sockets */
if (*ps == SOCKET_INVALID) return IO_CLOSED;
/* loop until we send something or we give up on error */
for ( ;; ) {
long put = (long) send(*ps, data, count, 0);
/* if we sent anything, we are done */
if (put >= 0) {
*sent = put;
return IO_DONE;
}
err = errno;
/* EPIPE means the connection was closed */
if (err == EPIPE) return IO_CLOSED;
/* we call was interrupted, just try again */
if (err == EINTR) continue;
/* if failed fatal reason, report error */
if (err != EAGAIN) return err;
/* wait until we can send something or we timeout */
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
}
/* can't reach here */
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Sendto with timeout
\*-------------------------------------------------------------------------*/
int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent,
SA *addr, socklen_t len, p_timeout tm)
{
int err;
*sent = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
long put = (long) sendto(*ps, data, count, 0, addr, len);
if (put >= 0) {
*sent = put;
return IO_DONE;
}
err = errno;
if (err == EPIPE) return IO_CLOSED;
if (err == EINTR) continue;
if (err != EAGAIN) return err;
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
}
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Receive with timeout
\*-------------------------------------------------------------------------*/
int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
int err;
*got = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
long taken = (long) recv(*ps, data, count, 0);
if (taken > 0) {
*got = taken;
return IO_DONE;
}
err = errno;
if (taken == 0) return IO_CLOSED;
if (err == EINTR) continue;
if (err != EAGAIN) return err;
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Recvfrom with timeout
\*-------------------------------------------------------------------------*/
int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got,
SA *addr, socklen_t *len, p_timeout tm) {
int err;
*got = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
long taken = (long) recvfrom(*ps, data, count, 0, addr, len);
if (taken > 0) {
*got = taken;
return IO_DONE;
}
err = errno;
if (taken == 0) return IO_CLOSED;
if (err == EINTR) continue;
if (err != EAGAIN) return err;
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Write with timeout
*
* socket_read and socket_write are cut-n-paste of socket_send and socket_recv,
* with send/recv replaced with write/read. We can't just use write/read
* in the socket version, because behaviour when size is zero is different.
\*-------------------------------------------------------------------------*/
int socket_write(p_socket ps, const char *data, size_t count,
size_t *sent, p_timeout tm)
{
int err;
*sent = 0;
/* avoid making system calls on closed sockets */
if (*ps == SOCKET_INVALID) return IO_CLOSED;
/* loop until we send something or we give up on error */
for ( ;; ) {
long put = (long) write(*ps, data, count);
/* if we sent anything, we are done */
if (put >= 0) {
*sent = put;
return IO_DONE;
}
err = errno;
/* EPIPE means the connection was closed */
if (err == EPIPE) return IO_CLOSED;
/* we call was interrupted, just try again */
if (err == EINTR) continue;
/* if failed fatal reason, report error */
if (err != EAGAIN) return err;
/* wait until we can send something or we timeout */
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
}
/* can't reach here */
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Read with timeout
* See note for socket_write
\*-------------------------------------------------------------------------*/
int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
int err;
*got = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
long taken = (long) read(*ps, data, count);
if (taken > 0) {
*got = taken;
return IO_DONE;
}
err = errno;
if (taken == 0) return IO_CLOSED;
if (err == EINTR) continue;
if (err != EAGAIN) return err;
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Put socket into blocking mode
\*-------------------------------------------------------------------------*/
void socket_setblocking(p_socket ps) {
int flags = fcntl(*ps, F_GETFL, 0);
flags &= (~(O_NONBLOCK));
fcntl(*ps, F_SETFL, flags);
}
/*-------------------------------------------------------------------------*\
* Put socket into non-blocking mode
\*-------------------------------------------------------------------------*/
void socket_setnonblocking(p_socket ps) {
int flags = fcntl(*ps, F_GETFL, 0);
flags |= O_NONBLOCK;
fcntl(*ps, F_SETFL, flags);
}
/*-------------------------------------------------------------------------*\
* DNS helpers
\*-------------------------------------------------------------------------*/
int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
*hp = gethostbyaddr(addr, len, AF_INET);
if (*hp) return IO_DONE;
else if (h_errno) return h_errno;
else if (errno) return errno;
else return IO_UNKNOWN;
}
int socket_gethostbyname(const char *addr, struct hostent **hp) {
*hp = gethostbyname(addr);
if (*hp) return IO_DONE;
else if (h_errno) return h_errno;
else if (errno) return errno;
else return IO_UNKNOWN;
}
/*-------------------------------------------------------------------------*\
* Error translation functions
* Make sure important error messages are standard
\*-------------------------------------------------------------------------*/
const char *socket_hoststrerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case HOST_NOT_FOUND: return "host not found";
default: return hstrerror(err);
}
}
const char *socket_strerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case EADDRINUSE: return "address already in use";
case EISCONN: return "already connected";
case EACCES: return "permission denied";
case ECONNREFUSED: return "connection refused";
case ECONNABORTED: return "closed";
case ECONNRESET: return "closed";
case ETIMEDOUT: return "timeout";
default: return strerror(err);
}
}
const char *socket_ioerror(p_socket ps, int err) {
(void) ps;
return socket_strerror(err);
}
const char *socket_gaistrerror(int err) {
if (err == 0) return NULL;
switch (err) {
case EAI_AGAIN: return "temporary failure in name resolution";
case EAI_BADFLAGS: return "invalid value for ai_flags";
#ifdef EAI_BADHINTS
case EAI_BADHINTS: return "invalid value for hints";
#endif
case EAI_FAIL: return "non-recoverable failure in name resolution";
case EAI_FAMILY: return "ai_family not supported";
case EAI_MEMORY: return "memory allocation failure";
case EAI_NONAME:
return "host or service not provided, or not known";
#ifdef EAI_OVERFLOW
case EAI_OVERFLOW: return "argument buffer overflow";
#endif
#ifdef EAI_PROTOCOL
case EAI_PROTOCOL: return "resolved protocol is unknown";
#endif
case EAI_SERVICE: return "service not supported for socket type";
case EAI_SOCKTYPE: return "ai_socktype not supported";
case EAI_SYSTEM: return strerror(errno);
default: return gai_strerror(err);
}
}

70
src/luasocket/usocket.h
View File

@ -1,70 +0,0 @@
#ifndef USOCKET_H
#define USOCKET_H
/*=========================================================================*\
* Socket compatibilization module for Unix
* LuaSocket toolkit
\*=========================================================================*/
/*=========================================================================*\
* BSD include files
\*=========================================================================*/
/* error codes */
#include <errno.h>
/* close function */
#include <unistd.h>
/* fnctnl function and associated constants */
#include <fcntl.h>
/* struct sockaddr */
#include <sys/types.h>
/* socket function */
#include <sys/socket.h>
/* struct timeval */
#include <sys/time.h>
/* gethostbyname and gethostbyaddr functions */
#include <netdb.h>
/* sigpipe handling */
#include <signal.h>
/* IP stuff*/
#include <netinet/in.h>
#include <arpa/inet.h>
/* TCP options (nagle algorithm disable) */
#include <netinet/tcp.h>
#include <net/if.h>
#ifndef SOCKET_SELECT
#include <sys/poll.h>
#define WAITFD_R POLLIN
#define WAITFD_W POLLOUT
#define WAITFD_C (POLLIN|POLLOUT)
#else
#define WAITFD_R 1
#define WAITFD_W 2
#define WAITFD_C (WAITFD_R|WAITFD_W)
#endif
#ifndef SO_REUSEPORT
#define SO_REUSEPORT SO_REUSEADDR
#endif
/* Some platforms use IPV6_JOIN_GROUP instead if
* IPV6_ADD_MEMBERSHIP. The semantics are same, though. */
#ifndef IPV6_ADD_MEMBERSHIP
#ifdef IPV6_JOIN_GROUP
#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
#endif /* IPV6_JOIN_GROUP */
#endif /* !IPV6_ADD_MEMBERSHIP */
/* Same with IPV6_DROP_MEMBERSHIP / IPV6_LEAVE_GROUP. */
#ifndef IPV6_DROP_MEMBERSHIP
#ifdef IPV6_LEAVE_GROUP
#define IPV6_DROP_MEMBERSHIP IPV6_LEAVE_GROUP
#endif /* IPV6_LEAVE_GROUP */
#endif /* !IPV6_DROP_MEMBERSHIP */
typedef int t_socket;
typedef t_socket *p_socket;
typedef struct sockaddr_storage t_sockaddr_storage;
#define SOCKET_INVALID (-1)
#endif /* USOCKET_H */

429
src/luasocket/wsocket.c
View File

@ -1,429 +0,0 @@
/*=========================================================================*\
* Socket compatibilization module for Win32
* LuaSocket toolkit
*
* The penalty of calling select to avoid busy-wait is only paid when
* the I/O call fail in the first place.
\*=========================================================================*/
#include <string.h>
#include "socket.h"
/* WinSock doesn't have a strerror... */
static const char *wstrerror(int err);
/*-------------------------------------------------------------------------*\
* Initializes module
\*-------------------------------------------------------------------------*/
int socket_open(void) {
WSADATA wsaData;
WORD wVersionRequested = MAKEWORD(2, 0);
int err = WSAStartup(wVersionRequested, &wsaData );
if (err != 0) return 0;
if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
(LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
WSACleanup();
return 0;
}
return 1;
}
/*-------------------------------------------------------------------------*\
* Close module
\*-------------------------------------------------------------------------*/
int socket_close(void) {
WSACleanup();
return 1;
}
/*-------------------------------------------------------------------------*\
* Wait for readable/writable/connected socket with timeout
\*-------------------------------------------------------------------------*/
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
struct timeval tv, *tp = NULL;
double t;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
if (sw & WAITFD_R) {
FD_ZERO(&rfds);
FD_SET(*ps, &rfds);
rp = &rfds;
}
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
if ((t = timeout_get(tm)) >= 0.0) {
tv.tv_sec = (int) t;
tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
tp = &tv;
}
ret = select(0, rp, wp, ep, tp);
if (ret == -1) return WSAGetLastError();
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
return IO_DONE;
}
/*-------------------------------------------------------------------------*\
* Select with int timeout in ms
\*-------------------------------------------------------------------------*/
int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds,
p_timeout tm) {
struct timeval tv;
double t = timeout_get(tm);
tv.tv_sec = (int) t;
tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
if (n <= 0) {
Sleep((DWORD) (1000*t));
return 0;
} else return select(0, rfds, wfds, efds, t >= 0.0? &tv: NULL);
}
/*-------------------------------------------------------------------------*\
* Close and inutilize socket
\*-------------------------------------------------------------------------*/
void socket_destroy(p_socket ps) {
if (*ps != SOCKET_INVALID) {
socket_setblocking(ps); /* close can take a long time on WIN32 */
closesocket(*ps);
*ps = SOCKET_INVALID;
}
}
/*-------------------------------------------------------------------------*\
*
\*-------------------------------------------------------------------------*/
void socket_shutdown(p_socket ps, int how) {
socket_setblocking(ps);
shutdown(*ps, how);
socket_setnonblocking(ps);
}
/*-------------------------------------------------------------------------*\
* Creates and sets up a socket
\*-------------------------------------------------------------------------*/
int socket_create(p_socket ps, int domain, int type, int protocol) {
*ps = socket(domain, type, protocol);
if (*ps != SOCKET_INVALID) return IO_DONE;
else return WSAGetLastError();
}
/*-------------------------------------------------------------------------*\
* Connects or returns error message
\*-------------------------------------------------------------------------*/
int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
int err;
/* don't call on closed socket */
if (*ps == SOCKET_INVALID) return IO_CLOSED;
/* ask system to connect */
if (connect(*ps, addr, len) == 0) return IO_DONE;
/* make sure the system is trying to connect */
err = WSAGetLastError();
if (err != WSAEWOULDBLOCK && err != WSAEINPROGRESS) return err;
/* zero timeout case optimization */
if (timeout_iszero(tm)) return IO_TIMEOUT;
/* we wait until something happens */
err = socket_waitfd(ps, WAITFD_C, tm);
if (err == IO_CLOSED) {
int len = sizeof(err);
/* give windows time to set the error (yes, disgusting) */
Sleep(10);
/* find out why we failed */
getsockopt(*ps, SOL_SOCKET, SO_ERROR, (char *)&err, &len);
/* we KNOW there was an error. if 'why' is 0, we will return
* "unknown error", but it's not really our fault */
return err > 0? err: IO_UNKNOWN;
} else return err;
}
/*-------------------------------------------------------------------------*\
* Binds or returns error message
\*-------------------------------------------------------------------------*/
int socket_bind(p_socket ps, SA *addr, socklen_t len) {
int err = IO_DONE;
socket_setblocking(ps);
if (bind(*ps, addr, len) < 0) err = WSAGetLastError();
socket_setnonblocking(ps);
return err;
}
/*-------------------------------------------------------------------------*\
*
\*-------------------------------------------------------------------------*/
int socket_listen(p_socket ps, int backlog) {
int err = IO_DONE;
socket_setblocking(ps);
if (listen(*ps, backlog) < 0) err = WSAGetLastError();
socket_setnonblocking(ps);
return err;
}
/*-------------------------------------------------------------------------*\
* Accept with timeout
\*-------------------------------------------------------------------------*/
int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len,
p_timeout tm) {
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
int err;
/* try to get client socket */
if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
/* find out why we failed */
err = WSAGetLastError();
/* if we failed because there was no connectoin, keep trying */
if (err != WSAEWOULDBLOCK && err != WSAECONNABORTED) return err;
/* call select to avoid busy wait */
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
}
/*-------------------------------------------------------------------------*\
* Send with timeout
* On windows, if you try to send 10MB, the OS will buffer EVERYTHING
* this can take an awful lot of time and we will end up blocked.
* Therefore, whoever calls this function should not pass a huge buffer.
\*-------------------------------------------------------------------------*/
int socket_send(p_socket ps, const char *data, size_t count,
size_t *sent, p_timeout tm)
{
int err;
*sent = 0;
/* avoid making system calls on closed sockets */
if (*ps == SOCKET_INVALID) return IO_CLOSED;
/* loop until we send something or we give up on error */
for ( ;; ) {
/* try to send something */
int put = send(*ps, data, (int) count, 0);
/* if we sent something, we are done */
if (put > 0) {
*sent = put;
return IO_DONE;
}
/* deal with failure */
err = WSAGetLastError();
/* we can only proceed if there was no serious error */
if (err != WSAEWOULDBLOCK) return err;
/* avoid busy wait */
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
}
}
/*-------------------------------------------------------------------------*\
* Sendto with timeout
\*-------------------------------------------------------------------------*/
int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent,
SA *addr, socklen_t len, p_timeout tm)
{
int err;
*sent = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
int put = sendto(*ps, data, (int) count, 0, addr, len);
if (put > 0) {
*sent = put;
return IO_DONE;
}
err = WSAGetLastError();
if (err != WSAEWOULDBLOCK) return err;
if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
}
}
/*-------------------------------------------------------------------------*\
* Receive with timeout
\*-------------------------------------------------------------------------*/
int socket_recv(p_socket ps, char *data, size_t count, size_t *got,
p_timeout tm)
{
int err, prev = IO_DONE;
*got = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
int taken = recv(*ps, data, (int) count, 0);
if (taken > 0) {
*got = taken;
return IO_DONE;
}
if (taken == 0) return IO_CLOSED;
err = WSAGetLastError();
/* On UDP, a connreset simply means the previous send failed.
* So we try again.
* On TCP, it means our socket is now useless, so the error passes.
* (We will loop again, exiting because the same error will happen) */
if (err != WSAEWOULDBLOCK) {
if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
prev = err;
}
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
}
/*-------------------------------------------------------------------------*\
* Recvfrom with timeout
\*-------------------------------------------------------------------------*/
int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got,
SA *addr, socklen_t *len, p_timeout tm)
{
int err, prev = IO_DONE;
*got = 0;
if (*ps == SOCKET_INVALID) return IO_CLOSED;
for ( ;; ) {
int taken = recvfrom(*ps, data, (int) count, 0, addr, len);
if (taken > 0) {
*got = taken;
return IO_DONE;
}
if (taken == 0) return IO_CLOSED;
err = WSAGetLastError();
/* On UDP, a connreset simply means the previous send failed.
* So we try again.
* On TCP, it means our socket is now useless, so the error passes.
* (We will loop again, exiting because the same error will happen) */
if (err != WSAEWOULDBLOCK) {
if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
prev = err;
}
if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
}
}
/*-------------------------------------------------------------------------*\
* Put socket into blocking mode
\*-------------------------------------------------------------------------*/
void socket_setblocking(p_socket ps) {
u_long argp = 0;
ioctlsocket(*ps, FIONBIO, &argp);
}
/*-------------------------------------------------------------------------*\
* Put socket into non-blocking mode
\*-------------------------------------------------------------------------*/
void socket_setnonblocking(p_socket ps) {
u_long argp = 1;
ioctlsocket(*ps, FIONBIO, &argp);
}
/*-------------------------------------------------------------------------*\
* DNS helpers
\*-------------------------------------------------------------------------*/
int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
*hp = gethostbyaddr(addr, len, AF_INET);
if (*hp) return IO_DONE;
else return WSAGetLastError();
}
int socket_gethostbyname(const char *addr, struct hostent **hp) {
*hp = gethostbyname(addr);
if (*hp) return IO_DONE;
else return WSAGetLastError();
}
/*-------------------------------------------------------------------------*\
* Error translation functions
\*-------------------------------------------------------------------------*/
const char *socket_hoststrerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case WSAHOST_NOT_FOUND: return "host not found";
default: return wstrerror(err);
}
}
const char *socket_strerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case WSAEADDRINUSE: return "address already in use";
case WSAECONNREFUSED: return "connection refused";
case WSAEISCONN: return "already connected";
case WSAEACCES: return "permission denied";
case WSAECONNABORTED: return "closed";
case WSAECONNRESET: return "closed";
case WSAETIMEDOUT: return "timeout";
default: return wstrerror(err);
}
}
const char *socket_ioerror(p_socket ps, int err) {
(void) ps;
return socket_strerror(err);
}
static const char *wstrerror(int err) {
switch (err) {
case WSAEINTR: return "Interrupted function call";
case WSAEACCES: return "Permission denied";
case WSAEFAULT: return "Bad address";
case WSAEINVAL: return "Invalid argument";
case WSAEMFILE: return "Too many open files";
case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
case WSAEINPROGRESS: return "Operation now in progress";
case WSAEALREADY: return "Operation already in progress";
case WSAENOTSOCK: return "Socket operation on nonsocket";
case WSAEDESTADDRREQ: return "Destination address required";
case WSAEMSGSIZE: return "Message too long";
case WSAEPROTOTYPE: return "Protocol wrong type for socket";
case WSAENOPROTOOPT: return "Bad protocol option";
case WSAEPROTONOSUPPORT: return "Protocol not supported";
case WSAESOCKTNOSUPPORT: return "Socket type not supported";
case WSAEOPNOTSUPP: return "Operation not supported";
case WSAEPFNOSUPPORT: return "Protocol family not supported";
case WSAEAFNOSUPPORT:
return "Address family not supported by protocol family";
case WSAEADDRINUSE: return "Address already in use";
case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
case WSAENETDOWN: return "Network is down";
case WSAENETUNREACH: return "Network is unreachable";
case WSAENETRESET: return "Network dropped connection on reset";
case WSAECONNABORTED: return "Software caused connection abort";
case WSAECONNRESET: return "Connection reset by peer";
case WSAENOBUFS: return "No buffer space available";
case WSAEISCONN: return "Socket is already connected";
case WSAENOTCONN: return "Socket is not connected";
case WSAESHUTDOWN: return "Cannot send after socket shutdown";
case WSAETIMEDOUT: return "Connection timed out";
case WSAECONNREFUSED: return "Connection refused";
case WSAEHOSTDOWN: return "Host is down";
case WSAEHOSTUNREACH: return "No route to host";
case WSAEPROCLIM: return "Too many processes";
case WSASYSNOTREADY: return "Network subsystem is unavailable";
case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
case WSANOTINITIALISED:
return "Successful WSAStartup not yet performed";
case WSAEDISCON: return "Graceful shutdown in progress";
case WSAHOST_NOT_FOUND: return "Host not found";
case WSATRY_AGAIN: return "Nonauthoritative host not found";
case WSANO_RECOVERY: return "Nonrecoverable name lookup error";
case WSANO_DATA: return "Valid name, no data record of requested type";
default: return "Unknown error";
}
}
const char *socket_gaistrerror(int err) {
if (err == 0) return NULL;
switch (err) {
case EAI_AGAIN: return "temporary failure in name resolution";
case EAI_BADFLAGS: return "invalid value for ai_flags";
#ifdef EAI_BADHINTS
case EAI_BADHINTS: return "invalid value for hints";
#endif
case EAI_FAIL: return "non-recoverable failure in name resolution";
case EAI_FAMILY: return "ai_family not supported";
case EAI_MEMORY: return "memory allocation failure";
case EAI_NONAME:
return "host or service not provided, or not known";
#ifdef EAI_OVERFLOW
case EAI_OVERFLOW: return "argument buffer overflow";
#endif
#ifdef EAI_PROTOCOL
case EAI_PROTOCOL: return "resolved protocol is unknown";
#endif
case EAI_SERVICE: return "service not supported for socket type";
case EAI_SOCKTYPE: return "ai_socktype not supported";
#ifdef EAI_SYSTEM
case EAI_SYSTEM: return strerror(errno);
#endif
default: return gai_strerror(err);
}
}

185
src/options.c
View File

@ -1,185 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "options.h"
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 3.0.8
*/
static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
{"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_CLEANSE_PLAINTEXT)
{"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
{"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_KTLS)
{"enable_ktls", SSL_OP_ENABLE_KTLS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
{"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_DTLS_MASK)
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
#endif
#if defined(SSL_OP_NO_DTLSv1)
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
#endif
#if defined(SSL_OP_NO_DTLSv1_2)
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
#endif
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
#endif
#if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
{"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_RENEGOTIATION)
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSL_MASK)
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLSEXT_PADDING)
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
return ssl_options;
}

22
src/options.h
View File

@ -1,22 +0,0 @@
#ifndef LSEC_OPTIONS_H
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include "compat.h"
struct lsec_ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct lsec_ssl_option_s lsec_ssl_option_t;
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
#endif

Some files were not shown because too many files have changed in this diff Show More