Update CHANGELOG

Thanks Kim Alvefur

CHANGELOG

@@ -1,3 +1,14 @@
+--------------------------------------------------------------------------------
+LuaSec 1.0.2
+---------------
+This version includes:
+
+* Fix handle SSL_send SYSCALL error without errno
+* Fix off by one in cert:validat(notafter)
+* Fix meth_get_{sinagure => signature}_name function name
+* Fix update the Lua state reference on the selected SSL context after SNI
+* Fix ignore SSL_OP_BIT(n) macro and update option.c
+
 --------------------------------------------------------------------------------
 LuaSec 1.0.1
 ---------------

INSTALL

@@ -1,9 +1,9 @@
-LuaSec 1.0.1
+LuaSec 1.0.2
 ------------
 
 * OpenSSL options:
 
-    By default, this version includes options for OpenSSL 1.1.1.
+    By default, this version includes options for OpenSSL 3.0.0 beta2
 
     If you need to generate the options for a different version of OpenSSL:
 

LICENSE

@@ -1,4 +1,4 @@
-LuaSec 1.0.1 license
+LuaSec 1.0.2 license
 Copyright (C) 2006-2021 Bruno Silvestre, UFG
 
 Permission is hereby granted, free  of charge, to any person obtaining

README.md

@@ -1,4 +1,4 @@
-LuaSec 1.0.1
+LuaSec 1.0.2
 ===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.

luasec-1.0.2-1.rockspec

@@ -1,8 +1,8 @@
 package = "LuaSec"
-version = "1.0.1-1"
+version = "1.0.2-1"
 source = {
   url = "git://github.com/brunoos/luasec",
-  tag = "v1.0.1",
+  tag = "v1.0.2",
 }
 description = {
    summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",

src/compat.h

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *

src/config.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre.
  *

src/context.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
  *                         Matthew Wild.

src/context.h

@@ -2,7 +2,7 @@
 #define LSEC_CONTEXT_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *

src/ec.h

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *

src/https.lua

@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
--- LuaSec 1.0.1
+-- LuaSec 1.0.2
 -- Copyright (C) 2009-2021 PUC-Rio
 --
 -- Author: Pablo Musa
@@ -18,8 +18,8 @@ local try    = socket.try
 -- Module
 --
 local _M = {
-  _VERSION   = "1.0.1",
-  _COPYRIGHT = "LuaSec 1.0.1 - Copyright (C) 2009-2021 PUC-Rio",
+  _VERSION   = "1.0.2",
+  _COPYRIGHT = "LuaSec 1.0.2 - Copyright (C) 2009-2021 PUC-Rio",
   PORT       = 443,
   TIMEOUT    = 60
 }

src/options.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *
@@ -13,13 +13,16 @@
 
 
 /* 
-  OpenSSL version: OpenSSL 1.1.1
+  OpenSSL version: OpenSSL 3.0.0-beta2
 */
 
 static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_ALL)
   {"all", SSL_OP_ALL},
 #endif
+#if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
+  {"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
+#endif
 #if defined(SSL_OP_ALLOW_NO_DHE_KEX)
   {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
 #endif
@@ -32,21 +35,33 @@ static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_CISCO_ANYCONNECT)
   {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
+#if defined(SSL_OP_CLEANSE_PLAINTEXT)
+  {"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
+#endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
   {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
   {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
+#if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
+  {"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
+#endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
   {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
+#if defined(SSL_OP_ENABLE_KTLS)
+  {"enable_ktls", SSL_OP_ENABLE_KTLS},
+#endif
 #if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
   {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
   {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
+#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
+  {"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
+#endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
   {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
@@ -89,6 +104,9 @@ static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
   {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
 #endif
+#if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
+  {"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
+#endif
 #if defined(SSL_OP_NO_QUERY_MTU)
   {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif

src/options.h

@@ -2,7 +2,7 @@
 #define LSEC_OPTIONS_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *

src/options.lua

@@ -4,7 +4,7 @@ local function usage()
   print("  lua options.lua -g /path/to/ssl.h [version] > options.c")
   print("* Examples:")
   print("  lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
-  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
+  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
 
   print("* List options of your system:")
   print("  lua options.lua -l /path/to/ssl.h\n")
@@ -18,7 +18,7 @@ end
 local function generate(options, version)
   print([[
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.1.1
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *
@@ -60,9 +60,12 @@ local function loadoptions(file)
   local options = {}
   local f = assert(io.open(file, "r"))
   for line in f:lines() do
-    local op = string.match(line, "define%s+(SSL_OP_%S+)")
-    if op then
-      table.insert(options, op)
+    local op = string.match(line, "define%s+(SSL_OP_BIT%()")
+    if not op then
+      op = string.match(line, "define%s+(SSL_OP_%S+)")
+      if op then
+        table.insert(options, op)
+      end
     end
   end
   table.sort(options, function(a,b) return a<b end)

src/ssl.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
  *                         Matthew Wild.
@@ -747,6 +747,8 @@ static int sni_cb(SSL *ssl, int *ad, void *arg)
   lua_pop(L, 4);
   /* Found, use this context */
   if (newctx) {
+    p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
+    pctx->L = L;
     SSL_set_SSL_CTX(ssl, newctx);
     return SSL_TLSEXT_ERR_OK;
   }
@@ -824,7 +826,7 @@ static int meth_getalpn(lua_State *L)
 
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 1.0.1 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 1.0.2 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                     "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif

src/ssl.h

@@ -2,7 +2,7 @@
 #define LSEC_SSL_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2006-2021 Bruno Silvestre
  *

src/ssl.lua

@@ -1,5 +1,5 @@
 ------------------------------------------------------------------------------
--- LuaSec 1.0.1
+-- LuaSec 1.0.2
 --
 -- Copyright (C) 2006-2021 Bruno Silvestre
 --
@@ -271,7 +271,7 @@ core.setmethod("info", info)
 --
 
 local _M = {
-  _VERSION        = "1.0.1",
+  _VERSION        = "1.0.2",
   _COPYRIGHT      = core.copyright(),
   config          = config,
   loadcertificate = x509.load,

src/x509.c

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
  *                         Matthew Wild, Bruno Silvestre.
@@ -658,7 +658,7 @@ static int meth_set_encode(lua_State* L)
 /**
  * Get signature name.
  */
-static int meth_get_sinagure_name(lua_State* L)
+static int meth_get_signature_name(lua_State* L)
 {
   p_x509 px = lsec_checkp_x509(L, 1);
   int nid = X509_get_signature_nid(px->cert);
@@ -698,7 +698,7 @@ static luaL_Reg methods[] = {
   {"digest",     meth_digest},
   {"setencode",  meth_set_encode},
   {"extensions", meth_extensions},
-  {"getsignaturename", meth_get_sinagure_name},
+  {"getsignaturename", meth_get_signature_name},
   {"issuer",     meth_issuer},
   {"notbefore",  meth_notbefore},
   {"notafter",   meth_notafter},

src/x509.h

@@ -1,5 +1,5 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 1.0.2
  *
  * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
  *                         Matthew Wild, Bruno Silvestre.