Release LuaSec 0.8.2

Avoid duplicating variable 'ssl_options'.

CHANGELOG

@@ -1,48 +1,16 @@
---------------------------------------------------------------------------------
-LuaSec 1.0.1
----------------
-This version includes:
-
-
-* Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
-
---------------------------------------------------------------------------------
-LuaSec 1.0
----------------
-This version includes:
-
-
-* Add cert:getsignaturename()
-
---------------------------------------------------------------------------------
-LuaSec 0.9
----------------
-This version includes:
-
-
-* Add DNS-based Authentication of Named Entities (DANE) support
-* Add __close() metamethod
-* Fix deprecation warnings with OpenSSL 1.1
-* Fix special case listing of TLS 1.3 EC curves
-* Fix general_name leak in cert:extensions()
-* Fix unexported 'ssl.config' table
-* Replace $(LD) with $(CCLD) variable
-* Remove multiple definitions of 'ssl_options' variable
-* Use tag in git format: v0.9
-
 --------------------------------------------------------------------------------
 LuaSec 0.8.2
 ---------------
 This version includes:
 
-* Fix unexported 'ssl.config' table (backported)
+* Fix unexported 'ssl.config' table
 
 --------------------------------------------------------------------------------
 LuaSec 0.8.1
 ---------------
 This version includes:
 
-* Fix general_name leak in cert:extensions() (backported)
+* Fix another memory leak when get certficate extensions
 
 --------------------------------------------------------------------------------
 LuaSec 0.8
@@ -58,20 +26,6 @@ This version includes:
 * Fix invalid reference to Lua state
 * Fix memory leak when get certficate extensions
 
---------------------------------------------------------------------------------
-LuaSec 0.7.2
----------------
-This version includes:
-
-* Fix unexported 'ssl.config' table (backported)
-
---------------------------------------------------------------------------------
-LuaSec 0.7.1
----------------
-This version includes:
-
-* Fix general_name leak in cert:extensions() (backported)
-
 --------------------------------------------------------------------------------
 LuaSec 0.7
 ---------------

INSTALL

@@ -1,4 +1,4 @@
-LuaSec 1.0.1
+LuaSec 0.8.2
 ------------
 
 * OpenSSL options:

LICENSE

@@ -1,5 +1,5 @@
-LuaSec 1.0.1 license
+LuaSec 0.8.2 license
-Copyright (C) 2006-2021 Bruno Silvestre, UFG
+Copyright (C) 2006-2019 Bruno Silvestre, UFG
 
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the

README.md

@@ -1,6 +1,9 @@
-LuaSec 1.0.1
+LuaSec 0.8.2
 ===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 
+Important: This version requires at least OpenSSL 1.0.2.
+           For old versions of OpenSSL, use LuaSec 0.7.
+
 Documentation: https://github.com/brunoos/luasec/wiki

luasec-0.8.2-1.rockspec

@@ -1,8 +1,8 @@
 package = "LuaSec"
-version = "1.0.1-1"
+version = "0.8.2-1"
 source = {
-  url = "git://github.com/brunoos/luasec",
+   url = "https://github.com/brunoos/luasec/archive/luasec-0.8.2.tar.gz",
-  tag = "v1.0.1",
+   dir = "luasec-luasec-0.8.2"
 }
 description = {
    summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",

samples/certs/all.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/bash
 ./rootA.sh
 ./rootB.sh
 ./clientA.sh

samples/certs/clientA.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
   -nodes -config ./clientA.cnf -days 365 -batch

samples/certs/clientB.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
   -nodes -config ./clientB.cnf -days 365 -batch

samples/certs/rootA.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
 

samples/certs/rootB.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
 

samples/certs/serverA.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
    -config ./serverA.cnf -nodes -days 365 -batch

samples/certs/serverB.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
    -config ./serverB.cnf -nodes -days 365 -batch

samples/dane/client.lua

@@ -1,40 +0,0 @@
-
-local socket = require "socket";
-local ssl = require "ssl";
-
-local dns = require "lunbound".new();
-
-
-local cfg = {
-	protocol = "tlsv1_2",
-	mode = "client",
-	ciphers = "DEFAULT",
-	capath = "/etc/ssl/certs",
-	verify = "peer",
-	dane = true,
-};
-
-local function daneconnect(host, port)
-   port = port or "443";
-	local conn = ssl.wrap(socket.connect(host, port), cfg);
-
-	local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
-	assert(tlsa.secure, "Insecure DNS");
-
-	assert(conn:setdane(host));
-	for i = 1, tlsa.n do
-		local usage, selector, mtype = tlsa[i] :byte(1, 3);
-		assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
-	end
-
-	assert(conn:dohandshake());
-	return conn;
-end
-
-if not ... then
-   print("Usage: client.lua example.com [port]");
-   return os.exit(1);
-end
-local conn = daneconnect(...);
-
-print(conn:getpeerverification());

samples/dhparam/params.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl dhparam -2 -out dh-512.pem  -outform PEM 512
 openssl dhparam -2 -out dh-1024.pem -outform PEM 1024

samples/key/genkey.sh

@@ -1,3 +1,3 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 openssl genrsa -des3 -out key.pem -passout pass:foobar 2048

samples/multicert/gencerts.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 mkdir -p certs
 

src/Makefile

@@ -25,7 +25,7 @@ MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
 
 INSTALL  = install
 CC      ?= cc
-CCLD      ?= $(MYENV) $(CC)
+LD      ?= $(MYENV) cc
 CFLAGS  += $(MYCFLAGS)
 LDFLAGS += $(MYLDFLAGS)
 
@@ -52,15 +52,15 @@ luasocket:
 	@cd luasocket && $(MAKE)
 
 $(CMOD): $(EXTRA) $(OBJS)
-	$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+	$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
 clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
 
-options.o: options.h options.c
+options.o: options.c options.h
 ec.o: ec.c ec.h
 x509.o: x509.c x509.h compat.h
-context.o: context.c context.h ec.h compat.h options.h
+context.o: context.c context.h ec.h compat.h
 ssl.o: ssl.c ssl.h context.h x509.h compat.h
 config.o: config.c ec.h options.h compat.h

src/compat.h

@@ -1,25 +1,19 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
 #ifndef LSEC_COMPAT_H
 #define LSEC_COMPAT_H
 
-#include <openssl/ssl.h>
-
-//------------------------------------------------------------------------------
-
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 
-//------------------------------------------------------------------------------
-
 #if (LUA_VERSION_NUM == 501)
 
 #define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
@@ -34,18 +28,4 @@
 #define setfuncs(L, R) luaL_setfuncs(L, R, 0)
 #endif
 
-//------------------------------------------------------------------------------
-
-#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
-#define LSEC_ENABLE_DANE
-#endif
-
-//------------------------------------------------------------------------------
-
-#if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
-#define LSEC_API_OPENSSL_1_1_0
-#endif
-
-//------------------------------------------------------------------------------
-
 #endif

src/config.c

@@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre.
+ * Copyright (C) 2006-2019 Bruno Silvestre.
  *
  *--------------------------------------------------------------------------*/
 
@@ -41,7 +41,7 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
   lua_pushstring(L, "tlsv1_2");
   lua_pushboolean(L, 1);
   lua_rawset(L, -3);
-#ifdef TLS1_3_VERSION
+#if defined(TLS1_3_VERSION)
   lua_pushstring(L, "tlsv1_3");
   lua_pushboolean(L, 1);
   lua_rawset(L, -3);
@@ -74,13 +74,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
   lua_pushboolean(L, 1);
   lua_rawset(L, -3);
 
-#ifdef LSEC_ENABLE_DANE
-  // DANE
-  lua_pushstring(L, "dane");
-  lua_pushboolean(L, 1);
-  lua_rawset(L, -3);
-#endif
-
 #ifndef OPENSSL_NO_EC
   lua_pushstring(L, "curves_list");
   lua_pushboolean(L, 1);

src/context.c

@@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
  *                         Matthew Wild.
- * Copyright (C) 2006-2021 Bruno Silvestre.
+ * Copyright (C) 2006-2019 Bruno Silvestre.
  *
  *--------------------------------------------------------------------------*/
 
@@ -17,12 +17,10 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include <openssl/dh.h>
 
 #include <lua.h>
 #include <lauxlib.h>
 
-#include "compat.h"
 #include "context.h"
 #include "options.h"
 
@@ -61,7 +59,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
   return 0;
 }
 
-#ifndef LSEC_API_OPENSSL_1_1_0
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
 /**
  * Find the protocol.
  */
@@ -333,7 +331,7 @@ static int create(lua_State *L)
       ERR_reason_error_string(ERR_get_error()));
     return 2;
   }
-#ifdef LSEC_API_OPENSSL_1_1_0
+#if ! ((defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
   SSL_CTX_set_min_proto_version(ctx->context, vmin);
   SSL_CTX_set_max_proto_version(ctx->context, vmax);
 #endif
@@ -614,9 +612,7 @@ static int set_curves_list(lua_State *L)
     return 2;
   }
 
-#if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
   (void)SSL_CTX_set_ecdh_auto(ctx, 1);
-#endif
 
   lua_pushboolean(L, 1);
   return 1;
@@ -707,19 +703,6 @@ static int set_alpn_cb(lua_State *L)
   return 1;
 }
 
-#if defined(LSEC_ENABLE_DANE)
-/*
- * DANE
- */
-static int set_dane(lua_State *L)
-{
-  int ret;
-  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  ret = SSL_CTX_dane_enable(ctx);
-  lua_pushboolean(L, (ret > 0));
-  return 1;
-}
-#endif
 
 /**
  * Package functions
@@ -739,13 +722,12 @@ static luaL_Reg funcs[] = {
   {"setverify",       set_verify},
   {"setoptions",      set_options},
   {"setmode",         set_mode},
+
 #if !defined(OPENSSL_NO_EC)
-  {"setcurve",        set_curve},
+  {"setcurve",      set_curve},
-  {"setcurveslist",   set_curves_list},
+  {"setcurveslist", set_curves_list},
-#endif
-#if defined(LSEC_ENABLE_DANE)
-  {"setdane",         set_dane},
 #endif
+
   {NULL, NULL}
 };
 
@@ -846,7 +828,6 @@ static int meth_set_verify_ext(lua_State *L)
  * Context metamethods.
  */
 static luaL_Reg meta[] = {
-  {"__close",    meth_destroy},
   {"__gc",       meth_destroy},
   {"__tostring", meth_tostring},
   {NULL, NULL}

src/context.h

@@ -2,9 +2,9 @@
 #define LSEC_CONTEXT_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/ec.c

@@ -56,24 +56,25 @@ void lsec_load_curves(lua_State *L)
         lua_pushnumber(L, curves[i].nid);
         lua_rawset(L, -3);
         break;
+#ifdef NID_X25519
+     case NID_X25519:
+        lua_pushstring(L, "X25519");
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+        break;
+#endif
+#ifdef NID_X448
+     case NID_X448:
+        lua_pushstring(L, "X448");
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+        break;
+#endif
       }
     }
     free(curves);
   }
 
-  /* These are special so are manually added here */
-#ifdef NID_X25519
-  lua_pushstring(L, "X25519");
-  lua_pushnumber(L, NID_X25519);
-  lua_rawset(L, -3);
-#endif
-
-#ifdef NID_X448
-  lua_pushstring(L, "X448");
-  lua_pushnumber(L, NID_X448);
-  lua_rawset(L, -3);
-#endif
-
   lua_rawset(L,  LUA_REGISTRYINDEX);
 }
 

src/ec.h

@@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/https.lua

@@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
--- LuaSec 1.0.1
+-- LuaSec 0.8.2
--- Copyright (C) 2009-2021 PUC-Rio
+-- Copyright (C) 2009-2019 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@@ -18,8 +18,8 @@ local try    = socket.try
 -- Module
 --
 local _M = {
-  _VERSION   = "1.0.1",
+  _VERSION   = "0.8.2",
-  _COPYRIGHT = "LuaSec 1.0.1 - Copyright (C) 2009-2021 PUC-Rio",
+  _COPYRIGHT = "LuaSec 0.8.2 - Copyright (C) 2009-2019 PUC-Rio",
   PORT       = 443,
   TIMEOUT    = 60
 }

src/luasocket/buffer.c

@@ -107,16 +107,10 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
 * object:receive() interface
 \*-------------------------------------------------------------------------*/
 int buffer_meth_receive(lua_State *L, p_buffer buf) {
+    int err = IO_DONE, top = lua_gettop(L);
     luaL_Buffer b;
     size_t size;
-    const char *part;
+    const char *part = luaL_optlstring(L, 3, "", &size);
-    int err = IO_DONE;
-    int top = lua_gettop(L);
-    if (top < 3) {
-        lua_settop(L, 3);
-        top = 3;
-    }
-    part = luaL_optlstring(L, 3, "", &size);
 #ifdef LUASOCKET_DEBUG
     p_timeout tm = timeout_markstart(buf->tm);
 #endif

src/options.c

@@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/options.h

@@ -2,9 +2,9 @@
 #define LSEC_OPTIONS_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/options.lua

@@ -18,9 +18,9 @@ end
 local function generate(options, version)
   print([[
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/ssl.c

@@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
  *                         Matthew Wild.
- * Copyright (C) 2006-2021 Bruno Silvestre.
+ * Copyright (C) 2006-2019 Bruno Silvestre.
  *
  *--------------------------------------------------------------------------*/
 
@@ -18,7 +18,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/err.h>
-#include <openssl/dh.h>
 
 #include <lua.h>
 #include <lauxlib.h>
@@ -33,7 +32,7 @@
 #include "ssl.h"
 
 
-#ifndef LSEC_API_OPENSSL_1_1_0
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
 #define SSL_is_server(s) (s->server)
 #define SSL_up_ref(ssl)  CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
 #define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
@@ -819,7 +818,7 @@ static int meth_getalpn(lua_State *L)
 
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 1.0.1 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 0.8.2 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                     "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
@@ -827,34 +826,6 @@ static int meth_copyright(lua_State *L)
   return 1;
 }
 
-#if defined(LSEC_ENABLE_DANE)
-static int meth_dane(lua_State *L)
-{
-  int ret;
-  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
-  lua_pushboolean(L, (ret > 0));
-  return 1;
-}
-
-static int meth_tlsa(lua_State *L)
-{
-  int ret;
-  size_t len;
-  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
-  uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
-  uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
-  unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
-
-  ERR_clear_error();
-  ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
-  lua_pushboolean(L, (ret > 0));
-
-  return 1;
-}
-#endif
-
 /*---------------------------------------------------------------------------*/
 
 /**
@@ -879,10 +850,6 @@ static luaL_Reg methods[] = {
   {"settimeout",          meth_settimeout},
   {"sni",                 meth_sni},
   {"want",                meth_want},
-#if defined(LSEC_ENABLE_DANE)
-  {"setdane",             meth_dane},
-  {"settlsa",             meth_tlsa},
-#endif
   {NULL,                  NULL}
 };
 
@@ -890,7 +857,6 @@ static luaL_Reg methods[] = {
  * SSL metamethods.
  */
 static luaL_Reg meta[] = {
-  {"__close",    meth_destroy},
   {"__gc",       meth_destroy},
   {"__tostring", meth_tostring},
   {NULL, NULL}
@@ -914,7 +880,6 @@ static luaL_Reg funcs[] = {
  */
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
-#ifndef LSEC_API_OPENSSL_1_1_0
   /* Initialize SSL */
   if (!SSL_library_init()) {
     lua_pushstring(L, "unable to initialize SSL library");
@@ -922,7 +887,6 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
   }
   OpenSSL_add_all_algorithms();
   SSL_load_error_strings();
-#endif
 
 #if defined(WITH_LUASOCKET)
   /* Initialize internal library */
@@ -941,7 +905,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
   luaL_newlib(L, funcs);
 
   lua_pushstring(L, "SOCKET_INVALID");
-  lua_pushinteger(L, SOCKET_INVALID);
+  lua_pushnumber(L, SOCKET_INVALID);
   lua_rawset(L, -3);
 
   return 1;

src/ssl.h

@@ -2,9 +2,9 @@
 #define LSEC_SSL_H
 
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2006-2021 Bruno Silvestre
+ * Copyright (C) 2006-2019 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 

src/ssl.lua

@@ -1,7 +1,7 @@
 ------------------------------------------------------------------------------
--- LuaSec 1.0.1
+-- LuaSec 0.8.2
 --
--- Copyright (C) 2006-2021 Bruno Silvestre
+-- Copyright (C) 2006-2019 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
 
@@ -201,10 +201,6 @@ local function newcontext(cfg)
       if not succ then return nil, msg end
    end
 
-   if config.capabilities.dane and cfg.dane then
-      context.setdane(ctx)
-   end
-
    return ctx
 end
 
@@ -271,7 +267,7 @@ core.setmethod("info", info)
 --
 
 local _M = {
-  _VERSION        = "1.0.1",
+  _VERSION        = "0.8.2",
   _COPYRIGHT      = core.copyright(),
   config          = config,
   loadcertificate = x509.load,

src/x509.c

@@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
  *                         Matthew Wild, Bruno Silvestre.
  *
  *--------------------------------------------------------------------------*/
@@ -33,12 +33,16 @@
 #include "x509.h"
 
 
-#ifndef LSEC_API_OPENSSL_1_1_0
+/*
-#define X509_get0_notBefore   X509_get_notBefore
+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
-#define X509_get0_notAfter    X509_get_notAfter
+ */
-#define ASN1_STRING_get0_data ASN1_STRING_data
+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+#else
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 #endif
 
+
 static const char* hex_tab = "0123456789abcdef";
 
 /**
@@ -153,7 +157,8 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
   }
   switch (encode) {
   case LSEC_AI5_STRING:
-    lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
+    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
+                       ASN1_STRING_length(string));
     break;
   case LSEC_UTF8_STRING:
     len = ASN1_STRING_to_UTF8(&data, string);
@@ -169,7 +174,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 /**
  * Return a human readable time.
  */
-static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
+static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
 {
   char *tmp;
   long size;
@@ -188,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
 {
   int af;
   char dst[INET6_ADDRSTRLEN];
-  unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
+  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
   switch(ASN1_STRING_length(string)) {
   case 4:
     af = AF_INET;
@@ -487,8 +492,8 @@ static int meth_valid_at(lua_State* L)
 {
   X509* cert = lsec_checkx509(L, 1);
   time_t time = luaL_checkinteger(L, 2);
-  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
+  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
-                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
+                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
   return 1;
 }
 
@@ -516,7 +521,7 @@ static int meth_serial(lua_State *L)
 static int meth_notbefore(lua_State *L)
 {
   X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notBefore(cert));
+  return push_asn1_time(L, X509_get_notBefore(cert));
 }
 
 /**
@@ -525,7 +530,7 @@ static int meth_notbefore(lua_State *L)
 static int meth_notafter(lua_State *L)
 {
   X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notAfter(cert));
+  return push_asn1_time(L, X509_get_notAfter(cert));
 }
 
 /**
@@ -618,11 +623,7 @@ cleanup:
  */
 static int meth_destroy(lua_State* L)
 {
-  p_x509 px = lsec_checkp_x509(L, 1);
+  X509_free(lsec_checkx509(L, 1));
-  if (px->cert) {
-    X509_free(px->cert);
-    px->cert = NULL;
-  }
   return 0;
 }
 
@@ -652,21 +653,6 @@ static int meth_set_encode(lua_State* L)
   return 1;
 }
 
-/**
- * Get signature name.
- */
-static int meth_get_sinagure_name(lua_State* L)
-{
-  p_x509 px = lsec_checkp_x509(L, 1);
-  int nid = X509_get_signature_nid(px->cert);
-  const char *name = OBJ_nid2sn(nid);
-  if (!name)
-    lua_pushnil(L);
-  else
-    lua_pushstring(L, name);
-  return 1;
-}
-
 /*---------------------------------------------------------------------------*/
 
 static int load_cert(lua_State* L)
@@ -695,7 +681,6 @@ static luaL_Reg methods[] = {
   {"digest",     meth_digest},
   {"setencode",  meth_set_encode},
   {"extensions", meth_extensions},
-  {"getsignaturename", meth_get_sinagure_name},
   {"issuer",     meth_issuer},
   {"notbefore",  meth_notbefore},
   {"notafter",   meth_notafter},
@@ -712,7 +697,6 @@ static luaL_Reg methods[] = {
  * X509 metamethods.
  */
 static luaL_Reg meta[] = {
-  {"__close",    meth_destroy},
   {"__gc",       meth_destroy},
   {"__tostring", meth_tostring},
   {NULL, NULL}

src/x509.h

@@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.0.1
+ * LuaSec 0.8.2
  *
- * Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
  *                         Matthew Wild, Bruno Silvestre.
  *
  *--------------------------------------------------------------------------*/