dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-07-16 13:59:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dany:v1.0.2
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2
..
compare: dany:v1.2.0
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2

15 Commits
v1.0.2 ... v1.2.0

Author SHA1 Message Date
Bruno Silvestre
d9215ee00f Update rockspec 2022-07-30 08:42:53 -03:00
Bruno Silvestre
03e03140cd Update version number 2022-07-30 08:41:46 -03:00
Bruno Silvestre
8b3b2318d2 Merge pull request #188 from mckaygerhard/patch-1 
backguard compat for openssl on providers, like LTS linuxes
 2022-07-29 11:42:21 -03:00
Bruno Silvestre
2c248947df Adjust some types and casts 2022-07-20 17:52:01 -03:00
Bruno Silvestre
f22b3ea609 Code format 2022-07-20 17:39:20 -03:00
Bruno Silvestre
c9539bca86 Fix variable shadowing 2022-07-20 17:36:27 -03:00
Bruno Silvestre
afb2d44b0e Merge pull request #187 from Zash/exporter 
Add key material export method
 2022-07-20 17:32:02 -03:00
Герхард PICCORO Lenz McKAY
f9afada3d1 backguard compat for openssl on providers, like LTS linuxes 
* The commit de393417b7 introduces high dependency due raices requirement to openssl 1.1.0l+
* The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.
* This patch makes luasec runs on all kind of embebed systems that cannot be upgraded due vendors limitations
 2022-06-24 01:09:44 -04:00
Kim Alvefur
371abcf718 Add key material export method 2022-06-01 16:26:35 +02:00
Bruno Silvestre
df27c62f4c Update source protocol on rockspec 2022-04-13 10:46:36 -03:00
Bruno Silvestre
09691fe782 Update rockspec 2022-04-13 10:38:18 -03:00
Bruno Silvestre
3a71559e13 Update version number 2022-04-13 10:35:06 -03:00
Bruno Silvestre
3f04fd7529 Removing useless code 2022-04-04 15:48:22 -03:00
Bruno Silvestre
d7161ca026 Merge pull request #179 from Zash/dane_no_hostname 
Support passing DANE flags
 2022-01-05 09:35:10 -03:00
Kim Alvefur
65ee83275b Support passing DANE flags 
The only flag at the moment is one that disables name checks, which is
needed for certain protocols such as XMPP.
 2022-01-01 19:42:09 +01:00
19 changed files with 132 additions and 44 deletions
Expand all files Collapse all files

16
CHANGELOG
View File

@ -1,3 +1,19 @@
--------------------------------------------------------------------------------
LuaSec 1.2.0
---------------
This version includes:
* Add key material export method
* Backguard compat for openssl on providers, like LTS linuxes
--------------------------------------------------------------------------------
LuaSec 1.1.0
---------------
This version includes:
* Fix missing DANE flag
* Remove unused parameter in https.lua
--------------------------------------------------------------------------------
LuaSec 1.0.2
---------------

2
INSTALL
View File

@ -1,4 +1,4 @@
LuaSec 1.0.2
LuaSec 1.2.0
------------
* OpenSSL options:

4
LICENSE
View File

@ -1,5 +1,5 @@
LuaSec 1.0.2 license
Copyright (C) 2006-2021 Bruno Silvestre, UFG
LuaSec 1.2.0 license
Copyright (C) 2006-2022 Bruno Silvestre, UFG
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

2
README.md
View File

@ -1,4 +1,4 @@
LuaSec 1.0.2
LuaSec 1.2.0
===============
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.

6
luasec-1.0.2-1.rockspec → luasec-1.2.0-1.rockspec
View File

@ -1,8 +1,8 @@
package = "LuaSec"
version = "1.0.2-1"
version = "1.2.0-1"
source = {
url = "git://github.com/brunoos/luasec",
tag = "v1.0.2",
url = "git+https://github.com/brunoos/luasec",
tag = "v1.2.0",
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",

4
src/compat.h
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

11
src/config.c
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre.
* Copyright (C) 2006-2022 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -77,8 +77,15 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
#ifdef LSEC_ENABLE_DANE
// DANE
lua_pushstring(L, "dane");
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
lua_createtable(L, 0, 1);
lua_pushstring(L, "no_ee_namechecks");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#else
lua_pushboolean(L, 1);
#endif
lua_rawset(L, -3);
#endif
#ifndef OPENSSL_NO_EC

29
src/context.c
View File

@ -1,9 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2021 Bruno Silvestre.
* Copyright (C) 2006-2022 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -17,6 +17,7 @@
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/dh.h>
#include <lua.h>
@ -711,11 +712,31 @@ static int set_alpn_cb(lua_State *L)
/*
* DANE
*/
static int dane_options[] = {
/* TODO move into options.c
* however this symbol is not from openssl/ssl.h but rather from
* openssl/x509_vfy.h
* */
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
DANE_FLAG_NO_DANE_EE_NAMECHECKS,
#endif
0
};
static const char *dane_option_names[] = {
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
"no_ee_namechecks",
#endif
NULL
};
static int set_dane(lua_State *L)
{
int ret;
int ret, i;
SSL_CTX *ctx = lsec_checkcontext(L, 1);
ret = SSL_CTX_dane_enable(ctx);
for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
}
lua_pushboolean(L, (ret > 0));
return 1;
}

4
src/context.h
View File

@ -2,9 +2,9 @@
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

4
src/ec.h
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

10
src/https.lua
View File

@ -1,6 +1,6 @@
----------------------------------------------------------------------------
-- LuaSec 1.0.2
-- Copyright (C) 2009-2021 PUC-Rio
-- LuaSec 1.2.0
-- Copyright (C) 2009-2022 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
@ -18,8 +18,8 @@ local try = socket.try
-- Module
--
local _M = {
_VERSION = "1.0.2",
_COPYRIGHT = "LuaSec 1.0.2 - Copyright (C) 2009-2021 PUC-Rio",
_VERSION = "1.2.0",
_COPYRIGHT = "LuaSec 1.2.0 - Copyright (C) 2009-2022 PUC-Rio",
PORT = 443,
TIMEOUT = 60
}
@ -93,7 +93,7 @@ local function tcp(params)
self.sock:sni(host)
self.sock:settimeout(_M.TIMEOUT)
try(self.sock:dohandshake())
reg(self, getmetatable(self.sock))
reg(self)
return 1
end
return conn

4
src/options.c
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

4
src/options.h
View File

@ -2,9 +2,9 @@
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

4
src/options.lua
View File

@ -18,9 +18,9 @@ end
local function generate(options, version)
print([[
/*--------------------------------------------------------------------------
* LuaSec 1.1.1
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

44
src/ssl.c
View File

@ -1,9 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2021 Bruno Silvestre.
* Copyright (C) 2006-2022 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -671,6 +671,41 @@ static int meth_getpeerfinished(lua_State *L)
return 1;
}
/**
* Get some shared keying material
*/
static int meth_exportkeyingmaterial(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if(ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 0;
}
size_t llen = 0;
size_t contextlen = 0;
const unsigned char *context = NULL;
const char *label = (const char*)luaL_checklstring(L, 2, &llen);
size_t olen = (size_t)luaL_checkinteger(L, 3);
if (!lua_isnoneornil(L, 4))
context = (const unsigned char*)luaL_checklstring(L, 4, &contextlen);
/* Temporary buffer memory-managed by Lua itself */
unsigned char *out = (unsigned char*)lua_newuserdata(L, olen);
if(SSL_export_keying_material(ssl->ssl, out, olen, label, llen, context, contextlen, context != NULL) != 1) {
lua_pushnil(L);
lua_pushstring(L, "error exporting keying material");
return 2;
}
lua_pushlstring(L, (char*)out, olen);
return 1;
}
/**
* Object information -- tostring metamethod
*/
@ -826,7 +861,7 @@ static int meth_getalpn(lua_State *L)
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 1.0.2 - Copyright (C) 2006-2021 Bruno Silvestre, UFG"
lua_pushstring(L, "LuaSec 1.2.0 - Copyright (C) 2006-2022 Bruno Silvestre, UFG"
#if defined(WITH_LUASOCKET)
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
#endif
@ -876,6 +911,7 @@ static luaL_Reg methods[] = {
{"getpeerchain", meth_getpeerchain},
{"getpeerverification", meth_getpeerverification},
{"getpeerfinished", meth_getpeerfinished},
{"exportkeyingmaterial",meth_exportkeyingmaterial},
{"getsniname", meth_getsniname},
{"getstats", meth_getstats},
{"setstats", meth_setstats},

4
src/ssl.h
View File

@ -2,9 +2,9 @@
#define LSEC_SSL_H
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2006-2021 Bruno Silvestre
* Copyright (C) 2006-2022 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

12
src/ssl.lua
View File

@ -1,7 +1,7 @@
------------------------------------------------------------------------------
-- LuaSec 1.0.2
-- LuaSec 1.2.0
--
-- Copyright (C) 2006-2021 Bruno Silvestre
-- Copyright (C) 2006-2022 Bruno Silvestre
--
------------------------------------------------------------------------------
@ -202,7 +202,11 @@ local function newcontext(cfg)
end
if config.capabilities.dane and cfg.dane then
context.setdane(ctx)
if type(cfg.dane) == "table" then
context.setdane(ctx, unpack(cfg.dane))
else
context.setdane(ctx)
end
end
return ctx
@ -271,7 +275,7 @@ core.setmethod("info", info)
--
local _M = {
_VERSION = "1.0.2",
_VERSION = "1.2.0",
_COPYRIGHT = core.copyright(),
config = config,
loadcertificate = x509.load,

8
src/x509.c
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -655,6 +655,7 @@ static int meth_set_encode(lua_State* L)
return 1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
/**
* Get signature name.
*/
@ -669,6 +670,7 @@ static int meth_get_signature_name(lua_State* L)
lua_pushstring(L, name);
return 1;
}
#endif
/*---------------------------------------------------------------------------*/
@ -698,7 +700,9 @@ static luaL_Reg methods[] = {
{"digest", meth_digest},
{"setencode", meth_set_encode},
{"extensions", meth_extensions},
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
{"getsignaturename", meth_get_signature_name},
#endif
{"issuer", meth_issuer},
{"notbefore", meth_notbefore},
{"notafter", meth_notafter},

4
src/x509.h
View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.0.2
* LuaSec 1.2.0
*
* Copyright (C) 2014-2021 Kim Alvefur, Paul Aurich, Tobias Markmann
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/