mirror of
https://github.com/brunoos/luasec.git
synced 2025-07-16 13:59:52 +02:00
Compare commits
2 Commits
v1.1.0
...
luasec-0.8
Author | SHA1 | Date | |
---|---|---|---|
20db8ae168 | |||
dcd385e615 |
74
CHANGELOG
74
CHANGELOG
@ -1,67 +1,9 @@
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 1.1.0
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix missing DANE flag
|
||||
* Remove unused parameter in https.lua
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 1.0.2
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix handle SSL_send SYSCALL error without errno
|
||||
* Fix off by one in cert:validat(notafter)
|
||||
* Fix meth_get_{sinagure => signature}_name function name
|
||||
* Fix update the Lua state reference on the selected SSL context after SNI
|
||||
* Fix ignore SSL_OP_BIT(n) macro and update option.c
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 1.0.1
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
|
||||
* Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 1.0
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
|
||||
* Add cert:getsignaturename()
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.9
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
|
||||
* Add DNS-based Authentication of Named Entities (DANE) support
|
||||
* Add __close() metamethod
|
||||
* Fix deprecation warnings with OpenSSL 1.1
|
||||
* Fix special case listing of TLS 1.3 EC curves
|
||||
* Fix general_name leak in cert:extensions()
|
||||
* Fix unexported 'ssl.config' table
|
||||
* Replace $(LD) with $(CCLD) variable
|
||||
* Remove multiple definitions of 'ssl_options' variable
|
||||
* Use tag in git format: v0.9
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.8.2
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix unexported 'ssl.config' table (backported)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.8.1
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix general_name leak in cert:extensions() (backported)
|
||||
* Fix another memory leak when get certficate extensions
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.8
|
||||
@ -77,20 +19,6 @@ This version includes:
|
||||
* Fix invalid reference to Lua state
|
||||
* Fix memory leak when get certficate extensions
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7.2
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix unexported 'ssl.config' table (backported)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7.1
|
||||
---------------
|
||||
This version includes:
|
||||
|
||||
* Fix general_name leak in cert:extensions() (backported)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
LuaSec 0.7
|
||||
---------------
|
||||
|
6
INSTALL
6
INSTALL
@ -1,14 +1,14 @@
|
||||
LuaSec 1.1.0
|
||||
LuaSec 0.8.1
|
||||
------------
|
||||
|
||||
* OpenSSL options:
|
||||
|
||||
By default, this version includes options for OpenSSL 3.0.0 beta2
|
||||
By default, LuaSec 0.8.1 includes options for OpenSSL 1.1.0g.
|
||||
|
||||
If you need to generate the options for a different version of OpenSSL:
|
||||
|
||||
$ cd src
|
||||
$ lua options.lua -g /usr/include/openssl/ssl.h > options.c
|
||||
$ lua options.lua -g /usr/include/openssl/ssl.h > options.h
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
4
LICENSE
4
LICENSE
@ -1,5 +1,5 @@
|
||||
LuaSec 1.1.0 license
|
||||
Copyright (C) 2006-2022 Bruno Silvestre, UFG
|
||||
LuaSec 0.8.1 license
|
||||
Copyright (C) 2006-2019 Bruno Silvestre, UFG
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
|
@ -1,6 +1,9 @@
|
||||
LuaSec 1.1.0
|
||||
LuaSec 0.8.1
|
||||
===============
|
||||
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
|
||||
easy to add secure connections to any Lua applications or scripts.
|
||||
|
||||
Important: This version requires at least OpenSSL 1.0.2.
|
||||
For old versions of OpenSSL, use LuaSec 0.7.
|
||||
|
||||
Documentation: https://github.com/brunoos/luasec/wiki
|
||||
|
@ -1,8 +1,8 @@
|
||||
package = "LuaSec"
|
||||
version = "1.1.0-1"
|
||||
version = "0.8.1-1"
|
||||
source = {
|
||||
url = "git+https://github.com/brunoos/luasec",
|
||||
tag = "v1.1.0",
|
||||
url = "https://github.com/brunoos/luasec/archive/luasec-0.8.1.tar.gz",
|
||||
dir = "luasec-luasec-0.8.1"
|
||||
}
|
||||
description = {
|
||||
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
|
||||
@ -58,7 +58,7 @@ build = {
|
||||
"ssl", "crypto"
|
||||
},
|
||||
sources = {
|
||||
"src/options.c", "src/config.c", "src/ec.c",
|
||||
"src/config.c", "src/ec.c",
|
||||
"src/x509.c", "src/context.c", "src/ssl.c",
|
||||
"src/luasocket/buffer.c", "src/luasocket/io.c",
|
||||
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
|
||||
@ -93,7 +93,7 @@ build = {
|
||||
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
|
||||
},
|
||||
sources = {
|
||||
"src/options.c", "src/config.c", "src/ec.c",
|
||||
"src/config.c", "src/ec.c",
|
||||
"src/x509.c", "src/context.c", "src/ssl.c",
|
||||
"src/luasocket/buffer.c", "src/luasocket/io.c",
|
||||
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"
|
@ -107,7 +107,6 @@
|
||||
<ClCompile Include="src\luasocket\io.c" />
|
||||
<ClCompile Include="src\luasocket\timeout.c" />
|
||||
<ClCompile Include="src\luasocket\wsocket.c" />
|
||||
<ClCompile Include="src\options.c" />
|
||||
<ClCompile Include="src\ssl.c" />
|
||||
<ClCompile Include="src\x509.c" />
|
||||
</ItemGroup>
|
||||
@ -128,4 +127,4 @@
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
||||
</Project>
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/bash
|
||||
./rootA.sh
|
||||
./rootB.sh
|
||||
./clientA.sh
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
|
||||
-nodes -config ./clientA.cnf -days 365 -batch
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
|
||||
-nodes -config ./clientB.cnf -days 365 -batch
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
|
||||
-config ./serverA.cnf -nodes -days 365 -batch
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
|
||||
-config ./serverB.cnf -nodes -days 365 -batch
|
||||
|
@ -1,40 +0,0 @@
|
||||
|
||||
local socket = require "socket";
|
||||
local ssl = require "ssl";
|
||||
|
||||
local dns = require "lunbound".new();
|
||||
|
||||
|
||||
local cfg = {
|
||||
protocol = "tlsv1_2",
|
||||
mode = "client",
|
||||
ciphers = "DEFAULT",
|
||||
capath = "/etc/ssl/certs",
|
||||
verify = "peer",
|
||||
dane = true,
|
||||
};
|
||||
|
||||
local function daneconnect(host, port)
|
||||
port = port or "443";
|
||||
local conn = ssl.wrap(socket.connect(host, port), cfg);
|
||||
|
||||
local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
|
||||
assert(tlsa.secure, "Insecure DNS");
|
||||
|
||||
assert(conn:setdane(host));
|
||||
for i = 1, tlsa.n do
|
||||
local usage, selector, mtype = tlsa[i] :byte(1, 3);
|
||||
assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
|
||||
end
|
||||
|
||||
assert(conn:dohandshake());
|
||||
return conn;
|
||||
end
|
||||
|
||||
if not ... then
|
||||
print("Usage: client.lua example.com [port]");
|
||||
return os.exit(1);
|
||||
end
|
||||
local conn = daneconnect(...);
|
||||
|
||||
print(conn:getpeerverification());
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl dhparam -2 -out dh-512.pem -outform PEM 512
|
||||
openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
|
||||
|
2
samples/key/genkey.sh
Executable file → Normal file
2
samples/key/genkey.sh
Executable file → Normal file
@ -1,3 +1,3 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
openssl genrsa -des3 -out key.pem -passout pass:foobar 2048
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
#!/bin/sh
|
||||
|
||||
mkdir -p certs
|
||||
|
||||
|
@ -2,7 +2,6 @@ CMOD=ssl.so
|
||||
LMOD=ssl.lua
|
||||
|
||||
OBJS= \
|
||||
options.o \
|
||||
x509.o \
|
||||
context.o \
|
||||
ssl.o \
|
||||
@ -25,7 +24,7 @@ MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
|
||||
|
||||
INSTALL = install
|
||||
CC ?= cc
|
||||
CCLD ?= $(MYENV) $(CC)
|
||||
LD ?= $(MYENV) cc
|
||||
CFLAGS += $(MYCFLAGS)
|
||||
LDFLAGS += $(MYLDFLAGS)
|
||||
|
||||
@ -52,15 +51,14 @@ luasocket:
|
||||
@cd luasocket && $(MAKE)
|
||||
|
||||
$(CMOD): $(EXTRA) $(OBJS)
|
||||
$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
|
||||
$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
|
||||
|
||||
clean:
|
||||
cd luasocket && $(MAKE) clean
|
||||
rm -f $(OBJS) $(CMOD)
|
||||
|
||||
options.o: options.h options.c
|
||||
ec.o: ec.c ec.h
|
||||
x509.o: x509.c x509.h compat.h
|
||||
context.o: context.c context.h ec.h compat.h options.h
|
||||
context.o: context.c context.h ec.h compat.h
|
||||
ssl.o: ssl.c ssl.h context.h x509.h compat.h
|
||||
config.o: config.c ec.h options.h compat.h
|
||||
|
30
src/compat.h
30
src/compat.h
@ -1,25 +1,19 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#ifndef LSEC_COMPAT_H
|
||||
#define LSEC_COMPAT_H
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define LSEC_API __declspec(dllexport)
|
||||
#else
|
||||
#define LSEC_API extern
|
||||
#endif
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if (LUA_VERSION_NUM == 501)
|
||||
|
||||
#define luaL_testudata(L, ud, tname) lsec_testudata(L, ud, tname)
|
||||
@ -34,24 +28,4 @@
|
||||
#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
|
||||
#endif
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
|
||||
#define LSEC_ENABLE_DANE
|
||||
#endif
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
|
||||
#define LSEC_API_OPENSSL_1_1_0
|
||||
#endif
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L)
|
||||
#define LSEC_OPENSSL_1_1_1
|
||||
#endif
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
#endif
|
||||
|
24
src/config.c
24
src/config.c
@ -1,7 +1,7 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre.
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
@ -14,14 +14,14 @@
|
||||
*/
|
||||
LSEC_API int luaopen_ssl_config(lua_State *L)
|
||||
{
|
||||
lsec_ssl_option_t *opt;
|
||||
ssl_option_t *opt;
|
||||
|
||||
lua_newtable(L);
|
||||
|
||||
// Options
|
||||
lua_pushstring(L, "options");
|
||||
lua_newtable(L);
|
||||
for (opt = lsec_get_ssl_options(); opt->name; opt++) {
|
||||
for (opt = ssl_options; opt->name; opt++) {
|
||||
lua_pushstring(L, opt->name);
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
@ -41,7 +41,7 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
|
||||
lua_pushstring(L, "tlsv1_2");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#ifdef TLS1_3_VERSION
|
||||
#if defined(TLS1_3_VERSION)
|
||||
lua_pushstring(L, "tlsv1_3");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
@ -74,20 +74,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
|
||||
#ifdef LSEC_ENABLE_DANE
|
||||
// DANE
|
||||
lua_pushstring(L, "dane");
|
||||
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
|
||||
lua_createtable(L, 0, 1);
|
||||
lua_pushstring(L, "no_ee_namechecks");
|
||||
lua_pushboolean(L, 1);
|
||||
lua_rawset(L, -3);
|
||||
#else
|
||||
lua_pushboolean(L, 1);
|
||||
#endif
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
lua_pushstring(L, "curves_list");
|
||||
lua_pushboolean(L, 1);
|
||||
|
@ -1,9 +1,9 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Matthew Wild.
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre.
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
@ -17,13 +17,10 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
|
||||
#include "compat.h"
|
||||
#include "context.h"
|
||||
#include "options.h"
|
||||
|
||||
@ -52,8 +49,8 @@ static p_context testctx(lua_State *L, int idx)
|
||||
*/
|
||||
static int set_option_flag(const char *opt, unsigned long *flag)
|
||||
{
|
||||
lsec_ssl_option_t *p;
|
||||
for (p = lsec_get_ssl_options(); p->name; p++) {
|
||||
ssl_option_t *p;
|
||||
for (p = ssl_options; p->name; p++) {
|
||||
if (!strcmp(opt, p->name)) {
|
||||
*flag |= p->code;
|
||||
return 1;
|
||||
@ -62,7 +59,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef LSEC_API_OPENSSL_1_1_0
|
||||
#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
|
||||
/**
|
||||
* Find the protocol.
|
||||
*/
|
||||
@ -334,7 +331,7 @@ static int create(lua_State *L)
|
||||
ERR_reason_error_string(ERR_get_error()));
|
||||
return 2;
|
||||
}
|
||||
#ifdef LSEC_API_OPENSSL_1_1_0
|
||||
#if ! ((defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
|
||||
SSL_CTX_set_min_proto_version(ctx->context, vmin);
|
||||
SSL_CTX_set_max_proto_version(ctx->context, vmax);
|
||||
#endif
|
||||
@ -615,9 +612,7 @@ static int set_curves_list(lua_State *L)
|
||||
return 2;
|
||||
}
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
|
||||
(void)SSL_CTX_set_ecdh_auto(ctx, 1);
|
||||
#endif
|
||||
|
||||
lua_pushboolean(L, 1);
|
||||
return 1;
|
||||
@ -708,39 +703,6 @@ static int set_alpn_cb(lua_State *L)
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if defined(LSEC_ENABLE_DANE)
|
||||
/*
|
||||
* DANE
|
||||
*/
|
||||
static int dane_options[] = {
|
||||
/* TODO move into options.c
|
||||
* however this symbol is not from openssl/ssl.h but rather from
|
||||
* openssl/x509_vfy.h
|
||||
* */
|
||||
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
|
||||
DANE_FLAG_NO_DANE_EE_NAMECHECKS,
|
||||
#endif
|
||||
0
|
||||
};
|
||||
static const char *dane_option_names[] = {
|
||||
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
|
||||
"no_ee_namechecks",
|
||||
#endif
|
||||
NULL
|
||||
};
|
||||
|
||||
static int set_dane(lua_State *L)
|
||||
{
|
||||
int ret, i;
|
||||
SSL_CTX *ctx = lsec_checkcontext(L, 1);
|
||||
ret = SSL_CTX_dane_enable(ctx);
|
||||
for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
|
||||
ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
|
||||
}
|
||||
lua_pushboolean(L, (ret > 0));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Package functions
|
||||
@ -760,13 +722,12 @@ static luaL_Reg funcs[] = {
|
||||
{"setverify", set_verify},
|
||||
{"setoptions", set_options},
|
||||
{"setmode", set_mode},
|
||||
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
{"setcurve", set_curve},
|
||||
{"setcurveslist", set_curves_list},
|
||||
#endif
|
||||
#if defined(LSEC_ENABLE_DANE)
|
||||
{"setdane", set_dane},
|
||||
{"setcurve", set_curve},
|
||||
{"setcurveslist", set_curves_list},
|
||||
#endif
|
||||
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
@ -867,7 +828,6 @@ static int meth_set_verify_ext(lua_State *L)
|
||||
* Context metamethods.
|
||||
*/
|
||||
static luaL_Reg meta[] = {
|
||||
{"__close", meth_destroy},
|
||||
{"__gc", meth_destroy},
|
||||
{"__tostring", meth_tostring},
|
||||
{NULL, NULL}
|
||||
|
@ -2,9 +2,9 @@
|
||||
#define LSEC_CONTEXT_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
|
27
src/ec.c
27
src/ec.c
@ -56,24 +56,25 @@ void lsec_load_curves(lua_State *L)
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#ifdef NID_X25519
|
||||
case NID_X25519:
|
||||
lua_pushstring(L, "X25519");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#endif
|
||||
#ifdef NID_X448
|
||||
case NID_X448:
|
||||
lua_pushstring(L, "X448");
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
free(curves);
|
||||
}
|
||||
|
||||
/* These are special so are manually added here */
|
||||
#ifdef NID_X25519
|
||||
lua_pushstring(L, "X25519");
|
||||
lua_pushnumber(L, NID_X25519);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
|
||||
#ifdef NID_X448
|
||||
lua_pushstring(L, "X448");
|
||||
lua_pushnumber(L, NID_X448);
|
||||
lua_rawset(L, -3);
|
||||
#endif
|
||||
|
||||
lua_rawset(L, LUA_REGISTRYINDEX);
|
||||
}
|
||||
|
||||
|
4
src/ec.h
4
src/ec.h
@ -1,7 +1,7 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
----------------------------------------------------------------------------
|
||||
-- LuaSec 1.1.0
|
||||
-- Copyright (C) 2009-2022 PUC-Rio
|
||||
-- LuaSec 0.8.1
|
||||
-- Copyright (C) 2009-2019 PUC-Rio
|
||||
--
|
||||
-- Author: Pablo Musa
|
||||
-- Author: Tomas Guisasola
|
||||
@ -18,8 +18,8 @@ local try = socket.try
|
||||
-- Module
|
||||
--
|
||||
local _M = {
|
||||
_VERSION = "1.1.0",
|
||||
_COPYRIGHT = "LuaSec 1.1.0 - Copyright (C) 2009-2022 PUC-Rio",
|
||||
_VERSION = "0.8.1",
|
||||
_COPYRIGHT = "LuaSec 0.8.1 - Copyright (C) 2009-2019 PUC-Rio",
|
||||
PORT = 443,
|
||||
TIMEOUT = 60
|
||||
}
|
||||
@ -93,7 +93,7 @@ local function tcp(params)
|
||||
self.sock:sni(host)
|
||||
self.sock:settimeout(_M.TIMEOUT)
|
||||
try(self.sock:dohandshake())
|
||||
reg(self)
|
||||
reg(self, getmetatable(self.sock))
|
||||
return 1
|
||||
end
|
||||
return conn
|
||||
|
@ -107,16 +107,10 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
|
||||
* object:receive() interface
|
||||
\*-------------------------------------------------------------------------*/
|
||||
int buffer_meth_receive(lua_State *L, p_buffer buf) {
|
||||
int err = IO_DONE, top = lua_gettop(L);
|
||||
luaL_Buffer b;
|
||||
size_t size;
|
||||
const char *part;
|
||||
int err = IO_DONE;
|
||||
int top = lua_gettop(L);
|
||||
if (top < 3) {
|
||||
lua_settop(L, 3);
|
||||
top = 3;
|
||||
}
|
||||
part = luaL_optlstring(L, 3, "", &size);
|
||||
const char *part = luaL_optlstring(L, 3, "", &size);
|
||||
#ifdef LUASOCKET_DEBUG
|
||||
p_timeout tm = timeout_markstart(buf->tm);
|
||||
#endif
|
||||
|
185
src/options.c
185
src/options.c
@ -1,185 +0,0 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include "options.h"
|
||||
|
||||
/* If you need to generate these options again, see options.lua */
|
||||
|
||||
|
||||
/*
|
||||
OpenSSL version: OpenSSL 3.0.0-beta2
|
||||
*/
|
||||
|
||||
static lsec_ssl_option_t ssl_options[] = {
|
||||
#if defined(SSL_OP_ALL)
|
||||
{"all", SSL_OP_ALL},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
|
||||
{"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
|
||||
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
|
||||
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CISCO_ANYCONNECT)
|
||||
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_CLEANSE_PLAINTEXT)
|
||||
{"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
|
||||
#endif
|
||||
#if defined(SSL_OP_COOKIE_EXCHANGE)
|
||||
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
|
||||
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
|
||||
{"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
|
||||
#endif
|
||||
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
||||
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
|
||||
#endif
|
||||
#if defined(SSL_OP_ENABLE_KTLS)
|
||||
{"enable_ktls", SSL_OP_ENABLE_KTLS},
|
||||
#endif
|
||||
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
|
||||
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
|
||||
#endif
|
||||
#if defined(SSL_OP_EPHEMERAL_RSA)
|
||||
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
|
||||
#endif
|
||||
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
|
||||
{"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
|
||||
#endif
|
||||
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
|
||||
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
|
||||
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
|
||||
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
|
||||
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
|
||||
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
|
||||
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
|
||||
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
|
||||
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ANTI_REPLAY)
|
||||
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_COMPRESSION)
|
||||
{"no_compression", SSL_OP_NO_COMPRESSION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLS_MASK)
|
||||
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1)
|
||||
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
|
||||
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
|
||||
{"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_QUERY_MTU)
|
||||
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_RENEGOTIATION)
|
||||
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
|
||||
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSL_MASK)
|
||||
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv2)
|
||||
{"no_sslv2", SSL_OP_NO_SSLv2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv3)
|
||||
{"no_sslv3", SSL_OP_NO_SSLv3},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TICKET)
|
||||
{"no_ticket", SSL_OP_NO_TICKET},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1)
|
||||
{"no_tlsv1", SSL_OP_NO_TLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_1)
|
||||
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_2)
|
||||
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_3)
|
||||
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_1)
|
||||
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_2)
|
||||
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_PRIORITIZE_CHACHA)
|
||||
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
|
||||
#endif
|
||||
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
|
||||
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_DH_USE)
|
||||
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_ECDH_USE)
|
||||
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
|
||||
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
|
||||
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLSEXT_PADDING)
|
||||
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_D5_BUG)
|
||||
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
|
||||
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
|
||||
#endif
|
||||
{NULL, 0L}
|
||||
};
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
|
||||
return ssl_options;
|
||||
}
|
||||
|
163
src/options.h
163
src/options.h
@ -2,21 +2,170 @@
|
||||
#define LSEC_OPTIONS_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include "compat.h"
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
struct lsec_ssl_option_s {
|
||||
/* If you need to generate these options again, see options.lua */
|
||||
|
||||
/*
|
||||
OpenSSL version: OpenSSL 1.1.1b
|
||||
*/
|
||||
|
||||
struct ssl_option_s {
|
||||
const char *name;
|
||||
unsigned long code;
|
||||
};
|
||||
typedef struct ssl_option_s ssl_option_t;
|
||||
|
||||
typedef struct lsec_ssl_option_s lsec_ssl_option_t;
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
|
||||
static ssl_option_t ssl_options[] = {
|
||||
#if defined(SSL_OP_ALL)
|
||||
{"all", SSL_OP_ALL},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
|
||||
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
|
||||
#endif
|
||||
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
|
||||
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CISCO_ANYCONNECT)
|
||||
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_COOKIE_EXCHANGE)
|
||||
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
|
||||
#endif
|
||||
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
|
||||
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
||||
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
|
||||
#endif
|
||||
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
|
||||
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
|
||||
#endif
|
||||
#if defined(SSL_OP_EPHEMERAL_RSA)
|
||||
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
|
||||
#endif
|
||||
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
|
||||
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
|
||||
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
|
||||
#endif
|
||||
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
|
||||
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
|
||||
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
|
||||
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
|
||||
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
|
||||
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
|
||||
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ANTI_REPLAY)
|
||||
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_COMPRESSION)
|
||||
{"no_compression", SSL_OP_NO_COMPRESSION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLS_MASK)
|
||||
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1)
|
||||
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
|
||||
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_QUERY_MTU)
|
||||
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_RENEGOTIATION)
|
||||
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
|
||||
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSL_MASK)
|
||||
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv2)
|
||||
{"no_sslv2", SSL_OP_NO_SSLv2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_SSLv3)
|
||||
{"no_sslv3", SSL_OP_NO_SSLv3},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TICKET)
|
||||
{"no_ticket", SSL_OP_NO_TICKET},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1)
|
||||
{"no_tlsv1", SSL_OP_NO_TLSv1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_1)
|
||||
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_2)
|
||||
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_3)
|
||||
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_1)
|
||||
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
|
||||
#endif
|
||||
#if defined(SSL_OP_PKCS1_CHECK_2)
|
||||
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
|
||||
#endif
|
||||
#if defined(SSL_OP_PRIORITIZE_CHACHA)
|
||||
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
|
||||
#endif
|
||||
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
|
||||
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_DH_USE)
|
||||
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SINGLE_ECDH_USE)
|
||||
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
|
||||
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
|
||||
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLSEXT_PADDING)
|
||||
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_D5_BUG)
|
||||
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
|
||||
#endif
|
||||
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
|
||||
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
|
||||
#endif
|
||||
{NULL, 0L}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -1,10 +1,10 @@
|
||||
local function usage()
|
||||
print("Usage:")
|
||||
print("* Generate options of your system:")
|
||||
print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
|
||||
print(" lua options.lua -g /path/to/ssl.h [version] > options.h")
|
||||
print("* Examples:")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
|
||||
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
|
||||
|
||||
print("* List options of your system:")
|
||||
print(" lua options.lua -l /path/to/ssl.h\n")
|
||||
@ -17,28 +17,34 @@ end
|
||||
|
||||
local function generate(options, version)
|
||||
print([[
|
||||
#ifndef LSEC_OPTIONS_H
|
||||
#define LSEC_OPTIONS_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include "options.h"
|
||||
|
||||
/* If you need to generate these options again, see options.lua */
|
||||
|
||||
]])
|
||||
|
||||
printf([[
|
||||
/*
|
||||
OpenSSL version: %s
|
||||
*/
|
||||
]], version)
|
||||
print([[
|
||||
struct ssl_option_s {
|
||||
const char *name;
|
||||
unsigned long code;
|
||||
};
|
||||
typedef struct ssl_option_s ssl_option_t;
|
||||
]])
|
||||
|
||||
print([[static lsec_ssl_option_t ssl_options[] = {]])
|
||||
print([[static ssl_option_t ssl_options[] = {]])
|
||||
|
||||
for k, option in ipairs(options) do
|
||||
local name = string.lower(string.sub(option, 8))
|
||||
@ -50,9 +56,7 @@ local function generate(options, version)
|
||||
print([[
|
||||
};
|
||||
|
||||
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
|
||||
return ssl_options;
|
||||
}
|
||||
#endif
|
||||
]])
|
||||
end
|
||||
|
||||
@ -60,12 +64,9 @@ local function loadoptions(file)
|
||||
local options = {}
|
||||
local f = assert(io.open(file, "r"))
|
||||
for line in f:lines() do
|
||||
local op = string.match(line, "define%s+(SSL_OP_BIT%()")
|
||||
if not op then
|
||||
op = string.match(line, "define%s+(SSL_OP_%S+)")
|
||||
if op then
|
||||
table.insert(options, op)
|
||||
end
|
||||
local op = string.match(line, "define%s+(SSL_OP_%S+)")
|
||||
if op then
|
||||
table.insert(options, op)
|
||||
end
|
||||
end
|
||||
table.sort(options, function(a,b) return a<b end)
|
||||
|
55
src/ssl.c
55
src/ssl.c
@ -1,9 +1,9 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
|
||||
* Matthew Wild.
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre.
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#include <lua.h>
|
||||
#include <lauxlib.h>
|
||||
@ -33,7 +32,7 @@
|
||||
#include "ssl.h"
|
||||
|
||||
|
||||
#ifndef LSEC_API_OPENSSL_1_1_0
|
||||
#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
|
||||
#define SSL_is_server(s) (s->server)
|
||||
#define SSL_up_ref(ssl) CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
|
||||
#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
|
||||
@ -48,11 +47,6 @@ static int lsec_socket_error()
|
||||
#if defined(WIN32)
|
||||
return WSAGetLastError();
|
||||
#else
|
||||
#if defined(LSEC_OPENSSL_1_1_1)
|
||||
// Bug in OpenSSL 1.1.1
|
||||
if (errno == 0)
|
||||
return LSEC_IO_SSL;
|
||||
#endif
|
||||
return errno;
|
||||
#endif
|
||||
}
|
||||
@ -747,8 +741,6 @@ static int sni_cb(SSL *ssl, int *ad, void *arg)
|
||||
lua_pop(L, 4);
|
||||
/* Found, use this context */
|
||||
if (newctx) {
|
||||
p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
|
||||
pctx->L = L;
|
||||
SSL_set_SSL_CTX(ssl, newctx);
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
@ -826,7 +818,7 @@ static int meth_getalpn(lua_State *L)
|
||||
|
||||
static int meth_copyright(lua_State *L)
|
||||
{
|
||||
lua_pushstring(L, "LuaSec 1.1.0 - Copyright (C) 2006-2022 Bruno Silvestre, UFG"
|
||||
lua_pushstring(L, "LuaSec 0.8.1 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
|
||||
#if defined(WITH_LUASOCKET)
|
||||
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
|
||||
#endif
|
||||
@ -834,34 +826,6 @@ static int meth_copyright(lua_State *L)
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if defined(LSEC_ENABLE_DANE)
|
||||
static int meth_dane(lua_State *L)
|
||||
{
|
||||
int ret;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
|
||||
lua_pushboolean(L, (ret > 0));
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int meth_tlsa(lua_State *L)
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
|
||||
uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
|
||||
uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
|
||||
uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
|
||||
unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
|
||||
|
||||
ERR_clear_error();
|
||||
ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
|
||||
lua_pushboolean(L, (ret > 0));
|
||||
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
@ -886,10 +850,6 @@ static luaL_Reg methods[] = {
|
||||
{"settimeout", meth_settimeout},
|
||||
{"sni", meth_sni},
|
||||
{"want", meth_want},
|
||||
#if defined(LSEC_ENABLE_DANE)
|
||||
{"setdane", meth_dane},
|
||||
{"settlsa", meth_tlsa},
|
||||
#endif
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
@ -897,7 +857,6 @@ static luaL_Reg methods[] = {
|
||||
* SSL metamethods.
|
||||
*/
|
||||
static luaL_Reg meta[] = {
|
||||
{"__close", meth_destroy},
|
||||
{"__gc", meth_destroy},
|
||||
{"__tostring", meth_tostring},
|
||||
{NULL, NULL}
|
||||
@ -921,7 +880,6 @@ static luaL_Reg funcs[] = {
|
||||
*/
|
||||
LSEC_API int luaopen_ssl_core(lua_State *L)
|
||||
{
|
||||
#ifndef LSEC_API_OPENSSL_1_1_0
|
||||
/* Initialize SSL */
|
||||
if (!SSL_library_init()) {
|
||||
lua_pushstring(L, "unable to initialize SSL library");
|
||||
@ -929,7 +887,6 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
|
||||
}
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_load_error_strings();
|
||||
#endif
|
||||
|
||||
#if defined(WITH_LUASOCKET)
|
||||
/* Initialize internal library */
|
||||
@ -948,7 +905,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
|
||||
luaL_newlib(L, funcs);
|
||||
|
||||
lua_pushstring(L, "SOCKET_INVALID");
|
||||
lua_pushinteger(L, SOCKET_INVALID);
|
||||
lua_pushnumber(L, SOCKET_INVALID);
|
||||
lua_rawset(L, -3);
|
||||
|
||||
return 1;
|
||||
|
@ -2,9 +2,9 @@
|
||||
#define LSEC_SSL_H
|
||||
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2006-2022 Bruno Silvestre
|
||||
* Copyright (C) 2006-2019 Bruno Silvestre
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
|
15
src/ssl.lua
15
src/ssl.lua
@ -1,7 +1,7 @@
|
||||
------------------------------------------------------------------------------
|
||||
-- LuaSec 1.1.0
|
||||
-- LuaSec 0.8.1
|
||||
--
|
||||
-- Copyright (C) 2006-2022 Bruno Silvestre
|
||||
-- Copyright (C) 2006-2019 Bruno Silvestre
|
||||
--
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
@ -201,14 +201,6 @@ local function newcontext(cfg)
|
||||
if not succ then return nil, msg end
|
||||
end
|
||||
|
||||
if config.capabilities.dane and cfg.dane then
|
||||
if type(cfg.dane) == "table" then
|
||||
context.setdane(ctx, unpack(cfg.dane))
|
||||
else
|
||||
context.setdane(ctx)
|
||||
end
|
||||
end
|
||||
|
||||
return ctx
|
||||
end
|
||||
|
||||
@ -275,9 +267,8 @@ core.setmethod("info", info)
|
||||
--
|
||||
|
||||
local _M = {
|
||||
_VERSION = "1.1.0",
|
||||
_VERSION = "0.8.1",
|
||||
_COPYRIGHT = core.copyright(),
|
||||
config = config,
|
||||
loadcertificate = x509.load,
|
||||
newcontext = newcontext,
|
||||
wrap = wrap,
|
||||
|
57
src/x509.c
57
src/x509.c
@ -1,7 +1,7 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Matthew Wild, Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
@ -33,12 +33,16 @@
|
||||
#include "x509.h"
|
||||
|
||||
|
||||
#ifndef LSEC_API_OPENSSL_1_1_0
|
||||
#define X509_get0_notBefore X509_get_notBefore
|
||||
#define X509_get0_notAfter X509_get_notAfter
|
||||
#define ASN1_STRING_get0_data ASN1_STRING_data
|
||||
/*
|
||||
* ASN1_STRING_data is deprecated in OpenSSL 1.1.0
|
||||
*/
|
||||
#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
|
||||
#else
|
||||
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
|
||||
#endif
|
||||
|
||||
|
||||
static const char* hex_tab = "0123456789abcdef";
|
||||
|
||||
/**
|
||||
@ -153,7 +157,8 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
|
||||
}
|
||||
switch (encode) {
|
||||
case LSEC_AI5_STRING:
|
||||
lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
|
||||
lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
|
||||
ASN1_STRING_length(string));
|
||||
break;
|
||||
case LSEC_UTF8_STRING:
|
||||
len = ASN1_STRING_to_UTF8(&data, string);
|
||||
@ -169,7 +174,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
|
||||
/**
|
||||
* Return a human readable time.
|
||||
*/
|
||||
static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
|
||||
static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
|
||||
{
|
||||
char *tmp;
|
||||
long size;
|
||||
@ -188,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
|
||||
{
|
||||
int af;
|
||||
char dst[INET6_ADDRSTRLEN];
|
||||
unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
|
||||
unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
|
||||
switch(ASN1_STRING_length(string)) {
|
||||
case 4:
|
||||
af = AF_INET;
|
||||
@ -485,13 +490,10 @@ static int meth_digest(lua_State* L)
|
||||
*/
|
||||
static int meth_valid_at(lua_State* L)
|
||||
{
|
||||
int nb, na;
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
time_t time = luaL_checkinteger(L, 2);
|
||||
nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
|
||||
time -= 1;
|
||||
na = X509_cmp_time(X509_get0_notAfter(cert), &time);
|
||||
lua_pushboolean(L, nb == -1 && na == 1);
|
||||
lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
|
||||
&& X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -519,7 +521,7 @@ static int meth_serial(lua_State *L)
|
||||
static int meth_notbefore(lua_State *L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
return push_asn1_time(L, X509_get0_notBefore(cert));
|
||||
return push_asn1_time(L, X509_get_notBefore(cert));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -528,7 +530,7 @@ static int meth_notbefore(lua_State *L)
|
||||
static int meth_notafter(lua_State *L)
|
||||
{
|
||||
X509* cert = lsec_checkx509(L, 1);
|
||||
return push_asn1_time(L, X509_get0_notAfter(cert));
|
||||
return push_asn1_time(L, X509_get_notAfter(cert));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -621,11 +623,7 @@ cleanup:
|
||||
*/
|
||||
static int meth_destroy(lua_State* L)
|
||||
{
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
if (px->cert) {
|
||||
X509_free(px->cert);
|
||||
px->cert = NULL;
|
||||
}
|
||||
X509_free(lsec_checkx509(L, 1));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -655,21 +653,6 @@ static int meth_set_encode(lua_State* L)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get signature name.
|
||||
*/
|
||||
static int meth_get_signature_name(lua_State* L)
|
||||
{
|
||||
p_x509 px = lsec_checkp_x509(L, 1);
|
||||
int nid = X509_get_signature_nid(px->cert);
|
||||
const char *name = OBJ_nid2sn(nid);
|
||||
if (!name)
|
||||
lua_pushnil(L);
|
||||
else
|
||||
lua_pushstring(L, name);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
static int load_cert(lua_State* L)
|
||||
@ -698,7 +681,6 @@ static luaL_Reg methods[] = {
|
||||
{"digest", meth_digest},
|
||||
{"setencode", meth_set_encode},
|
||||
{"extensions", meth_extensions},
|
||||
{"getsignaturename", meth_get_signature_name},
|
||||
{"issuer", meth_issuer},
|
||||
{"notbefore", meth_notbefore},
|
||||
{"notafter", meth_notafter},
|
||||
@ -715,7 +697,6 @@ static luaL_Reg methods[] = {
|
||||
* X509 metamethods.
|
||||
*/
|
||||
static luaL_Reg meta[] = {
|
||||
{"__close", meth_destroy},
|
||||
{"__gc", meth_destroy},
|
||||
{"__tostring", meth_tostring},
|
||||
{NULL, NULL}
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*--------------------------------------------------------------------------
|
||||
* LuaSec 1.1.0
|
||||
* LuaSec 0.8.1
|
||||
*
|
||||
* Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
|
||||
* Matthew Wild, Bruno Silvestre.
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
Reference in New Issue
Block a user