mirror of
https://github.com/brunoos/luasec.git
synced 2024-09-19 18:46:41 +02:00
193 lines
4.3 KiB
Markdown
193 lines
4.3 KiB
Markdown
Functions
|
|
---------
|
|
|
|
### context.create ###
|
|
|
|
ctxt = context.create(method)
|
|
|
|
Creates a new context. Can fail, in which case it returns nil, followed by an
|
|
error.
|
|
|
|
### context.locations ###
|
|
|
|
success, error = context.locations(ctxt, [cafile], [capath])
|
|
|
|
Set the location of either the CA certificate file, or the directory which
|
|
contains said file(s).
|
|
|
|
### context.loadcert ###
|
|
|
|
success, error = context.loadcert(ctxt, filename)
|
|
|
|
Load a certificate from a file into this context.
|
|
|
|
### context.loadkey ###
|
|
|
|
success, error = context.loadkey(ctxt, filename)
|
|
success, error = context.loadkey(ctxt, filename, string)
|
|
success, error = context.loadkey(ctxt, filename, function() -> string)
|
|
|
|
Loads a private key from a PEM-format file. The third argument can be either a
|
|
string, or a function returning a string producing the password for the key.
|
|
|
|
### context.checkkey ###
|
|
|
|
success = context.checkkey(ctxt)
|
|
|
|
Returns true if the certificate loaded matches the key loaded.
|
|
|
|
### context.setcipher ###
|
|
|
|
success, error = context.setcipher(ctxt, cipherlist)
|
|
|
|
Sets the ciphers used when negotiation. For the format of the string
|
|
`cipherlist`, see the openssl documentation, and in particular the `openssl
|
|
ciphers` command line tool.
|
|
|
|
### context.setdepth ###
|
|
|
|
success = context.setdepth(ctxt)
|
|
|
|
Set the maximum verification depth for checking certificate chains.
|
|
|
|
### context.setdhparam ###
|
|
|
|
context.setdhparam(ctxt, function(isExport, keyLength) -> params)
|
|
|
|
Sets a callback to obtain Diffie-Hellman parameters on this context. Once these
|
|
parameters are required, the callback gets called with a flag (`isExport`)
|
|
indicating whether export-level security is used, and a key length
|
|
(`keyLength`). It is then expected to produce a string containg parameters.
|
|
|
|
For the format of the parameters string, see the openssl documentation.
|
|
|
|
### context.setcurve ###
|
|
|
|
success, error = context.setcurve(ctxt, curve)
|
|
|
|
Set the curve to use for Elliptic Curve cryptography.
|
|
|
|
The curve can be one of:
|
|
|
|
- `secp112r1`
|
|
- `secp112r2`
|
|
- `secp128r1`
|
|
- `secp128r2`
|
|
- `secp160k1`
|
|
- `secp160r1`
|
|
- `secp160r2`
|
|
- `secp192k1`
|
|
- `secp224k1`
|
|
- `secp224r1`
|
|
- `secp256k1`
|
|
- `secp384r1`
|
|
- `secp521r1`
|
|
- `sect113r1`
|
|
- `sect113r2`
|
|
- `sect131r1`
|
|
- `sect131r2`
|
|
- `sect163k1`
|
|
- `sect163r1`
|
|
- `sect163r2`
|
|
- `sect193r1`
|
|
- `sect193r2`
|
|
- `sect233k1`
|
|
- `sect233r1`
|
|
- `sect239k1`
|
|
- `sect283k1`
|
|
- `sect283r1`
|
|
- `sect409k1`
|
|
- `sect409r1`
|
|
- `sect571k1`
|
|
- `sect571r1`
|
|
- `prime192v1`
|
|
- `prime192v2`
|
|
- `prime192v3`
|
|
- `prime239v1`
|
|
- `prime239v2`
|
|
- `prime239v3`
|
|
- `prime256v1`
|
|
|
|
### context.setverify ###
|
|
|
|
success, error = context.setverify(ctxt, options...)
|
|
|
|
Sets verification options for this context.
|
|
|
|
The following options are valid:
|
|
|
|
- `none`
|
|
- `peer`
|
|
- `client_once`
|
|
- `fail_if_no_peer_cert`
|
|
|
|
### context.setoptions ###
|
|
|
|
success, error = context.setoptions(ctxt, options...)
|
|
|
|
Set generic context options for this context.
|
|
|
|
The following options are valid:
|
|
|
|
- `all`
|
|
- `allow_unsafe_legacy_renegotiation`
|
|
- `cipher_server_preference`
|
|
- `cisco_anyconnect`
|
|
- `cookie_exchange`
|
|
- `cryptopro_tlsext_bug`
|
|
- `dont_insert_empty_fragments`
|
|
- `ephemeral_rsa`
|
|
- `legacy_server_connect`
|
|
- `microsoft_big_sslv3_buffer`
|
|
- `microsoft_sess_id_bug`
|
|
- `msie_sslv2_rsa_padding`
|
|
- `netscape_ca_dn_bug`
|
|
- `netscape_challenge_bug`
|
|
- `netscape_demo_cipher_change_bug`
|
|
- `netscape_reuse_cipher_change_bug`
|
|
- `no_compression`
|
|
- `no_query_mtu`
|
|
- `no_session_resumption_on_renegotiation`
|
|
- `no_sslv2`
|
|
- `no_sslv3`
|
|
- `no_ticket`
|
|
- `no_tlsv1`
|
|
- `no_tlsv1_1`
|
|
- `no_tlsv1_2`
|
|
- `pkcs1_check_1`
|
|
- `pkcs1_check_2`
|
|
- `single_dh_use`
|
|
- `single_ecdh_use`
|
|
- `ssleay_080_client_dh_bug`
|
|
- `sslref2_reuse_cert_type_bug`
|
|
- `tls_block_padding_bug`
|
|
- `tls_d5_bug`
|
|
- `tls_rollback_bug`
|
|
|
|
### context.setmode ###
|
|
|
|
success = context.setmode(ctxt, mode)
|
|
|
|
Set the mode for this context.
|
|
|
|
Mode can be one of:
|
|
|
|
- `client`
|
|
- `server`
|
|
|
|
Methods
|
|
-------
|
|
|
|
### ctxt:setverifyext ###
|
|
|
|
success, error = ctxt:setverifyext(flags...)
|
|
|
|
Set which extra verification steps to use.
|
|
|
|
The following flags are valid:
|
|
|
|
- `lsec_continue`: Continue with verification errors
|
|
- `lsec_ignore_purpose`: Ignore this certificate's purpose (like server/client)
|
|
- `crl_check`: Check Certification Revocation Lists
|
|
- `crl_check_chain`: Check CRLs for the entire chain
|