LuaSec
Go to file
brunoos fe782fde14 Merge pull request #10 from darkrain42/master
Various minor fixes (build on Fedora/RH, memory leaks)
2013-09-16 09:17:58 -07:00
samples - using buffer from luasocket 3.0. 2013-06-20 13:03:58 -03:00
src context: Don't leak DH* in dhparam_cb 2013-09-11 21:55:25 -07:00
CHANGELOG LuaSec 0.4.1 2012-09-02 11:40:59 -03:00
INSTALL LuaSec 0.4.1 2012-09-02 11:40:59 -03:00
LICENSE LuaSec 0.4.1 2012-09-02 11:40:59 -03:00
luasec.sln LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
luasec.suo LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
luasec.vcproj LuaSec 0.4 2012-09-02 11:32:26 -03:00
luasec.vcxproj LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
luasec.vcxproj.filters LuaSec 20120616 (unofficial) + patches 2013-03-30 12:21:40 +00:00
Makefile DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix. Also fixes #1 2013-05-14 08:13:57 +07:00
README.md Update README with version explanation 2013-03-30 13:12:57 +00:00

luasec-prosody

This is a (hopefully temporary) fork of LuaSec, an SSL and crypto library for Lua.

LuaSec depends on OpenSSL, and integrates with LuaSocket to make it easy to add secure connections to any Lua applications or scripts.

This version includes major new work undertaken by the Prosody community to expand LuaSec's capabilities, the changes are not yet available in an official LuaSec release. The additions include:

  • A new certificate (X509) API, which supports:

    • Reading the subject (identity) and issuer of the certificate
    • Reading various X509 extensions, including email and dnsName
    • Converting certificates to and from the standard ASCII PEM format
    • Generating the fingerprint/digest of a certificate (using SHA1, SHA256 or SHA512)
    • Reading the certificate's expiration, serial number, and other info
  • The ability to get more detailed information from OpenSSL about why a certificate failed verification, for each certificate in the chain

  • Flags to force acceptance of invalid certificates, e.g. to allow the use of self-signed certificates in a Trust On First Use model

  • Flags to control checking CRLs for certificate revocation status

  • Support for ECDH cipher suites

  • An API to get the TLS 'finished' messages used for SASL channel binding (e.g. the SCRAM PLUS mechanisms)

The work in this release was undertaken by Kim Alvefur, Paul Aurich, Tobias Markmann, Bruno Silvestre and Matthew Wild.