• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/context.c@5f89e535765a (annotated)

src/context.c

Sat, 24 Jul 2010 20:09:33 +0100

author

Matthew Wild <mwild1@gmail.com>

date

Sat, 24 Jul 2010 20:09:33 +0100

changeset 1

5f89e535765a

parent 0

f7d2d78eb424

child 28

8c61b29d87ec

permissions

-rw-r--r--

context.c: Add no_compression option for when supported

0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	1	/*--------------------------------------------------------------------------
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	2	* LuaSec 0.4
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	3	* Copyright (C) 2006-2009 Bruno Silvestre
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	4	*
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	5	*--------------------------------------------------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	6
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	7	#include <string.h>
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	8	#include <openssl/ssl.h>
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	9	#include <openssl/err.h>
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	11	#include <lua.h>
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	12	#include <lauxlib.h>
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	14	#include "context.h"
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	15
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	16	struct ssl_option_s {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	17	const char *name;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	18	unsigned long code;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	19	};
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	20	typedef struct ssl_option_s ssl_option_t;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	21
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	22
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	23	static ssl_option_t ssl_options[] = {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	24	/* OpenSSL 0.9.7 and 0.9.8 */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	25	{"all", SSL_OP_ALL},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	27	{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	28	{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	29	{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	30	{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	31	{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	32	{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	33	{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	34	{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	35	{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	{"no_session_resumption_on_renegotiation",
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	37	SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	38	{"no_sslv2", SSL_OP_NO_SSLv2},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	39	{"no_sslv3", SSL_OP_NO_SSLv3},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	40	{"no_tlsv1", SSL_OP_NO_TLSv1},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	41	{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	42	{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	43	{"single_dh_use", SSL_OP_SINGLE_DH_USE},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	44	{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	45	{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	46	{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	47	{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	48	{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	49	/* OpenSSL 0.9.8 only */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	50	#if OPENSSL_VERSION_NUMBER > 0x00908000L
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	51	{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	52	{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	53	{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	54	#endif
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	55	/* OpenSSL 0.9.8f and above */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	56	#if defined(SSL_OP_NO_TICKET)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	57	{"no_ticket", SSL_OP_NO_TICKET},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	58	#endif
1 5f89e535765a context.c: Add no_compression option for when supported Matthew Wild <mwild1@gmail.com> parents: 0 diff changeset	59	#if defined(SSL_OP_NO_COMPRESSION)
5f89e535765a context.c: Add no_compression option for when supported Matthew Wild <mwild1@gmail.com> parents: 0 diff changeset	60	{"no_compression", SSL_OP_NO_COMPRESSION},
5f89e535765a context.c: Add no_compression option for when supported Matthew Wild <mwild1@gmail.com> parents: 0 diff changeset	61	#endif
0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	62	{NULL, 0L}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	63	};
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	64
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	65	/*--------------------------- Auxiliary Functions ----------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	66
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	67	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	68	* Return the context.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	69	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	70	static p_context checkctx(lua_State *L, int idx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	71	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	72	return (p_context)luaL_checkudata(L, idx, "SSL:Context");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	73	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	74
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	75	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	76	* Prepare the SSL options flag.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	77	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	78	static int set_option_flag(const char *opt, unsigned long *flag)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	79	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	80	ssl_option_t *p;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	81	for (p = ssl_options; p->name; p++) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	82	if (!strcmp(opt, p->name)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	83	*flag |= p->code;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	84	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	85	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	86	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	87	return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	88	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	89
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	90	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	91	* Find the protocol.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	92	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	93	static SSL_METHOD* str2method(const char *method)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	94	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	95	if (!strcmp(method, "sslv3")) return SSLv3_method();
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	96	if (!strcmp(method, "tlsv1")) return TLSv1_method();
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	97	if (!strcmp(method, "sslv23")) return SSLv23_method();
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	98	return NULL;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	99	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	100
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	101	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	102	* Prepare the SSL handshake verify flag.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	103	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	104	static int set_verify_flag(const char *str, int *flag)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	105	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	106	if (!strcmp(str, "none")) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	107	*flag |= SSL_VERIFY_NONE;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	108	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	109	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	110	if (!strcmp(str, "peer")) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	111	*flag |= SSL_VERIFY_PEER;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	112	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	113	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	114	if (!strcmp(str, "client_once")) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	115	*flag |= SSL_VERIFY_CLIENT_ONCE;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	116	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	117	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	118	if (!strcmp(str, "fail_if_no_peer_cert")) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	119	*flag |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	120	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	121	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	122	return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	123	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	124
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	125	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	126	* Password callback for reading the private key.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	127	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	128	static int passwd_cb(char *buf, int size, int flag, void *udata)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	129	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	130	lua_State *L = (lua_State*)udata;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	131	switch (lua_type(L, 3)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	132	case LUA_TFUNCTION:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	133	lua_pushvalue(L, 3);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	134	lua_call(L, 0, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	135	if (lua_type(L, -1) != LUA_TSTRING)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	136	return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	137	/* fallback */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	138	case LUA_TSTRING:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	139	strncpy(buf, lua_tostring(L, -1), size);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	140	buf[size-1] = '\0';
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	141	return (int)strlen(buf);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	142	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	143	return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	144	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	145
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	146	/*------------------------------ Lua Functions -------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	147
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	148	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	149	* Create a SSL context.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	150	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	151	static int create(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	152	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	153	p_context ctx;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	154	SSL_METHOD *method;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	155
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	156	method = str2method(luaL_checkstring(L, 1));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	157	if (!method) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	158	lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	159	lua_pushstring(L, "invalid protocol");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	160	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	161	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	162	ctx = (p_context) lua_newuserdata(L, sizeof(t_context));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	163	if (!ctx) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	164	lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	165	lua_pushstring(L, "error creating context");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	166	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	167	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	168	ctx->context = SSL_CTX_new(method);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	169	if (!ctx->context) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	170	lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	171	lua_pushstring(L, "error creating context");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	172	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	173	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	174	ctx->mode = MD_CTX_INVALID;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	175	/* No session support */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	176	SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	177	luaL_getmetatable(L, "SSL:Context");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	178	lua_setmetatable(L, -2);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	179	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	180	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	181
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	182	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	183	* Load the trusting certificates.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	184	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	185	static int load_locations(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	186	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	187	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	188	const char *cafile = luaL_optstring(L, 2, NULL);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	189	const char *capath = luaL_optstring(L, 3, NULL);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	190	if (SSL_CTX_load_verify_locations(ctx, cafile, capath) != 1) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	191	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	192	lua_pushfstring(L, "error loading CA locations (%s)",
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	193	ERR_reason_error_string(ERR_get_error()));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	194	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	195	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	196	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	197	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	198	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	199
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	200	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	201	* Load the certificate file.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	202	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	203	static int load_cert(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	204	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	205	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	206	const char *filename = luaL_checkstring(L, 2);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	207	if (SSL_CTX_use_certificate_chain_file(ctx, filename) != 1) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	208	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	209	lua_pushfstring(L, "error loading certificate (%s)",
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	210	ERR_reason_error_string(ERR_get_error()));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	211	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	212	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	213	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	214	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	215	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	216
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	217	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	218	* Load the key file -- only in PEM format.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	219	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	220	static int load_key(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	221	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	222	int ret = 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	223	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	224	const char *filename = luaL_checkstring(L, 2);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	225	switch (lua_type(L, 3)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	226	case LUA_TSTRING:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	227	case LUA_TFUNCTION:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	228	SSL_CTX_set_default_passwd_cb(ctx, passwd_cb);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	229	SSL_CTX_set_default_passwd_cb_userdata(ctx, L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	230	/* fallback */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	231	case LUA_TNIL:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	232	if (SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM) == 1)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	233	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	234	else {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	235	ret = 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	236	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	237	lua_pushfstring(L, "error loading private key (%s)",
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	238	ERR_reason_error_string(ERR_get_error()));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	239	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	240	SSL_CTX_set_default_passwd_cb(ctx, NULL);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	241	SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	242	break;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	243	default:
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	244	lua_pushstring(L, "invalid callback value");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	245	lua_error(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	246	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	247	return ret;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	248	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	249
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	250	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	251	* Set the cipher list.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	252	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	253	static int set_cipher(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	254	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	255	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	256	const char *list = luaL_checkstring(L, 2);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	257	if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	258	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	259	lua_pushfstring(L, "error setting cipher list (%s)",
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	260	ERR_reason_error_string(ERR_get_error()));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	261	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	262	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	263	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	264	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	265	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	266
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	267	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	268	* Set the depth for certificate checking.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	269	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	270	static int set_depth(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	271	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	272	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	273	SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	274	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	275	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	276	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	277
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	278	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	279	* Set the handshake verify options.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	280	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	281	static int set_verify(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	282	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	283	int i;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	284	int flag = 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	285	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	286	int max = lua_gettop(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	287	/* any flag? */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	288	if (max > 1) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	289	for (i = 2; i <= max; i++) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	290	if (!set_verify_flag(luaL_checkstring(L, i), &flag)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	291	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	292	lua_pushstring(L, "invalid verify option");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	293	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	294	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	295	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	296	SSL_CTX_set_verify(ctx, flag, NULL);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	297	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	298	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	299	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	300	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	301
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	302	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	303	* Set the protocol options.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	304	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	305	static int set_options(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	306	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	307	int i;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	308	unsigned long flag = 0L;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	309	SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	310	int max = lua_gettop(L);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	311	/* any option? */
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	312	if (max > 1) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	313	for (i = 2; i <= max; i++) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	314	if (!set_option_flag(luaL_checkstring(L, i), &flag)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	315	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	316	lua_pushstring(L, "invalid option");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	317	return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	318	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	319	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	320	SSL_CTX_set_options(ctx, flag);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	321	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	322	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	323	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	324	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	325
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	326	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	327	* Set the context mode.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	328	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	329	static int set_mode(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	330	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	331	p_context ctx = checkctx(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	332	const char *str = luaL_checkstring(L, 2);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	333	if (!strcmp("server", str)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	334	ctx->mode = MD_CTX_SERVER;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	335	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	336	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	337	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	338	if(!strcmp("client", str)) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	339	ctx->mode = MD_CTX_CLIENT;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	340	lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	341	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	342	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	343	lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	344	lua_pushstring(L, "invalid mode");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	345	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	346	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	347
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	348	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	349	* Return a pointer to SSL_CTX structure.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	350	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	351	static int raw_ctx(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	352	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	353	p_context ctx = checkctx(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	354	lua_pushlightuserdata(L, (void*)ctx->context);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	355	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	356	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	357
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	358	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	359	* Package functions
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	360	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	361	static luaL_Reg funcs[] = {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	362	{"create", create},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	363	{"locations", load_locations},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	364	{"loadcert", load_cert},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	365	{"loadkey", load_key},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	366	{"setcipher", set_cipher},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	367	{"setdepth", set_depth},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	368	{"setverify", set_verify},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	369	{"setoptions", set_options},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	370	{"setmode", set_mode},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	371	{"rawcontext", raw_ctx},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	372	{NULL, NULL}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	373	};
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	374
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	375	/*-------------------------------- Metamethods -------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	376
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	377	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	378	* Collect SSL context -- GC metamethod.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	379	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	380	static int meth_destroy(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	381	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	382	p_context ctx = checkctx(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	383	if (ctx->context) {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	384	SSL_CTX_free(ctx->context);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	385	ctx->context = NULL;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	386	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	387	return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	388	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	389
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	390	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	391	* Object information -- tostring metamethod.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	392	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	393	static int meth_tostring(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	394	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	395	p_context ctx = checkctx(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	396	lua_pushfstring(L, "SSL context: %p", ctx);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	397	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	398	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	399
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	400	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	401	* Context metamethods.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	402	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	403	static luaL_Reg meta[] = {
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	404	{"__gc", meth_destroy},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	405	{"__tostring", meth_tostring},
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	406	{NULL, NULL}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	407	};
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	408
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	409
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	410	/*----------------------------- Public Functions ---------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	411
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	412	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	413	* Retrieve the SSL context from the Lua stack.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	414	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	415	SSL_CTX* ctx_getcontext(lua_State *L, int idx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	416	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	417	p_context ctx = checkctx(L, idx);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	418	return ctx->context;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	419	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	420
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	421	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	422	* Retrieve the mode from the context in the Lua stack.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	423	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	424	char ctx_getmode(lua_State *L, int idx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	425	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	426	p_context ctx = checkctx(L, idx);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	427	return ctx->mode;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	428	}
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	429
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	430	/*------------------------------ Initialization ------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	431
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	432	/**
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	433	* Registre the module.
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	434	*/
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	435	int luaopen_ssl_context(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	436	{
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	437	luaL_newmetatable(L, "SSL:Context");
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	438	luaL_register(L, NULL, meta);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	439	luaL_register(L, "ssl.context", funcs);
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	440	return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	441	}