Fri, 08 Oct 2010 21:11:25 +0100
Add :getpeercertificate() method to get peer's certificate
0 | 1 | /*-------------------------------------------------------------------------- |
2 | * LuaSec 0.4 | |
3 | * Copyright (C) 2006-2009 Bruno Silvestre | |
4 | * | |
5 | *--------------------------------------------------------------------------*/ | |
6 | ||
7 | #include <string.h> | |
8 | ||
9 | #include <openssl/ssl.h> | |
10 | #include <openssl/err.h> | |
11 | ||
12 | #include <lua.h> | |
13 | #include <lauxlib.h> | |
14 | ||
15 | #include "io.h" | |
16 | #include "buffer.h" | |
17 | #include "timeout.h" | |
18 | #include "socket.h" | |
19 | #include "ssl.h" | |
20 | ||
21 | /** | |
22 | * Map error code into string. | |
23 | */ | |
24 | static const char *ssl_ioerror(void *ctx, int err) | |
25 | { | |
26 | if (err == IO_SSL) { | |
27 | p_ssl ssl = (p_ssl) ctx; | |
28 | switch(ssl->error) { | |
29 | case SSL_ERROR_NONE: return "No error"; | |
30 | case SSL_ERROR_ZERO_RETURN: return "closed"; | |
31 | case SSL_ERROR_WANT_READ: return "wantread"; | |
32 | case SSL_ERROR_WANT_WRITE: return "wantwrite"; | |
33 | case SSL_ERROR_WANT_CONNECT: return "'connect' not completed"; | |
34 | case SSL_ERROR_WANT_ACCEPT: return "'accept' not completed"; | |
35 | case SSL_ERROR_WANT_X509_LOOKUP: return "Waiting for callback"; | |
36 | case SSL_ERROR_SYSCALL: return "System error"; | |
37 | case SSL_ERROR_SSL: return ERR_reason_error_string(ERR_get_error()); | |
38 | default: return "Unknown SSL error"; | |
39 | } | |
40 | } | |
41 | return socket_strerror(err); | |
42 | } | |
43 | ||
44 | /** | |
45 | * Close the connection before the GC collect the object. | |
46 | */ | |
47 | static int meth_destroy(lua_State *L) | |
48 | { | |
49 | p_ssl ssl = (p_ssl) lua_touserdata(L, 1); | |
50 | if (ssl->ssl) { | |
51 | socket_setblocking(&ssl->sock); | |
52 | SSL_shutdown(ssl->ssl); | |
53 | socket_destroy(&ssl->sock); | |
54 | SSL_free(ssl->ssl); | |
55 | ssl->ssl = NULL; | |
56 | } | |
57 | return 0; | |
58 | } | |
59 | ||
60 | /** | |
61 | * Perform the TLS/SSL handshake | |
62 | */ | |
63 | static int handshake(p_ssl ssl) | |
64 | { | |
65 | int err; | |
66 | p_timeout tm = timeout_markstart(&ssl->tm); | |
67 | if (ssl->state == ST_SSL_CLOSED) | |
68 | return IO_CLOSED; | |
69 | for ( ; ; ) { | |
70 | ERR_clear_error(); | |
71 | err = SSL_do_handshake(ssl->ssl); | |
72 | ssl->error = SSL_get_error(ssl->ssl, err); | |
73 | switch(ssl->error) { | |
74 | case SSL_ERROR_NONE: | |
75 | ssl->state = ST_SSL_CONNECTED; | |
76 | return IO_DONE; | |
77 | case SSL_ERROR_WANT_READ: | |
78 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
79 | if (err == IO_TIMEOUT) return IO_SSL; | |
80 | if (err != IO_DONE) return err; | |
81 | break; | |
82 | case SSL_ERROR_WANT_WRITE: | |
83 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
84 | if (err == IO_TIMEOUT) return IO_SSL; | |
85 | if (err != IO_DONE) return err; | |
86 | break; | |
87 | case SSL_ERROR_SYSCALL: | |
88 | if (ERR_peek_error()) { | |
89 | ssl->error = SSL_ERROR_SSL; | |
90 | return IO_SSL; | |
91 | } | |
92 | if (err == 0) | |
93 | return IO_CLOSED; | |
94 | return socket_error(); | |
95 | default: | |
96 | return IO_SSL; | |
97 | } | |
98 | } | |
99 | return IO_UNKNOWN; | |
100 | } | |
101 | ||
102 | /** | |
103 | * Send data | |
104 | */ | |
105 | static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent, | |
106 | p_timeout tm) | |
107 | { | |
108 | int err; | |
109 | p_ssl ssl = (p_ssl) ctx; | |
110 | if (ssl->state == ST_SSL_CLOSED) | |
111 | return IO_CLOSED; | |
112 | *sent = 0; | |
113 | for ( ; ; ) { | |
114 | ERR_clear_error(); | |
115 | err = SSL_write(ssl->ssl, data, (int) count); | |
116 | ssl->error = SSL_get_error(ssl->ssl, err); | |
117 | switch(ssl->error) { | |
118 | case SSL_ERROR_NONE: | |
119 | *sent = err; | |
120 | return IO_DONE; | |
121 | case SSL_ERROR_WANT_READ: | |
122 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
123 | if (err == IO_TIMEOUT) return IO_SSL; | |
124 | if (err != IO_DONE) return err; | |
125 | break; | |
126 | case SSL_ERROR_WANT_WRITE: | |
127 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
128 | if (err == IO_TIMEOUT) return IO_SSL; | |
129 | if (err != IO_DONE) return err; | |
130 | break; | |
131 | case SSL_ERROR_SYSCALL: | |
132 | if (ERR_peek_error()) { | |
133 | ssl->error = SSL_ERROR_SSL; | |
134 | return IO_SSL; | |
135 | } | |
136 | if (err == 0) | |
137 | return IO_CLOSED; | |
138 | return socket_error(); | |
139 | default: | |
140 | return IO_SSL; | |
141 | } | |
142 | } | |
143 | return IO_UNKNOWN; | |
144 | } | |
145 | ||
146 | /** | |
147 | * Receive data | |
148 | */ | |
149 | static int ssl_recv(void *ctx, char *data, size_t count, size_t *got, | |
150 | p_timeout tm) | |
151 | { | |
152 | int err; | |
153 | p_ssl ssl = (p_ssl) ctx; | |
154 | if (ssl->state == ST_SSL_CLOSED) | |
155 | return IO_CLOSED; | |
156 | *got = 0; | |
157 | for ( ; ; ) { | |
158 | ERR_clear_error(); | |
159 | err = SSL_read(ssl->ssl, data, (int) count); | |
160 | ssl->error = SSL_get_error(ssl->ssl, err); | |
161 | switch(ssl->error) { | |
162 | case SSL_ERROR_NONE: | |
163 | *got = err; | |
164 | return IO_DONE; | |
165 | case SSL_ERROR_ZERO_RETURN: | |
166 | *got = err; | |
167 | return IO_CLOSED; | |
168 | case SSL_ERROR_WANT_READ: | |
169 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
170 | if (err == IO_TIMEOUT) return IO_SSL; | |
171 | if (err != IO_DONE) return err; | |
172 | break; | |
173 | case SSL_ERROR_WANT_WRITE: | |
174 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
175 | if (err == IO_TIMEOUT) return IO_SSL; | |
176 | if (err != IO_DONE) return err; | |
177 | break; | |
178 | case SSL_ERROR_SYSCALL: | |
179 | if (ERR_peek_error()) { | |
180 | ssl->error = SSL_ERROR_SSL; | |
181 | return IO_SSL; | |
182 | } | |
183 | if (err == 0) | |
184 | return IO_CLOSED; | |
185 | return socket_error(); | |
186 | default: | |
187 | return IO_SSL; | |
188 | } | |
189 | } | |
190 | return IO_UNKNOWN; | |
191 | } | |
192 | ||
193 | /** | |
194 | * Create a new TLS/SSL object and mark it as new. | |
195 | */ | |
196 | static int meth_create(lua_State *L) | |
197 | { | |
198 | p_ssl ssl; | |
199 | int mode = ctx_getmode(L, 1); | |
200 | SSL_CTX *ctx = ctx_getcontext(L, 1); | |
201 | ||
202 | if (mode == MD_CTX_INVALID) { | |
203 | lua_pushnil(L); | |
204 | lua_pushstring(L, "invalid mode"); | |
205 | return 2; | |
206 | } | |
207 | ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl)); | |
208 | if (!ssl) { | |
209 | lua_pushnil(L); | |
210 | lua_pushstring(L, "error creating SSL object"); | |
211 | return 2; | |
212 | } | |
213 | ssl->ssl = SSL_new(ctx); | |
214 | if (!ssl->ssl) { | |
215 | lua_pushnil(L); | |
216 | lua_pushstring(L, "error creating SSL object"); | |
217 | return 2;; | |
218 | } | |
219 | ssl->state = ST_SSL_NEW; | |
220 | SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); | |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
221 | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | |
0 | 222 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
223 | |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
224 | #ifdef SSL_MODE_RELEASE_BUFFERS |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
225 | SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
226 | #endif |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
227 | |
0 | 228 | if (mode == MD_CTX_SERVER) |
229 | SSL_set_accept_state(ssl->ssl); | |
230 | else | |
231 | SSL_set_connect_state(ssl->ssl); | |
232 | ||
233 | io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, | |
234 | (p_error) ssl_ioerror, ssl); | |
235 | timeout_init(&ssl->tm, -1, -1); | |
236 | buffer_init(&ssl->buf, &ssl->io, &ssl->tm); | |
237 | ||
238 | luaL_getmetatable(L, "SSL:Connection"); | |
239 | lua_setmetatable(L, -2); | |
240 | return 1; | |
241 | } | |
242 | ||
243 | /** | |
244 | * Buffer send function | |
245 | */ | |
246 | static int meth_send(lua_State *L) { | |
247 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
248 | return buffer_meth_send(L, &ssl->buf); | |
249 | } | |
250 | ||
251 | /** | |
252 | * Buffer receive function | |
253 | */ | |
254 | static int meth_receive(lua_State *L) { | |
255 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
256 | return buffer_meth_receive(L, &ssl->buf); | |
257 | } | |
258 | ||
259 | /** | |
260 | * Select support methods | |
261 | */ | |
262 | static int meth_getfd(lua_State *L) | |
263 | { | |
264 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
265 | lua_pushnumber(L, ssl->sock); | |
266 | return 1; | |
267 | } | |
268 | ||
269 | /** | |
270 | * Set the TLS/SSL file descriptor. | |
271 | * This is done *before* the handshake. | |
272 | */ | |
273 | static int meth_setfd(lua_State *L) | |
274 | { | |
275 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
276 | if (ssl->state != ST_SSL_NEW) | |
277 | luaL_argerror(L, 1, "invalid SSL object state"); | |
278 | ssl->sock = luaL_checkint(L, 2); | |
279 | socket_setnonblocking(&ssl->sock); | |
280 | SSL_set_fd(ssl->ssl, (int)ssl->sock); | |
281 | return 0; | |
282 | } | |
283 | ||
284 | /** | |
285 | * Lua handshake function. | |
286 | */ | |
287 | static int meth_handshake(lua_State *L) | |
288 | { | |
289 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
290 | int err = handshake(ssl); | |
291 | if (err == IO_DONE) { | |
292 | lua_pushboolean(L, 1); | |
293 | return 1; | |
294 | } | |
295 | lua_pushboolean(L, 0); | |
296 | lua_pushstring(L, ssl_ioerror((void*)ssl, err)); | |
297 | return 2; | |
298 | } | |
299 | ||
300 | /** | |
301 | * Close the connection. | |
302 | */ | |
303 | static int meth_close(lua_State *L) | |
304 | { | |
305 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
306 | meth_destroy(L); | |
307 | ssl->state = ST_SSL_CLOSED; | |
308 | return 0; | |
309 | } | |
310 | ||
311 | /** | |
312 | * Set timeout. | |
313 | */ | |
314 | static int meth_settimeout(lua_State *L) | |
315 | { | |
316 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
317 | return timeout_meth_settimeout(L, &ssl->tm); | |
318 | } | |
319 | ||
320 | /** | |
321 | * Check if there is data in the buffer. | |
322 | */ | |
323 | static int meth_dirty(lua_State *L) | |
324 | { | |
325 | int res = 0; | |
326 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
327 | if (ssl->state != ST_SSL_CLOSED) | |
328 | res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl); | |
329 | lua_pushboolean(L, res); | |
330 | return 1; | |
331 | } | |
332 | ||
333 | /** | |
334 | * Return the state information about the SSL object. | |
335 | */ | |
336 | static int meth_want(lua_State *L) | |
337 | { | |
338 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
339 | int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl); | |
340 | switch(code) { | |
341 | case SSL_NOTHING: lua_pushstring(L, "nothing"); break; | |
342 | case SSL_READING: lua_pushstring(L, "read"); break; | |
343 | case SSL_WRITING: lua_pushstring(L, "write"); break; | |
344 | case SSL_X509_LOOKUP: lua_pushstring(L, "x509lookup"); break; | |
345 | } | |
346 | return 1; | |
347 | } | |
348 | ||
349 | /** | |
350 | * Return a pointer to SSL structure. | |
351 | */ | |
352 | static int meth_rawconn(lua_State *L) | |
353 | { | |
354 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); | |
355 | lua_pushlightuserdata(L, (void*)ssl->ssl); | |
356 | return 1; | |
357 | } | |
358 | ||
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
359 | /** |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
360 | * Return the compression method used. |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
361 | */ |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
362 | static int meth_compression(lua_State *L) |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
363 | { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
364 | const COMP_METHOD *comp; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
365 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
366 | comp = SSL_get_current_compression(ssl->ssl); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
367 | if (comp) { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
368 | lua_pushstring(L, SSL_COMP_get_name(comp)); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
369 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
370 | } else { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
371 | lua_pushboolean(L, 0); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
372 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
373 | } |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
374 | } |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
375 | |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
376 | /** |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
377 | * Return the peer certificate. |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
378 | */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
379 | static int meth_getpeercertificate(lua_State *L) |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
380 | { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
381 | X509 *peer; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
382 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
383 | peer = SSL_get_peer_certificate(ssl->ssl); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
384 | if (peer == NULL) { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
385 | /* No client certificate available */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
386 | lua_pushboolean(L, 0); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
387 | return 1; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
388 | } else { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
389 | char *buffer = NULL; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
390 | char length = 0; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
391 | BIO *bp = BIO_new(BIO_s_mem()); /* To memory */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
392 | i2d_X509_bio(bp, peer); /* as der */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
393 | if ((length = BIO_read(bp, 0, 0)) == 0) { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
394 | BIO_free(bp); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
395 | return 0; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
396 | } |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
397 | if ((buffer = malloc(length)) == NULL) { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
398 | BIO_free(bp); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
399 | return 0; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
400 | } |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
401 | if ((length = BIO_read(bp, buffer, length)) > length) { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
402 | free(buffer); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
403 | BIO_free(bp); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
404 | return 0; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
405 | } |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
406 | lua_pushlstring(L, buffer, length); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
407 | free(buffer); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
408 | BIO_free(bp); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
409 | return 1; |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
410 | } |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
411 | } |
0 | 412 | /*---------------------------------------------------------------------------*/ |
413 | ||
414 | ||
415 | /** | |
416 | * SSL metamethods | |
417 | */ | |
418 | static luaL_Reg meta[] = { | |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
419 | {"close", meth_close}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
420 | {"getfd", meth_getfd}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
421 | {"dirty", meth_dirty}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
422 | {"dohandshake", meth_handshake}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
423 | {"receive", meth_receive}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
424 | {"send", meth_send}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
425 | {"settimeout", meth_settimeout}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
426 | {"want", meth_want}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
427 | {"compression", meth_compression}, |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
428 | {"getpeercertificate",meth_getpeercertificate}, |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
429 | {NULL, NULL} |
0 | 430 | }; |
431 | ||
432 | /** | |
433 | * SSL functions | |
434 | */ | |
435 | static luaL_Reg funcs[] = { | |
436 | {"create", meth_create}, | |
437 | {"setfd", meth_setfd}, | |
438 | {"rawconnection", meth_rawconn}, | |
439 | {NULL, NULL} | |
440 | }; | |
441 | ||
442 | /** | |
443 | * Initialize modules | |
444 | */ | |
445 | LUASEC_API int luaopen_ssl_core(lua_State *L) | |
446 | { | |
447 | /* Initialize SSL */ | |
448 | if (!SSL_library_init()) { | |
449 | lua_pushstring(L, "unable to initialize SSL library"); | |
450 | lua_error(L); | |
451 | } | |
452 | SSL_load_error_strings(); | |
453 | ||
454 | /* Initialize internal library */ | |
455 | socket_open(); | |
456 | ||
457 | /* Registre the functions and tables */ | |
458 | luaL_newmetatable(L, "SSL:Connection"); | |
459 | lua_newtable(L); | |
460 | luaL_register(L, NULL, meta); | |
461 | lua_setfield(L, -2, "__index"); | |
462 | lua_pushcfunction(L, meth_destroy); | |
463 | lua_setfield(L, -2, "__gc"); | |
464 | ||
465 | luaL_register(L, "ssl.core", funcs); | |
466 | lua_pushnumber(L, SOCKET_INVALID); | |
467 | lua_setfield(L, -2, "invalidfd"); | |
468 | ||
469 | return 1; | |
470 | } | |
471 |