src/ssl.c@85d59ac3328b (annotated)
src/ssl.c
Sun, 03 Jul 2011 13:13:36 -0700
- author
- Paul Aurich <paul@darkrain42.org>
- date
- Sun, 03 Jul 2011 13:13:36 -0700
- changeset 40
- 85d59ac3328b
- parent 38
- 4ecd7b0e67ea
- child 41
- e26f1f91118a
- permissions
- -rw-r--r--
ssl: Fix indentation (not sure how this happened)
| 0 | 1 | /*-------------------------------------------------------------------------- |
| 2 | * LuaSec 0.4 | |
| 3 | * Copyright (C) 2006-2009 Bruno Silvestre | |
| 4 | * | |
| 5 | *--------------------------------------------------------------------------*/ | |
| 6 | ||
| 7 | #include <string.h> | |
| 8 | ||
| 9 | #include <openssl/ssl.h> | |
|
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
10 | #include <openssl/x509v3.h> |
| 0 | 11 | #include <openssl/err.h> |
| 12 | ||
| 13 | #include <lua.h> | |
| 14 | #include <lauxlib.h> | |
| 15 | ||
| 16 | #include "io.h" | |
| 17 | #include "buffer.h" | |
| 18 | #include "timeout.h" | |
| 19 | #include "socket.h" | |
| 20 | #include "ssl.h" | |
|
19
45b7299e4746
src/ssl.c: Include x509.h to shush compiler warning
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
21 | #include "x509.h" |
| 0 | 22 | |
|
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
23 | /* index into the SSL storage where the t_ssl is. |
|
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
24 | * see SSL_get_ex_data(). |
|
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
25 | */ |
|
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
26 | static int luasec_ssl_idx; |
|
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
27 | |
| 0 | 28 | /** |
| 29 | * Map error code into string. | |
| 30 | */ | |
| 31 | static const char *ssl_ioerror(void *ctx, int err) | |
| 32 | { | |
| 33 | if (err == IO_SSL) { | |
| 34 | p_ssl ssl = (p_ssl) ctx; | |
| 35 | switch(ssl->error) { | |
| 36 | case SSL_ERROR_NONE: return "No error"; | |
| 37 | case SSL_ERROR_ZERO_RETURN: return "closed"; | |
| 38 | case SSL_ERROR_WANT_READ: return "wantread"; | |
| 39 | case SSL_ERROR_WANT_WRITE: return "wantwrite"; | |
| 40 | case SSL_ERROR_WANT_CONNECT: return "'connect' not completed"; | |
| 41 | case SSL_ERROR_WANT_ACCEPT: return "'accept' not completed"; | |
| 42 | case SSL_ERROR_WANT_X509_LOOKUP: return "Waiting for callback"; | |
| 43 | case SSL_ERROR_SYSCALL: return "System error"; | |
| 44 | case SSL_ERROR_SSL: return ERR_reason_error_string(ERR_get_error()); | |
| 45 | default: return "Unknown SSL error"; | |
| 46 | } | |
| 47 | } | |
| 48 | return socket_strerror(err); | |
| 49 | } | |
| 50 | ||
| 51 | /** | |
| 52 | * Close the connection before the GC collect the object. | |
| 53 | */ | |
| 54 | static int meth_destroy(lua_State *L) | |
| 55 | { | |
| 56 | p_ssl ssl = (p_ssl) lua_touserdata(L, 1); | |
| 57 | if (ssl->ssl) { | |
| 58 | socket_setblocking(&ssl->sock); | |
| 59 | SSL_shutdown(ssl->ssl); | |
| 60 | socket_destroy(&ssl->sock); | |
| 61 | SSL_free(ssl->ssl); | |
| 62 | ssl->ssl = NULL; | |
| 63 | } | |
| 64 | return 0; | |
| 65 | } | |
| 66 | ||
| 67 | /** | |
|
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
68 | * Object information -- tostring metamethod |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
69 | */ |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
70 | static int meth_tostring(lua_State *L) |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
71 | { |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
72 | p_ssl ssl = (p_ssl)lua_touserdata(L, 1); |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
73 | lua_pushfstring(L, "SSL connection: %p", ssl); |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
74 | return 1; |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
75 | } |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
76 | |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
77 | /** |
| 0 | 78 | * Perform the TLS/SSL handshake |
| 79 | */ | |
| 80 | static int handshake(p_ssl ssl) | |
| 81 | { | |
| 82 | int err; | |
| 83 | p_timeout tm = timeout_markstart(&ssl->tm); | |
| 84 | if (ssl->state == ST_SSL_CLOSED) | |
| 85 | return IO_CLOSED; | |
| 86 | for ( ; ; ) { | |
| 87 | ERR_clear_error(); | |
| 88 | err = SSL_do_handshake(ssl->ssl); | |
| 89 | ssl->error = SSL_get_error(ssl->ssl, err); | |
| 90 | switch(ssl->error) { | |
| 91 | case SSL_ERROR_NONE: | |
| 92 | ssl->state = ST_SSL_CONNECTED; | |
| 93 | return IO_DONE; | |
| 94 | case SSL_ERROR_WANT_READ: | |
| 95 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
| 96 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 97 | if (err != IO_DONE) return err; | |
| 98 | break; | |
| 99 | case SSL_ERROR_WANT_WRITE: | |
| 100 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
| 101 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 102 | if (err != IO_DONE) return err; | |
| 103 | break; | |
| 104 | case SSL_ERROR_SYSCALL: | |
| 105 | if (ERR_peek_error()) { | |
| 106 | ssl->error = SSL_ERROR_SSL; | |
| 107 | return IO_SSL; | |
| 108 | } | |
| 109 | if (err == 0) | |
| 110 | return IO_CLOSED; | |
| 111 | return socket_error(); | |
| 112 | default: | |
| 113 | return IO_SSL; | |
| 114 | } | |
| 115 | } | |
| 116 | return IO_UNKNOWN; | |
| 117 | } | |
| 118 | ||
| 119 | /** | |
| 120 | * Send data | |
| 121 | */ | |
| 122 | static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent, | |
| 123 | p_timeout tm) | |
| 124 | { | |
| 125 | int err; | |
| 126 | p_ssl ssl = (p_ssl) ctx; | |
| 127 | if (ssl->state == ST_SSL_CLOSED) | |
| 128 | return IO_CLOSED; | |
| 129 | *sent = 0; | |
| 130 | for ( ; ; ) { | |
| 131 | ERR_clear_error(); | |
| 132 | err = SSL_write(ssl->ssl, data, (int) count); | |
| 133 | ssl->error = SSL_get_error(ssl->ssl, err); | |
| 134 | switch(ssl->error) { | |
| 135 | case SSL_ERROR_NONE: | |
| 136 | *sent = err; | |
| 137 | return IO_DONE; | |
| 138 | case SSL_ERROR_WANT_READ: | |
| 139 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
| 140 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 141 | if (err != IO_DONE) return err; | |
| 142 | break; | |
| 143 | case SSL_ERROR_WANT_WRITE: | |
| 144 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
| 145 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 146 | if (err != IO_DONE) return err; | |
| 147 | break; | |
| 148 | case SSL_ERROR_SYSCALL: | |
| 149 | if (ERR_peek_error()) { | |
| 150 | ssl->error = SSL_ERROR_SSL; | |
| 151 | return IO_SSL; | |
| 152 | } | |
| 153 | if (err == 0) | |
| 154 | return IO_CLOSED; | |
| 155 | return socket_error(); | |
| 156 | default: | |
| 157 | return IO_SSL; | |
| 158 | } | |
| 159 | } | |
| 160 | return IO_UNKNOWN; | |
| 161 | } | |
| 162 | ||
| 163 | /** | |
| 164 | * Receive data | |
| 165 | */ | |
| 166 | static int ssl_recv(void *ctx, char *data, size_t count, size_t *got, | |
| 167 | p_timeout tm) | |
| 168 | { | |
| 169 | int err; | |
| 170 | p_ssl ssl = (p_ssl) ctx; | |
| 171 | if (ssl->state == ST_SSL_CLOSED) | |
| 172 | return IO_CLOSED; | |
| 173 | *got = 0; | |
| 174 | for ( ; ; ) { | |
| 175 | ERR_clear_error(); | |
| 176 | err = SSL_read(ssl->ssl, data, (int) count); | |
| 177 | ssl->error = SSL_get_error(ssl->ssl, err); | |
| 178 | switch(ssl->error) { | |
| 179 | case SSL_ERROR_NONE: | |
| 180 | *got = err; | |
| 181 | return IO_DONE; | |
| 182 | case SSL_ERROR_ZERO_RETURN: | |
| 183 | *got = err; | |
| 184 | return IO_CLOSED; | |
| 185 | case SSL_ERROR_WANT_READ: | |
| 186 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
| 187 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 188 | if (err != IO_DONE) return err; | |
| 189 | break; | |
| 190 | case SSL_ERROR_WANT_WRITE: | |
| 191 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
| 192 | if (err == IO_TIMEOUT) return IO_SSL; | |
| 193 | if (err != IO_DONE) return err; | |
| 194 | break; | |
| 195 | case SSL_ERROR_SYSCALL: | |
| 196 | if (ERR_peek_error()) { | |
| 197 | ssl->error = SSL_ERROR_SSL; | |
| 198 | return IO_SSL; | |
| 199 | } | |
| 200 | if (err == 0) | |
| 201 | return IO_CLOSED; | |
| 202 | return socket_error(); | |
| 203 | default: | |
| 204 | return IO_SSL; | |
| 205 | } | |
| 206 | } | |
| 207 | return IO_UNKNOWN; | |
| 208 | } | |
| 209 | ||
| 210 | /** | |
| 211 | * Create a new TLS/SSL object and mark it as new. | |
| 212 | */ | |
| 213 | static int meth_create(lua_State *L) | |
| 214 | { | |
| 215 | p_ssl ssl; | |
| 216 | int mode = ctx_getmode(L, 1); | |
|
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
217 | p_context ctx = checkctx(L, 1); |
| 0 | 218 | |
| 219 | if (mode == MD_CTX_INVALID) { | |
| 220 | lua_pushnil(L); | |
| 221 | lua_pushstring(L, "invalid mode"); | |
| 222 | return 2; | |
| 223 | } | |
|
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
224 | if (luasec_ssl_idx == -1) { |
|
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
225 | luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec ssl context", NULL, NULL, NULL); |
|
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
226 | if (luasec_ssl_idx == -1) { |
|
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
227 | lua_pushnil(L); |
|
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
228 | lua_pushstring(L, "error creating luasec SSL index"); |
|
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
229 | return 2; |
|
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
230 | } |
|
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
231 | } |
| 0 | 232 | ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl)); |
| 233 | if (!ssl) { | |
| 234 | lua_pushnil(L); | |
| 235 | lua_pushstring(L, "error creating SSL object"); | |
| 236 | return 2; | |
| 237 | } | |
|
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
238 | ssl->ssl = SSL_new(ctx->context); |
| 0 | 239 | if (!ssl->ssl) { |
| 240 | lua_pushnil(L); | |
| 241 | lua_pushstring(L, "error creating SSL object"); | |
| 242 | return 2;; | |
| 243 | } | |
| 244 | ssl->state = ST_SSL_NEW; | |
| 245 | SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); | |
|
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
246 | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | |
| 0 | 247 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
|
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
248 | |
|
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
249 | #ifdef SSL_MODE_RELEASE_BUFFERS |
|
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
250 | SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
|
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
251 | #endif |
|
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
252 | |
|
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
253 | SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); |
|
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
254 | |
| 0 | 255 | if (mode == MD_CTX_SERVER) |
| 256 | SSL_set_accept_state(ssl->ssl); | |
| 257 | else | |
| 258 | SSL_set_connect_state(ssl->ssl); | |
| 259 | ||
| 260 | io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, | |
| 261 | (p_error) ssl_ioerror, ssl); | |
| 262 | timeout_init(&ssl->tm, -1, -1); | |
| 263 | buffer_init(&ssl->buf, &ssl->io, &ssl->tm); | |
| 264 | ||
| 265 | luaL_getmetatable(L, "SSL:Connection"); | |
| 266 | lua_setmetatable(L, -2); | |
| 267 | return 1; | |
| 268 | } | |
| 269 | ||
| 270 | /** | |
| 271 | * Buffer send function | |
| 272 | */ | |
| 273 | static int meth_send(lua_State *L) { | |
| 274 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 275 | return buffer_meth_send(L, &ssl->buf); | |
| 276 | } | |
| 277 | ||
| 278 | /** | |
| 279 | * Buffer receive function | |
| 280 | */ | |
| 281 | static int meth_receive(lua_State *L) { | |
| 282 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 283 | return buffer_meth_receive(L, &ssl->buf); | |
| 284 | } | |
| 285 | ||
| 286 | /** | |
| 287 | * Select support methods | |
| 288 | */ | |
| 289 | static int meth_getfd(lua_State *L) | |
| 290 | { | |
| 291 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 292 | lua_pushnumber(L, ssl->sock); | |
| 293 | return 1; | |
| 294 | } | |
| 295 | ||
| 296 | /** | |
| 297 | * Set the TLS/SSL file descriptor. | |
| 298 | * This is done *before* the handshake. | |
| 299 | */ | |
| 300 | static int meth_setfd(lua_State *L) | |
| 301 | { | |
| 302 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 303 | if (ssl->state != ST_SSL_NEW) | |
| 304 | luaL_argerror(L, 1, "invalid SSL object state"); | |
| 305 | ssl->sock = luaL_checkint(L, 2); | |
| 306 | socket_setnonblocking(&ssl->sock); | |
| 307 | SSL_set_fd(ssl->ssl, (int)ssl->sock); | |
| 308 | return 0; | |
| 309 | } | |
| 310 | ||
| 311 | /** | |
| 312 | * Lua handshake function. | |
| 313 | */ | |
| 314 | static int meth_handshake(lua_State *L) | |
| 315 | { | |
| 316 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 317 | int err = handshake(ssl); | |
| 318 | if (err == IO_DONE) { | |
| 319 | lua_pushboolean(L, 1); | |
| 320 | return 1; | |
| 321 | } | |
| 322 | lua_pushboolean(L, 0); | |
| 323 | lua_pushstring(L, ssl_ioerror((void*)ssl, err)); | |
| 324 | return 2; | |
| 325 | } | |
| 326 | ||
| 327 | /** | |
| 328 | * Close the connection. | |
| 329 | */ | |
| 330 | static int meth_close(lua_State *L) | |
| 331 | { | |
| 332 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 333 | meth_destroy(L); | |
| 334 | ssl->state = ST_SSL_CLOSED; | |
| 335 | return 0; | |
| 336 | } | |
| 337 | ||
| 338 | /** | |
| 339 | * Set timeout. | |
| 340 | */ | |
| 341 | static int meth_settimeout(lua_State *L) | |
| 342 | { | |
| 343 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 344 | return timeout_meth_settimeout(L, &ssl->tm); | |
| 345 | } | |
| 346 | ||
| 347 | /** | |
| 348 | * Check if there is data in the buffer. | |
| 349 | */ | |
| 350 | static int meth_dirty(lua_State *L) | |
| 351 | { | |
| 352 | int res = 0; | |
| 353 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 354 | if (ssl->state != ST_SSL_CLOSED) | |
| 355 | res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl); | |
| 356 | lua_pushboolean(L, res); | |
| 357 | return 1; | |
| 358 | } | |
| 359 | ||
| 360 | /** | |
| 361 | * Return the state information about the SSL object. | |
| 362 | */ | |
| 363 | static int meth_want(lua_State *L) | |
| 364 | { | |
| 365 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
| 366 | int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl); | |
| 367 | switch(code) { | |
| 368 | case SSL_NOTHING: lua_pushstring(L, "nothing"); break; | |
| 369 | case SSL_READING: lua_pushstring(L, "read"); break; | |
| 370 | case SSL_WRITING: lua_pushstring(L, "write"); break; | |
| 371 | case SSL_X509_LOOKUP: lua_pushstring(L, "x509lookup"); break; | |
| 372 | } | |
| 373 | return 1; | |
| 374 | } | |
| 375 | ||
| 376 | /** | |
| 377 | * Return a pointer to SSL structure. | |
| 378 | */ | |
| 379 | static int meth_rawconn(lua_State *L) | |
| 380 | { | |
| 381 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); | |
| 382 | lua_pushlightuserdata(L, (void*)ssl->ssl); | |
| 383 | return 1; | |
| 384 | } | |
| 385 | ||
|
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
386 | /** |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
387 | * Return the compression method used. |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
388 | */ |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
389 | static int meth_compression(lua_State *L) |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
390 | { |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
391 | const COMP_METHOD *comp; |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
392 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
393 | comp = SSL_get_current_compression(ssl->ssl); |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
394 | if (comp) { |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
395 | lua_pushstring(L, SSL_COMP_get_name(comp)); |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
396 | return 1; |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
397 | } else { |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
398 | lua_pushboolean(L, 0); |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
399 | return 1; |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
400 | } |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
401 | } |
|
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
402 | |
|
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
403 | /** |
|
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
404 | * Return the validation state of the peer chain |
|
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
405 | */ |
|
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
406 | static int meth_getpeerchainvalid(lua_State *L) |
|
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
407 | { |
|
40
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
408 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
409 | long result = SSL_get_verify_result(ssl->ssl); |
|
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
410 | |
|
40
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
411 | if (result == X509_V_OK) { |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
412 | lua_pushboolean(L, 1); |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
413 | return 1; |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
414 | } |
|
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
415 | |
|
40
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
416 | lua_pushboolean(L, 0); |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
417 | lua_pushstring(L, X509_verify_cert_error_string(result)); |
|
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
418 | return 2; |
|
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
419 | } |
|
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
420 | |
|
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
421 | static void luasec_push_cert(lua_State *L, X509 *cert) |
|
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
422 | { |
|
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
423 | if (cert == NULL) { |
|
14
1927b7b32faf
Split X509 decoding into a separate module, ssl.x509
Matthew Wild <mwild1@gmail.com>
parents:
13
diff
changeset
|
424 | lua_pushnil(L); |
|
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
425 | } |
|
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
426 | else |
|
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
427 | { |
|
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
428 | luasec_push_x509(L, cert); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
429 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
430 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
431 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
432 | /** |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
433 | * Return the nth certificate of the peer's chain. |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
434 | */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
435 | static int meth_getpeercertificate(lua_State *L) |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
436 | { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
437 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
438 | int n = luaL_optint(L, 2, 1); /* Default to the first cert */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
439 | STACK_OF(X509) *certs; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
440 | X509 *cert; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
441 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
442 | /* This function is 1-based, but OpenSSL is 0-based */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
443 | --n; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
444 | if (n < 0) { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
445 | lua_pushnil(L); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
446 | lua_pushliteral(L, "n must be positive"); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
447 | return 2; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
448 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
449 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
450 | if (n == 0) { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
451 | luasec_push_cert(L, SSL_get_peer_certificate(ssl->ssl)); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
452 | return 1; |
|
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
453 | } |
|
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
454 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
455 | /* |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
456 | * In a server-context, the stack doesn't contain the peer cert, so |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
457 | * adjust accordingly. |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
458 | */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
459 | if (ssl->ssl->server) |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
460 | --n; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
461 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
462 | certs = SSL_get_peer_cert_chain(ssl->ssl); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
463 | if (n >= sk_X509_num(certs)) { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
464 | lua_pushnil(L); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
465 | lua_pushliteral(L, "no certificate at this index"); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
466 | return 2; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
467 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
468 | cert = sk_X509_value(certs, n); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
469 | /* Locking...the same as in SSL_get_peer_certificate */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
470 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
471 | luasec_push_cert(L, cert); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
472 | return 1; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
473 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
474 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
475 | static int meth_getpeerchain(lua_State *L) |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
476 | { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
477 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
478 | STACK_OF(X509) *certs; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
479 | int n_certs, i; |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
480 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
481 | lua_newtable(L); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
482 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
483 | if (ssl->ssl->server) { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
484 | luasec_push_cert(L, SSL_get_peer_certificate(ssl->ssl)); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
485 | lua_rawseti(L, -2, 1); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
486 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
487 | |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
488 | certs = SSL_get_peer_cert_chain(ssl->ssl); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
489 | n_certs = sk_X509_num(certs); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
490 | for (i = 0; i < n_certs; ++i) { |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
491 | X509 *cert = sk_X509_value(certs, i); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
492 | /* Locking...the same as in SSL_get_peer_certificate */ |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
493 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
494 | luasec_push_cert(L, cert); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
495 | lua_rawseti(L, -2, lua_objlen(L, -2)+1); |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
496 | } |
|
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
497 | |
|
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
498 | return 1; |
|
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
499 | } |
|
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
500 | |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
501 | static int meth_getfinished(lua_State *L) |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
502 | { |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
503 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
504 | SSL *conn = ssl->ssl; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
505 | char *buffer = NULL; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
506 | size_t len = 0; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
507 | if ((len = SSL_get_finished(conn, NULL, 0)) != 0) { |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
508 | buffer = malloc(len); |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
509 | if (buffer == NULL) return 0; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
510 | len = SSL_get_finished(conn, buffer, len); |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
511 | lua_pushlstring(L, buffer, len); |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
512 | free(buffer); |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
513 | return 1; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
514 | } else { |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
515 | return 0; |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
516 | } |
|
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
517 | } |
|
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
518 | |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
519 | static int meth_getpeerfinished(lua_State *L) |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
520 | { |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
521 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
522 | SSL *conn = ssl->ssl; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
523 | char *buffer = NULL; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
524 | size_t len = 0; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
525 | if ((len = SSL_get_peer_finished(conn, NULL, 0)) != 0) { |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
526 | buffer = malloc(len); |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
527 | if (buffer == NULL) return 0; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
528 | len = SSL_get_peer_finished(conn, buffer, len); |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
529 | lua_pushlstring(L, buffer, len); |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
530 | free(buffer); |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
531 | return 1; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
532 | } else { |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
533 | return 0; |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
534 | } |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
535 | } |
|
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
536 | |
| 0 | 537 | /*---------------------------------------------------------------------------*/ |
| 538 | ||
| 539 | ||
| 540 | /** | |
| 541 | * SSL metamethods | |
| 542 | */ | |
|
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
543 | static luaL_Reg methods[] = { |
|
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
544 | {"close", meth_close}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
545 | {"getfd", meth_getfd}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
546 | {"dirty", meth_dirty}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
547 | {"dohandshake", meth_handshake}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
548 | {"receive", meth_receive}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
549 | {"send", meth_send}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
550 | {"settimeout", meth_settimeout}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
551 | {"want", meth_want}, |
|
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
552 | {"compression", meth_compression}, |
|
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
553 | {"getpeercertificate",meth_getpeercertificate}, |
|
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
554 | {"getpeerchain", meth_getpeerchain}, |
|
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
555 | {"getpeerchainvalid", meth_getpeerchainvalid}, |
|
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
556 | {"getfinished", meth_getfinished}, |
|
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
557 | {"getpeerfinished", meth_getpeerfinished}, |
|
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
558 | {NULL, NULL} |
| 0 | 559 | }; |
| 560 | ||
| 561 | /** | |
| 562 | * SSL functions | |
| 563 | */ | |
| 564 | static luaL_Reg funcs[] = { | |
| 565 | {"create", meth_create}, | |
| 566 | {"setfd", meth_setfd}, | |
| 567 | {"rawconnection", meth_rawconn}, | |
| 568 | {NULL, NULL} | |
| 569 | }; | |
| 570 | ||
| 571 | /** | |
|
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
572 | * Context metamethods. |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
573 | */ |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
574 | static luaL_Reg meta[] = { |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
575 | {"__gc", meth_destroy}, |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
576 | {"__tostring", meth_tostring}, |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
577 | {NULL, NULL} |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
578 | }; |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
579 | |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
580 | /** |
| 0 | 581 | * Initialize modules |
| 582 | */ | |
| 583 | LUASEC_API int luaopen_ssl_core(lua_State *L) | |
| 584 | { | |
| 585 | /* Initialize SSL */ | |
| 586 | if (!SSL_library_init()) { | |
| 587 | lua_pushstring(L, "unable to initialize SSL library"); | |
| 588 | lua_error(L); | |
| 589 | } | |
| 590 | SSL_load_error_strings(); | |
| 591 | ||
| 592 | /* Initialize internal library */ | |
| 593 | socket_open(); | |
|
13
ebe0d286481c
src/ssl.c: Fix minor typo and whitespace
Matthew Wild <mwild1@gmail.com>
parents:
12
diff
changeset
|
594 | |
|
ebe0d286481c
src/ssl.c: Fix minor typo and whitespace
Matthew Wild <mwild1@gmail.com>
parents:
12
diff
changeset
|
595 | /* Register the functions and tables */ |
| 0 | 596 | luaL_newmetatable(L, "SSL:Connection"); |
|
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
597 | luaL_register(L, NULL, meta); |
|
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
598 | |
| 0 | 599 | lua_newtable(L); |
|
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
600 | luaL_register(L, NULL, methods); |
| 0 | 601 | lua_setfield(L, -2, "__index"); |
| 602 | ||
| 603 | luaL_register(L, "ssl.core", funcs); | |
| 604 | lua_pushnumber(L, SOCKET_INVALID); | |
| 605 | lua_setfield(L, -2, "invalidfd"); | |
| 606 | ||
| 607 | return 1; | |
| 608 | } | |
| 609 |
