src/ssl.c

Fri, 05 Nov 2010 16:38:10 +0000

author
Matthew Wild <mwild1@gmail.com>
date
Fri, 05 Nov 2010 16:38:10 +0000
changeset 11
8d7698d3fd26
parent 10
a4a1fd8c1b43
child 12
ac943b31f40c
permissions
-rw-r--r--

Refactoring of :getpeercertificate(), support for subjectAltName extensions

0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 /*--------------------------------------------------------------------------
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 * LuaSec 0.4
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 * Copyright (C) 2006-2009 Bruno Silvestre
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 *
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 *--------------------------------------------------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 #include <string.h>
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 #include <openssl/ssl.h>
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
10 #include <openssl/x509v3.h>
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 #include <openssl/err.h>
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 #include <lua.h>
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 #include <lauxlib.h>
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 #include "io.h"
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 #include "buffer.h"
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 #include "timeout.h"
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 #include "socket.h"
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 #include "ssl.h"
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
22 #define min(a, b) (a<b)?a:b
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
23
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 * Map error code into string.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 static const char *ssl_ioerror(void *ctx, int err)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 if (err == IO_SSL) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 p_ssl ssl = (p_ssl) ctx;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 switch(ssl->error) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 case SSL_ERROR_NONE: return "No error";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 case SSL_ERROR_ZERO_RETURN: return "closed";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 case SSL_ERROR_WANT_READ: return "wantread";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 case SSL_ERROR_WANT_WRITE: return "wantwrite";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 case SSL_ERROR_WANT_CONNECT: return "'connect' not completed";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 case SSL_ERROR_WANT_ACCEPT: return "'accept' not completed";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 case SSL_ERROR_WANT_X509_LOOKUP: return "Waiting for callback";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 case SSL_ERROR_SYSCALL: return "System error";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 case SSL_ERROR_SSL: return ERR_reason_error_string(ERR_get_error());
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 default: return "Unknown SSL error";
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 return socket_strerror(err);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 * Close the connection before the GC collect the object.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 static int meth_destroy(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 p_ssl ssl = (p_ssl) lua_touserdata(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 if (ssl->ssl) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 socket_setblocking(&ssl->sock);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 SSL_shutdown(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 socket_destroy(&ssl->sock);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 SSL_free(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 ssl->ssl = NULL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 * Perform the TLS/SSL handshake
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 static int handshake(p_ssl ssl)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 int err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 p_timeout tm = timeout_markstart(&ssl->tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 if (ssl->state == ST_SSL_CLOSED)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 for ( ; ; ) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 ERR_clear_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 err = SSL_do_handshake(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 ssl->error = SSL_get_error(ssl->ssl, err);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 switch(ssl->error) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 case SSL_ERROR_NONE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 ssl->state = ST_SSL_CONNECTED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 return IO_DONE;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 case SSL_ERROR_WANT_READ:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 case SSL_ERROR_WANT_WRITE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 case SSL_ERROR_SYSCALL:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 if (ERR_peek_error()) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 ssl->error = SSL_ERROR_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 if (err == 0)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 return socket_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 default:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 return IO_UNKNOWN;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 * Send data
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 p_timeout tm)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 int err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 p_ssl ssl = (p_ssl) ctx;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 if (ssl->state == ST_SSL_CLOSED)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 *sent = 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 for ( ; ; ) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 ERR_clear_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 err = SSL_write(ssl->ssl, data, (int) count);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 ssl->error = SSL_get_error(ssl->ssl, err);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 switch(ssl->error) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 case SSL_ERROR_NONE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 *sent = err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 return IO_DONE;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 case SSL_ERROR_WANT_READ:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125 err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 case SSL_ERROR_WANT_WRITE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
130 err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 case SSL_ERROR_SYSCALL:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
135 if (ERR_peek_error()) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
136 ssl->error = SSL_ERROR_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
137 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139 if (err == 0)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
141 return socket_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
142 default:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
143 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 return IO_UNKNOWN;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 * Receive data
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
151 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
152 static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
153 p_timeout tm)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
154 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
155 int err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
156 p_ssl ssl = (p_ssl) ctx;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
157 if (ssl->state == ST_SSL_CLOSED)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
158 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 *got = 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
160 for ( ; ; ) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
161 ERR_clear_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
162 err = SSL_read(ssl->ssl, data, (int) count);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
163 ssl->error = SSL_get_error(ssl->ssl, err);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
164 switch(ssl->error) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
165 case SSL_ERROR_NONE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
166 *got = err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
167 return IO_DONE;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
168 case SSL_ERROR_ZERO_RETURN:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
169 *got = err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
170 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
171 case SSL_ERROR_WANT_READ:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
172 err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
173 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
174 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
175 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
176 case SSL_ERROR_WANT_WRITE:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
177 err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
178 if (err == IO_TIMEOUT) return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
179 if (err != IO_DONE) return err;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
180 break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
181 case SSL_ERROR_SYSCALL:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
182 if (ERR_peek_error()) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
183 ssl->error = SSL_ERROR_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
184 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
185 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
186 if (err == 0)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
187 return IO_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
188 return socket_error();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
189 default:
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
190 return IO_SSL;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
191 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
192 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
193 return IO_UNKNOWN;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
194 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
195
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
196 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
197 * Create a new TLS/SSL object and mark it as new.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
198 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
199 static int meth_create(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
200 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
201 p_ssl ssl;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
202 int mode = ctx_getmode(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
203 SSL_CTX *ctx = ctx_getcontext(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
204
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
205 if (mode == MD_CTX_INVALID) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
206 lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
207 lua_pushstring(L, "invalid mode");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
208 return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
209 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
210 ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl));
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
211 if (!ssl) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
212 lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
213 lua_pushstring(L, "error creating SSL object");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
214 return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
215 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
216 ssl->ssl = SSL_new(ctx);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
217 if (!ssl->ssl) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
218 lua_pushnil(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
219 lua_pushstring(L, "error creating SSL object");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
220 return 2;;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
221 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
222 ssl->state = ST_SSL_NEW;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
223 SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
2
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
224 SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
225 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
226
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
227 #ifdef SSL_MODE_RELEASE_BUFFERS
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
228 SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
229 #endif
0cfca30f1ce3 ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
230
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
231 if (mode == MD_CTX_SERVER)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
232 SSL_set_accept_state(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
233 else
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
234 SSL_set_connect_state(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
235
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
236 io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv,
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
237 (p_error) ssl_ioerror, ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
238 timeout_init(&ssl->tm, -1, -1);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
239 buffer_init(&ssl->buf, &ssl->io, &ssl->tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
240
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
241 luaL_getmetatable(L, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
242 lua_setmetatable(L, -2);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
243 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
244 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
245
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
246 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
247 * Buffer send function
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
248 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
249 static int meth_send(lua_State *L) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
250 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
251 return buffer_meth_send(L, &ssl->buf);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
252 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
253
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
254 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
255 * Buffer receive function
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
256 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
257 static int meth_receive(lua_State *L) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
258 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
259 return buffer_meth_receive(L, &ssl->buf);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
260 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
261
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
262 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
263 * Select support methods
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
264 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
265 static int meth_getfd(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
266 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
267 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
268 lua_pushnumber(L, ssl->sock);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
269 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
270 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
271
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
272 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
273 * Set the TLS/SSL file descriptor.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
274 * This is done *before* the handshake.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
275 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
276 static int meth_setfd(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
277 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
278 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
279 if (ssl->state != ST_SSL_NEW)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
280 luaL_argerror(L, 1, "invalid SSL object state");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
281 ssl->sock = luaL_checkint(L, 2);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
282 socket_setnonblocking(&ssl->sock);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
283 SSL_set_fd(ssl->ssl, (int)ssl->sock);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
284 return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
285 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
286
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
287 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
288 * Lua handshake function.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
289 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
290 static int meth_handshake(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
291 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
292 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
293 int err = handshake(ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
294 if (err == IO_DONE) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
295 lua_pushboolean(L, 1);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
296 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
297 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
298 lua_pushboolean(L, 0);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
299 lua_pushstring(L, ssl_ioerror((void*)ssl, err));
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
300 return 2;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
301 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
302
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
303 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
304 * Close the connection.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
305 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
306 static int meth_close(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
307 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
308 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
309 meth_destroy(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
310 ssl->state = ST_SSL_CLOSED;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
311 return 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
312 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
313
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
314 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
315 * Set timeout.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
316 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
317 static int meth_settimeout(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
318 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
319 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
320 return timeout_meth_settimeout(L, &ssl->tm);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
321 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
322
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
323 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
324 * Check if there is data in the buffer.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
325 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
326 static int meth_dirty(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
327 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
328 int res = 0;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
329 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
330 if (ssl->state != ST_SSL_CLOSED)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
331 res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
332 lua_pushboolean(L, res);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
333 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
334 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
335
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
336 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
337 * Return the state information about the SSL object.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
338 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
339 static int meth_want(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
340 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
341 p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
342 int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
343 switch(code) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
344 case SSL_NOTHING: lua_pushstring(L, "nothing"); break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
345 case SSL_READING: lua_pushstring(L, "read"); break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
346 case SSL_WRITING: lua_pushstring(L, "write"); break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
347 case SSL_X509_LOOKUP: lua_pushstring(L, "x509lookup"); break;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
348 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
349 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
350 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
351
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
352 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
353 * Return a pointer to SSL structure.
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
354 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
355 static int meth_rawconn(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
356 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
357 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
358 lua_pushlightuserdata(L, (void*)ssl->ssl);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
359 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
360 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
361
3
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
362 /**
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
363 * Return the compression method used.
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
364 */
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
365 static int meth_compression(lua_State *L)
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
366 {
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
367 const COMP_METHOD *comp;
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
368 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
369 comp = SSL_get_current_compression(ssl->ssl);
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
370 if (comp) {
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
371 lua_pushstring(L, SSL_COMP_get_name(comp));
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
372 return 1;
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
373 } else {
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
374 lua_pushboolean(L, 0);
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
375 return 1;
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
376 }
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
377 }
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
378
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
379 void luasec_push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
380 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
381 char buffer[256];
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
382 int len = OBJ_obj2txt(buffer, sizeof(buffer), object, no_name);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
383 lua_pushlstring(L, buffer, min(sizeof(buffer),len));
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
384 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
385
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
386 void luasec_push_asn1_string(lua_State* L, ASN1_STRING *string)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
387 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
388 if(string)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
389 lua_pushlstring(L, (char*)ASN1_STRING_data(string), ASN1_STRING_length(string));
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
390 else
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
391 lua_pushnil(L);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
392 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
393
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
394 int luasec_push_subtable(lua_State* L, int idx)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
395 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
396
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
397 lua_pushvalue(L, -1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
398 lua_gettable(L, idx-1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
399
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
400 if(lua_isnil(L, -1))
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
401 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
402 lua_pop(L, 1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
403 lua_newtable(L);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
404 lua_pushvalue(L, -2);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
405 lua_pushvalue(L, -2);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
406 lua_settable(L, idx-3);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
407
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
408 lua_replace(L, -2); /* Replace key with table */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
409 return 1;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
410 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
411 lua_replace(L, -2); /* Replace key with table */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
412 return 0;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
413 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
414
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
415 /**
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
416 * Return the peer certificate.
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
417 */
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
418 static int meth_getpeercertificate(lua_State *L)
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
419 {
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
420 X509 *peer;
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
421 int i, j;
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
422 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
423 peer = SSL_get_peer_certificate(ssl->ssl);
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
424 if (peer == NULL) {
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
425 /* No client certificate available */
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
426 lua_pushboolean(L, 0);
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
427 return 1;
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
428 }
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
429 else
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
430 {
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
431 X509_NAME *subject;
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
432 int n_entries;
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
433
8
fbaccf44ea01 Fix to remove duplicated table on the stack, causing the 'trusted' flag to disappear from the returned cert
Matthew Wild <mwild1@gmail.com>
parents: 7
diff changeset
434 lua_newtable(L); /* ret */
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
435
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
436 lua_pushboolean(L, (SSL_get_verify_result(ssl->ssl) == X509_V_OK));
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
437 lua_setfield(L, -2, "trusted");
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
438
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
439 subject = X509_get_subject_name(peer);
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
440
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
441 n_entries = X509_NAME_entry_count(subject);
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
442
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
443 lua_newtable(L); /* {} */
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
444 lua_pushvalue(L, -1);
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
445 lua_setfield(L, -3, "subject"); /* ret.subject = {} */
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
446 for(i = 0; i <= n_entries; i++)
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
447 {
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
448 X509_NAME_ENTRY *entry;
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
449 ASN1_OBJECT *object;
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
450
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
451 entry = X509_NAME_get_entry(subject, i);
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
452 object = X509_NAME_ENTRY_get_object(entry);
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
453
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
454 luasec_push_asn1_objname(L, object, 1);
9
bb7e0d7a0a08 Whitespace fix for clarity
Matthew Wild <mwild1@gmail.com>
parents: 8
diff changeset
455
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
456 if(luasec_push_subtable(L, -2))
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
457 {
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
458 /* Get short/long name of the entry */
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
459 luasec_push_asn1_objname(L, object, 0);
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
460 lua_setfield(L, -2, "name");
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
461 }
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
462
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
463 luasec_push_asn1_string(L, X509_NAME_ENTRY_get_data(entry));
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
464 lua_rawseti(L, -2, lua_objlen(L, -2)+1);
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
465
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
466 lua_pop(L, 1);
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
467 }
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
468 }
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
469 lua_pop(L, 1); /* ret.subject */
11
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
470
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
471 lua_newtable(L); /* {} */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
472 lua_pushvalue(L, -1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
473 lua_setfield(L, -3, "extensions"); /* ret.extensions = {} */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
474
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
475 i = -1;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
476 while((i = X509_get_ext_by_NID(peer, NID_subject_alt_name, i)) != -1)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
477 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
478 X509_EXTENSION *extension;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
479 STACK_OF(GENERAL_NAME) *values;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
480 int n_general_names;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
481
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
482 extension = X509_get_ext(peer, i);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
483 if(extension == NULL)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
484 break;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
485
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
486 values = X509V3_EXT_d2i(extension);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
487 if(values == NULL)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
488 break;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
489
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
490 /* Push ret.extensions[oid] */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
491 luasec_push_asn1_objname(L, extension->object, 1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
492 luasec_push_subtable(L, -2);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
493 /* Set ret.extensions[oid].name = name */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
494 luasec_push_asn1_objname(L, extension->object, 0);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
495 lua_setfield(L, -2, "name");
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
496
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
497 n_general_names = sk_GENERAL_NAME_num(values);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
498 for(j = 0; j < n_general_names; j++)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
499 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
500 GENERAL_NAME *general_name;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
501
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
502 general_name = sk_GENERAL_NAME_value(values, j);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
503
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
504 switch(general_name->type)
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
505 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
506 case GEN_OTHERNAME:
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
507 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
508 OTHERNAME *otherName = general_name->d.otherName;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
509
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
510 luasec_push_asn1_objname(L, otherName->type_id, 1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
511
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
512 if(luasec_push_subtable(L, -2))
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
513 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
514 luasec_push_asn1_objname(L, otherName->type_id, 0);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
515 lua_setfield(L, -2, "name");
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
516 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
517
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
518 luasec_push_asn1_string(L, otherName->value->value.asn1_string);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
519 lua_rawseti(L, -2, lua_objlen(L, -2)+1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
520
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
521 lua_pop(L, 1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
522 break;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
523 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
524 case GEN_DNS:
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
525 {
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
526 lua_pushstring(L, "dNSName");
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
527 luasec_push_subtable(L, -2);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
528 luasec_push_asn1_string(L, general_name->d.dNSName);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
529 lua_rawseti(L, -2, lua_objlen(L, -2)+1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
530 lua_pop(L, 1);
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
531 break;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
532 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
533 default:
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
534 break;
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
535 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
536 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
537
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
538 lua_pop(L, 1); /* array */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
539 i++; /* Next extension */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
540 }
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
541 lua_pop(L, 1); /* ret.extensions */
8d7698d3fd26 Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents: 10
diff changeset
542
7
da3cf40976f6 Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents: 6
diff changeset
543 return 1;
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
544 }
5
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
545
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
546 static int meth_getfinished(lua_State *L)
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
547 {
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
548 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
549 SSL *conn = ssl->ssl;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
550 char *buffer = NULL;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
551 size_t len = 0;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
552 if ((len = SSL_get_finished(conn, NULL, 0)) != 0) {
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
553 buffer = malloc(len);
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
554 if (buffer == NULL) return 0;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
555 len = SSL_get_finished(conn, buffer, len);
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
556 lua_pushlstring(L, buffer, len);
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
557 free(buffer);
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
558 return 1;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
559 } else {
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
560 return 0;
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
561 }
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
562 }
6
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
563
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
564 static int meth_getpeerfinished(lua_State *L)
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
565 {
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
566 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
567 SSL *conn = ssl->ssl;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
568 char *buffer = NULL;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
569 size_t len = 0;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
570 if ((len = SSL_get_peer_finished(conn, NULL, 0)) != 0) {
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
571 buffer = malloc(len);
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
572 if (buffer == NULL) return 0;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
573 len = SSL_get_peer_finished(conn, buffer, len);
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
574 lua_pushlstring(L, buffer, len);
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
575 free(buffer);
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
576 return 1;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
577 } else {
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
578 return 0;
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
579 }
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
580 }
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
581
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
582 /*---------------------------------------------------------------------------*/
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
583
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
584
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
585 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
586 * SSL metamethods
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
587 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
588 static luaL_Reg meta[] = {
3
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
589 {"close", meth_close},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
590 {"getfd", meth_getfd},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
591 {"dirty", meth_dirty},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
592 {"dohandshake", meth_handshake},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
593 {"receive", meth_receive},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
594 {"send", meth_send},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
595 {"settimeout", meth_settimeout},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
596 {"want", meth_want},
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
597 {"compression", meth_compression},
4
718837c61318 Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents: 3
diff changeset
598 {"getpeercertificate",meth_getpeercertificate},
5
2d5a8f963181 Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 4
diff changeset
599 {"getfinished", meth_getfinished},
6
d559a15eeb40 Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents: 5
diff changeset
600 {"getpeerfinished", meth_getpeerfinished},
3
bd2b1836f0ba Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents: 2
diff changeset
601 {NULL, NULL}
0
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
602 };
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
603
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
604 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
605 * SSL functions
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
606 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
607 static luaL_Reg funcs[] = {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
608 {"create", meth_create},
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
609 {"setfd", meth_setfd},
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
610 {"rawconnection", meth_rawconn},
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
611 {NULL, NULL}
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
612 };
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
613
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
614 /**
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
615 * Initialize modules
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
616 */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
617 LUASEC_API int luaopen_ssl_core(lua_State *L)
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
618 {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
619 /* Initialize SSL */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
620 if (!SSL_library_init()) {
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
621 lua_pushstring(L, "unable to initialize SSL library");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
622 lua_error(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
623 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
624 SSL_load_error_strings();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
625
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
626 /* Initialize internal library */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
627 socket_open();
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
628
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
629 /* Registre the functions and tables */
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
630 luaL_newmetatable(L, "SSL:Connection");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
631 lua_newtable(L);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
632 luaL_register(L, NULL, meta);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
633 lua_setfield(L, -2, "__index");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
634 lua_pushcfunction(L, meth_destroy);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
635 lua_setfield(L, -2, "__gc");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
636
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
637 luaL_register(L, "ssl.core", funcs);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
638 lua_pushnumber(L, SOCKET_INVALID);
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
639 lua_setfield(L, -2, "invalidfd");
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
640
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
641 return 1;
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
642 }
f7d2d78eb424 Initial commit (LuaSec 0.4)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
643

mercurial