Fri, 05 Nov 2010 16:38:10 +0000
Refactoring of :getpeercertificate(), support for subjectAltName extensions
0 | 1 | /*-------------------------------------------------------------------------- |
2 | * LuaSec 0.4 | |
3 | * Copyright (C) 2006-2009 Bruno Silvestre | |
4 | * | |
5 | *--------------------------------------------------------------------------*/ | |
6 | ||
7 | #include <string.h> | |
8 | ||
9 | #include <openssl/ssl.h> | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
10 | #include <openssl/x509v3.h> |
0 | 11 | #include <openssl/err.h> |
12 | ||
13 | #include <lua.h> | |
14 | #include <lauxlib.h> | |
15 | ||
16 | #include "io.h" | |
17 | #include "buffer.h" | |
18 | #include "timeout.h" | |
19 | #include "socket.h" | |
20 | #include "ssl.h" | |
21 | ||
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
22 | #define min(a, b) (a<b)?a:b |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
23 | |
0 | 24 | /** |
25 | * Map error code into string. | |
26 | */ | |
27 | static const char *ssl_ioerror(void *ctx, int err) | |
28 | { | |
29 | if (err == IO_SSL) { | |
30 | p_ssl ssl = (p_ssl) ctx; | |
31 | switch(ssl->error) { | |
32 | case SSL_ERROR_NONE: return "No error"; | |
33 | case SSL_ERROR_ZERO_RETURN: return "closed"; | |
34 | case SSL_ERROR_WANT_READ: return "wantread"; | |
35 | case SSL_ERROR_WANT_WRITE: return "wantwrite"; | |
36 | case SSL_ERROR_WANT_CONNECT: return "'connect' not completed"; | |
37 | case SSL_ERROR_WANT_ACCEPT: return "'accept' not completed"; | |
38 | case SSL_ERROR_WANT_X509_LOOKUP: return "Waiting for callback"; | |
39 | case SSL_ERROR_SYSCALL: return "System error"; | |
40 | case SSL_ERROR_SSL: return ERR_reason_error_string(ERR_get_error()); | |
41 | default: return "Unknown SSL error"; | |
42 | } | |
43 | } | |
44 | return socket_strerror(err); | |
45 | } | |
46 | ||
47 | /** | |
48 | * Close the connection before the GC collect the object. | |
49 | */ | |
50 | static int meth_destroy(lua_State *L) | |
51 | { | |
52 | p_ssl ssl = (p_ssl) lua_touserdata(L, 1); | |
53 | if (ssl->ssl) { | |
54 | socket_setblocking(&ssl->sock); | |
55 | SSL_shutdown(ssl->ssl); | |
56 | socket_destroy(&ssl->sock); | |
57 | SSL_free(ssl->ssl); | |
58 | ssl->ssl = NULL; | |
59 | } | |
60 | return 0; | |
61 | } | |
62 | ||
63 | /** | |
64 | * Perform the TLS/SSL handshake | |
65 | */ | |
66 | static int handshake(p_ssl ssl) | |
67 | { | |
68 | int err; | |
69 | p_timeout tm = timeout_markstart(&ssl->tm); | |
70 | if (ssl->state == ST_SSL_CLOSED) | |
71 | return IO_CLOSED; | |
72 | for ( ; ; ) { | |
73 | ERR_clear_error(); | |
74 | err = SSL_do_handshake(ssl->ssl); | |
75 | ssl->error = SSL_get_error(ssl->ssl, err); | |
76 | switch(ssl->error) { | |
77 | case SSL_ERROR_NONE: | |
78 | ssl->state = ST_SSL_CONNECTED; | |
79 | return IO_DONE; | |
80 | case SSL_ERROR_WANT_READ: | |
81 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
82 | if (err == IO_TIMEOUT) return IO_SSL; | |
83 | if (err != IO_DONE) return err; | |
84 | break; | |
85 | case SSL_ERROR_WANT_WRITE: | |
86 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
87 | if (err == IO_TIMEOUT) return IO_SSL; | |
88 | if (err != IO_DONE) return err; | |
89 | break; | |
90 | case SSL_ERROR_SYSCALL: | |
91 | if (ERR_peek_error()) { | |
92 | ssl->error = SSL_ERROR_SSL; | |
93 | return IO_SSL; | |
94 | } | |
95 | if (err == 0) | |
96 | return IO_CLOSED; | |
97 | return socket_error(); | |
98 | default: | |
99 | return IO_SSL; | |
100 | } | |
101 | } | |
102 | return IO_UNKNOWN; | |
103 | } | |
104 | ||
105 | /** | |
106 | * Send data | |
107 | */ | |
108 | static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent, | |
109 | p_timeout tm) | |
110 | { | |
111 | int err; | |
112 | p_ssl ssl = (p_ssl) ctx; | |
113 | if (ssl->state == ST_SSL_CLOSED) | |
114 | return IO_CLOSED; | |
115 | *sent = 0; | |
116 | for ( ; ; ) { | |
117 | ERR_clear_error(); | |
118 | err = SSL_write(ssl->ssl, data, (int) count); | |
119 | ssl->error = SSL_get_error(ssl->ssl, err); | |
120 | switch(ssl->error) { | |
121 | case SSL_ERROR_NONE: | |
122 | *sent = err; | |
123 | return IO_DONE; | |
124 | case SSL_ERROR_WANT_READ: | |
125 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
126 | if (err == IO_TIMEOUT) return IO_SSL; | |
127 | if (err != IO_DONE) return err; | |
128 | break; | |
129 | case SSL_ERROR_WANT_WRITE: | |
130 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
131 | if (err == IO_TIMEOUT) return IO_SSL; | |
132 | if (err != IO_DONE) return err; | |
133 | break; | |
134 | case SSL_ERROR_SYSCALL: | |
135 | if (ERR_peek_error()) { | |
136 | ssl->error = SSL_ERROR_SSL; | |
137 | return IO_SSL; | |
138 | } | |
139 | if (err == 0) | |
140 | return IO_CLOSED; | |
141 | return socket_error(); | |
142 | default: | |
143 | return IO_SSL; | |
144 | } | |
145 | } | |
146 | return IO_UNKNOWN; | |
147 | } | |
148 | ||
149 | /** | |
150 | * Receive data | |
151 | */ | |
152 | static int ssl_recv(void *ctx, char *data, size_t count, size_t *got, | |
153 | p_timeout tm) | |
154 | { | |
155 | int err; | |
156 | p_ssl ssl = (p_ssl) ctx; | |
157 | if (ssl->state == ST_SSL_CLOSED) | |
158 | return IO_CLOSED; | |
159 | *got = 0; | |
160 | for ( ; ; ) { | |
161 | ERR_clear_error(); | |
162 | err = SSL_read(ssl->ssl, data, (int) count); | |
163 | ssl->error = SSL_get_error(ssl->ssl, err); | |
164 | switch(ssl->error) { | |
165 | case SSL_ERROR_NONE: | |
166 | *got = err; | |
167 | return IO_DONE; | |
168 | case SSL_ERROR_ZERO_RETURN: | |
169 | *got = err; | |
170 | return IO_CLOSED; | |
171 | case SSL_ERROR_WANT_READ: | |
172 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
173 | if (err == IO_TIMEOUT) return IO_SSL; | |
174 | if (err != IO_DONE) return err; | |
175 | break; | |
176 | case SSL_ERROR_WANT_WRITE: | |
177 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
178 | if (err == IO_TIMEOUT) return IO_SSL; | |
179 | if (err != IO_DONE) return err; | |
180 | break; | |
181 | case SSL_ERROR_SYSCALL: | |
182 | if (ERR_peek_error()) { | |
183 | ssl->error = SSL_ERROR_SSL; | |
184 | return IO_SSL; | |
185 | } | |
186 | if (err == 0) | |
187 | return IO_CLOSED; | |
188 | return socket_error(); | |
189 | default: | |
190 | return IO_SSL; | |
191 | } | |
192 | } | |
193 | return IO_UNKNOWN; | |
194 | } | |
195 | ||
196 | /** | |
197 | * Create a new TLS/SSL object and mark it as new. | |
198 | */ | |
199 | static int meth_create(lua_State *L) | |
200 | { | |
201 | p_ssl ssl; | |
202 | int mode = ctx_getmode(L, 1); | |
203 | SSL_CTX *ctx = ctx_getcontext(L, 1); | |
204 | ||
205 | if (mode == MD_CTX_INVALID) { | |
206 | lua_pushnil(L); | |
207 | lua_pushstring(L, "invalid mode"); | |
208 | return 2; | |
209 | } | |
210 | ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl)); | |
211 | if (!ssl) { | |
212 | lua_pushnil(L); | |
213 | lua_pushstring(L, "error creating SSL object"); | |
214 | return 2; | |
215 | } | |
216 | ssl->ssl = SSL_new(ctx); | |
217 | if (!ssl->ssl) { | |
218 | lua_pushnil(L); | |
219 | lua_pushstring(L, "error creating SSL object"); | |
220 | return 2;; | |
221 | } | |
222 | ssl->state = ST_SSL_NEW; | |
223 | SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); | |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
224 | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | |
0 | 225 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
226 | |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
227 | #ifdef SSL_MODE_RELEASE_BUFFERS |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
228 | SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
229 | #endif |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
230 | |
0 | 231 | if (mode == MD_CTX_SERVER) |
232 | SSL_set_accept_state(ssl->ssl); | |
233 | else | |
234 | SSL_set_connect_state(ssl->ssl); | |
235 | ||
236 | io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, | |
237 | (p_error) ssl_ioerror, ssl); | |
238 | timeout_init(&ssl->tm, -1, -1); | |
239 | buffer_init(&ssl->buf, &ssl->io, &ssl->tm); | |
240 | ||
241 | luaL_getmetatable(L, "SSL:Connection"); | |
242 | lua_setmetatable(L, -2); | |
243 | return 1; | |
244 | } | |
245 | ||
246 | /** | |
247 | * Buffer send function | |
248 | */ | |
249 | static int meth_send(lua_State *L) { | |
250 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
251 | return buffer_meth_send(L, &ssl->buf); | |
252 | } | |
253 | ||
254 | /** | |
255 | * Buffer receive function | |
256 | */ | |
257 | static int meth_receive(lua_State *L) { | |
258 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
259 | return buffer_meth_receive(L, &ssl->buf); | |
260 | } | |
261 | ||
262 | /** | |
263 | * Select support methods | |
264 | */ | |
265 | static int meth_getfd(lua_State *L) | |
266 | { | |
267 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
268 | lua_pushnumber(L, ssl->sock); | |
269 | return 1; | |
270 | } | |
271 | ||
272 | /** | |
273 | * Set the TLS/SSL file descriptor. | |
274 | * This is done *before* the handshake. | |
275 | */ | |
276 | static int meth_setfd(lua_State *L) | |
277 | { | |
278 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
279 | if (ssl->state != ST_SSL_NEW) | |
280 | luaL_argerror(L, 1, "invalid SSL object state"); | |
281 | ssl->sock = luaL_checkint(L, 2); | |
282 | socket_setnonblocking(&ssl->sock); | |
283 | SSL_set_fd(ssl->ssl, (int)ssl->sock); | |
284 | return 0; | |
285 | } | |
286 | ||
287 | /** | |
288 | * Lua handshake function. | |
289 | */ | |
290 | static int meth_handshake(lua_State *L) | |
291 | { | |
292 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
293 | int err = handshake(ssl); | |
294 | if (err == IO_DONE) { | |
295 | lua_pushboolean(L, 1); | |
296 | return 1; | |
297 | } | |
298 | lua_pushboolean(L, 0); | |
299 | lua_pushstring(L, ssl_ioerror((void*)ssl, err)); | |
300 | return 2; | |
301 | } | |
302 | ||
303 | /** | |
304 | * Close the connection. | |
305 | */ | |
306 | static int meth_close(lua_State *L) | |
307 | { | |
308 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
309 | meth_destroy(L); | |
310 | ssl->state = ST_SSL_CLOSED; | |
311 | return 0; | |
312 | } | |
313 | ||
314 | /** | |
315 | * Set timeout. | |
316 | */ | |
317 | static int meth_settimeout(lua_State *L) | |
318 | { | |
319 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
320 | return timeout_meth_settimeout(L, &ssl->tm); | |
321 | } | |
322 | ||
323 | /** | |
324 | * Check if there is data in the buffer. | |
325 | */ | |
326 | static int meth_dirty(lua_State *L) | |
327 | { | |
328 | int res = 0; | |
329 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
330 | if (ssl->state != ST_SSL_CLOSED) | |
331 | res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl); | |
332 | lua_pushboolean(L, res); | |
333 | return 1; | |
334 | } | |
335 | ||
336 | /** | |
337 | * Return the state information about the SSL object. | |
338 | */ | |
339 | static int meth_want(lua_State *L) | |
340 | { | |
341 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
342 | int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl); | |
343 | switch(code) { | |
344 | case SSL_NOTHING: lua_pushstring(L, "nothing"); break; | |
345 | case SSL_READING: lua_pushstring(L, "read"); break; | |
346 | case SSL_WRITING: lua_pushstring(L, "write"); break; | |
347 | case SSL_X509_LOOKUP: lua_pushstring(L, "x509lookup"); break; | |
348 | } | |
349 | return 1; | |
350 | } | |
351 | ||
352 | /** | |
353 | * Return a pointer to SSL structure. | |
354 | */ | |
355 | static int meth_rawconn(lua_State *L) | |
356 | { | |
357 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); | |
358 | lua_pushlightuserdata(L, (void*)ssl->ssl); | |
359 | return 1; | |
360 | } | |
361 | ||
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
362 | /** |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
363 | * Return the compression method used. |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
364 | */ |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
365 | static int meth_compression(lua_State *L) |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
366 | { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
367 | const COMP_METHOD *comp; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
368 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
369 | comp = SSL_get_current_compression(ssl->ssl); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
370 | if (comp) { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
371 | lua_pushstring(L, SSL_COMP_get_name(comp)); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
372 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
373 | } else { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
374 | lua_pushboolean(L, 0); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
375 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
376 | } |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
377 | } |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
378 | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
379 | void luasec_push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
380 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
381 | char buffer[256]; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
382 | int len = OBJ_obj2txt(buffer, sizeof(buffer), object, no_name); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
383 | lua_pushlstring(L, buffer, min(sizeof(buffer),len)); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
384 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
385 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
386 | void luasec_push_asn1_string(lua_State* L, ASN1_STRING *string) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
387 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
388 | if(string) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
389 | lua_pushlstring(L, (char*)ASN1_STRING_data(string), ASN1_STRING_length(string)); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
390 | else |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
391 | lua_pushnil(L); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
392 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
393 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
394 | int luasec_push_subtable(lua_State* L, int idx) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
395 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
396 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
397 | lua_pushvalue(L, -1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
398 | lua_gettable(L, idx-1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
399 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
400 | if(lua_isnil(L, -1)) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
401 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
402 | lua_pop(L, 1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
403 | lua_newtable(L); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
404 | lua_pushvalue(L, -2); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
405 | lua_pushvalue(L, -2); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
406 | lua_settable(L, idx-3); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
407 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
408 | lua_replace(L, -2); /* Replace key with table */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
409 | return 1; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
410 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
411 | lua_replace(L, -2); /* Replace key with table */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
412 | return 0; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
413 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
414 | |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
415 | /** |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
416 | * Return the peer certificate. |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
417 | */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
418 | static int meth_getpeercertificate(lua_State *L) |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
419 | { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
420 | X509 *peer; |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
421 | int i, j; |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
422 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
423 | peer = SSL_get_peer_certificate(ssl->ssl); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
424 | if (peer == NULL) { |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
425 | /* No client certificate available */ |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
426 | lua_pushboolean(L, 0); |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
427 | return 1; |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
428 | } |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
429 | else |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
430 | { |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
431 | X509_NAME *subject; |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
432 | int n_entries; |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
433 | |
8
fbaccf44ea01
Fix to remove duplicated table on the stack, causing the 'trusted' flag to disappear from the returned cert
Matthew Wild <mwild1@gmail.com>
parents:
7
diff
changeset
|
434 | lua_newtable(L); /* ret */ |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
435 | |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
436 | lua_pushboolean(L, (SSL_get_verify_result(ssl->ssl) == X509_V_OK)); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
437 | lua_setfield(L, -2, "trusted"); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
438 | |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
439 | subject = X509_get_subject_name(peer); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
440 | |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
441 | n_entries = X509_NAME_entry_count(subject); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
442 | |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
443 | lua_newtable(L); /* {} */ |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
444 | lua_pushvalue(L, -1); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
445 | lua_setfield(L, -3, "subject"); /* ret.subject = {} */ |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
446 | for(i = 0; i <= n_entries; i++) |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
447 | { |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
448 | X509_NAME_ENTRY *entry; |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
449 | ASN1_OBJECT *object; |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
450 | |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
451 | entry = X509_NAME_get_entry(subject, i); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
452 | object = X509_NAME_ENTRY_get_object(entry); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
453 | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
454 | luasec_push_asn1_objname(L, object, 1); |
9 | 455 | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
456 | if(luasec_push_subtable(L, -2)) |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
457 | { |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
458 | /* Get short/long name of the entry */ |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
459 | luasec_push_asn1_objname(L, object, 0); |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
460 | lua_setfield(L, -2, "name"); |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
461 | } |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
462 | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
463 | luasec_push_asn1_string(L, X509_NAME_ENTRY_get_data(entry)); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
464 | lua_rawseti(L, -2, lua_objlen(L, -2)+1); |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
465 | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
466 | lua_pop(L, 1); |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
467 | } |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
468 | } |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
469 | lua_pop(L, 1); /* ret.subject */ |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
470 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
471 | lua_newtable(L); /* {} */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
472 | lua_pushvalue(L, -1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
473 | lua_setfield(L, -3, "extensions"); /* ret.extensions = {} */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
474 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
475 | i = -1; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
476 | while((i = X509_get_ext_by_NID(peer, NID_subject_alt_name, i)) != -1) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
477 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
478 | X509_EXTENSION *extension; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
479 | STACK_OF(GENERAL_NAME) *values; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
480 | int n_general_names; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
481 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
482 | extension = X509_get_ext(peer, i); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
483 | if(extension == NULL) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
484 | break; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
485 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
486 | values = X509V3_EXT_d2i(extension); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
487 | if(values == NULL) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
488 | break; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
489 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
490 | /* Push ret.extensions[oid] */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
491 | luasec_push_asn1_objname(L, extension->object, 1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
492 | luasec_push_subtable(L, -2); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
493 | /* Set ret.extensions[oid].name = name */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
494 | luasec_push_asn1_objname(L, extension->object, 0); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
495 | lua_setfield(L, -2, "name"); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
496 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
497 | n_general_names = sk_GENERAL_NAME_num(values); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
498 | for(j = 0; j < n_general_names; j++) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
499 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
500 | GENERAL_NAME *general_name; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
501 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
502 | general_name = sk_GENERAL_NAME_value(values, j); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
503 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
504 | switch(general_name->type) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
505 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
506 | case GEN_OTHERNAME: |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
507 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
508 | OTHERNAME *otherName = general_name->d.otherName; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
509 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
510 | luasec_push_asn1_objname(L, otherName->type_id, 1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
511 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
512 | if(luasec_push_subtable(L, -2)) |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
513 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
514 | luasec_push_asn1_objname(L, otherName->type_id, 0); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
515 | lua_setfield(L, -2, "name"); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
516 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
517 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
518 | luasec_push_asn1_string(L, otherName->value->value.asn1_string); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
519 | lua_rawseti(L, -2, lua_objlen(L, -2)+1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
520 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
521 | lua_pop(L, 1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
522 | break; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
523 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
524 | case GEN_DNS: |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
525 | { |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
526 | lua_pushstring(L, "dNSName"); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
527 | luasec_push_subtable(L, -2); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
528 | luasec_push_asn1_string(L, general_name->d.dNSName); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
529 | lua_rawseti(L, -2, lua_objlen(L, -2)+1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
530 | lua_pop(L, 1); |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
531 | break; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
532 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
533 | default: |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
534 | break; |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
535 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
536 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
537 | |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
538 | lua_pop(L, 1); /* array */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
539 | i++; /* Next extension */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
540 | } |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
541 | lua_pop(L, 1); /* ret.extensions */ |
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
542 | |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
543 | return 1; |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
544 | } |
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
545 | |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
546 | static int meth_getfinished(lua_State *L) |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
547 | { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
548 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
549 | SSL *conn = ssl->ssl; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
550 | char *buffer = NULL; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
551 | size_t len = 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
552 | if ((len = SSL_get_finished(conn, NULL, 0)) != 0) { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
553 | buffer = malloc(len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
554 | if (buffer == NULL) return 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
555 | len = SSL_get_finished(conn, buffer, len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
556 | lua_pushlstring(L, buffer, len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
557 | free(buffer); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
558 | return 1; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
559 | } else { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
560 | return 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
561 | } |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
562 | } |
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
563 | |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
564 | static int meth_getpeerfinished(lua_State *L) |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
565 | { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
566 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
567 | SSL *conn = ssl->ssl; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
568 | char *buffer = NULL; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
569 | size_t len = 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
570 | if ((len = SSL_get_peer_finished(conn, NULL, 0)) != 0) { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
571 | buffer = malloc(len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
572 | if (buffer == NULL) return 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
573 | len = SSL_get_peer_finished(conn, buffer, len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
574 | lua_pushlstring(L, buffer, len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
575 | free(buffer); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
576 | return 1; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
577 | } else { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
578 | return 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
579 | } |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
580 | } |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
581 | |
0 | 582 | /*---------------------------------------------------------------------------*/ |
583 | ||
584 | ||
585 | /** | |
586 | * SSL metamethods | |
587 | */ | |
588 | static luaL_Reg meta[] = { | |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
589 | {"close", meth_close}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
590 | {"getfd", meth_getfd}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
591 | {"dirty", meth_dirty}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
592 | {"dohandshake", meth_handshake}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
593 | {"receive", meth_receive}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
594 | {"send", meth_send}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
595 | {"settimeout", meth_settimeout}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
596 | {"want", meth_want}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
597 | {"compression", meth_compression}, |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
598 | {"getpeercertificate",meth_getpeercertificate}, |
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
599 | {"getfinished", meth_getfinished}, |
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
600 | {"getpeerfinished", meth_getpeerfinished}, |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
601 | {NULL, NULL} |
0 | 602 | }; |
603 | ||
604 | /** | |
605 | * SSL functions | |
606 | */ | |
607 | static luaL_Reg funcs[] = { | |
608 | {"create", meth_create}, | |
609 | {"setfd", meth_setfd}, | |
610 | {"rawconnection", meth_rawconn}, | |
611 | {NULL, NULL} | |
612 | }; | |
613 | ||
614 | /** | |
615 | * Initialize modules | |
616 | */ | |
617 | LUASEC_API int luaopen_ssl_core(lua_State *L) | |
618 | { | |
619 | /* Initialize SSL */ | |
620 | if (!SSL_library_init()) { | |
621 | lua_pushstring(L, "unable to initialize SSL library"); | |
622 | lua_error(L); | |
623 | } | |
624 | SSL_load_error_strings(); | |
625 | ||
626 | /* Initialize internal library */ | |
627 | socket_open(); | |
628 | ||
629 | /* Registre the functions and tables */ | |
630 | luaL_newmetatable(L, "SSL:Connection"); | |
631 | lua_newtable(L); | |
632 | luaL_register(L, NULL, meta); | |
633 | lua_setfield(L, -2, "__index"); | |
634 | lua_pushcfunction(L, meth_destroy); | |
635 | lua_setfield(L, -2, "__gc"); | |
636 | ||
637 | luaL_register(L, "ssl.core", funcs); | |
638 | lua_pushnumber(L, SOCKET_INVALID); | |
639 | lua_setfield(L, -2, "invalidfd"); | |
640 | ||
641 | return 1; | |
642 | } | |
643 |