• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/ssl.lua@b3a0d23e5b20 (annotated)

src/ssl.lua

Tue, 05 Jul 2011 18:12:17 -0700

author

Paul Aurich <paul@darkrain42.org>

date

Tue, 05 Jul 2011 18:12:17 -0700

changeset 44

b3a0d23e5b20

parent 28

8c61b29d87ec

permissions

-rw-r--r--

ssl: Add a missing call to setciphers()

0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	1	------------------------------------------------------------------------------
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	2	-- LuaSec 0.4
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	3	-- Copyright (C) 2006-2009 Bruno Silvestre
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	4	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	5	------------------------------------------------------------------------------
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	6
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	7	module("ssl", package.seeall)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	9	require("ssl.core")
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	10	require("ssl.context")
14 1927b7b32faf Split X509 decoding into a separate module, ssl.x509 Matthew Wild <mwild1@gmail.com> parents: 0 diff changeset	11	require("ssl.x509")
0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	12
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	14	_VERSION = "0.4"
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	15	_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" ..
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	16	"LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	17
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	18	-- Export functions
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	19	rawconnection = core.rawconnection
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	20	rawcontext = context.rawcontext
28 8c61b29d87ec context: support for diffie-hellman key exchange Paul Aurich <paul@darkrain42.org> parents: 26 diff changeset	21	loaddhparams = context.loaddhparams
0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	22
26 bbff42d46512 x509: Add ssl.cert_from_pem() Matthew Wild <mwild1@gmail.com> parents: 14 diff changeset	23	cert_from_pem = x509.cert_from_pem
bbff42d46512 x509: Add ssl.cert_from_pem() Matthew Wild <mwild1@gmail.com> parents: 14 diff changeset	24
0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	25	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	27	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	28	local function optexec(func, param, ctx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	29	if param then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	30	if type(param) == "table" then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	31	return func(ctx, unpack(param))
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	32	else
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	33	return func(ctx, param)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	34	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	35	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	return true
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	37	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	38
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	39	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	40	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	41	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	42	function newcontext(cfg)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	43	local succ, msg, ctx
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	44	-- Create the context
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	45	ctx, msg = context.create(cfg.protocol)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	46	if not ctx then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	47	-- Mode
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	48	succ, msg = context.setmode(ctx, cfg.mode)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	49	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	50	-- Load the key
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	51	if cfg.key then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	52	succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	53	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	54	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	55	-- Load the certificate
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	56	if cfg.certificate then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	57	succ, msg = context.loadcert(ctx, cfg.certificate)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	58	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	59	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	60	-- Load the CA certificates
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	61	if cfg.cafile or cfg.capath then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	62	succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	63	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	64	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	65	-- Set the verification options
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	66	succ, msg = optexec(context.setverify, cfg.verify, ctx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	67	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	68	-- Set SSL options
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	69	succ, msg = optexec(context.setoptions, cfg.options, ctx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	70	if not succ then return nil, msg end
44 b3a0d23e5b20 ssl: Add a missing call to setciphers() Paul Aurich <paul@darkrain42.org> parents: 28 diff changeset	71	-- Set SSL ciphers
b3a0d23e5b20 ssl: Add a missing call to setciphers() Paul Aurich <paul@darkrain42.org> parents: 28 diff changeset	72	succ, msg = optexec(context.setcipher, cfg.ciphers, ctx)
b3a0d23e5b20 ssl: Add a missing call to setciphers() Paul Aurich <paul@darkrain42.org> parents: 28 diff changeset	73	if not succ then return nil, msg end
0 f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	74	-- Set the depth for certificate verification
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	75	if cfg.depth then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	76	succ, msg = context.setdepth(ctx, cfg.depth)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	77	if not succ then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	78	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	79	return ctx
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	80	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	81
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	82	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	83	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	84	--
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	85	function wrap(sock, cfg)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	86	local ctx, msg
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	87	if type(cfg) == "table" then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	88	ctx, msg = newcontext(cfg)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	89	if not ctx then return nil, msg end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	90	else
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	91	ctx = cfg
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	92	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	93	local s, msg = core.create(ctx)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	94	if s then
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	95	core.setfd(s, sock:getfd())
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	96	sock:setfd(core.invalidfd)
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	97	return s
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	98	end
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	99	return nil, msg
f7d2d78eb424 Initial commit (LuaSec 0.4) Matthew Wild <mwild1@gmail.com> parents: diff changeset	100	end