Sun, 03 Jul 2011 13:13:36 -0700
context: Support ECDH cipher suites, where applicable
0 | 1 | ------------------------------------------------------------------------------ |
2 | -- LuaSec 0.4 | |
3 | -- Copyright (C) 2006-2009 Bruno Silvestre | |
4 | -- | |
5 | ------------------------------------------------------------------------------ | |
6 | ||
7 | module("ssl", package.seeall) | |
8 | ||
9 | require("ssl.core") | |
10 | require("ssl.context") | |
14
1927b7b32faf
Split X509 decoding into a separate module, ssl.x509
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
11 | require("ssl.x509") |
0 | 12 | |
13 | ||
14 | _VERSION = "0.4" | |
15 | _COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. | |
16 | "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" | |
17 | ||
18 | -- Export functions | |
19 | rawconnection = core.rawconnection | |
20 | rawcontext = context.rawcontext | |
28
8c61b29d87ec
context: support for diffie-hellman key exchange
Paul Aurich <paul@darkrain42.org>
parents:
26
diff
changeset
|
21 | loaddhparams = context.loaddhparams |
0 | 22 | |
26
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
23 | cert_from_pem = x509.cert_from_pem |
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
24 | |
0 | 25 | -- |
26 | -- | |
27 | -- | |
28 | local function optexec(func, param, ctx) | |
29 | if param then | |
30 | if type(param) == "table" then | |
31 | return func(ctx, unpack(param)) | |
32 | else | |
33 | return func(ctx, param) | |
34 | end | |
35 | end | |
36 | return true | |
37 | end | |
38 | ||
39 | -- | |
40 | -- | |
41 | -- | |
42 | function newcontext(cfg) | |
43 | local succ, msg, ctx | |
44 | -- Create the context | |
45 | ctx, msg = context.create(cfg.protocol) | |
46 | if not ctx then return nil, msg end | |
47 | -- Mode | |
48 | succ, msg = context.setmode(ctx, cfg.mode) | |
49 | if not succ then return nil, msg end | |
50 | -- Load the key | |
51 | if cfg.key then | |
52 | succ, msg = context.loadkey(ctx, cfg.key, cfg.password) | |
53 | if not succ then return nil, msg end | |
54 | end | |
55 | -- Load the certificate | |
56 | if cfg.certificate then | |
57 | succ, msg = context.loadcert(ctx, cfg.certificate) | |
58 | if not succ then return nil, msg end | |
59 | end | |
60 | -- Load the CA certificates | |
61 | if cfg.cafile or cfg.capath then | |
62 | succ, msg = context.locations(ctx, cfg.cafile, cfg.capath) | |
63 | if not succ then return nil, msg end | |
64 | end | |
65 | -- Set the verification options | |
66 | succ, msg = optexec(context.setverify, cfg.verify, ctx) | |
67 | if not succ then return nil, msg end | |
68 | -- Set SSL options | |
69 | succ, msg = optexec(context.setoptions, cfg.options, ctx) | |
70 | if not succ then return nil, msg end | |
71 | -- Set the depth for certificate verification | |
72 | if cfg.depth then | |
73 | succ, msg = context.setdepth(ctx, cfg.depth) | |
74 | if not succ then return nil, msg end | |
75 | end | |
76 | return ctx | |
77 | end | |
78 | ||
79 | -- | |
80 | -- | |
81 | -- | |
82 | function wrap(sock, cfg) | |
83 | local ctx, msg | |
84 | if type(cfg) == "table" then | |
85 | ctx, msg = newcontext(cfg) | |
86 | if not ctx then return nil, msg end | |
87 | else | |
88 | ctx = cfg | |
89 | end | |
90 | local s, msg = core.create(ctx) | |
91 | if s then | |
92 | core.setfd(s, sock:getfd()) | |
93 | sock:setfd(core.invalidfd) | |
94 | return s | |
95 | end | |
96 | return nil, msg | |
97 | end |