Sat, 06 Nov 2010 15:33:26 +0000
x509: Add ssl.cert_from_pem()
0 | 1 | ------------------------------------------------------------------------------ |
2 | -- LuaSec 0.4 | |
3 | -- Copyright (C) 2006-2009 Bruno Silvestre | |
4 | -- | |
5 | ------------------------------------------------------------------------------ | |
6 | ||
7 | module("ssl", package.seeall) | |
8 | ||
9 | require("ssl.core") | |
10 | require("ssl.context") | |
14
1927b7b32faf
Split X509 decoding into a separate module, ssl.x509
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
11 | require("ssl.x509") |
0 | 12 | |
13 | ||
14 | _VERSION = "0.4" | |
15 | _COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. | |
16 | "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" | |
17 | ||
18 | -- Export functions | |
19 | rawconnection = core.rawconnection | |
20 | rawcontext = context.rawcontext | |
21 | ||
26
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
22 | cert_from_pem = x509.cert_from_pem |
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
23 | |
0 | 24 | -- |
25 | -- | |
26 | -- | |
27 | local function optexec(func, param, ctx) | |
28 | if param then | |
29 | if type(param) == "table" then | |
30 | return func(ctx, unpack(param)) | |
31 | else | |
32 | return func(ctx, param) | |
33 | end | |
34 | end | |
35 | return true | |
36 | end | |
37 | ||
38 | -- | |
39 | -- | |
40 | -- | |
41 | function newcontext(cfg) | |
42 | local succ, msg, ctx | |
43 | -- Create the context | |
44 | ctx, msg = context.create(cfg.protocol) | |
45 | if not ctx then return nil, msg end | |
46 | -- Mode | |
47 | succ, msg = context.setmode(ctx, cfg.mode) | |
48 | if not succ then return nil, msg end | |
49 | -- Load the key | |
50 | if cfg.key then | |
51 | succ, msg = context.loadkey(ctx, cfg.key, cfg.password) | |
52 | if not succ then return nil, msg end | |
53 | end | |
54 | -- Load the certificate | |
55 | if cfg.certificate then | |
56 | succ, msg = context.loadcert(ctx, cfg.certificate) | |
57 | if not succ then return nil, msg end | |
58 | end | |
59 | -- Load the CA certificates | |
60 | if cfg.cafile or cfg.capath then | |
61 | succ, msg = context.locations(ctx, cfg.cafile, cfg.capath) | |
62 | if not succ then return nil, msg end | |
63 | end | |
64 | -- Set the verification options | |
65 | succ, msg = optexec(context.setverify, cfg.verify, ctx) | |
66 | if not succ then return nil, msg end | |
67 | -- Set SSL options | |
68 | succ, msg = optexec(context.setoptions, cfg.options, ctx) | |
69 | if not succ then return nil, msg end | |
70 | -- Set the depth for certificate verification | |
71 | if cfg.depth then | |
72 | succ, msg = context.setdepth(ctx, cfg.depth) | |
73 | if not succ then return nil, msg end | |
74 | end | |
75 | return ctx | |
76 | end | |
77 | ||
78 | -- | |
79 | -- | |
80 | -- | |
81 | function wrap(sock, cfg) | |
82 | local ctx, msg | |
83 | if type(cfg) == "table" then | |
84 | ctx, msg = newcontext(cfg) | |
85 | if not ctx then return nil, msg end | |
86 | else | |
87 | ctx = cfg | |
88 | end | |
89 | local s, msg = core.create(ctx) | |
90 | if s then | |
91 | core.setfd(s, sock:getfd()) | |
92 | sock:setfd(core.invalidfd) | |
93 | return s | |
94 | end | |
95 | return nil, msg | |
96 | end |