src/ssl.lua@bbff42d46512 (annotated)
src/ssl.lua
Sat, 06 Nov 2010 15:33:26 +0000
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Sat, 06 Nov 2010 15:33:26 +0000
- changeset 26
- bbff42d46512
- parent 14
- 1927b7b32faf
- child 28
- 8c61b29d87ec
- permissions
- -rw-r--r--
x509: Add ssl.cert_from_pem()
| 0 | 1 | ------------------------------------------------------------------------------ |
| 2 | -- LuaSec 0.4 | |
| 3 | -- Copyright (C) 2006-2009 Bruno Silvestre | |
| 4 | -- | |
| 5 | ------------------------------------------------------------------------------ | |
| 6 | ||
| 7 | module("ssl", package.seeall) | |
| 8 | ||
| 9 | require("ssl.core") | |
| 10 | require("ssl.context") | |
|
14
1927b7b32faf
Split X509 decoding into a separate module, ssl.x509
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
11 | require("ssl.x509") |
| 0 | 12 | |
| 13 | ||
| 14 | _VERSION = "0.4" | |
| 15 | _COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. | |
| 16 | "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" | |
| 17 | ||
| 18 | -- Export functions | |
| 19 | rawconnection = core.rawconnection | |
| 20 | rawcontext = context.rawcontext | |
| 21 | ||
|
26
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
22 | cert_from_pem = x509.cert_from_pem |
|
bbff42d46512
x509: Add ssl.cert_from_pem()
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
23 | |
| 0 | 24 | -- |
| 25 | -- | |
| 26 | -- | |
| 27 | local function optexec(func, param, ctx) | |
| 28 | if param then | |
| 29 | if type(param) == "table" then | |
| 30 | return func(ctx, unpack(param)) | |
| 31 | else | |
| 32 | return func(ctx, param) | |
| 33 | end | |
| 34 | end | |
| 35 | return true | |
| 36 | end | |
| 37 | ||
| 38 | -- | |
| 39 | -- | |
| 40 | -- | |
| 41 | function newcontext(cfg) | |
| 42 | local succ, msg, ctx | |
| 43 | -- Create the context | |
| 44 | ctx, msg = context.create(cfg.protocol) | |
| 45 | if not ctx then return nil, msg end | |
| 46 | -- Mode | |
| 47 | succ, msg = context.setmode(ctx, cfg.mode) | |
| 48 | if not succ then return nil, msg end | |
| 49 | -- Load the key | |
| 50 | if cfg.key then | |
| 51 | succ, msg = context.loadkey(ctx, cfg.key, cfg.password) | |
| 52 | if not succ then return nil, msg end | |
| 53 | end | |
| 54 | -- Load the certificate | |
| 55 | if cfg.certificate then | |
| 56 | succ, msg = context.loadcert(ctx, cfg.certificate) | |
| 57 | if not succ then return nil, msg end | |
| 58 | end | |
| 59 | -- Load the CA certificates | |
| 60 | if cfg.cafile or cfg.capath then | |
| 61 | succ, msg = context.locations(ctx, cfg.cafile, cfg.capath) | |
| 62 | if not succ then return nil, msg end | |
| 63 | end | |
| 64 | -- Set the verification options | |
| 65 | succ, msg = optexec(context.setverify, cfg.verify, ctx) | |
| 66 | if not succ then return nil, msg end | |
| 67 | -- Set SSL options | |
| 68 | succ, msg = optexec(context.setoptions, cfg.options, ctx) | |
| 69 | if not succ then return nil, msg end | |
| 70 | -- Set the depth for certificate verification | |
| 71 | if cfg.depth then | |
| 72 | succ, msg = context.setdepth(ctx, cfg.depth) | |
| 73 | if not succ then return nil, msg end | |
| 74 | end | |
| 75 | return ctx | |
| 76 | end | |
| 77 | ||
| 78 | -- | |
| 79 | -- | |
| 80 | -- | |
| 81 | function wrap(sock, cfg) | |
| 82 | local ctx, msg | |
| 83 | if type(cfg) == "table" then | |
| 84 | ctx, msg = newcontext(cfg) | |
| 85 | if not ctx then return nil, msg end | |
| 86 | else | |
| 87 | ctx = cfg | |
| 88 | end | |
| 89 | local s, msg = core.create(ctx) | |
| 90 | if s then | |
| 91 | core.setfd(s, sock:getfd()) | |
| 92 | sock:setfd(core.invalidfd) | |
| 93 | return s | |
| 94 | end | |
| 95 | return nil, msg | |
| 96 | end |
