Sun, 03 Jul 2011 13:13:36 -0700
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Inspiration and code partially from Matthew
0 | 1 | /*-------------------------------------------------------------------------- |
2 | * LuaSec 0.4 | |
3 | * Copyright (C) 2006-2009 Bruno Silvestre | |
4 | * | |
5 | *--------------------------------------------------------------------------*/ | |
6 | ||
7 | #include <string.h> | |
8 | ||
9 | #include <openssl/ssl.h> | |
11
8d7698d3fd26
Refactoring of :getpeercertificate(), support for subjectAltName extensions
Matthew Wild <mwild1@gmail.com>
parents:
10
diff
changeset
|
10 | #include <openssl/x509v3.h> |
0 | 11 | #include <openssl/err.h> |
12 | ||
13 | #include <lua.h> | |
14 | #include <lauxlib.h> | |
15 | ||
16 | #include "io.h" | |
17 | #include "buffer.h" | |
18 | #include "timeout.h" | |
19 | #include "socket.h" | |
20 | #include "ssl.h" | |
19
45b7299e4746
src/ssl.c: Include x509.h to shush compiler warning
Matthew Wild <mwild1@gmail.com>
parents:
14
diff
changeset
|
21 | #include "x509.h" |
0 | 22 | |
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
23 | /* index into the SSL storage where the t_ssl is. |
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
24 | * see SSL_get_ex_data(). |
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
25 | */ |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
26 | int luasec_ssl_idx; |
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
27 | |
0 | 28 | /** |
29 | * Map error code into string. | |
30 | */ | |
31 | static const char *ssl_ioerror(void *ctx, int err) | |
32 | { | |
33 | if (err == IO_SSL) { | |
34 | p_ssl ssl = (p_ssl) ctx; | |
35 | switch(ssl->error) { | |
36 | case SSL_ERROR_NONE: return "No error"; | |
37 | case SSL_ERROR_ZERO_RETURN: return "closed"; | |
38 | case SSL_ERROR_WANT_READ: return "wantread"; | |
39 | case SSL_ERROR_WANT_WRITE: return "wantwrite"; | |
40 | case SSL_ERROR_WANT_CONNECT: return "'connect' not completed"; | |
41 | case SSL_ERROR_WANT_ACCEPT: return "'accept' not completed"; | |
42 | case SSL_ERROR_WANT_X509_LOOKUP: return "Waiting for callback"; | |
43 | case SSL_ERROR_SYSCALL: return "System error"; | |
44 | case SSL_ERROR_SSL: return ERR_reason_error_string(ERR_get_error()); | |
45 | default: return "Unknown SSL error"; | |
46 | } | |
47 | } | |
48 | return socket_strerror(err); | |
49 | } | |
50 | ||
51 | /** | |
52 | * Close the connection before the GC collect the object. | |
53 | */ | |
54 | static int meth_destroy(lua_State *L) | |
55 | { | |
56 | p_ssl ssl = (p_ssl) lua_touserdata(L, 1); | |
57 | if (ssl->ssl) { | |
58 | socket_setblocking(&ssl->sock); | |
59 | SSL_shutdown(ssl->ssl); | |
60 | socket_destroy(&ssl->sock); | |
61 | SSL_free(ssl->ssl); | |
62 | ssl->ssl = NULL; | |
63 | } | |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
64 | luaL_unref(L, LUA_REGISTRYINDEX, ssl->t_cert_errors); |
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
65 | ssl->t_cert_errors = LUA_NOREF; |
0 | 66 | return 0; |
67 | } | |
68 | ||
69 | /** | |
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
70 | * Object information -- tostring metamethod |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
71 | */ |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
72 | static int meth_tostring(lua_State *L) |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
73 | { |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
74 | p_ssl ssl = (p_ssl)lua_touserdata(L, 1); |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
75 | lua_pushfstring(L, "SSL connection: %p", ssl); |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
76 | return 1; |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
77 | } |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
78 | |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
79 | /** |
0 | 80 | * Perform the TLS/SSL handshake |
81 | */ | |
82 | static int handshake(p_ssl ssl) | |
83 | { | |
84 | int err; | |
85 | p_timeout tm = timeout_markstart(&ssl->tm); | |
86 | if (ssl->state == ST_SSL_CLOSED) | |
87 | return IO_CLOSED; | |
88 | for ( ; ; ) { | |
89 | ERR_clear_error(); | |
90 | err = SSL_do_handshake(ssl->ssl); | |
91 | ssl->error = SSL_get_error(ssl->ssl, err); | |
92 | switch(ssl->error) { | |
93 | case SSL_ERROR_NONE: | |
94 | ssl->state = ST_SSL_CONNECTED; | |
95 | return IO_DONE; | |
96 | case SSL_ERROR_WANT_READ: | |
97 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
98 | if (err == IO_TIMEOUT) return IO_SSL; | |
99 | if (err != IO_DONE) return err; | |
100 | break; | |
101 | case SSL_ERROR_WANT_WRITE: | |
102 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
103 | if (err == IO_TIMEOUT) return IO_SSL; | |
104 | if (err != IO_DONE) return err; | |
105 | break; | |
106 | case SSL_ERROR_SYSCALL: | |
107 | if (ERR_peek_error()) { | |
108 | ssl->error = SSL_ERROR_SSL; | |
109 | return IO_SSL; | |
110 | } | |
111 | if (err == 0) | |
112 | return IO_CLOSED; | |
113 | return socket_error(); | |
114 | default: | |
115 | return IO_SSL; | |
116 | } | |
117 | } | |
118 | return IO_UNKNOWN; | |
119 | } | |
120 | ||
121 | /** | |
122 | * Send data | |
123 | */ | |
124 | static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent, | |
125 | p_timeout tm) | |
126 | { | |
127 | int err; | |
128 | p_ssl ssl = (p_ssl) ctx; | |
129 | if (ssl->state == ST_SSL_CLOSED) | |
130 | return IO_CLOSED; | |
131 | *sent = 0; | |
132 | for ( ; ; ) { | |
133 | ERR_clear_error(); | |
134 | err = SSL_write(ssl->ssl, data, (int) count); | |
135 | ssl->error = SSL_get_error(ssl->ssl, err); | |
136 | switch(ssl->error) { | |
137 | case SSL_ERROR_NONE: | |
138 | *sent = err; | |
139 | return IO_DONE; | |
140 | case SSL_ERROR_WANT_READ: | |
141 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
142 | if (err == IO_TIMEOUT) return IO_SSL; | |
143 | if (err != IO_DONE) return err; | |
144 | break; | |
145 | case SSL_ERROR_WANT_WRITE: | |
146 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
147 | if (err == IO_TIMEOUT) return IO_SSL; | |
148 | if (err != IO_DONE) return err; | |
149 | break; | |
150 | case SSL_ERROR_SYSCALL: | |
151 | if (ERR_peek_error()) { | |
152 | ssl->error = SSL_ERROR_SSL; | |
153 | return IO_SSL; | |
154 | } | |
155 | if (err == 0) | |
156 | return IO_CLOSED; | |
157 | return socket_error(); | |
158 | default: | |
159 | return IO_SSL; | |
160 | } | |
161 | } | |
162 | return IO_UNKNOWN; | |
163 | } | |
164 | ||
165 | /** | |
166 | * Receive data | |
167 | */ | |
168 | static int ssl_recv(void *ctx, char *data, size_t count, size_t *got, | |
169 | p_timeout tm) | |
170 | { | |
171 | int err; | |
172 | p_ssl ssl = (p_ssl) ctx; | |
173 | if (ssl->state == ST_SSL_CLOSED) | |
174 | return IO_CLOSED; | |
175 | *got = 0; | |
176 | for ( ; ; ) { | |
177 | ERR_clear_error(); | |
178 | err = SSL_read(ssl->ssl, data, (int) count); | |
179 | ssl->error = SSL_get_error(ssl->ssl, err); | |
180 | switch(ssl->error) { | |
181 | case SSL_ERROR_NONE: | |
182 | *got = err; | |
183 | return IO_DONE; | |
184 | case SSL_ERROR_ZERO_RETURN: | |
185 | *got = err; | |
186 | return IO_CLOSED; | |
187 | case SSL_ERROR_WANT_READ: | |
188 | err = socket_waitfd(&ssl->sock, WAITFD_R, tm); | |
189 | if (err == IO_TIMEOUT) return IO_SSL; | |
190 | if (err != IO_DONE) return err; | |
191 | break; | |
192 | case SSL_ERROR_WANT_WRITE: | |
193 | err = socket_waitfd(&ssl->sock, WAITFD_W, tm); | |
194 | if (err == IO_TIMEOUT) return IO_SSL; | |
195 | if (err != IO_DONE) return err; | |
196 | break; | |
197 | case SSL_ERROR_SYSCALL: | |
198 | if (ERR_peek_error()) { | |
199 | ssl->error = SSL_ERROR_SSL; | |
200 | return IO_SSL; | |
201 | } | |
202 | if (err == 0) | |
203 | return IO_CLOSED; | |
204 | return socket_error(); | |
205 | default: | |
206 | return IO_SSL; | |
207 | } | |
208 | } | |
209 | return IO_UNKNOWN; | |
210 | } | |
211 | ||
212 | /** | |
213 | * Create a new TLS/SSL object and mark it as new. | |
214 | */ | |
215 | static int meth_create(lua_State *L) | |
216 | { | |
217 | p_ssl ssl; | |
218 | int mode = ctx_getmode(L, 1); | |
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
219 | p_context ctx = checkctx(L, 1); |
0 | 220 | |
221 | if (mode == MD_CTX_INVALID) { | |
222 | lua_pushnil(L); | |
223 | lua_pushstring(L, "invalid mode"); | |
224 | return 2; | |
225 | } | |
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
226 | if (luasec_ssl_idx == -1) { |
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
227 | luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec ssl context", NULL, NULL, NULL); |
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
228 | if (luasec_ssl_idx == -1) { |
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
229 | lua_pushnil(L); |
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
230 | lua_pushstring(L, "error creating luasec SSL index"); |
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
231 | return 2; |
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
232 | } |
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
233 | } |
0 | 234 | ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl)); |
235 | if (!ssl) { | |
236 | lua_pushnil(L); | |
237 | lua_pushstring(L, "error creating SSL object"); | |
238 | return 2; | |
239 | } | |
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
240 | ssl->ssl = SSL_new(ctx->context); |
0 | 241 | if (!ssl->ssl) { |
242 | lua_pushnil(L); | |
243 | lua_pushstring(L, "error creating SSL object"); | |
244 | return 2;; | |
245 | } | |
246 | ssl->state = ST_SSL_NEW; | |
247 | SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); | |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
248 | SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | |
0 | 249 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
2
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
250 | |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
251 | #ifdef SSL_MODE_RELEASE_BUFFERS |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
252 | SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
253 | #endif |
0cfca30f1ce3
ssl.c: Set SSL_MODE_RELEASE_BUFFERS mode when supported
Matthew Wild <mwild1@gmail.com>
parents:
0
diff
changeset
|
254 | |
38
4ecd7b0e67ea
Clean up the ex_data callers
Paul Aurich <paul@darkrain42.org>
parents:
37
diff
changeset
|
255 | SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
256 | ssl->t_cert_errors = LUA_NOREF; |
34
510432315106
verify: Flag to ignore 'invalid purpose' errors on end cert
Paul Aurich <paul@darkrain42.org>
parents:
31
diff
changeset
|
257 | |
0 | 258 | if (mode == MD_CTX_SERVER) |
259 | SSL_set_accept_state(ssl->ssl); | |
260 | else | |
261 | SSL_set_connect_state(ssl->ssl); | |
262 | ||
263 | io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, | |
264 | (p_error) ssl_ioerror, ssl); | |
265 | timeout_init(&ssl->tm, -1, -1); | |
266 | buffer_init(&ssl->buf, &ssl->io, &ssl->tm); | |
267 | ||
268 | luaL_getmetatable(L, "SSL:Connection"); | |
269 | lua_setmetatable(L, -2); | |
270 | return 1; | |
271 | } | |
272 | ||
273 | /** | |
274 | * Buffer send function | |
275 | */ | |
276 | static int meth_send(lua_State *L) { | |
277 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
278 | return buffer_meth_send(L, &ssl->buf); | |
279 | } | |
280 | ||
281 | /** | |
282 | * Buffer receive function | |
283 | */ | |
284 | static int meth_receive(lua_State *L) { | |
285 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
286 | return buffer_meth_receive(L, &ssl->buf); | |
287 | } | |
288 | ||
289 | /** | |
290 | * Select support methods | |
291 | */ | |
292 | static int meth_getfd(lua_State *L) | |
293 | { | |
294 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
295 | lua_pushnumber(L, ssl->sock); | |
296 | return 1; | |
297 | } | |
298 | ||
299 | /** | |
300 | * Set the TLS/SSL file descriptor. | |
301 | * This is done *before* the handshake. | |
302 | */ | |
303 | static int meth_setfd(lua_State *L) | |
304 | { | |
305 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
306 | if (ssl->state != ST_SSL_NEW) | |
307 | luaL_argerror(L, 1, "invalid SSL object state"); | |
308 | ssl->sock = luaL_checkint(L, 2); | |
309 | socket_setnonblocking(&ssl->sock); | |
310 | SSL_set_fd(ssl->ssl, (int)ssl->sock); | |
311 | return 0; | |
312 | } | |
313 | ||
314 | /** | |
315 | * Lua handshake function. | |
316 | */ | |
317 | static int meth_handshake(lua_State *L) | |
318 | { | |
319 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
320 | int err = handshake(ssl); | |
321 | if (err == IO_DONE) { | |
322 | lua_pushboolean(L, 1); | |
323 | return 1; | |
324 | } | |
325 | lua_pushboolean(L, 0); | |
326 | lua_pushstring(L, ssl_ioerror((void*)ssl, err)); | |
327 | return 2; | |
328 | } | |
329 | ||
330 | /** | |
331 | * Close the connection. | |
332 | */ | |
333 | static int meth_close(lua_State *L) | |
334 | { | |
335 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
336 | meth_destroy(L); | |
337 | ssl->state = ST_SSL_CLOSED; | |
338 | return 0; | |
339 | } | |
340 | ||
341 | /** | |
342 | * Set timeout. | |
343 | */ | |
344 | static int meth_settimeout(lua_State *L) | |
345 | { | |
346 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
347 | return timeout_meth_settimeout(L, &ssl->tm); | |
348 | } | |
349 | ||
350 | /** | |
351 | * Check if there is data in the buffer. | |
352 | */ | |
353 | static int meth_dirty(lua_State *L) | |
354 | { | |
355 | int res = 0; | |
356 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
357 | if (ssl->state != ST_SSL_CLOSED) | |
358 | res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl); | |
359 | lua_pushboolean(L, res); | |
360 | return 1; | |
361 | } | |
362 | ||
363 | /** | |
364 | * Return the state information about the SSL object. | |
365 | */ | |
366 | static int meth_want(lua_State *L) | |
367 | { | |
368 | p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection"); | |
369 | int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl); | |
370 | switch(code) { | |
371 | case SSL_NOTHING: lua_pushstring(L, "nothing"); break; | |
372 | case SSL_READING: lua_pushstring(L, "read"); break; | |
373 | case SSL_WRITING: lua_pushstring(L, "write"); break; | |
374 | case SSL_X509_LOOKUP: lua_pushstring(L, "x509lookup"); break; | |
375 | } | |
376 | return 1; | |
377 | } | |
378 | ||
379 | /** | |
380 | * Return a pointer to SSL structure. | |
381 | */ | |
382 | static int meth_rawconn(lua_State *L) | |
383 | { | |
384 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); | |
385 | lua_pushlightuserdata(L, (void*)ssl->ssl); | |
386 | return 1; | |
387 | } | |
388 | ||
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
389 | /** |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
390 | * Return the compression method used. |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
391 | */ |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
392 | static int meth_compression(lua_State *L) |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
393 | { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
394 | const COMP_METHOD *comp; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
395 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
396 | comp = SSL_get_current_compression(ssl->ssl); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
397 | if (comp) { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
398 | lua_pushstring(L, SSL_COMP_get_name(comp)); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
399 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
400 | } else { |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
401 | lua_pushboolean(L, 0); |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
402 | return 1; |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
403 | } |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
404 | } |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
405 | |
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
406 | /** |
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
407 | * Return the validation state of the peer chain |
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
408 | */ |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
409 | static int meth_getpeerverification(lua_State *L) |
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
410 | { |
40
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
411 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
412 | |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
413 | lua_pushboolean(L, SSL_get_verify_result(ssl->ssl) == X509_V_OK); |
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
414 | lua_rawgeti(L, LUA_REGISTRYINDEX, ssl->t_cert_errors); |
40
85d59ac3328b
ssl: Fix indentation (not sure how this happened)
Paul Aurich <paul@darkrain42.org>
parents:
38
diff
changeset
|
415 | return 2; |
30
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
416 | } |
36ed99e1ce1e
ssl.core, context: Add ability to verify and continue, retrieve verification result
Paul Aurich <paul@darkrain42.org>
parents:
21
diff
changeset
|
417 | |
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
418 | static void luasec_push_cert(lua_State *L, X509 *cert) |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
419 | { |
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
420 | if (cert == NULL) { |
14
1927b7b32faf
Split X509 decoding into a separate module, ssl.x509
Matthew Wild <mwild1@gmail.com>
parents:
13
diff
changeset
|
421 | lua_pushnil(L); |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
422 | } |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
423 | else |
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
424 | { |
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
425 | luasec_push_x509(L, cert); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
426 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
427 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
428 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
429 | /** |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
430 | * Return the nth certificate of the peer's chain. |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
431 | */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
432 | static int meth_getpeercertificate(lua_State *L) |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
433 | { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
434 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
435 | int n = luaL_optint(L, 2, 1); /* Default to the first cert */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
436 | STACK_OF(X509) *certs; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
437 | X509 *cert; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
438 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
439 | /* This function is 1-based, but OpenSSL is 0-based */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
440 | --n; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
441 | if (n < 0) { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
442 | lua_pushnil(L); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
443 | lua_pushliteral(L, "n must be positive"); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
444 | return 2; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
445 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
446 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
447 | if (n == 0) { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
448 | luasec_push_cert(L, SSL_get_peer_certificate(ssl->ssl)); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
449 | return 1; |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
450 | } |
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
451 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
452 | /* |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
453 | * In a server-context, the stack doesn't contain the peer cert, so |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
454 | * adjust accordingly. |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
455 | */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
456 | if (ssl->ssl->server) |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
457 | --n; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
458 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
459 | certs = SSL_get_peer_cert_chain(ssl->ssl); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
460 | if (n >= sk_X509_num(certs)) { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
461 | lua_pushnil(L); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
462 | lua_pushliteral(L, "no certificate at this index"); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
463 | return 2; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
464 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
465 | cert = sk_X509_value(certs, n); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
466 | /* Locking...the same as in SSL_get_peer_certificate */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
467 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
468 | luasec_push_cert(L, cert); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
469 | return 1; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
470 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
471 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
472 | static int meth_getpeerchain(lua_State *L) |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
473 | { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
474 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
475 | STACK_OF(X509) *certs; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
476 | int n_certs, i; |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
477 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
478 | lua_newtable(L); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
479 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
480 | if (ssl->ssl->server) { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
481 | luasec_push_cert(L, SSL_get_peer_certificate(ssl->ssl)); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
482 | lua_rawseti(L, -2, 1); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
483 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
484 | |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
485 | certs = SSL_get_peer_cert_chain(ssl->ssl); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
486 | n_certs = sk_X509_num(certs); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
487 | for (i = 0; i < n_certs; ++i) { |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
488 | X509 *cert = sk_X509_value(certs, i); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
489 | /* Locking...the same as in SSL_get_peer_certificate */ |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
490 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
491 | luasec_push_cert(L, cert); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
492 | lua_rawseti(L, -2, lua_objlen(L, -2)+1); |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
493 | } |
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
494 | |
7
da3cf40976f6
Modify :getpeercertificate() to return a decoded certificate (subject only at the moment)
Matthew Wild <mwild1@gmail.com>
parents:
6
diff
changeset
|
495 | return 1; |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
496 | } |
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
497 | |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
498 | static int meth_getfinished(lua_State *L) |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
499 | { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
500 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
501 | SSL *conn = ssl->ssl; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
502 | char *buffer = NULL; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
503 | size_t len = 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
504 | if ((len = SSL_get_finished(conn, NULL, 0)) != 0) { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
505 | buffer = malloc(len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
506 | if (buffer == NULL) return 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
507 | len = SSL_get_finished(conn, buffer, len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
508 | lua_pushlstring(L, buffer, len); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
509 | free(buffer); |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
510 | return 1; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
511 | } else { |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
512 | return 0; |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
513 | } |
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
514 | } |
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
515 | |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
516 | static int meth_getpeerfinished(lua_State *L) |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
517 | { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
518 | p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
519 | SSL *conn = ssl->ssl; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
520 | char *buffer = NULL; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
521 | size_t len = 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
522 | if ((len = SSL_get_peer_finished(conn, NULL, 0)) != 0) { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
523 | buffer = malloc(len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
524 | if (buffer == NULL) return 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
525 | len = SSL_get_peer_finished(conn, buffer, len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
526 | lua_pushlstring(L, buffer, len); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
527 | free(buffer); |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
528 | return 1; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
529 | } else { |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
530 | return 0; |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
531 | } |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
532 | } |
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
533 | |
0 | 534 | /*---------------------------------------------------------------------------*/ |
535 | ||
536 | ||
537 | /** | |
538 | * SSL metamethods | |
539 | */ | |
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
540 | static luaL_Reg methods[] = { |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
541 | {"close", meth_close}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
542 | {"getfd", meth_getfd}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
543 | {"dirty", meth_dirty}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
544 | {"dohandshake", meth_handshake}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
545 | {"receive", meth_receive}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
546 | {"send", meth_send}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
547 | {"settimeout", meth_settimeout}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
548 | {"want", meth_want}, |
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
549 | {"compression", meth_compression}, |
4
718837c61318
Add :getpeercertificate() method to get peer's certificate
Tobias Markmann <tm@ayena.de>
parents:
3
diff
changeset
|
550 | {"getpeercertificate",meth_getpeercertificate}, |
37
8904bda2369f
ssl: getpeercertificate(n) and getpeerchain()
Paul Aurich <paul@darkrain42.org>
parents:
34
diff
changeset
|
551 | {"getpeerchain", meth_getpeerchain}, |
41
e26f1f91118a
Fix the verification function so it doesn't pass for everyone on invalid purpose errors.
Paul Aurich <paul@darkrain42.org>
parents:
40
diff
changeset
|
552 | {"getpeerverification", meth_getpeerverification}, |
5
2d5a8f963181
Add :getfinished() method to get local TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
4
diff
changeset
|
553 | {"getfinished", meth_getfinished}, |
6
d559a15eeb40
Add :getpeerfinished() connection method to get peer's TLS Finished message
Tobias Markmann <tm@ayena.de>
parents:
5
diff
changeset
|
554 | {"getpeerfinished", meth_getpeerfinished}, |
3
bd2b1836f0ba
Add :compression() connection method to get the compression method in use (if any)
Tobias Markmann <tm@ayena.de>
parents:
2
diff
changeset
|
555 | {NULL, NULL} |
0 | 556 | }; |
557 | ||
558 | /** | |
559 | * SSL functions | |
560 | */ | |
561 | static luaL_Reg funcs[] = { | |
562 | {"create", meth_create}, | |
563 | {"setfd", meth_setfd}, | |
564 | {"rawconnection", meth_rawconn}, | |
565 | {NULL, NULL} | |
566 | }; | |
567 | ||
568 | /** | |
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
569 | * Context metamethods. |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
570 | */ |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
571 | static luaL_Reg meta[] = { |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
572 | {"__gc", meth_destroy}, |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
573 | {"__tostring", meth_tostring}, |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
574 | {NULL, NULL} |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
575 | }; |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
576 | |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
577 | /** |
0 | 578 | * Initialize modules |
579 | */ | |
580 | LUASEC_API int luaopen_ssl_core(lua_State *L) | |
581 | { | |
582 | /* Initialize SSL */ | |
583 | if (!SSL_library_init()) { | |
584 | lua_pushstring(L, "unable to initialize SSL library"); | |
585 | lua_error(L); | |
586 | } | |
587 | SSL_load_error_strings(); | |
588 | ||
589 | /* Initialize internal library */ | |
590 | socket_open(); | |
13
ebe0d286481c
src/ssl.c: Fix minor typo and whitespace
Matthew Wild <mwild1@gmail.com>
parents:
12
diff
changeset
|
591 | |
ebe0d286481c
src/ssl.c: Fix minor typo and whitespace
Matthew Wild <mwild1@gmail.com>
parents:
12
diff
changeset
|
592 | /* Register the functions and tables */ |
0 | 593 | luaL_newmetatable(L, "SSL:Connection"); |
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
594 | luaL_register(L, NULL, meta); |
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
595 | |
0 | 596 | lua_newtable(L); |
31
87625285de20
ssl.core: Add __tostring metamethod
Paul Aurich <paul@darkrain42.org>
parents:
30
diff
changeset
|
597 | luaL_register(L, NULL, methods); |
0 | 598 | lua_setfield(L, -2, "__index"); |
599 | ||
600 | luaL_register(L, "ssl.core", funcs); | |
601 | lua_pushnumber(L, SOCKET_INVALID); | |
602 | lua_setfield(L, -2, "invalidfd"); | |
603 | ||
604 | return 1; | |
605 | } | |
606 |