Mercurial > luasec-hg / file comparison

comparison: src/context.c

src/context.c

changeset 38
4ecd7b0e67ea
parent 36
96f23601ce7a
child 41
e26f1f91118a
equal deleted inserted replaced
37:8904bda2369f 38:4ecd7b0e67ea
17 const char *name; 17 const char *name;
18 unsigned long code; 18 unsigned long code;
19 }; 19 };
20 typedef struct ssl_option_s ssl_option_t; 20 typedef struct ssl_option_s ssl_option_t;
21 21
22 int luasec_ssl_idx = -1; 22 /* index into the SSL storage where the context is.
23 * see SSL_CTX_get_ex_data().
24 */
25 static int luasec_sslctx_idx = -1;
23 26
24 /* The export DH key */ 27 /* The export DH key */
25 static DH *dh_512 = NULL; 28 static DH *dh_512 = NULL;
26 /* The larger key (builtin is 2048, caller may specify larger) */ 29 /* The larger key (builtin is 2048, caller may specify larger) */
27 static DH *dh_larger = NULL; 30 static DH *dh_larger = NULL;
225 static int create(lua_State *L) 228 static int create(lua_State *L)
226 { 229 {
227 p_context ctx; 230 p_context ctx;
228 SSL_METHOD *method; 231 SSL_METHOD *method;
229 232
233 if (luasec_sslctx_idx == -1) {
234 luasec_sslctx_idx = SSL_CTX_get_ex_new_index(0, "luasec sslctx context", NULL, NULL, NULL);
235 if (luasec_sslctx_idx == -1) {
236 lua_pushnil(L);
237 lua_pushstring(L, "error creating luasec SSL index");
238 return 2;
239 }
240 }
230 method = str2method(luaL_checkstring(L, 1)); 241 method = str2method(luaL_checkstring(L, 1));
231 if (!method) { 242 if (!method) {
232 lua_pushnil(L); 243 lua_pushnil(L);
233 lua_pushstring(L, "invalid protocol"); 244 lua_pushstring(L, "invalid protocol");
234 return 2; 245 return 2;
252 /* 263 /*
253 * Support ephemeral diffie-hellman key exchange. This is only needed 264 * Support ephemeral diffie-hellman key exchange. This is only needed
254 * for server mode, but clearer to put it here rather than set_mode. 265 * for server mode, but clearer to put it here rather than set_mode.
255 */ 266 */
256 SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb); 267 SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb);
268 SSL_CTX_set_ex_data(ctx->context, luasec_sslctx_idx, ctx);
269
257 luaL_getmetatable(L, "SSL:Context"); 270 luaL_getmetatable(L, "SSL:Context");
258 lua_setmetatable(L, -2); 271 lua_setmetatable(L, -2);
259 return 1; 272 return 1;
260 } 273 }
261 274
390 return 1; 403 return 1;
391 } 404 }
392 405
393 int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 406 int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
394 { 407 {
408 SSL_CTX *context;
395 SSL *ssl; 409 SSL *ssl;
396 p_context ctx = NULL; 410 p_context l_ctx;
397 411
398 /* Short-circuit optimization */ 412 /* Short-circuit optimization */
399 if (preverify_ok) 413 if (preverify_ok)
400 return 1; 414 return 1;
401 415
402 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); 416 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
403 ctx = SSL_get_ex_data(ssl, luasec_ssl_idx); 417 context = ssl->ctx;
404 418 l_ctx = SSL_CTX_get_ex_data(context, luasec_sslctx_idx);
405 if (ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) { 419
420 if (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) {
406 int err, depth; 421 int err, depth;
407 422
408 err = X509_STORE_CTX_get_error(x509_ctx); 423 err = X509_STORE_CTX_get_error(x509_ctx);
409 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 424 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
410 425
412 /* You see nothing! */ 427 /* You see nothing! */
413 X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); 428 X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
414 preverify_ok = 1; 429 preverify_ok = 1;
415 } 430 }
416 } 431 }
417 return (ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok); 432 return (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok);
418 } 433 }
419 434
420 /** 435 /**
421 * Set the handshake verify options. 436 * Set the handshake verify options.
422 */ 437 */

Mercurial Repository: luasec-hg

mercurial