421 * Set the handshake verify options. |
421 * Set the handshake verify options. |
422 */ |
422 */ |
423 static int set_verify(lua_State *L) |
423 static int set_verify(lua_State *L) |
424 { |
424 { |
425 int i; |
425 int i; |
426 int flag = 0; |
426 int flag = 0, vflag = 0; |
427 int ignore_errors = 0; |
427 int ignore_errors = 0; |
428 p_context ctx = checkctx(L, 1); |
428 p_context ctx = checkctx(L, 1); |
429 int max = lua_gettop(L); |
429 int max = lua_gettop(L); |
430 /* any flag? */ |
430 /* any flag? */ |
431 if (max > 1) { |
431 if (max > 1) { |
435 if (!strcmp(s, "continue")) { |
435 if (!strcmp(s, "continue")) { |
436 ctx->verify_flags |= LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE; |
436 ctx->verify_flags |= LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE; |
437 ignore_errors = 1; |
437 ignore_errors = 1; |
438 } else if (!strcmp(s, "ignore_purpose")) { |
438 } else if (!strcmp(s, "ignore_purpose")) { |
439 ctx->verify_flags |= LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE; |
439 ctx->verify_flags |= LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE; |
|
440 } else if (!strcmp(s, "crl_check")) { |
|
441 vflag |= X509_V_FLAG_CRL_CHECK; |
|
442 } else if (!strcmp(s, "crl_check_chain")) { |
|
443 vflag |= X509_V_FLAG_CRL_CHECK_ALL; |
440 } else if (!set_verify_flag(s, &flag)) { |
444 } else if (!set_verify_flag(s, &flag)) { |
441 lua_pushboolean(L, 0); |
445 lua_pushboolean(L, 0); |
442 lua_pushstring(L, "invalid verify option"); |
446 lua_pushstring(L, "invalid verify option"); |
443 return 2; |
447 return 2; |
444 } |
448 } |
445 } |
449 } |
446 SSL_CTX_set_verify(ctx->context, flag, ctx->verify_flags ? verify_cb : NULL); |
450 SSL_CTX_set_verify(ctx->context, flag, ctx->verify_flags ? verify_cb : NULL); |
|
451 if(vflag) |
|
452 { |
|
453 X509_STORE *store = SSL_CTX_get_cert_store(ctx->context); |
|
454 X509_STORE_set_flags(store, vflag); |
|
455 } |
447 } |
456 } |
448 lua_pushboolean(L, 1); |
457 lua_pushboolean(L, 1); |
449 return 1; |
458 return 1; |
450 } |
459 } |
451 |
460 |