21 #include "x509.h" |
21 #include "x509.h" |
22 |
22 |
23 /* index into the SSL storage where the t_ssl is. |
23 /* index into the SSL storage where the t_ssl is. |
24 * see SSL_get_ex_data(). |
24 * see SSL_get_ex_data(). |
25 */ |
25 */ |
26 static int luasec_ssl_idx; |
26 int luasec_ssl_idx; |
27 |
27 |
28 /** |
28 /** |
29 * Map error code into string. |
29 * Map error code into string. |
30 */ |
30 */ |
31 static const char *ssl_ioerror(void *ctx, int err) |
31 static const char *ssl_ioerror(void *ctx, int err) |
249 #ifdef SSL_MODE_RELEASE_BUFFERS |
251 #ifdef SSL_MODE_RELEASE_BUFFERS |
250 SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
252 SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
251 #endif |
253 #endif |
252 |
254 |
253 SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); |
255 SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); |
|
256 ssl->t_cert_errors = LUA_NOREF; |
254 |
257 |
255 if (mode == MD_CTX_SERVER) |
258 if (mode == MD_CTX_SERVER) |
256 SSL_set_accept_state(ssl->ssl); |
259 SSL_set_accept_state(ssl->ssl); |
257 else |
260 else |
258 SSL_set_connect_state(ssl->ssl); |
261 SSL_set_connect_state(ssl->ssl); |
401 } |
404 } |
402 |
405 |
403 /** |
406 /** |
404 * Return the validation state of the peer chain |
407 * Return the validation state of the peer chain |
405 */ |
408 */ |
406 static int meth_getpeerchainvalid(lua_State *L) |
409 static int meth_getpeerverification(lua_State *L) |
407 { |
410 { |
408 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
411 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
409 long result = SSL_get_verify_result(ssl->ssl); |
412 |
410 |
413 lua_pushboolean(L, SSL_get_verify_result(ssl->ssl) == X509_V_OK); |
411 if (result == X509_V_OK) { |
414 lua_rawgeti(L, LUA_REGISTRYINDEX, ssl->t_cert_errors); |
412 lua_pushboolean(L, 1); |
|
413 return 1; |
|
414 } |
|
415 |
|
416 lua_pushboolean(L, 0); |
|
417 lua_pushstring(L, X509_verify_cert_error_string(result)); |
|
418 return 2; |
415 return 2; |
419 } |
416 } |
420 |
417 |
421 static void luasec_push_cert(lua_State *L, X509 *cert) |
418 static void luasec_push_cert(lua_State *L, X509 *cert) |
422 { |
419 { |
550 {"settimeout", meth_settimeout}, |
547 {"settimeout", meth_settimeout}, |
551 {"want", meth_want}, |
548 {"want", meth_want}, |
552 {"compression", meth_compression}, |
549 {"compression", meth_compression}, |
553 {"getpeercertificate",meth_getpeercertificate}, |
550 {"getpeercertificate",meth_getpeercertificate}, |
554 {"getpeerchain", meth_getpeerchain}, |
551 {"getpeerchain", meth_getpeerchain}, |
555 {"getpeerchainvalid", meth_getpeerchainvalid}, |
552 {"getpeerverification", meth_getpeerverification}, |
556 {"getfinished", meth_getfinished}, |
553 {"getfinished", meth_getfinished}, |
557 {"getpeerfinished", meth_getpeerfinished}, |
554 {"getpeerfinished", meth_getpeerfinished}, |
558 {NULL, NULL} |
555 {NULL, NULL} |
559 }; |
556 }; |
560 |
557 |