comparison: src/ssl.c
src/ssl.c
- changeset 41
- e26f1f91118a
- parent 40
- 85d59ac3328b
equal
deleted
inserted
replaced
| 40:85d59ac3328b | 41:e26f1f91118a |
|---|---|
| 21 #include "x509.h" | 21 #include "x509.h" |
| 22 | 22 |
| 23 /* index into the SSL storage where the t_ssl is. | 23 /* index into the SSL storage where the t_ssl is. |
| 24 * see SSL_get_ex_data(). | 24 * see SSL_get_ex_data(). |
| 25 */ | 25 */ |
| 26 static int luasec_ssl_idx; | 26 int luasec_ssl_idx; |
| 27 | 27 |
| 28 /** | 28 /** |
| 29 * Map error code into string. | 29 * Map error code into string. |
| 30 */ | 30 */ |
| 31 static const char *ssl_ioerror(void *ctx, int err) | 31 static const char *ssl_ioerror(void *ctx, int err) |
| 59 SSL_shutdown(ssl->ssl); | 59 SSL_shutdown(ssl->ssl); |
| 60 socket_destroy(&ssl->sock); | 60 socket_destroy(&ssl->sock); |
| 61 SSL_free(ssl->ssl); | 61 SSL_free(ssl->ssl); |
| 62 ssl->ssl = NULL; | 62 ssl->ssl = NULL; |
| 63 } | 63 } |
| 64 luaL_unref(L, LUA_REGISTRYINDEX, ssl->t_cert_errors); | |
| 65 ssl->t_cert_errors = LUA_NOREF; | |
| 64 return 0; | 66 return 0; |
| 65 } | 67 } |
| 66 | 68 |
| 67 /** | 69 /** |
| 68 * Object information -- tostring metamethod | 70 * Object information -- tostring metamethod |
| 249 #ifdef SSL_MODE_RELEASE_BUFFERS | 251 #ifdef SSL_MODE_RELEASE_BUFFERS |
| 250 SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); | 252 SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); |
| 251 #endif | 253 #endif |
| 252 | 254 |
| 253 SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); | 255 SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); |
| 256 ssl->t_cert_errors = LUA_NOREF; | |
| 254 | 257 |
| 255 if (mode == MD_CTX_SERVER) | 258 if (mode == MD_CTX_SERVER) |
| 256 SSL_set_accept_state(ssl->ssl); | 259 SSL_set_accept_state(ssl->ssl); |
| 257 else | 260 else |
| 258 SSL_set_connect_state(ssl->ssl); | 261 SSL_set_connect_state(ssl->ssl); |
| 401 } | 404 } |
| 402 | 405 |
| 403 /** | 406 /** |
| 404 * Return the validation state of the peer chain | 407 * Return the validation state of the peer chain |
| 405 */ | 408 */ |
| 406 static int meth_getpeerchainvalid(lua_State *L) | 409 static int meth_getpeerverification(lua_State *L) |
| 407 { | 410 { |
| 408 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); | 411 p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); |
| 409 long result = SSL_get_verify_result(ssl->ssl); | 412 |
| 410 | 413 lua_pushboolean(L, SSL_get_verify_result(ssl->ssl) == X509_V_OK); |
| 411 if (result == X509_V_OK) { | 414 lua_rawgeti(L, LUA_REGISTRYINDEX, ssl->t_cert_errors); |
| 412 lua_pushboolean(L, 1); | |
| 413 return 1; | |
| 414 } | |
| 415 | |
| 416 lua_pushboolean(L, 0); | |
| 417 lua_pushstring(L, X509_verify_cert_error_string(result)); | |
| 418 return 2; | 415 return 2; |
| 419 } | 416 } |
| 420 | 417 |
| 421 static void luasec_push_cert(lua_State *L, X509 *cert) | 418 static void luasec_push_cert(lua_State *L, X509 *cert) |
| 422 { | 419 { |
| 550 {"settimeout", meth_settimeout}, | 547 {"settimeout", meth_settimeout}, |
| 551 {"want", meth_want}, | 548 {"want", meth_want}, |
| 552 {"compression", meth_compression}, | 549 {"compression", meth_compression}, |
| 553 {"getpeercertificate",meth_getpeercertificate}, | 550 {"getpeercertificate",meth_getpeercertificate}, |
| 554 {"getpeerchain", meth_getpeerchain}, | 551 {"getpeerchain", meth_getpeerchain}, |
| 555 {"getpeerchainvalid", meth_getpeerchainvalid}, | 552 {"getpeerverification", meth_getpeerverification}, |
| 556 {"getfinished", meth_getfinished}, | 553 {"getfinished", meth_getfinished}, |
| 557 {"getpeerfinished", meth_getpeerfinished}, | 554 {"getpeerfinished", meth_getpeerfinished}, |
| 558 {NULL, NULL} | 555 {NULL, NULL} |
| 559 }; | 556 }; |
| 560 | 557 |
