diff -r 8904bda2369f -r 4ecd7b0e67ea src/context.c --- a/src/context.c Sun Dec 05 23:45:10 2010 -0800 +++ b/src/context.c Sun Dec 05 23:45:57 2010 -0800 @@ -19,7 +19,10 @@ }; typedef struct ssl_option_s ssl_option_t; -int luasec_ssl_idx = -1; +/* index into the SSL storage where the context is. + * see SSL_CTX_get_ex_data(). + */ +static int luasec_sslctx_idx = -1; /* The export DH key */ static DH *dh_512 = NULL; @@ -227,6 +230,14 @@ p_context ctx; SSL_METHOD *method; + if (luasec_sslctx_idx == -1) { + luasec_sslctx_idx = SSL_CTX_get_ex_new_index(0, "luasec sslctx context", NULL, NULL, NULL); + if (luasec_sslctx_idx == -1) { + lua_pushnil(L); + lua_pushstring(L, "error creating luasec SSL index"); + return 2; + } + } method = str2method(luaL_checkstring(L, 1)); if (!method) { lua_pushnil(L); @@ -254,6 +265,8 @@ * for server mode, but clearer to put it here rather than set_mode. */ SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb); + SSL_CTX_set_ex_data(ctx->context, luasec_sslctx_idx, ctx); + luaL_getmetatable(L, "SSL:Context"); lua_setmetatable(L, -2); return 1; @@ -392,17 +405,19 @@ int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) { + SSL_CTX *context; SSL *ssl; - p_context ctx = NULL; + p_context l_ctx; /* Short-circuit optimization */ if (preverify_ok) return 1; ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - ctx = SSL_get_ex_data(ssl, luasec_ssl_idx); + context = ssl->ctx; + l_ctx = SSL_CTX_get_ex_data(context, luasec_sslctx_idx); - if (ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) { + if (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) { int err, depth; err = X509_STORE_CTX_get_error(x509_ctx); @@ -414,7 +429,7 @@ preverify_ok = 1; } } - return (ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok); + return (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok); } /**