# HG changeset patch # User Paul Aurich # Date 1291621557 28800 # Node ID 4ecd7b0e67eae3be06fc57cc38080c3d3601364f # Parent 8904bda2369fdd24273086cea2e68d613b48456e Clean up the ex_data callers The best explanation I can come up with here is that I totally missed the existence of SSL_[gs]et_ex_data... diff -r 8904bda2369f -r 4ecd7b0e67ea src/context.c --- a/src/context.c Sun Dec 05 23:45:10 2010 -0800 +++ b/src/context.c Sun Dec 05 23:45:57 2010 -0800 @@ -19,7 +19,10 @@ }; typedef struct ssl_option_s ssl_option_t; -int luasec_ssl_idx = -1; +/* index into the SSL storage where the context is. + * see SSL_CTX_get_ex_data(). + */ +static int luasec_sslctx_idx = -1; /* The export DH key */ static DH *dh_512 = NULL; @@ -227,6 +230,14 @@ p_context ctx; SSL_METHOD *method; + if (luasec_sslctx_idx == -1) { + luasec_sslctx_idx = SSL_CTX_get_ex_new_index(0, "luasec sslctx context", NULL, NULL, NULL); + if (luasec_sslctx_idx == -1) { + lua_pushnil(L); + lua_pushstring(L, "error creating luasec SSL index"); + return 2; + } + } method = str2method(luaL_checkstring(L, 1)); if (!method) { lua_pushnil(L); @@ -254,6 +265,8 @@ * for server mode, but clearer to put it here rather than set_mode. */ SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb); + SSL_CTX_set_ex_data(ctx->context, luasec_sslctx_idx, ctx); + luaL_getmetatable(L, "SSL:Context"); lua_setmetatable(L, -2); return 1; @@ -392,17 +405,19 @@ int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) { + SSL_CTX *context; SSL *ssl; - p_context ctx = NULL; + p_context l_ctx; /* Short-circuit optimization */ if (preverify_ok) return 1; ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - ctx = SSL_get_ex_data(ssl, luasec_ssl_idx); + context = ssl->ctx; + l_ctx = SSL_CTX_get_ex_data(context, luasec_sslctx_idx); - if (ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) { + if (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) { int err, depth; err = X509_STORE_CTX_get_error(x509_ctx); @@ -414,7 +429,7 @@ preverify_ok = 1; } } - return (ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok); + return (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok); } /** diff -r 8904bda2369f -r 4ecd7b0e67ea src/context.h --- a/src/context.h Sun Dec 05 23:45:10 2010 -0800 +++ b/src/context.h Sun Dec 05 23:45:57 2010 -0800 @@ -31,11 +31,6 @@ } t_context; typedef t_context* p_context; -/* index into the SSL storage where the context is. - * see SSL_get_ex_data(). - */ -extern int luasec_ssl_idx; - p_context checkctx(lua_State *L, int idx); /* Retrieve the SSL context from the Lua stack */ SSL_CTX *ctx_getcontext(lua_State *L, int idx); diff -r 8904bda2369f -r 4ecd7b0e67ea src/ssl.c --- a/src/ssl.c Sun Dec 05 23:45:10 2010 -0800 +++ b/src/ssl.c Sun Dec 05 23:45:57 2010 -0800 @@ -20,6 +20,11 @@ #include "ssl.h" #include "x509.h" +/* index into the SSL storage where the t_ssl is. + * see SSL_get_ex_data(). + */ + static int luasec_ssl_idx; + /** * Map error code into string. */ @@ -217,7 +222,7 @@ return 2; } if (luasec_ssl_idx == -1) { - luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec context", NULL, NULL, NULL); + luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec ssl context", NULL, NULL, NULL); if (luasec_ssl_idx == -1) { lua_pushnil(L); lua_pushstring(L, "error creating luasec SSL index"); @@ -245,7 +250,7 @@ SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); #endif - SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ctx); + SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl); if (mode == MD_CTX_SERVER) SSL_set_accept_state(ssl->ssl);