Mercurial > luasec-hg / changeset

--- a/src/context.c	Sun Dec 05 23:45:10 2010 -0800
+++ b/src/context.c	Sun Dec 05 23:45:57 2010 -0800
@@ -19,7 +19,10 @@
 };
 typedef struct ssl_option_s ssl_option_t;

-int luasec_ssl_idx = -1;
+/* index into the SSL storage where the context is.
+ * see SSL_CTX_get_ex_data().
+ */
+static int luasec_sslctx_idx = -1;

 /* The export DH key */
 static DH *dh_512    = NULL;
@@ -227,6 +230,14 @@
   p_context ctx;
   SSL_METHOD *method;

+  if (luasec_sslctx_idx == -1) {
+    luasec_sslctx_idx = SSL_CTX_get_ex_new_index(0, "luasec sslctx context", NULL, NULL, NULL);
+    if (luasec_sslctx_idx == -1) {
+      lua_pushnil(L);
+      lua_pushstring(L, "error creating luasec SSL index");
+      return 2;
+    }
+  }
   method = str2method(luaL_checkstring(L, 1));
   if (!method) {
     lua_pushnil(L);
@@ -254,6 +265,8 @@
    * for server mode, but clearer to put it here rather than set_mode.
    */
   SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb);
+  SSL_CTX_set_ex_data(ctx->context, luasec_sslctx_idx, ctx);
+
   luaL_getmetatable(L, "SSL:Context");
   lua_setmetatable(L, -2);
   return 1;
@@ -392,17 +405,19 @@

 int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
+  SSL_CTX *context;
   SSL *ssl;
-  p_context ctx = NULL;
+  p_context l_ctx;

   /* Short-circuit optimization */
   if (preverify_ok)
     return 1;

   ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
-  ctx = SSL_get_ex_data(ssl, luasec_ssl_idx);
+  context = ssl->ctx;
+  l_ctx = SSL_CTX_get_ex_data(context, luasec_sslctx_idx);

-  if (ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) {
+  if (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) {
     int err, depth;

     err = X509_STORE_CTX_get_error(x509_ctx);
@@ -414,7 +429,7 @@
       preverify_ok = 1;
     }
   }
-  return (ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok);
+  return (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok);
 }

 /**
--- a/src/context.h	Sun Dec 05 23:45:10 2010 -0800
+++ b/src/context.h	Sun Dec 05 23:45:57 2010 -0800
@@ -31,11 +31,6 @@
 } t_context;
 typedef t_context* p_context;

-/* index into the SSL storage where the context is.
- * see SSL_get_ex_data().
- */
-extern int luasec_ssl_idx;
-
 p_context checkctx(lua_State *L, int idx);
 /* Retrieve the SSL context from the Lua stack */
 SSL_CTX *ctx_getcontext(lua_State *L, int idx);
--- a/src/ssl.c	Sun Dec 05 23:45:10 2010 -0800
+++ b/src/ssl.c	Sun Dec 05 23:45:57 2010 -0800
@@ -20,6 +20,11 @@
 #include "ssl.h"
 #include "x509.h"

+/* index into the SSL storage where the t_ssl is.
+ * see SSL_get_ex_data().
+ */
+ static int luasec_ssl_idx;
+
 /**
  * Map error code into string.
  */
@@ -217,7 +222,7 @@
     return 2;
   }
   if (luasec_ssl_idx == -1) {
-    luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec context", NULL, NULL, NULL);
+    luasec_ssl_idx = SSL_get_ex_new_index(0, "luasec ssl context", NULL, NULL, NULL);
     if (luasec_ssl_idx == -1) {
       lua_pushnil(L);
       lua_pushstring(L, "error creating luasec SSL index");
@@ -245,7 +250,7 @@
   SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
 #endif

-  SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ctx);
+  SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl);

   if (mode == MD_CTX_SERVER)
     SSL_set_accept_state(ssl->ssl);
src/context.c		file \| annotate \| diff \| comparison \| revisions
src/context.h		file \| annotate \| diff \| comparison \| revisions
src/ssl.c		file \| annotate \| diff \| comparison \| revisions