diff options
author | William Ahern <william@25thandclement.com> | 2016-12-08 18:13:48 -0800 |
---|---|---|
committer | William Ahern <william@25thandclement.com> | 2016-12-08 18:13:48 -0800 |
commit | 66326ec384bfde94a999c12a696aa6e5402b6ff4 (patch) | |
tree | 8836a1a4ef28bf42c280056b8c012da26f19f4a6 | |
parent | 31b9ba81a28151f39efd8958092d70c51817f81e (diff) | |
parent | e9ecd299628b2af6a8aa74ce7956bb7ae902f69d (diff) | |
download | luaossl-66326ec384bfde94a999c12a696aa6e5402b6ff4.tar.gz luaossl-66326ec384bfde94a999c12a696aa6e5402b6ff4.tar.bz2 luaossl-66326ec384bfde94a999c12a696aa6e5402b6ff4.zip |
Merge branch 'daurnimator-74-bind-x509_verify_param'rel-20161208
-rw-r--r-- | src/GNUmakefile | 1 | ||||
-rw-r--r-- | src/openssl.c | 422 | ||||
-rw-r--r-- | src/openssl.x509.verify_param.lua | 1 |
3 files changed, 422 insertions, 2 deletions
diff --git a/src/GNUmakefile b/src/GNUmakefile index e7cb54d..015a93c 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile | |||
@@ -102,6 +102,7 @@ MODS$(1)_$(d) = \ | |||
102 | $$(DESTDIR)$(3)/openssl/x509/csr.lua \ | 102 | $$(DESTDIR)$(3)/openssl/x509/csr.lua \ |
103 | $$(DESTDIR)$(3)/openssl/x509/extension.lua \ | 103 | $$(DESTDIR)$(3)/openssl/x509/extension.lua \ |
104 | $$(DESTDIR)$(3)/openssl/x509/store.lua \ | 104 | $$(DESTDIR)$(3)/openssl/x509/store.lua \ |
105 | $$(DESTDIR)$(3)/openssl/x509/verify_param.lua \ | ||
105 | $$(DESTDIR)$(3)/openssl/pkcs12.lua \ | 106 | $$(DESTDIR)$(3)/openssl/pkcs12.lua \ |
106 | $$(DESTDIR)$(3)/openssl/ssl/context.lua \ | 107 | $$(DESTDIR)$(3)/openssl/ssl/context.lua \ |
107 | $$(DESTDIR)$(3)/openssl/ssl.lua \ | 108 | $$(DESTDIR)$(3)/openssl/ssl.lua \ |
diff --git a/src/openssl.c b/src/openssl.c index a92df1a..ef0c6a6 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
@@ -60,6 +60,7 @@ | |||
60 | #include <openssl/bn.h> | 60 | #include <openssl/bn.h> |
61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
63 | #include <openssl/x509_vfy.h> | ||
63 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
64 | #include <openssl/pkcs12.h> | 65 | #include <openssl/pkcs12.h> |
65 | #include <openssl/evp.h> | 66 | #include <openssl/evp.h> |
@@ -249,6 +250,10 @@ | |||
249 | #define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0) | 250 | #define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0) |
250 | #endif | 251 | #endif |
251 | 252 | ||
253 | #ifndef HAVE_SSL_CTX_GET0_PARAM | ||
254 | #define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2) | ||
255 | #endif | ||
256 | |||
252 | #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS | 257 | #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS |
253 | #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3)) | 258 | #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3)) |
254 | #endif | 259 | #endif |
@@ -261,16 +266,28 @@ | |||
261 | #define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */ | 266 | #define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */ |
262 | #endif | 267 | #endif |
263 | 268 | ||
269 | #ifndef HAVE_SSL_CTX_SET1_PARAM | ||
270 | #define HAVE_SSL_CTX_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,0)) | ||
271 | #endif | ||
272 | |||
264 | #ifndef HAVE_SSL_CTX_CERT_STORE | 273 | #ifndef HAVE_SSL_CTX_CERT_STORE |
265 | #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) | 274 | #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) |
266 | #endif | 275 | #endif |
267 | 276 | ||
277 | #ifndef HAVE_SSL_GET0_ALPN_SELECTED | ||
278 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS | ||
279 | #endif | ||
280 | |||
281 | #ifndef HAVE_SSL_GET0_PARAM | ||
282 | #define HAVE_SSL_GET0_PARAM OPENSSL_PREREQ(1,0,2) | ||
283 | #endif | ||
284 | |||
268 | #ifndef HAVE_SSL_SET_ALPN_PROTOS | 285 | #ifndef HAVE_SSL_SET_ALPN_PROTOS |
269 | #define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS | 286 | #define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS |
270 | #endif | 287 | #endif |
271 | 288 | ||
272 | #ifndef HAVE_SSL_GET0_ALPN_SELECTED | 289 | #ifndef HAVE_SSL_SET1_PARAM |
273 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS | 290 | #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) |
274 | #endif | 291 | #endif |
275 | 292 | ||
276 | #ifndef HAVE_SSL_UP_REF | 293 | #ifndef HAVE_SSL_UP_REF |
@@ -297,6 +314,26 @@ | |||
297 | #define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0) | 314 | #define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0) |
298 | #endif | 315 | #endif |
299 | 316 | ||
317 | #ifndef HAVE_X509_VERIFY_PARAM_ADD1_HOST | ||
318 | #define HAVE_X509_VERIFY_PARAM_ADD1_HOST OPENSSL_PREREQ(1,0,2) | ||
319 | #endif | ||
320 | |||
321 | #ifndef HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL | ||
322 | #define HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL OPENSSL_PREREQ(1,1,0) | ||
323 | #endif | ||
324 | |||
325 | #ifndef HAVE_X509_VERIFY_PARAM_SET1_EMAIL | ||
326 | #define HAVE_X509_VERIFY_PARAM_SET1_EMAIL OPENSSL_PREREQ(1,0,2) | ||
327 | #endif | ||
328 | |||
329 | #ifndef HAVE_X509_VERIFY_PARAM_SET1_HOST | ||
330 | #define HAVE_X509_VERIFY_PARAM_SET1_HOST OPENSSL_PREREQ(1,0,2) | ||
331 | #endif | ||
332 | |||
333 | #ifndef HAVE_X509_VERIFY_PARAM_SET1_IP_ASC | ||
334 | #define HAVE_X509_VERIFY_PARAM_SET1_IP_ASC OPENSSL_PREREQ(1,0,2) | ||
335 | #endif | ||
336 | |||
300 | #ifndef HMAC_INIT_EX_INT | 337 | #ifndef HMAC_INIT_EX_INT |
301 | #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0) | 338 | #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0) |
302 | #endif | 339 | #endif |
@@ -335,6 +372,7 @@ | |||
335 | #define X509_CSR_CLASS "X509_REQ*" | 372 | #define X509_CSR_CLASS "X509_REQ*" |
336 | #define X509_CRL_CLASS "X509_CRL*" | 373 | #define X509_CRL_CLASS "X509_CRL*" |
337 | #define X509_STORE_CLASS "X509_STORE*" | 374 | #define X509_STORE_CLASS "X509_STORE*" |
375 | #define X509_VERIFY_PARAM_CLASS "X509_VERIFY_PARAM*" | ||
338 | #define X509_STCTX_CLASS "X509_STORE_CTX*" | 376 | #define X509_STCTX_CLASS "X509_STORE_CTX*" |
339 | #define PKCS12_CLASS "PKCS12*" | 377 | #define PKCS12_CLASS "PKCS12*" |
340 | #define SSL_CTX_CLASS "SSL_CTX*" | 378 | #define SSL_CTX_CLASS "SSL_CTX*" |
@@ -1529,6 +1567,22 @@ static int compat_SSL_client_version(const SSL *ssl) { | |||
1529 | } /* compat_SSL_client_version() */ | 1567 | } /* compat_SSL_client_version() */ |
1530 | #endif | 1568 | #endif |
1531 | 1569 | ||
1570 | #if !HAVE_SSL_GET0_PARAM | ||
1571 | #define SSL_get0_param(ssl) compat_SSL_get0_param((ssl)) | ||
1572 | |||
1573 | static X509_VERIFY_PARAM *compat_SSL_get0_param(SSL *ssl) { | ||
1574 | return ssl->param; | ||
1575 | } /* compat_SSL_get0_param() */ | ||
1576 | #endif | ||
1577 | |||
1578 | #if !HAVE_SSL_SET1_PARAM | ||
1579 | #define SSL_set1_param(ssl, vpm) compat_SSL_set1_param((ssl), (vpm)) | ||
1580 | |||
1581 | static int compat_SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { | ||
1582 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | ||
1583 | } /* compat_SSL_set1_param() */ | ||
1584 | #endif | ||
1585 | |||
1532 | #if !HAVE_SSL_UP_REF | 1586 | #if !HAVE_SSL_UP_REF |
1533 | #define SSL_up_ref(...) compat_SSL_up_ref(__VA_ARGS__) | 1587 | #define SSL_up_ref(...) compat_SSL_up_ref(__VA_ARGS__) |
1534 | 1588 | ||
@@ -1541,6 +1595,22 @@ static int compat_SSL_up_ref(SSL *ssl) { | |||
1541 | } /* compat_SSL_up_ref() */ | 1595 | } /* compat_SSL_up_ref() */ |
1542 | #endif | 1596 | #endif |
1543 | 1597 | ||
1598 | #if !HAVE_SSL_CTX_GET0_PARAM | ||
1599 | #define SSL_CTX_get0_param(ctx) compat_SSL_CTX_get0_param((ctx)) | ||
1600 | |||
1601 | static X509_VERIFY_PARAM *compat_SSL_CTX_get0_param(SSL_CTX *ctx) { | ||
1602 | return ctx->param; | ||
1603 | } /* compat_SSL_CTX_get0_param() */ | ||
1604 | #endif | ||
1605 | |||
1606 | #if !HAVE_SSL_CTX_SET1_PARAM | ||
1607 | #define SSL_CTX_set1_param(ctx, vpm) compat_SSL_CTX_set1_param((ctx), (vpm)) | ||
1608 | |||
1609 | static int compat_SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { | ||
1610 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | ||
1611 | } /* compat_SSL_CTX_set1_param() */ | ||
1612 | #endif | ||
1613 | |||
1544 | #if !HAVE_X509_GET0_EXT | 1614 | #if !HAVE_X509_GET0_EXT |
1545 | #define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) | 1615 | #define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) |
1546 | #endif | 1616 | #endif |
@@ -1661,6 +1731,19 @@ static int compat_X509_up_ref(X509 *crt) { | |||
1661 | } /* compat_X509_up_ref() */ | 1731 | } /* compat_X509_up_ref() */ |
1662 | #endif | 1732 | #endif |
1663 | 1733 | ||
1734 | #if !HAVE_X509_VERIFY_PARAM_SET1_EMAIL | ||
1735 | /* | ||
1736 | * NB: Cannot emulate. Requires dereferencing X509_VERIFY_PARAM_ID objects, | ||
1737 | * which were always opaque. | ||
1738 | */ | ||
1739 | #endif | ||
1740 | |||
1741 | #if !HAVE_X509_VERIFY_PARAM_SET1_HOST | ||
1742 | /* | ||
1743 | * NB: See HAVE_X509_VERIFY_PARAM_SET1_EMAIL. | ||
1744 | */ | ||
1745 | #endif | ||
1746 | |||
1664 | static int compat_init(void) { | 1747 | static int compat_init(void) { |
1665 | static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; | 1748 | static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; |
1666 | static int store_index = -1, ssl_ctx_index = -1, done; | 1749 | static int store_index = -1, ssl_ctx_index = -1, done; |
@@ -7530,6 +7613,38 @@ static int sx_getStore(lua_State *L) { | |||
7530 | } /* sx_getStore() */ | 7613 | } /* sx_getStore() */ |
7531 | 7614 | ||
7532 | 7615 | ||
7616 | static int sx_setParam(lua_State *L) { | ||
7617 | SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); | ||
7618 | X509_VERIFY_PARAM *xp = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); | ||
7619 | |||
7620 | if (!SSL_CTX_set1_param(ctx, xp)) | ||
7621 | return auxL_error(L, auxL_EOPENSSL, "ssl.context:setParam"); | ||
7622 | |||
7623 | lua_pushboolean(L, 1); | ||
7624 | |||
7625 | return 1; | ||
7626 | } /* sx_setParam() */ | ||
7627 | |||
7628 | |||
7629 | static int sx_getParam(lua_State *L) { | ||
7630 | SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); | ||
7631 | X509_VERIFY_PARAM **ud, *from; | ||
7632 | |||
7633 | /* X509_VERIFY_PARAM is not refcounted; create a new object and copy into it. */ | ||
7634 | ud = prepsimple(L, X509_VERIFY_PARAM_CLASS); | ||
7635 | if (!(*ud = X509_VERIFY_PARAM_new())) | ||
7636 | return auxL_error(L, auxL_EOPENSSL, "ssl.context:getParam"); | ||
7637 | |||
7638 | from = SSL_CTX_get0_param(ctx); | ||
7639 | |||
7640 | if (!(X509_VERIFY_PARAM_set1(*ud, from))) | ||
7641 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
7642 | return auxL_error(L, auxL_EOPENSSL, "ssl.context:getParam"); | ||
7643 | |||
7644 | return 1; | ||
7645 | } /* sx_getParam() */ | ||
7646 | |||
7647 | |||
7533 | static int sx_setVerify(lua_State *L) { | 7648 | static int sx_setVerify(lua_State *L) { |
7534 | SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); | 7649 | SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); |
7535 | int mode = luaL_optint(L, 2, -1); | 7650 | int mode = luaL_optint(L, 2, -1); |
@@ -7797,6 +7912,8 @@ static const auxL_Reg sx_methods[] = { | |||
7797 | { "clearOptions", &sx_clearOptions }, | 7912 | { "clearOptions", &sx_clearOptions }, |
7798 | { "setStore", &sx_setStore }, | 7913 | { "setStore", &sx_setStore }, |
7799 | { "getStore", &sx_getStore }, | 7914 | { "getStore", &sx_getStore }, |
7915 | { "setParam", &sx_setParam }, | ||
7916 | { "getParam", &sx_getParam }, | ||
7800 | { "setVerify", &sx_setVerify }, | 7917 | { "setVerify", &sx_setVerify }, |
7801 | { "getVerify", &sx_getVerify }, | 7918 | { "getVerify", &sx_getVerify }, |
7802 | { "setCertificate", &sx_setCertificate }, | 7919 | { "setCertificate", &sx_setCertificate }, |
@@ -7949,6 +8066,38 @@ static int ssl_clearOptions(lua_State *L) { | |||
7949 | } /* ssl_clearOptions() */ | 8066 | } /* ssl_clearOptions() */ |
7950 | 8067 | ||
7951 | 8068 | ||
8069 | static int ssl_setParam(lua_State *L) { | ||
8070 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8071 | X509_VERIFY_PARAM *xp = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); | ||
8072 | |||
8073 | if (!SSL_set1_param(ssl, xp)) | ||
8074 | return auxL_error(L, auxL_EOPENSSL, "ssl:setParam"); | ||
8075 | |||
8076 | lua_pushboolean(L, 1); | ||
8077 | |||
8078 | return 1; | ||
8079 | } /* ssl_setParam() */ | ||
8080 | |||
8081 | |||
8082 | static int ssl_getParam(lua_State *L) { | ||
8083 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8084 | X509_VERIFY_PARAM **ud, *from; | ||
8085 | |||
8086 | /* X509_VERIFY_PARAM is not refcounted; create a new object and copy into it. */ | ||
8087 | ud = prepsimple(L, X509_VERIFY_PARAM_CLASS); | ||
8088 | if (!(*ud = X509_VERIFY_PARAM_new())) | ||
8089 | return auxL_error(L, auxL_EOPENSSL, "ssl:getParam"); | ||
8090 | |||
8091 | from = SSL_get0_param(ssl); | ||
8092 | |||
8093 | if (!(X509_VERIFY_PARAM_set1(*ud, from))) | ||
8094 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8095 | return auxL_error(L, auxL_EOPENSSL, "ssl:getParam"); | ||
8096 | |||
8097 | return 1; | ||
8098 | } /* ssl_getParam() */ | ||
8099 | |||
8100 | |||
7952 | static int ssl_getPeerCertificate(lua_State *L) { | 8101 | static int ssl_getPeerCertificate(lua_State *L) { |
7953 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | 8102 | SSL *ssl = checksimple(L, 1, SSL_CLASS); |
7954 | X509 **x509 = prepsimple(L, X509_CERT_CLASS); | 8103 | X509 **x509 = prepsimple(L, X509_CERT_CLASS); |
@@ -8136,6 +8285,8 @@ static const auxL_Reg ssl_methods[] = { | |||
8136 | { "setOptions", &ssl_setOptions }, | 8285 | { "setOptions", &ssl_setOptions }, |
8137 | { "getOptions", &ssl_getOptions }, | 8286 | { "getOptions", &ssl_getOptions }, |
8138 | { "clearOptions", &ssl_clearOptions }, | 8287 | { "clearOptions", &ssl_clearOptions }, |
8288 | { "setParam", &ssl_setParam }, | ||
8289 | { "getParam", &ssl_getParam }, | ||
8139 | { "getPeerCertificate", &ssl_getPeerCertificate }, | 8290 | { "getPeerCertificate", &ssl_getPeerCertificate }, |
8140 | { "getPeerChain", &ssl_getPeerChain }, | 8291 | { "getPeerChain", &ssl_getPeerChain }, |
8141 | { "getCipherInfo", &ssl_getCipherInfo }, | 8292 | { "getCipherInfo", &ssl_getCipherInfo }, |
@@ -8190,6 +8341,272 @@ int luaopen__openssl_ssl(lua_State *L) { | |||
8190 | 8341 | ||
8191 | 8342 | ||
8192 | /* | 8343 | /* |
8344 | * X509_VERIFY_PARAM | ||
8345 | * | ||
8346 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | ||
8347 | |||
8348 | static int xp_new(lua_State *L) { | ||
8349 | X509_VERIFY_PARAM **ud = prepsimple(L, X509_VERIFY_PARAM_CLASS); | ||
8350 | |||
8351 | if (!(*ud = X509_VERIFY_PARAM_new())) | ||
8352 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param.new"); | ||
8353 | |||
8354 | return 1; | ||
8355 | } /* xp_new() */ | ||
8356 | |||
8357 | |||
8358 | static int xp_interpose(lua_State *L) { | ||
8359 | return interpose(L, X509_VERIFY_PARAM_CLASS); | ||
8360 | } /* xp_interpose() */ | ||
8361 | |||
8362 | |||
8363 | /* | ||
8364 | * NB: Per the OpenSSL source, "[t]he 'inh_flags' field determines how this | ||
8365 | * function behaves". (Referring to X509_VERIFY_PARAM_inherit.) The way to | ||
8366 | * set inh_flags prior to OpenSSL 1.1 was by OR'ing flags into the inh_flags | ||
8367 | * member and restoring it after the call. The OpenSSL 1.1 API makes the | ||
8368 | * X509_VERIFY_PARAM object opaque, X509_VERIFY_PARAM_inherit, and there's | ||
8369 | * no other function to set the flags argument; therefore it's not possible | ||
8370 | * to control the inherit behavior from OpenSSL 1.1. | ||
8371 | * | ||
8372 | * For more details see | ||
8373 | * https://github.com/openssl/openssl/issues/2054 and the original | ||
8374 | * https://github.com/wahern/luaossl/pull/76/commits/db6e414d68c0f94c2497d363f6131b4de1710ba9 | ||
8375 | */ | ||
8376 | static int xp_inherit(lua_State *L) { | ||
8377 | X509_VERIFY_PARAM *dest = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8378 | X509_VERIFY_PARAM *src = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); | ||
8379 | int ret; | ||
8380 | |||
8381 | ret = X509_VERIFY_PARAM_inherit(dest, src); | ||
8382 | if (!ret) | ||
8383 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8384 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:inherit"); | ||
8385 | |||
8386 | lua_pushboolean(L, 1); | ||
8387 | return 1; | ||
8388 | } /* xp_inherit() */ | ||
8389 | |||
8390 | |||
8391 | static const X509_PURPOSE *purpose_checktype(lua_State *L, int index) { | ||
8392 | const char *purpose_name; | ||
8393 | int purpose_id; | ||
8394 | int purpose_idx; | ||
8395 | const X509_PURPOSE *purpose; | ||
8396 | |||
8397 | if (lua_isnumber(L, index)) { | ||
8398 | purpose_id = luaL_checkinteger(L, index); | ||
8399 | purpose_idx = X509_PURPOSE_get_by_id(purpose_id); | ||
8400 | if (purpose_idx < 0) | ||
8401 | luaL_argerror(L, index, lua_pushfstring(L, "%d: invalid purpose", purpose_id)); | ||
8402 | } else { | ||
8403 | purpose_name = luaL_checkstring(L, index); | ||
8404 | purpose_idx = X509_PURPOSE_get_by_sname((char*)purpose_name); | ||
8405 | if (purpose_idx < 0) | ||
8406 | luaL_argerror(L, index, lua_pushfstring(L, "%s: invalid purpose", purpose_name)); | ||
8407 | } | ||
8408 | |||
8409 | purpose = X509_PURPOSE_get0(purpose_idx); | ||
8410 | return purpose; | ||
8411 | } /* purpose_checktype() */ | ||
8412 | |||
8413 | |||
8414 | static int xp_setPurpose(lua_State *L) { | ||
8415 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8416 | const X509_PURPOSE *purpose = purpose_checktype(L, 2); | ||
8417 | |||
8418 | if (!X509_VERIFY_PARAM_set_purpose(xp, X509_PURPOSE_get_id((X509_PURPOSE*)purpose))) | ||
8419 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:setPurpose"); | ||
8420 | |||
8421 | lua_pushboolean(L, 1); | ||
8422 | return 1; | ||
8423 | } /* xp_setPurpose() */ | ||
8424 | |||
8425 | |||
8426 | static int xp_setTime(lua_State *L) { | ||
8427 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8428 | time_t t = luaL_checkinteger(L, 2); | ||
8429 | |||
8430 | X509_VERIFY_PARAM_set_time(xp, t); | ||
8431 | |||
8432 | lua_pushboolean(L, 1); | ||
8433 | return 1; | ||
8434 | } /* xp_setTime() */ | ||
8435 | |||
8436 | |||
8437 | static int xp_setDepth(lua_State *L) { | ||
8438 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8439 | int depth = luaL_checkinteger(L, 2); | ||
8440 | |||
8441 | X509_VERIFY_PARAM_set_depth(xp, depth); | ||
8442 | |||
8443 | lua_pushboolean(L, 1); | ||
8444 | return 1; | ||
8445 | } /* xp_setDepth() */ | ||
8446 | |||
8447 | |||
8448 | static int xp_getDepth(lua_State *L) { | ||
8449 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8450 | |||
8451 | int depth = X509_VERIFY_PARAM_get_depth(xp); | ||
8452 | |||
8453 | lua_pushinteger(L, depth); | ||
8454 | return 1; | ||
8455 | } /* xp_getDepth() */ | ||
8456 | |||
8457 | |||
8458 | #if HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL | ||
8459 | static int xp_setAuthLevel(lua_State *L) { | ||
8460 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8461 | int auth_level = luaL_checkinteger(L, 2); | ||
8462 | |||
8463 | X509_VERIFY_PARAM_set_auth_level(xp, auth_level); | ||
8464 | |||
8465 | lua_pushboolean(L, 1); | ||
8466 | return 1; | ||
8467 | } /* xp_setAuthLevel() */ | ||
8468 | |||
8469 | |||
8470 | static int xp_getAuthLevel(lua_State *L) { | ||
8471 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8472 | |||
8473 | int auth_level = X509_VERIFY_PARAM_get_auth_level(xp); | ||
8474 | |||
8475 | lua_pushinteger(L, auth_level); | ||
8476 | return 1; | ||
8477 | } /* xp_getAuthLevel() */ | ||
8478 | #endif | ||
8479 | |||
8480 | |||
8481 | #if HAVE_X509_VERIFY_PARAM_SET1_HOST | ||
8482 | static int xp_setHost(lua_State *L) { | ||
8483 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8484 | size_t len; | ||
8485 | const char *str = luaL_optlstring(L, 2, NULL, &len); /* NULL = clear hosts */ | ||
8486 | |||
8487 | if (!X509_VERIFY_PARAM_set1_host(xp, str, len)) | ||
8488 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8489 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:setHost"); | ||
8490 | |||
8491 | lua_pushboolean(L, 1); | ||
8492 | return 1; | ||
8493 | } /* xp_setHost() */ | ||
8494 | #endif | ||
8495 | |||
8496 | |||
8497 | #if HAVE_X509_VERIFY_PARAM_ADD1_HOST | ||
8498 | static int xp_addHost(lua_State *L) { | ||
8499 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8500 | size_t len; | ||
8501 | const char *str = luaL_checklstring(L, 2, &len); | ||
8502 | |||
8503 | if (!X509_VERIFY_PARAM_add1_host(xp, str, len)) | ||
8504 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8505 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:addHost"); | ||
8506 | |||
8507 | lua_pushboolean(L, 1); | ||
8508 | return 1; | ||
8509 | } /* xp_addHost() */ | ||
8510 | #endif | ||
8511 | |||
8512 | |||
8513 | #if HAVE_X509_VERIFY_PARAM_SET1_EMAIL | ||
8514 | static int xp_setEmail(lua_State *L) { | ||
8515 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8516 | size_t len; | ||
8517 | const char *str = luaL_checklstring(L, 2, &len); | ||
8518 | |||
8519 | if (!X509_VERIFY_PARAM_set1_email(xp, str, len)) | ||
8520 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8521 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:setEmail"); | ||
8522 | |||
8523 | lua_pushboolean(L, 1); | ||
8524 | return 1; | ||
8525 | } /* xp_setEmail() */ | ||
8526 | #endif | ||
8527 | |||
8528 | |||
8529 | #if HAVE_X509_VERIFY_PARAM_SET1_IP_ASC | ||
8530 | static int xp_setIP(lua_State *L) { | ||
8531 | X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8532 | const char *str = luaL_checkstring(L, 2); | ||
8533 | |||
8534 | if (!X509_VERIFY_PARAM_set1_ip_asc(xp, str)) | ||
8535 | /* Note: openssl doesn't set an error as it should for some cases */ | ||
8536 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:setIP"); | ||
8537 | |||
8538 | lua_pushboolean(L, 1); | ||
8539 | return 1; | ||
8540 | } /* xp_setIP() */ | ||
8541 | #endif | ||
8542 | |||
8543 | |||
8544 | static int xp__gc(lua_State *L) { | ||
8545 | X509_VERIFY_PARAM **ud = luaL_checkudata(L, 1, X509_VERIFY_PARAM_CLASS); | ||
8546 | |||
8547 | X509_VERIFY_PARAM_free(*ud); | ||
8548 | *ud = NULL; | ||
8549 | |||
8550 | return 0; | ||
8551 | } /* xp__gc() */ | ||
8552 | |||
8553 | |||
8554 | static const auxL_Reg xp_methods[] = { | ||
8555 | { "inherit", &xp_inherit }, | ||
8556 | { "setPurpose", &xp_setPurpose }, | ||
8557 | { "setTime", &xp_setTime }, | ||
8558 | { "setDepth", &xp_setDepth }, | ||
8559 | { "getDepth", &xp_getDepth }, | ||
8560 | #if HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL | ||
8561 | { "setAuthLevel", &xp_setAuthLevel }, | ||
8562 | { "getAuthLevel", &xp_getAuthLevel }, | ||
8563 | #endif | ||
8564 | #if HAVE_X509_VERIFY_PARAM_SET1_HOST | ||
8565 | { "setHost", &xp_setHost }, | ||
8566 | #endif | ||
8567 | #if HAVE_X509_VERIFY_PARAM_ADD1_HOST | ||
8568 | { "addHost", &xp_addHost }, | ||
8569 | #endif | ||
8570 | #if HAVE_X509_VERIFY_PARAM_SET1_EMAIL | ||
8571 | { "setEmail", &xp_setEmail }, | ||
8572 | #endif | ||
8573 | #if HAVE_X509_VERIFY_PARAM_SET1_IP_ASC | ||
8574 | { "setIP", &xp_setIP }, | ||
8575 | #endif | ||
8576 | { NULL, NULL }, | ||
8577 | }; | ||
8578 | |||
8579 | static const auxL_Reg xp_metatable[] = { | ||
8580 | { "__gc", &xp__gc }, | ||
8581 | { NULL, NULL }, | ||
8582 | }; | ||
8583 | |||
8584 | static const auxL_Reg xp_globals[] = { | ||
8585 | { "new", &xp_new }, | ||
8586 | { "interpose", &xp_interpose }, | ||
8587 | { NULL, NULL }, | ||
8588 | }; | ||
8589 | |||
8590 | static const auxL_IntegerReg xp_inherit_flags[] = { | ||
8591 | { "DEFAULT", X509_VP_FLAG_DEFAULT }, | ||
8592 | { "OVERWRITE", X509_VP_FLAG_OVERWRITE }, | ||
8593 | { "RESET_FLAGS", X509_VP_FLAG_RESET_FLAGS }, | ||
8594 | { "LOCKED", X509_VP_FLAG_LOCKED }, | ||
8595 | { "ONCE", X509_VP_FLAG_ONCE }, | ||
8596 | { NULL, 0 } | ||
8597 | }; | ||
8598 | |||
8599 | int luaopen__openssl_x509_verify_param(lua_State *L) { | ||
8600 | initall(L); | ||
8601 | |||
8602 | auxL_newlib(L, xp_globals, 0); | ||
8603 | auxL_setintegers(L, xp_inherit_flags); | ||
8604 | |||
8605 | return 1; | ||
8606 | } /* luaopen__openssl_x509_verify_param() */ | ||
8607 | |||
8608 | |||
8609 | /* | ||
8193 | * Digest - openssl.digest | 8610 | * Digest - openssl.digest |
8194 | * | 8611 | * |
8195 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | 8612 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ |
@@ -9177,6 +9594,7 @@ static void initall(lua_State *L) { | |||
9177 | auxL_addclass(L, X509_CRL_CLASS, xx_methods, xx_metatable, 0); | 9594 | auxL_addclass(L, X509_CRL_CLASS, xx_methods, xx_metatable, 0); |
9178 | auxL_addclass(L, X509_CHAIN_CLASS, xl_methods, xl_metatable, 0); | 9595 | auxL_addclass(L, X509_CHAIN_CLASS, xl_methods, xl_metatable, 0); |
9179 | auxL_addclass(L, X509_STORE_CLASS, xs_methods, xs_metatable, 0); | 9596 | auxL_addclass(L, X509_STORE_CLASS, xs_methods, xs_metatable, 0); |
9597 | auxL_addclass(L, X509_VERIFY_PARAM_CLASS, xp_methods, xp_metatable, 0); | ||
9180 | auxL_addclass(L, PKCS12_CLASS, p12_methods, p12_metatable, 0); | 9598 | auxL_addclass(L, PKCS12_CLASS, p12_methods, p12_metatable, 0); |
9181 | auxL_addclass(L, SSL_CTX_CLASS, sx_methods, sx_metatable, 0); | 9599 | auxL_addclass(L, SSL_CTX_CLASS, sx_methods, sx_metatable, 0); |
9182 | auxL_addclass(L, SSL_CLASS, ssl_methods, ssl_metatable, 0); | 9600 | auxL_addclass(L, SSL_CLASS, ssl_methods, ssl_metatable, 0); |
diff --git a/src/openssl.x509.verify_param.lua b/src/openssl.x509.verify_param.lua new file mode 100644 index 0000000..a3148e6 --- /dev/null +++ b/src/openssl.x509.verify_param.lua | |||
@@ -0,0 +1 @@ | |||
return require('_openssl.x509.verify_param') | |||