diff options
author | daurnimator <quae@daurnimator.com> | 2017-04-03 18:44:10 +1000 |
---|---|---|
committer | daurnimator <quae@daurnimator.com> | 2017-04-03 18:44:36 +1000 |
commit | f7e557e2df27eae7b08d4e974e3f847ee09f03ae (patch) | |
tree | 13af92f1ab9b8cbb5ef59397f5433919f5d1e0ff | |
parent | edd8e804be78b3748fdd21b2cdd187b5def56612 (diff) | |
parent | b7b068b572e951534747ccd57a8c0987170ab423 (diff) | |
download | luaossl-f7e557e2df27eae7b08d4e974e3f847ee09f03ae.tar.gz luaossl-f7e557e2df27eae7b08d4e974e3f847ee09f03ae.tar.bz2 luaossl-f7e557e2df27eae7b08d4e974e3f847ee09f03ae.zip |
Merge branch 'ocsp'
-rw-r--r-- | doc/luaossl.pdf | bin | 269435 -> 272910 bytes | |||
-rw-r--r-- | doc/luaossl.tex | 72 | ||||
-rw-r--r-- | src/GNUmakefile | 2 | ||||
-rw-r--r-- | src/openssl.c | 347 | ||||
-rw-r--r-- | src/openssl.ocsp.basic.lua | 3 | ||||
-rw-r--r-- | src/openssl.ocsp.response.lua | 3 |
6 files changed, 427 insertions, 0 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf index a51c46e..28e9984 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf | |||
Binary files differ | |||
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 48faabe..d733ccf 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex | |||
@@ -555,6 +555,10 @@ Returns a copy of the \module{x509.extension} object identified by $key$ where $ | |||
555 | 555 | ||
556 | Returns the integer count of the number of extensions. | 556 | Returns the integer count of the number of extensions. |
557 | 557 | ||
558 | \subsubsection[\fn{x509:getOCSP}]{\fn{x509:getOCSP()}} | ||
559 | |||
560 | Returns the OCSP urls for the certificate. | ||
561 | |||
558 | \subsubsection[\fn{x509:isIssuedBy}]{\fn{x509:isIssuedBy($issuer$)}} | 562 | \subsubsection[\fn{x509:isIssuedBy}]{\fn{x509:isIssuedBy($issuer$)}} |
559 | 563 | ||
560 | Returns a boolean according to whether the specified issuer---an \module{openssl.x509.name} object---signed the instance certificate. | 564 | Returns a boolean according to whether the specified issuer---an \module{openssl.x509.name} object---signed the instance certificate. |
@@ -926,6 +930,20 @@ Sets the advertised ALPN protocols. $table$ is an array of protocol string ident | |||
926 | 930 | ||
927 | \emph{Only supported since OpenSSL 1.0.2.} | 931 | \emph{Only supported since OpenSSL 1.0.2.} |
928 | 932 | ||
933 | \subsubsection[\fn{context:setTLSextStatusType}]{\fn{context:setTLSextStatusType($type$)}} | ||
934 | |||
935 | Sets the default TLS extension status for SSL objects derived from this context. | ||
936 | See \fn{ssl:setTLSextStatusType} | ||
937 | |||
938 | \emph{Only supported since OpenSSL 1.1.0.} | ||
939 | |||
940 | \subsubsection[\fn{context:getTLSextStatusType}]{\fn{context:getTLSextStatusType()}} | ||
941 | |||
942 | Gets the default TLS extension status for SSL objects derived from this context as a string. | ||
943 | See \fn{ssl:getTLSextStatusType} | ||
944 | |||
945 | \emph{Only supported since OpenSSL 1.1.0.} | ||
946 | |||
929 | \end{Module} | 947 | \end{Module} |
930 | 948 | ||
931 | 949 | ||
@@ -1013,6 +1031,30 @@ Sets the advertised ALPN protocols. $table$ is an array of protocol string ident | |||
1013 | 1031 | ||
1014 | \emph{Only supported since OpenSSL 1.0.2.} | 1032 | \emph{Only supported since OpenSSL 1.0.2.} |
1015 | 1033 | ||
1034 | \subsubsection[\fn{ssl:setTLSextStatusType}]{\fn{ssl:setTLSextStatusType($type$)}} | ||
1035 | |||
1036 | Sets the TLS extension status. | ||
1037 | |||
1038 | Only the $type$ ``ocsp'' is currently supported, this is used by a client to request that a server sends a stapled OCSP response as part of the TLS handshake. | ||
1039 | |||
1040 | See also: \fn{context:setTLSextStatusType()} | ||
1041 | |||
1042 | \subsubsection[\fn{ssl:getTLSextStatusType}]{\fn{ssl:getTLSextStatusType()}} | ||
1043 | |||
1044 | Gets the TLS extension status. As set by \fn{ssl:setTLSextStatusType} or \fn{context:setTLSextStatusType}. | ||
1045 | |||
1046 | Only the type ``ocsp'' is currently known. | ||
1047 | |||
1048 | \emph{Only supported since OpenSSL 1.1.0.} | ||
1049 | |||
1050 | \subsubsection[\fn{ssl:setTLSextStatusOCSPResp}]{\fn{ssl:setTLSextStatusOCSPResp($or$)}} | ||
1051 | |||
1052 | Sets an \module{openssl.ocsp.response}. Used by a server to staple an OCSP response into a TLS handshake. | ||
1053 | |||
1054 | \subsubsection[\fn{ssl:getTLSextStatusOCSPResp}]{\fn{ssl:getTLSextStatusOCSPResp()}} | ||
1055 | |||
1056 | Returns the \module{openssl.ocsp.response} associated with the ssl object (or $nil$ if one has not been set). | ||
1057 | |||
1016 | \end{Module} | 1058 | \end{Module} |
1017 | 1059 | ||
1018 | 1060 | ||
@@ -1095,6 +1137,36 @@ Update the cipher with the specified string(s). Returns the final output string | |||
1095 | \end{Module} | 1137 | \end{Module} |
1096 | 1138 | ||
1097 | 1139 | ||
1140 | \begin{Module}{openssl.ocsp.response} | ||
1141 | |||
1142 | Binds OpenSSL's \texttt{OCSP\_RESPONSE} object. | ||
1143 | |||
1144 | \subsubsection[\fn{response:getBasic}]{\fn{response:getBasic()}} | ||
1145 | |||
1146 | Returns a \module{openssl.ocsp.basic} representation of the object contained within the OCSP response. | ||
1147 | |||
1148 | \subsubsection[\fn{response:tostring}]{\fn{response:tostring()}} | ||
1149 | |||
1150 | Returns a human readable description of the OCSP response as a string. | ||
1151 | |||
1152 | \subsubsection[\fn{response:toPEM}]{\fn{response:toPEM()}} | ||
1153 | |||
1154 | Returns the OCSP response as a PEM encoded string. | ||
1155 | |||
1156 | \end{Module} | ||
1157 | |||
1158 | |||
1159 | \begin{Module}{openssl.ocsp.basic} | ||
1160 | |||
1161 | Binds OpenSSL's \texttt{OCSP\_BASICRESP} object. | ||
1162 | |||
1163 | \subsubsection[\fn{basic:verify}]{\fn{basic:verify([$certs$ [, $store$[, $flags$]]])}} | ||
1164 | |||
1165 | Verifies that the OCSP response is signed by a certificate in the \module{openssl.x509.chain} $certs$ or a trusted certificate in \module{openssl.x509.store} $store$. | ||
1166 | |||
1167 | \end{Module} | ||
1168 | |||
1169 | |||
1098 | \begin{Module}{openssl.rand} | 1170 | \begin{Module}{openssl.rand} |
1099 | 1171 | ||
1100 | Binds OpenSSL's random number interfaces. | 1172 | Binds OpenSSL's random number interfaces. |
diff --git a/src/GNUmakefile b/src/GNUmakefile index 015a93c..132f3bf 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile | |||
@@ -92,6 +92,8 @@ MODS$(1)_$(d) = \ | |||
92 | $$(DESTDIR)$(3)/openssl.lua \ | 92 | $$(DESTDIR)$(3)/openssl.lua \ |
93 | $$(DESTDIR)$(3)/openssl/auxlib.lua \ | 93 | $$(DESTDIR)$(3)/openssl/auxlib.lua \ |
94 | $$(DESTDIR)$(3)/openssl/bignum.lua \ | 94 | $$(DESTDIR)$(3)/openssl/bignum.lua \ |
95 | $$(DESTDIR)$(3)/openssl/ocsp/basic.lua \ | ||
96 | $$(DESTDIR)$(3)/openssl/ocsp/response.lua \ | ||
95 | $$(DESTDIR)$(3)/openssl/pkey.lua \ | 97 | $$(DESTDIR)$(3)/openssl/pkey.lua \ |
96 | $$(DESTDIR)$(3)/openssl/pubkey.lua \ | 98 | $$(DESTDIR)$(3)/openssl/pubkey.lua \ |
97 | $$(DESTDIR)$(3)/openssl/x509.lua \ | 99 | $$(DESTDIR)$(3)/openssl/x509.lua \ |
diff --git a/src/openssl.c b/src/openssl.c index 317796a..e902edf 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
@@ -69,6 +69,7 @@ | |||
69 | #include <openssl/hmac.h> | 69 | #include <openssl/hmac.h> |
70 | #include <openssl/rand.h> | 70 | #include <openssl/rand.h> |
71 | #include <openssl/des.h> | 71 | #include <openssl/des.h> |
72 | #include <openssl/ocsp.h> | ||
72 | 73 | ||
73 | #include <lua.h> | 74 | #include <lua.h> |
74 | #include <lualib.h> | 75 | #include <lualib.h> |
@@ -272,6 +273,14 @@ | |||
272 | #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) | 273 | #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) |
273 | #endif | 274 | #endif |
274 | 275 | ||
276 | #ifndef HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE | ||
277 | #define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) | ||
278 | #endif | ||
279 | |||
280 | #ifndef HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE | ||
281 | #define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) | ||
282 | #endif | ||
283 | |||
275 | #ifndef HAVE_SSL_GET0_ALPN_SELECTED | 284 | #ifndef HAVE_SSL_GET0_ALPN_SELECTED |
276 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS | 285 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS |
277 | #endif | 286 | #endif |
@@ -288,6 +297,10 @@ | |||
288 | #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) | 297 | #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) |
289 | #endif | 298 | #endif |
290 | 299 | ||
300 | #ifndef HAVE_SSL_GET_TLSEXT_STATUS_TYPE | ||
301 | #define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) | ||
302 | #endif | ||
303 | |||
291 | #ifndef HAVE_SSL_UP_REF | 304 | #ifndef HAVE_SSL_UP_REF |
292 | #define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0) | 305 | #define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0) |
293 | #endif | 306 | #endif |
@@ -382,6 +395,8 @@ | |||
382 | #define DIGEST_CLASS "EVP_MD_CTX*" | 395 | #define DIGEST_CLASS "EVP_MD_CTX*" |
383 | #define HMAC_CLASS "HMAC_CTX*" | 396 | #define HMAC_CLASS "HMAC_CTX*" |
384 | #define CIPHER_CLASS "EVP_CIPHER_CTX*" | 397 | #define CIPHER_CLASS "EVP_CIPHER_CTX*" |
398 | #define OCSP_RESPONSE_CLASS "OCSP_RESPONSE*" | ||
399 | #define OCSP_BASICRESP_CLASS "OCSP_BASICRESP*" | ||
385 | 400 | ||
386 | 401 | ||
387 | #if __GNUC__ | 402 | #if __GNUC__ |
@@ -6023,6 +6038,40 @@ static int xc_getExtensionCount(lua_State *L) { | |||
6023 | } /* xc_getExtensionCount() */ | 6038 | } /* xc_getExtensionCount() */ |
6024 | 6039 | ||
6025 | 6040 | ||
6041 | static int sk_openssl_string__gc(lua_State *L) { | ||
6042 | STACK_OF(OPENSSL_STRING) **res = lua_touserdata(L, 1); | ||
6043 | |||
6044 | if (*res) { | ||
6045 | sk_OPENSSL_STRING_free(*res); | ||
6046 | *res = NULL; | ||
6047 | } | ||
6048 | |||
6049 | return 0; | ||
6050 | } /* sk_openssl_string__gc() */ | ||
6051 | |||
6052 | |||
6053 | static int xc_getOCSP(lua_State *L) { | ||
6054 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); | ||
6055 | STACK_OF(OPENSSL_STRING) **res = prepsimple(L, NULL, &sk_openssl_string__gc); | ||
6056 | int num, i; | ||
6057 | |||
6058 | *res = X509_get1_ocsp(crt); | ||
6059 | if (!*res) | ||
6060 | return 0; | ||
6061 | |||
6062 | num = sk_OPENSSL_STRING_num(*res); | ||
6063 | luaL_checkstack(L, num, "too many authorityInfoAccess"); | ||
6064 | for (i = 0; i < num; i++) { | ||
6065 | lua_pushstring(L, sk_OPENSSL_STRING_value(*res, i)); | ||
6066 | } | ||
6067 | |||
6068 | sk_OPENSSL_STRING_free(*res); | ||
6069 | *res = NULL; | ||
6070 | |||
6071 | return num; | ||
6072 | } /* xc_getOCSP */ | ||
6073 | |||
6074 | |||
6026 | static int xc_isIssuedBy(lua_State *L) { | 6075 | static int xc_isIssuedBy(lua_State *L) { |
6027 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); | 6076 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); |
6028 | X509 *issuer = checksimple(L, 2, X509_CERT_CLASS); | 6077 | X509 *issuer = checksimple(L, 2, X509_CERT_CLASS); |
@@ -6258,6 +6307,7 @@ static const auxL_Reg xc_methods[] = { | |||
6258 | { "addExtension", &xc_addExtension }, | 6307 | { "addExtension", &xc_addExtension }, |
6259 | { "getExtension", &xc_getExtension }, | 6308 | { "getExtension", &xc_getExtension }, |
6260 | { "getExtensionCount", &xc_getExtensionCount }, | 6309 | { "getExtensionCount", &xc_getExtensionCount }, |
6310 | { "getOCSP", &xc_getOCSP }, | ||
6261 | { "isIssuedBy", &xc_isIssuedBy }, | 6311 | { "isIssuedBy", &xc_isIssuedBy }, |
6262 | { "getPublicKey", &xc_getPublicKey }, | 6312 | { "getPublicKey", &xc_getPublicKey }, |
6263 | { "setPublicKey", &xc_setPublicKey }, | 6313 | { "setPublicKey", &xc_setPublicKey }, |
@@ -8062,6 +8112,48 @@ static int sx_setAlpnSelect(lua_State *L) { | |||
8062 | #endif | 8112 | #endif |
8063 | 8113 | ||
8064 | 8114 | ||
8115 | int TLSEXT_STATUSTYPEs[] = { TLSEXT_STATUSTYPE_ocsp }; | ||
8116 | const char *TLSEXT_STATUSTYPEs_names[] = { "ocsp", NULL }; | ||
8117 | #define checkTLSEXT_STATUSTYPE(L, idx) \ | ||
8118 | (TLSEXT_STATUSTYPEs[luaL_checkoption((L), (idx), NULL, TLSEXT_STATUSTYPEs_names)]) | ||
8119 | |||
8120 | |||
8121 | #if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE | ||
8122 | static int sx_setTLSextStatusType(lua_State *L) { | ||
8123 | SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); | ||
8124 | int type = checkTLSEXT_STATUSTYPE(L, 2); | ||
8125 | |||
8126 | if(!SSL_CTX_set_tlsext_status_type(ctx, type)) | ||
8127 | return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType"); | ||
8128 | |||
8129 | lua_pushboolean(L, 1); | ||
8130 | |||
8131 | return 1; | ||
8132 | } /* sx_setTLSextStatusType() */ | ||
8133 | #endif | ||
8134 | |||
8135 | |||
8136 | #if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE | ||
8137 | static int sx_getTLSextStatusType(lua_State *L) { | ||
8138 | SSL_CTX *ctx = checksimple(L, 1, SSL_CLASS); | ||
8139 | |||
8140 | int type = SSL_CTX_get_tlsext_status_type(ctx); | ||
8141 | switch(type) { | ||
8142 | case -1: | ||
8143 | lua_pushnil(L); | ||
8144 | break; | ||
8145 | case TLSEXT_STATUSTYPE_ocsp: | ||
8146 | lua_pushliteral(L, "ocsp"); | ||
8147 | break; | ||
8148 | default: | ||
8149 | luaL_error(L, "unknown TLS extension %d", type); | ||
8150 | } | ||
8151 | |||
8152 | return 1; | ||
8153 | } /* sx_getTLSextStatusType() */ | ||
8154 | #endif | ||
8155 | |||
8156 | |||
8065 | static int sx__gc(lua_State *L) { | 8157 | static int sx__gc(lua_State *L) { |
8066 | SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS); | 8158 | SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS); |
8067 | 8159 | ||
@@ -8094,6 +8186,12 @@ static const auxL_Reg sx_methods[] = { | |||
8094 | #if HAVE_SSL_CTX_SET_ALPN_SELECT_CB | 8186 | #if HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
8095 | { "setAlpnSelect", &sx_setAlpnSelect }, | 8187 | { "setAlpnSelect", &sx_setAlpnSelect }, |
8096 | #endif | 8188 | #endif |
8189 | #if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE | ||
8190 | { "setTLSextStatusType", &sx_setTLSextStatusType }, | ||
8191 | #endif | ||
8192 | #if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE | ||
8193 | { "getTLSextStatusType", &sx_getTLSextStatusType }, | ||
8194 | #endif | ||
8097 | { NULL, NULL }, | 8195 | { NULL, NULL }, |
8098 | }; | 8196 | }; |
8099 | 8197 | ||
@@ -8446,6 +8544,87 @@ static int ssl_setAlpnProtos(lua_State *L) { | |||
8446 | #endif | 8544 | #endif |
8447 | 8545 | ||
8448 | 8546 | ||
8547 | static int ssl_setTLSextStatusType(lua_State *L) { | ||
8548 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8549 | int type = checkTLSEXT_STATUSTYPE(L, 2); | ||
8550 | |||
8551 | if(!SSL_set_tlsext_status_type(ssl, type)) | ||
8552 | return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType"); | ||
8553 | |||
8554 | lua_pushboolean(L, 1); | ||
8555 | |||
8556 | return 1; | ||
8557 | } /* ssl_setTLSextStatusType() */ | ||
8558 | |||
8559 | |||
8560 | #if HAVE_SSL_GET_TLSEXT_STATUS_TYPE | ||
8561 | static int ssl_getTLSextStatusType(lua_State *L) { | ||
8562 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8563 | |||
8564 | int type = SSL_get_tlsext_status_type(ssl); | ||
8565 | switch(type) { | ||
8566 | case -1: | ||
8567 | lua_pushnil(L); | ||
8568 | break; | ||
8569 | case TLSEXT_STATUSTYPE_ocsp: | ||
8570 | lua_pushliteral(L, "ocsp"); | ||
8571 | break; | ||
8572 | default: | ||
8573 | luaL_error(L, "unknown TLS extension %d", type); | ||
8574 | } | ||
8575 | |||
8576 | return 1; | ||
8577 | } /* ssl_getTLSextStatusType() */ | ||
8578 | #endif | ||
8579 | |||
8580 | |||
8581 | static int ssl_setTLSextStatusOCSPResp(lua_State *L) { | ||
8582 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8583 | OCSP_RESPONSE *or = testsimple(L, 2, OCSP_RESPONSE_CLASS); | ||
8584 | |||
8585 | unsigned char *resp = NULL; | ||
8586 | long resp_len; | ||
8587 | |||
8588 | if (or) { | ||
8589 | resp_len = i2d_OCSP_RESPONSE(or, &resp); | ||
8590 | if (resp_len <= 0) | ||
8591 | return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp"); | ||
8592 | } else { | ||
8593 | resp_len = 0; | ||
8594 | } | ||
8595 | |||
8596 | if (!SSL_set_tlsext_status_ocsp_resp(ssl, resp, resp_len)) | ||
8597 | return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp"); | ||
8598 | |||
8599 | lua_pushboolean(L, 1); | ||
8600 | |||
8601 | return 1; | ||
8602 | } /* ssl_setTLSextStatusOCSPResp() */ | ||
8603 | |||
8604 | |||
8605 | static int ssl_getTLSextStatusOCSPResp(lua_State *L) { | ||
8606 | SSL *ssl = checksimple(L, 1, SSL_CLASS); | ||
8607 | |||
8608 | OCSP_RESPONSE **ud = prepsimple(L, OCSP_RESPONSE_CLASS); | ||
8609 | const unsigned char *resp; | ||
8610 | long resp_len; | ||
8611 | |||
8612 | resp_len = SSL_get_tlsext_status_ocsp_resp(ssl, &resp); | ||
8613 | if (resp == NULL) { | ||
8614 | lua_pushnil(L); | ||
8615 | return 1; | ||
8616 | } | ||
8617 | if (resp_len == -1) | ||
8618 | return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp"); | ||
8619 | |||
8620 | *ud = d2i_OCSP_RESPONSE(NULL, &resp, resp_len); | ||
8621 | if(*ud == NULL) | ||
8622 | return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp"); | ||
8623 | |||
8624 | return 1; | ||
8625 | } /* ssl_getTLSextStatusOCSPResp() */ | ||
8626 | |||
8627 | |||
8449 | static int ssl__gc(lua_State *L) { | 8628 | static int ssl__gc(lua_State *L) { |
8450 | SSL **ud = luaL_checkudata(L, 1, SSL_CLASS); | 8629 | SSL **ud = luaL_checkudata(L, 1, SSL_CLASS); |
8451 | 8630 | ||
@@ -8478,6 +8657,12 @@ static const auxL_Reg ssl_methods[] = { | |||
8478 | #if HAVE_SSL_SET_ALPN_PROTOS | 8657 | #if HAVE_SSL_SET_ALPN_PROTOS |
8479 | { "setAlpnProtos", &ssl_setAlpnProtos }, | 8658 | { "setAlpnProtos", &ssl_setAlpnProtos }, |
8480 | #endif | 8659 | #endif |
8660 | { "setTLSextStatusType", &ssl_setTLSextStatusType }, | ||
8661 | #if HAVE_SSL_GET_TLSEXT_STATUS_TYPE | ||
8662 | { "getTLSextStatusType", &ssl_getTLSextStatusType }, | ||
8663 | #endif | ||
8664 | { "setTLSextStatusOCSPResp", &ssl_setTLSextStatusOCSPResp }, | ||
8665 | { "getTLSextStatusOCSPResp", &ssl_getTLSextStatusOCSPResp }, | ||
8481 | { NULL, NULL }, | 8666 | { NULL, NULL }, |
8482 | }; | 8667 | }; |
8483 | 8668 | ||
@@ -9215,6 +9400,166 @@ int luaopen__openssl_cipher(lua_State *L) { | |||
9215 | 9400 | ||
9216 | 9401 | ||
9217 | /* | 9402 | /* |
9403 | * OCSP_RESPONSE - openssl.ocsp.response | ||
9404 | * | ||
9405 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | ||
9406 | |||
9407 | static int or_tostring(lua_State *L) { | ||
9408 | OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS); | ||
9409 | BIO *bio = getbio(L); | ||
9410 | size_t len; | ||
9411 | char *bytes; | ||
9412 | |||
9413 | if (!OCSP_RESPONSE_print(bio, resp, 0)) | ||
9414 | return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:tostring"); | ||
9415 | |||
9416 | len = BIO_get_mem_data(bio, &bytes); | ||
9417 | lua_pushlstring(L, bytes, len); | ||
9418 | |||
9419 | return 1; | ||
9420 | } /* or__tostring() */ | ||
9421 | |||
9422 | |||
9423 | static int or_toPEM(lua_State *L) { | ||
9424 | OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS); | ||
9425 | BIO *bio = getbio(L); | ||
9426 | size_t len; | ||
9427 | char *bytes; | ||
9428 | |||
9429 | if (!PEM_write_bio_OCSP_RESPONSE(bio, resp)) | ||
9430 | return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:toPEM"); | ||
9431 | |||
9432 | len = BIO_get_mem_data(bio, &bytes); | ||
9433 | lua_pushlstring(L, bytes, len); | ||
9434 | |||
9435 | return 1; | ||
9436 | } /* or_toPEM() */ | ||
9437 | |||
9438 | |||
9439 | static int or_getBasic(lua_State *L) { | ||
9440 | OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS); | ||
9441 | |||
9442 | OCSP_BASICRESP **basic = prepsimple(L, OCSP_BASICRESP_CLASS); | ||
9443 | |||
9444 | *basic = OCSP_response_get1_basic(resp); | ||
9445 | if (!*basic) | ||
9446 | return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:getBasic"); | ||
9447 | |||
9448 | return 1; | ||
9449 | } /* or_getBasic() */ | ||
9450 | |||
9451 | |||
9452 | static int or__gc(lua_State *L) { | ||
9453 | OCSP_RESPONSE **ud = luaL_checkudata(L, 1, OCSP_RESPONSE_CLASS); | ||
9454 | |||
9455 | if (*ud) { | ||
9456 | OCSP_RESPONSE_free(*ud); | ||
9457 | *ud = NULL; | ||
9458 | } | ||
9459 | |||
9460 | return 0; | ||
9461 | } /* or__gc() */ | ||
9462 | |||
9463 | static const auxL_Reg or_methods[] = { | ||
9464 | { "tostring", &or_tostring }, | ||
9465 | { "toPEM", &or_toPEM }, | ||
9466 | { "getBasic", &or_getBasic }, | ||
9467 | { NULL, NULL }, | ||
9468 | }; | ||
9469 | |||
9470 | static const auxL_Reg or_metatable[] = { | ||
9471 | { "__tostring", &or_tostring }, | ||
9472 | { "__gc", &or__gc }, | ||
9473 | { NULL, NULL }, | ||
9474 | }; | ||
9475 | |||
9476 | static const auxL_Reg or_globals[] = { | ||
9477 | { NULL, NULL }, | ||
9478 | }; | ||
9479 | |||
9480 | int luaopen__openssl_ocsp_response(lua_State *L) { | ||
9481 | initall(L); | ||
9482 | |||
9483 | auxL_newlib(L, or_globals, 0); | ||
9484 | |||
9485 | return 1; | ||
9486 | } /* luaopen__openssl_ocsp_response() */ | ||
9487 | |||
9488 | |||
9489 | /* | ||
9490 | * OCSP_BASICRESP - openssl.ocsp.basic | ||
9491 | * | ||
9492 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | ||
9493 | |||
9494 | static int ob_verify(lua_State *L) { | ||
9495 | OCSP_BASICRESP *basic = checksimple(L, 1, OCSP_BASICRESP_CLASS); | ||
9496 | STACK_OF(X509) *certs = testsimple(L, 2, X509_CHAIN_CLASS); | ||
9497 | X509_STORE *store = testsimple(L, 3, X509_STORE_CLASS); | ||
9498 | unsigned long flags = luaL_optinteger(L, 4, 0); | ||
9499 | |||
9500 | int res = OCSP_basic_verify(basic, certs, store, flags); | ||
9501 | if (res == -1) | ||
9502 | return auxL_error(L, auxL_EOPENSSL, "OCSP_BASICRESP:verify"); | ||
9503 | |||
9504 | lua_pushboolean(L, res); | ||
9505 | if (res) { | ||
9506 | return 1; | ||
9507 | } else { | ||
9508 | auxL_pusherror(L, auxL_EOPENSSL, NULL); | ||
9509 | return 2; | ||
9510 | } | ||
9511 | } /* ob_verify() */ | ||
9512 | |||
9513 | |||
9514 | static int ob__gc(lua_State *L) { | ||
9515 | OCSP_BASICRESP **ud = luaL_checkudata(L, 1, OCSP_BASICRESP_CLASS); | ||
9516 | |||
9517 | if (*ud) { | ||
9518 | OCSP_BASICRESP_free(*ud); | ||
9519 | *ud = NULL; | ||
9520 | } | ||
9521 | |||
9522 | return 0; | ||
9523 | } /* or__gc() */ | ||
9524 | |||
9525 | |||
9526 | static const auxL_Reg ob_methods[] = { | ||
9527 | { "verify", &ob_verify }, | ||
9528 | { NULL, NULL }, | ||
9529 | }; | ||
9530 | |||
9531 | static const auxL_Reg ob_metatable[] = { | ||
9532 | { "__gc", &ob__gc }, | ||
9533 | { NULL, NULL }, | ||
9534 | }; | ||
9535 | |||
9536 | static const auxL_Reg ob_globals[] = { | ||
9537 | { NULL, NULL }, | ||
9538 | }; | ||
9539 | |||
9540 | static const auxL_IntegerReg ob_verify_flags[] = { | ||
9541 | { "NOSIGS", OCSP_NOSIGS}, | ||
9542 | { "NOVERIFY", OCSP_NOVERIFY}, | ||
9543 | { "NOCHAIN", OCSP_NOCHAIN}, | ||
9544 | { "NOCHECKS", OCSP_NOCHECKS}, | ||
9545 | { "NOEXPLICIT", OCSP_NOEXPLICIT}, | ||
9546 | { "TRUSTOTHER", OCSP_TRUSTOTHER}, | ||
9547 | { "NOINTERN", OCSP_NOINTERN}, | ||
9548 | { "TRUSTOTHER", OCSP_TRUSTOTHER}, | ||
9549 | { NULL, 0 }, | ||
9550 | }; | ||
9551 | |||
9552 | int luaopen__openssl_ocsp_basic(lua_State *L) { | ||
9553 | initall(L); | ||
9554 | |||
9555 | auxL_newlib(L, ob_globals, 0); | ||
9556 | auxL_setintegers(L, ob_verify_flags); | ||
9557 | |||
9558 | return 1; | ||
9559 | } /* luaopen__openssl_ocsp_basic() */ | ||
9560 | |||
9561 | |||
9562 | /* | ||
9218 | * Rand - openssl.rand | 9563 | * Rand - openssl.rand |
9219 | * | 9564 | * |
9220 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | 9565 | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ |
@@ -9779,5 +10124,7 @@ static void initall(lua_State *L) { | |||
9779 | auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0); | 10124 | auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0); |
9780 | auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0); | 10125 | auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0); |
9781 | auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0); | 10126 | auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0); |
10127 | auxL_addclass(L, OCSP_RESPONSE_CLASS, or_methods, or_metatable, 0); | ||
10128 | auxL_addclass(L, OCSP_BASICRESP_CLASS, ob_methods, ob_metatable, 0); | ||
9782 | } /* initall() */ | 10129 | } /* initall() */ |
9783 | 10130 | ||
diff --git a/src/openssl.ocsp.basic.lua b/src/openssl.ocsp.basic.lua new file mode 100644 index 0000000..355faf7 --- /dev/null +++ b/src/openssl.ocsp.basic.lua | |||
@@ -0,0 +1,3 @@ | |||
1 | local ob = require "_openssl.ocsp.basic" | ||
2 | |||
3 | return ob | ||
diff --git a/src/openssl.ocsp.response.lua b/src/openssl.ocsp.response.lua new file mode 100644 index 0000000..2226096 --- /dev/null +++ b/src/openssl.ocsp.response.lua | |||
@@ -0,0 +1,3 @@ | |||
1 | local ocsp_response = require "_openssl.ocsp.response" | ||
2 | |||
3 | return ocsp_response | ||