diff options
| author | william <william+macosx@25thandclement.com> | 2015-06-02 16:29:27 -0700 |
|---|---|---|
| committer | william <william+macosx@25thandclement.com> | 2015-06-02 16:29:27 -0700 |
| commit | 958cbcd2d064daabea283d69aa6ba01e5358429a (patch) | |
| tree | f00fdf472ab7584edb02f6ab852702512b7e2469 /src/openssl.c | |
| parent | 2688eb75250269a7899aa695be8a742ae67193bb (diff) | |
| download | luaossl-958cbcd2d064daabea283d69aa6ba01e5358429a.tar.gz luaossl-958cbcd2d064daabea283d69aa6ba01e5358429a.tar.bz2 luaossl-958cbcd2d064daabea283d69aa6ba01e5358429a.zip | |
add DTLS client and server methods to openssl.ssl.context.new
Diffstat (limited to 'src/openssl.c')
| -rw-r--r-- | src/openssl.c | 111 |
1 files changed, 84 insertions, 27 deletions
diff --git a/src/openssl.c b/src/openssl.c index a274de2..a93c96c 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -76,12 +76,18 @@ | |||
| 76 | #include "compat52.h" | 76 | #include "compat52.h" |
| 77 | #endif | 77 | #endif |
| 78 | 78 | ||
| 79 | #define OPENSSL_PREREQ(M, m, p) \ | ||
| 80 | (OPENSSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12)) && !defined LIBRESSL_VERSION_NUMBER) | ||
| 81 | |||
| 82 | #define LIBRESSL_PREREQ(M, m, p) \ | ||
| 83 | (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12))) | ||
| 84 | |||
| 79 | #ifndef HAVE_DLADDR | 85 | #ifndef HAVE_DLADDR |
| 80 | #define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */ | 86 | #define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */ |
| 81 | #endif | 87 | #endif |
| 82 | 88 | ||
| 83 | #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS | 89 | #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS |
| 84 | #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined LIBRESSL_VERSION_NUMBER) | 90 | #define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2) |
| 85 | #endif | 91 | #endif |
| 86 | 92 | ||
| 87 | #ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB | 93 | #ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
| @@ -96,6 +102,30 @@ | |||
| 96 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS | 102 | #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS |
| 97 | #endif | 103 | #endif |
| 98 | 104 | ||
| 105 | #ifndef HAVE_DTLSV1_CLIENT_METHOD | ||
| 106 | #define HAVE_DTLSV1_CLIENT_METHOD (!defined OPENSSL_NO_DTLS1) | ||
| 107 | #endif | ||
| 108 | |||
| 109 | #ifndef HAVE_DTLSV1_SERVER_METHOD | ||
| 110 | #define HAVE_DTLSV1_SERVER_METHOD HAVE_DTLSV1_CLIENT_METHOD | ||
| 111 | #endif | ||
| 112 | |||
| 113 | #ifndef HAVE_DTLS_CLIENT_METHOD | ||
| 114 | #define HAVE_DTLS_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) | ||
| 115 | #endif | ||
| 116 | |||
| 117 | #ifndef HAVE_DTLS_SERVER_METHOD | ||
| 118 | #define HAVE_DTLS_SERVER_METHOD HAVE_DTLS_CLIENT_METHOD | ||
| 119 | #endif | ||
| 120 | |||
| 121 | #ifndef HAVE_DTLSV1_2_CLIENT_METHOD | ||
| 122 | #define HAVE_DTLSV1_2_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) | ||
| 123 | #endif | ||
| 124 | |||
| 125 | #ifndef HAVE_DTLSV1_2_SERVER_METHOD | ||
| 126 | #define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD | ||
| 127 | #endif | ||
| 128 | |||
| 99 | #ifndef STRERROR_R_CHAR_P | 129 | #ifndef STRERROR_R_CHAR_P |
| 100 | #define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) | 130 | #define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) |
| 101 | #endif | 131 | #endif |
| @@ -279,7 +309,13 @@ static void addclass(lua_State *L, const char *name, const luaL_Reg *methods, co | |||
| 279 | } /* addclass() */ | 309 | } /* addclass() */ |
| 280 | 310 | ||
| 281 | 311 | ||
| 282 | static int checkoption(struct lua_State *L, int index, const char *def, const char *const opts[]) { | 312 | static int badoption(lua_State *L, int index, const char *opt) { |
| 313 | opt = (opt)? opt : luaL_checkstring(L, index); | ||
| 314 | |||
| 315 | return luaL_argerror(L, index, lua_pushfstring(L, "invalid option %s", opt)); | ||
| 316 | } /* badoption() */ | ||
| 317 | |||
| 318 | static int checkoption(lua_State *L, int index, const char *def, const char *const opts[]) { | ||
| 283 | const char *opt = (def)? luaL_optstring(L, index, def) : luaL_checkstring(L, index); | 319 | const char *opt = (def)? luaL_optstring(L, index, def) : luaL_checkstring(L, index); |
| 284 | int i; | 320 | int i; |
| 285 | 321 | ||
| @@ -288,7 +324,7 @@ static int checkoption(struct lua_State *L, int index, const char *def, const ch | |||
| 288 | return i; | 324 | return i; |
| 289 | } | 325 | } |
| 290 | 326 | ||
| 291 | return luaL_argerror(L, index, lua_pushfstring(L, "invalid option %s", opt)); | 327 | return badoption(L, index, opt); |
| 292 | } /* checkoption() */ | 328 | } /* checkoption() */ |
| 293 | 329 | ||
| 294 | 330 | ||
| @@ -4940,15 +4976,17 @@ int luaopen__openssl_pkcs12(lua_State *L) { | |||
| 4940 | */ | 4976 | */ |
| 4941 | static int sx_new(lua_State *L) { | 4977 | static int sx_new(lua_State *L) { |
| 4942 | static const char *const opts[] = { | 4978 | static const char *const opts[] = { |
| 4943 | "SSLv2", "SSLv3", "SSLv23", | 4979 | [0] = "SSL", |
| 4944 | "TLSv1", "TLSv1.0", | 4980 | [1] = "TLS", |
| 4945 | #if defined SSL_OP_NO_TLSv1_1 | 4981 | [2] = "SSLv2", |
| 4946 | "TLSv1_1", "TLSv1.1", | 4982 | [3] = "SSLv3", |
| 4947 | #endif | 4983 | [4] = "SSLv23", |
| 4948 | #if defined SSL_OP_NO_TLSv1_2 | 4984 | [5] = "TLSv1", [6] = "TLSv1.0", |
| 4949 | "TLSv1_2", "TLSv1.2", | 4985 | [7] = "TLSv1_1", [8] = "TLSv1.1", |
| 4950 | #endif | 4986 | [9] = "TLSv1_2", [10] = "TLSv1.2", |
| 4951 | "SSL", "TLS", | 4987 | [11] = "DTLS", |
| 4988 | [12] = "DTLSv1", [13] = "DTLSv1.0", | ||
| 4989 | [14] = "DTLSv1_2", [15] = "DTLSv1.2", | ||
| 4952 | NULL | 4990 | NULL |
| 4953 | }; | 4991 | }; |
| 4954 | /* later versions of SSL declare a const qualifier on the return type */ | 4992 | /* later versions of SSL declare a const qualifier on the return type */ |
| @@ -4961,41 +4999,60 @@ static int sx_new(lua_State *L) { | |||
| 4961 | srv = lua_toboolean(L, 2); | 4999 | srv = lua_toboolean(L, 2); |
| 4962 | 5000 | ||
| 4963 | switch (checkoption(L, 1, "TLS", opts)) { | 5001 | switch (checkoption(L, 1, "TLS", opts)) { |
| 5002 | case 0: /* SSL */ | ||
| 5003 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; | ||
| 5004 | options = SSL_OP_NO_SSLv2; | ||
| 5005 | break; | ||
| 5006 | case 1: /* TLS */ | ||
| 5007 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; | ||
| 5008 | options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; | ||
| 5009 | break; | ||
| 4964 | #ifndef OPENSSL_NO_SSL2 | 5010 | #ifndef OPENSSL_NO_SSL2 |
| 4965 | case 0: /* SSLv2 */ | 5011 | case 2: /* SSLv2 */ |
| 4966 | method = (srv)? &SSLv2_server_method : &SSLv2_client_method; | 5012 | method = (srv)? &SSLv2_server_method : &SSLv2_client_method; |
| 4967 | break; | 5013 | break; |
| 4968 | #endif | 5014 | #endif |
| 4969 | case 1: /* SSLv3 */ | 5015 | case 3: /* SSLv3 */ |
| 4970 | method = (srv)? &SSLv3_server_method : &SSLv3_client_method; | 5016 | method = (srv)? &SSLv3_server_method : &SSLv3_client_method; |
| 4971 | break; | 5017 | break; |
| 4972 | case 2: /* SSLv23 */ | 5018 | case 4: /* SSLv23 */ |
| 4973 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; | 5019 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; |
| 4974 | break; | 5020 | break; |
| 4975 | case 3: /* TLSv1 */ | 5021 | case 5: /* TLSv1 */ |
| 4976 | case 4: /* TLSv1.0 */ | 5022 | case 6: /* TLSv1.0 */ |
| 4977 | method = (srv)? &TLSv1_server_method : &TLSv1_client_method; | 5023 | method = (srv)? &TLSv1_server_method : &TLSv1_client_method; |
| 4978 | break; | 5024 | break; |
| 4979 | #if defined SSL_OP_NO_TLSv1_1 | 5025 | #if defined SSL_OP_NO_TLSv1_1 |
| 4980 | case 5: /* TLSv1_1 */ | 5026 | case 7: /* TLSv1_1 */ |
| 4981 | case 6: /* TLSv1.1 */ | 5027 | case 8: /* TLSv1.1 */ |
| 4982 | method = (srv)? &TLSv1_1_server_method : &TLSv1_1_client_method; | 5028 | method = (srv)? &TLSv1_1_server_method : &TLSv1_1_client_method; |
| 4983 | break; | 5029 | break; |
| 4984 | #endif | 5030 | #endif |
| 4985 | #if defined SSL_OP_NO_TLSv1_2 | 5031 | #if defined SSL_OP_NO_TLSv1_2 |
| 4986 | case 7: /* TLSv1_2 */ | 5032 | case 9: /* TLSv1_2 */ |
| 4987 | case 8: /* TLSv1.2 */ | 5033 | case 10: /* TLSv1.2 */ |
| 4988 | method = (srv)? &TLSv1_2_server_method : &TLSv1_2_client_method; | 5034 | method = (srv)? &TLSv1_2_server_method : &TLSv1_2_client_method; |
| 4989 | break; | 5035 | break; |
| 4990 | #endif | 5036 | #endif |
| 4991 | case 9: /* SSL */ | 5037 | #if HAVE_DTLS_CLIENT_METHOD |
| 4992 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; | 5038 | case 11: /* DTLS */ |
| 4993 | options = SSL_OP_NO_SSLv2; | 5039 | method = (srv)? &DTLS_server_method : &DTLS_client_method; |
| 4994 | break; | 5040 | break; |
| 4995 | case 10: /* TLS */ | 5041 | #endif |
| 4996 | method = (srv)? &SSLv23_server_method : &SSLv23_client_method; | 5042 | #if HAVE_DTLSV1_CLIENT_METHOD |
| 4997 | options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; | 5043 | case 12: /* DTLSv1 */ |
| 5044 | case 13: /* DTLSv1.0 */ | ||
| 5045 | method = (srv)? &DTLSv1_server_method : &DTLSv1_client_method; | ||
| 4998 | break; | 5046 | break; |
| 5047 | #endif | ||
| 5048 | #if HAVE_DTLSV1_2_CLIENT_METHOD | ||
| 5049 | case 14: /* DTLSv1_2 */ | ||
| 5050 | case 15: /* DTLSv1.2 */ | ||
| 5051 | method = (srv)? &DTLSv1_server_method : &DTLSv1_client_method; | ||
| 5052 | break; | ||
| 5053 | #endif | ||
| 5054 | default: | ||
| 5055 | return badoption(L, 1, NULL); | ||
| 4999 | } | 5056 | } |
| 5000 | 5057 | ||
| 5001 | ud = prepsimple(L, SSL_CTX_CLASS); | 5058 | ud = prepsimple(L, SSL_CTX_CLASS); |