Add methods ssl:setVerify(), ssl:getVerify(), ssl:getCertificate() and ssl:setPrivateKey()

Similar to same methods that already exist on ssl.context object
author: daurnimator <quae@daurnimator.com> 2017-04-04 15:15:46 +1000
committer: daurnimator <quae@daurnimator.com> 2017-04-04 15:17:29 +1000
commit: a5ba3b4fbadb8369d9f6602f86f33703f3d043de (patch)
tree: 68be32621392fbf0ab9fd1a6f7c475fc63152224 /src
parent: 5d6b15859e25da8271a3820662bb9d1f8a935107 (diff)
download: luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.tar.gz
luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.tar.bz2
luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.zip
1 files changed, 69 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c
index a01fde5..b0bc5f6 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -8389,6 +8389,33 @@ static int ssl_getParam(lua_State *L) {
 } /* ssl_getParam() */
+static int ssl_setVerify(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        int mode = luaL_optinteger(L, 2, -1);
+        int depth = luaL_optinteger(L, 3, -1);
+        if (mode != -1)
+                SSL_set_verify(ssl, mode, 0);
+        if (depth != -1)
+                SSL_set_verify_depth(ssl, depth);
+        lua_pushboolean(L, 1);
+        return 1;
+} /* ssl_setVerify() */
+static int ssl_getVerify(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        lua_pushinteger(L, SSL_get_verify_mode(ssl));
+        lua_pushinteger(L, SSL_get_verify_depth(ssl));
+        return 2;
+} /* ssl_getVerify() */
 static int ssl_getVerifyResult(lua_State *L) {
        SSL *ssl = checksimple(L, 1, SSL_CLASS);
        long res = SSL_get_verify_result(ssl);
@@ -8398,6 +8425,44 @@ static int ssl_getVerifyResult(lua_State *L) {
 } /* ssl_getVerifyResult() */
+static int ssl_setCertificate(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        X509 *crt = X509_dup(checksimple(L, 2, X509_CERT_CLASS));
+        int ok;
+        ok = SSL_use_certificate(ssl, crt);
+        X509_free(crt);
+        if (!ok)
+                return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificate");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* ssl_setCertificate() */
+static int ssl_setPrivateKey(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
+        /*
+         * NOTE: No easy way to dup the key, but a shared reference should
+         * be okay as keys are less mutable than certificates.
+         *
+         * FIXME: SSL_use_PrivateKey will return true even if the
+         * EVP_PKEY object has no private key. Instead, we'll just get a
+         * segfault during the SSL handshake. We need to check that a
+         * private key is actually defined in the object.
+         */
+        if (!SSL_use_PrivateKey(ssl, key))
+                return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKey");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* ssl_setPrivateKey() */
 static int ssl_getPeerCertificate(lua_State *L) {
        SSL *ssl = checksimple(L, 1, SSL_CLASS);
        X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -8694,7 +8759,11 @@ static const auxL_Reg ssl_methods[] = {
        { "clearOptions",     &ssl_clearOptions },
        { "setParam",         &ssl_setParam },
        { "getParam",         &ssl_getParam },
+        { "setVerify",        &ssl_setVerify },
+        { "getVerify",        &ssl_getVerify },
        { "getVerifyResult",  &ssl_getVerifyResult },
+        { "setCertificate",   &ssl_setCertificate },
+        { "setPrivateKey",    &ssl_setPrivateKey },
        { "getPeerCertificate", &ssl_getPeerCertificate },
        { "getPeerChain",     &ssl_getPeerChain },
        { "getCipherInfo",    &ssl_getCipherInfo },
author	daurnimator <quae@daurnimator.com>	2017-04-04 15:15:46 +1000
committer	daurnimator <quae@daurnimator.com>	2017-04-04 15:17:29 +1000
commit	a5ba3b4fbadb8369d9f6602f86f33703f3d043de (patch)
tree	68be32621392fbf0ab9fd1a6f7c475fc63152224 /src
parent	5d6b15859e25da8271a3820662bb9d1f8a935107 (diff)
download	luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.tar.gz luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.tar.bz2 luaossl-a5ba3b4fbadb8369d9f6602f86f33703f3d043de.zip

diff --git a/src/openssl.c b/src/openssl.c index a01fde5..b0bc5f6 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -8389,6 +8389,33 @@ static int ssl_getParam(lua_State *L) {
8389	} /* ssl_getParam() */	8389	} /* ssl_getParam() */
8390		8390
8391		8391
		8392	static int ssl_setVerify(lua_State *L) {
		8393	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8394	int mode = luaL_optinteger(L, 2, -1);
		8395	int depth = luaL_optinteger(L, 3, -1);
		8396
		8397	if (mode != -1)
		8398	SSL_set_verify(ssl, mode, 0);
		8399
		8400	if (depth != -1)
		8401	SSL_set_verify_depth(ssl, depth);
		8402
		8403	lua_pushboolean(L, 1);
		8404
		8405	return 1;
		8406	} /* ssl_setVerify() */
		8407
		8408
		8409	static int ssl_getVerify(lua_State *L) {
		8410	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8411
		8412	lua_pushinteger(L, SSL_get_verify_mode(ssl));
		8413	lua_pushinteger(L, SSL_get_verify_depth(ssl));
		8414
		8415	return 2;
		8416	} /* ssl_getVerify() */
		8417
		8418
8392	static int ssl_getVerifyResult(lua_State *L) {	8419	static int ssl_getVerifyResult(lua_State *L) {
8393	SSL *ssl = checksimple(L, 1, SSL_CLASS);	8420	SSL *ssl = checksimple(L, 1, SSL_CLASS);
8394	long res = SSL_get_verify_result(ssl);	8421	long res = SSL_get_verify_result(ssl);
@@ -8398,6 +8425,44 @@ static int ssl_getVerifyResult(lua_State *L) {
8398	} /* ssl_getVerifyResult() */	8425	} /* ssl_getVerifyResult() */
8399		8426
8400		8427
		8428	static int ssl_setCertificate(lua_State *L) {
		8429	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8430	X509 *crt = X509_dup(checksimple(L, 2, X509_CERT_CLASS));
		8431	int ok;
		8432
		8433	ok = SSL_use_certificate(ssl, crt);
		8434	X509_free(crt);
		8435
		8436	if (!ok)
		8437	return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificate");
		8438
		8439	lua_pushboolean(L, 1);
		8440
		8441	return 1;
		8442	} /* ssl_setCertificate() */
		8443
		8444
		8445	static int ssl_setPrivateKey(lua_State *L) {
		8446	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8447	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
		8448	/*
		8449	* NOTE: No easy way to dup the key, but a shared reference should
		8450	* be okay as keys are less mutable than certificates.
		8451	*
		8452	* FIXME: SSL_use_PrivateKey will return true even if the
		8453	* EVP_PKEY object has no private key. Instead, we'll just get a
		8454	* segfault during the SSL handshake. We need to check that a
		8455	* private key is actually defined in the object.
		8456	*/
		8457	if (!SSL_use_PrivateKey(ssl, key))
		8458	return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKey");
		8459
		8460	lua_pushboolean(L, 1);
		8461
		8462	return 1;
		8463	} /* ssl_setPrivateKey() */
		8464
		8465
8401	static int ssl_getPeerCertificate(lua_State *L) {	8466	static int ssl_getPeerCertificate(lua_State *L) {
8402	SSL *ssl = checksimple(L, 1, SSL_CLASS);	8467	SSL *ssl = checksimple(L, 1, SSL_CLASS);
8403	X509 **x509 = prepsimple(L, X509_CERT_CLASS);	8468	X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -8694,7 +8759,11 @@ static const auxL_Reg ssl_methods[] = {
8694	{ "clearOptions", &ssl_clearOptions },	8759	{ "clearOptions", &ssl_clearOptions },
8695	{ "setParam", &ssl_setParam },	8760	{ "setParam", &ssl_setParam },
8696	{ "getParam", &ssl_getParam },	8761	{ "getParam", &ssl_getParam },
		8762	{ "setVerify", &ssl_setVerify },
		8763	{ "getVerify", &ssl_getVerify },
8697	{ "getVerifyResult", &ssl_getVerifyResult },	8764	{ "getVerifyResult", &ssl_getVerifyResult },
		8765	{ "setCertificate", &ssl_setCertificate },
		8766	{ "setPrivateKey", &ssl_setPrivateKey },
8698	{ "getPeerCertificate", &ssl_getPeerCertificate },	8767	{ "getPeerCertificate", &ssl_getPeerCertificate },
8699	{ "getPeerChain", &ssl_getPeerChain },	8768	{ "getPeerChain", &ssl_getPeerChain },
8700	{ "getCipherInfo", &ssl_getCipherInfo },	8769	{ "getCipherInfo", &ssl_getCipherInfo },