summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/openssl.c46
1 files changed, 40 insertions, 6 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 034806b..58e60a6 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -4269,14 +4269,29 @@ int luaopen__openssl_pkcs12(lua_State *L) {
4269 * 4269 *
4270 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 4270 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4271 4271
4272/*
4273 * NOTE: TLS methods and flags were added in tandem. For example, if the
4274 * macro SSL_OP_NO_TLSv1_1 is defined we know TLSv1_1_server_method is also
4275 * declared and defined.
4276 */
4272static int sx_new(lua_State *L) { 4277static int sx_new(lua_State *L) {
4273 static const char *const opts[] = { 4278 static const char *const opts[] = {
4274 "SSLv2", "SSLv3", "SSLv23", "SSL", "TLSv1", "TLS", NULL 4279 "SSLv2", "SSLv3", "SSLv23",
4280 "TLSv1", "TLSv1.0",
4281#if defined SSL_OP_NO_TLSv1_1
4282 "TLSv1_1", "TLSv1.1",
4283#endif
4284#if defined SSL_OP_NO_TLSv1_2
4285 "TLSv1_2", "TLSv1.2",
4286#endif
4287 "SSL", "TLS",
4288 NULL
4275 }; 4289 };
4276 /* later versions of SSL declare a const qualifier on the return type */ 4290 /* later versions of SSL declare a const qualifier on the return type */
4277 __typeof__(&TLSv1_client_method) method = &TLSv1_client_method; 4291 __typeof__(&TLSv1_client_method) method = &TLSv1_client_method;
4278 _Bool srv; 4292 _Bool srv;
4279 SSL_CTX **ud; 4293 SSL_CTX **ud;
4294 int options = 0;
4280 4295
4281 lua_settop(L, 2); 4296 lua_settop(L, 2);
4282 srv = lua_toboolean(L, 2); 4297 srv = lua_toboolean(L, 2);
@@ -4291,15 +4306,32 @@ static int sx_new(lua_State *L) {
4291 method = (srv)? &SSLv3_server_method : &SSLv3_client_method; 4306 method = (srv)? &SSLv3_server_method : &SSLv3_client_method;
4292 break; 4307 break;
4293 case 2: /* SSLv23 */ 4308 case 2: /* SSLv23 */
4294 /* FALL THROUGH */
4295 case 3: /* SSL */
4296 method = (srv)? &SSLv23_server_method : &SSLv23_client_method; 4309 method = (srv)? &SSLv23_server_method : &SSLv23_client_method;
4297 break; 4310 break;
4298 case 4: /* TLSv1 */ 4311 case 3: /* TLSv1 */
4299 /* FALL THROUGH */ 4312 case 4: /* TLSv1.0 */
4300 case 5: /* TLS */
4301 method = (srv)? &TLSv1_server_method : &TLSv1_client_method; 4313 method = (srv)? &TLSv1_server_method : &TLSv1_client_method;
4302 break; 4314 break;
4315#if defined SSL_OP_NO_TLSv1_1
4316 case 5: /* TLSv1_1 */
4317 case 6: /* TLSv1.1 */
4318 method = (srv)? &TLSv1_1_server_method : &TLSv1_1_client_method;
4319 break;
4320#endif
4321#if defined SSL_OP_NO_TLSv1_2
4322 case 7: /* TLSv1_2 */
4323 case 8: /* TLSv1.2 */
4324 method = (srv)? &TLSv1_2_server_method : &TLSv1_2_client_method;
4325 break;
4326#endif
4327 case 9: /* SSL */
4328 method = (srv)? &SSLv23_server_method : &SSLv23_client_method;
4329 options = SSL_OP_NO_SSLv2;
4330 break;
4331 case 10: /* TLS */
4332 method = (srv)? &SSLv23_server_method : &SSLv23_client_method;
4333 options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
4334 break;
4303 } 4335 }
4304 4336
4305 ud = prepsimple(L, SSL_CTX_CLASS); 4337 ud = prepsimple(L, SSL_CTX_CLASS);
@@ -4307,6 +4339,8 @@ static int sx_new(lua_State *L) {
4307 if (!(*ud = SSL_CTX_new(method()))) 4339 if (!(*ud = SSL_CTX_new(method())))
4308 return throwssl(L, "ssl.context.new"); 4340 return throwssl(L, "ssl.context.new");
4309 4341
4342 SSL_CTX_set_options(*ud, options);
4343
4310 return 1; 4344 return 1;
4311} /* sx_new() */ 4345} /* sx_new() */
4312 4346
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 22:56:32 +0000