diff options
| -rw-r--r-- | openssl.c | 116 |
1 files changed, 92 insertions, 24 deletions
| @@ -1891,10 +1891,10 @@ static int xc_getIssuer(lua_State *L) { | |||
| 1891 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); | 1891 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); |
| 1892 | X509_NAME *name; | 1892 | X509_NAME *name; |
| 1893 | 1893 | ||
| 1894 | if ((name = X509_get_issuer_name(crt))) | 1894 | if (!(name = X509_get_issuer_name(crt))) |
| 1895 | xn_dup(L, name); | 1895 | return 0; |
| 1896 | 1896 | ||
| 1897 | lua_pushboolean(L, 1); | 1897 | xn_dup(L, name); |
| 1898 | 1898 | ||
| 1899 | return 1; | 1899 | return 1; |
| 1900 | } /* xc_getIssuer() */ | 1900 | } /* xc_getIssuer() */ |
| @@ -1917,10 +1917,10 @@ static int xc_getSubject(lua_State *L) { | |||
| 1917 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); | 1917 | X509 *crt = checksimple(L, 1, X509_CERT_CLASS); |
| 1918 | X509_NAME *name; | 1918 | X509_NAME *name; |
| 1919 | 1919 | ||
| 1920 | if ((name = X509_get_subject_name(crt))) | 1920 | if (!(name = X509_get_subject_name(crt))) |
| 1921 | xn_dup(L, name); | 1921 | return 0; |
| 1922 | 1922 | ||
| 1923 | lua_pushboolean(L, 1); | 1923 | xn_dup(L, name); |
| 1924 | 1924 | ||
| 1925 | return 1; | 1925 | return 1; |
| 1926 | } /* xc_getSubject() */ | 1926 | } /* xc_getSubject() */ |
| @@ -2449,20 +2449,20 @@ static int xr_setVersion(lua_State *L) { | |||
| 2449 | } /* xr_setVersion() */ | 2449 | } /* xr_setVersion() */ |
| 2450 | 2450 | ||
| 2451 | 2451 | ||
| 2452 | static int xr_getSubjectName(lua_State *L) { | 2452 | static int xr_getSubject(lua_State *L) { |
| 2453 | X509_REQ *crt = checksimple(L, 1, X509_CSR_CLASS); | 2453 | X509_REQ *crt = checksimple(L, 1, X509_CSR_CLASS); |
| 2454 | X509_NAME *name; | 2454 | X509_NAME *name; |
| 2455 | 2455 | ||
| 2456 | if ((name = X509_REQ_get_subject_name(crt))) | 2456 | if (!(name = X509_REQ_get_subject_name(crt))) |
| 2457 | xn_dup(L, name); | 2457 | return 0; |
| 2458 | 2458 | ||
| 2459 | lua_pushboolean(L, 1); | 2459 | xn_dup(L, name); |
| 2460 | 2460 | ||
| 2461 | return 1; | 2461 | return 1; |
| 2462 | } /* xr_getSubjectName() */ | 2462 | } /* xr_getSubject() */ |
| 2463 | 2463 | ||
| 2464 | 2464 | ||
| 2465 | static int xr_setSubjectName(lua_State *L) { | 2465 | static int xr_setSubject(lua_State *L) { |
| 2466 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); | 2466 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); |
| 2467 | X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); | 2467 | X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); |
| 2468 | 2468 | ||
| @@ -2472,7 +2472,7 @@ static int xr_setSubjectName(lua_State *L) { | |||
| 2472 | lua_pushboolean(L, 1); | 2472 | lua_pushboolean(L, 1); |
| 2473 | 2473 | ||
| 2474 | return 1; | 2474 | return 1; |
| 2475 | } /* xr_setSubjectName() */ | 2475 | } /* xr_setSubject() */ |
| 2476 | 2476 | ||
| 2477 | 2477 | ||
| 2478 | static int xr_getPublicKey(lua_State *L) { | 2478 | static int xr_getPublicKey(lua_State *L) { |
| @@ -2540,14 +2540,14 @@ static int xr__gc(lua_State *L) { | |||
| 2540 | } /* xr__gc() */ | 2540 | } /* xr__gc() */ |
| 2541 | 2541 | ||
| 2542 | static const luaL_Reg xr_methods[] = { | 2542 | static const luaL_Reg xr_methods[] = { |
| 2543 | { "getVersion", &xr_getVersion }, | 2543 | { "getVersion", &xr_getVersion }, |
| 2544 | { "setVersion", &xr_setVersion }, | 2544 | { "setVersion", &xr_setVersion }, |
| 2545 | { "getSubjectName", &xr_getSubjectName }, | 2545 | { "getSubject", &xr_getSubject }, |
| 2546 | { "setSubjectName", &xr_setSubjectName }, | 2546 | { "setSubject", &xr_setSubject }, |
| 2547 | { "getPublicKey", &xr_getPublicKey }, | 2547 | { "getPublicKey", &xr_getPublicKey }, |
| 2548 | { "setPublicKey", &xr_setPublicKey }, | 2548 | { "setPublicKey", &xr_setPublicKey }, |
| 2549 | { "sign", &xr_sign }, | 2549 | { "sign", &xr_sign }, |
| 2550 | { NULL, NULL }, | 2550 | { NULL, NULL }, |
| 2551 | }; | 2551 | }; |
| 2552 | 2552 | ||
| 2553 | static const luaL_Reg xr_metatable[] = { | 2553 | static const luaL_Reg xr_metatable[] = { |
| @@ -2624,7 +2624,9 @@ static int xl__next(lua_State *L) { | |||
| 2624 | if (!(crt = sk_X509_value(chain, i++))) | 2624 | if (!(crt = sk_X509_value(chain, i++))) |
| 2625 | continue; | 2625 | continue; |
| 2626 | 2626 | ||
| 2627 | ret = prepsimple(L, X509_CHAIN_CLASS); | 2627 | lua_pushinteger(L, i); |
| 2628 | |||
| 2629 | ret = prepsimple(L, X509_CERT_CLASS); | ||
| 2628 | 2630 | ||
| 2629 | if (!(*ret = X509_dup(crt))) | 2631 | if (!(*ret = X509_dup(crt))) |
| 2630 | return throwssl(L, "x509.chain:__next"); | 2632 | return throwssl(L, "x509.chain:__next"); |
| @@ -2722,6 +2724,71 @@ static int xs_add(lua_State *L) { | |||
| 2722 | } /* xs_add() */ | 2724 | } /* xs_add() */ |
| 2723 | 2725 | ||
| 2724 | 2726 | ||
| 2727 | static int xs_verify(lua_State *L) { | ||
| 2728 | X509_STORE *store = checksimple(L, 1, X509_STORE_CLASS); | ||
| 2729 | X509 *crt = checksimple(L, 2, X509_CERT_CLASS); | ||
| 2730 | STACK_OF(X509) *chain = NULL, **proof; | ||
| 2731 | X509_STORE_CTX ctx; | ||
| 2732 | int ok, why; | ||
| 2733 | |||
| 2734 | /* pre-allocate space for a successful return */ | ||
| 2735 | lua_settop(L, 3); | ||
| 2736 | proof = prepsimple(L, X509_CHAIN_CLASS); | ||
| 2737 | |||
| 2738 | if (!lua_isnoneornil(L, 3)) { | ||
| 2739 | X509 *elm; | ||
| 2740 | int i, n; | ||
| 2741 | |||
| 2742 | chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS)); | ||
| 2743 | |||
| 2744 | n = sk_X509_num(chain); | ||
| 2745 | |||
| 2746 | for (i = 0; i < n; i++) { | ||
| 2747 | if (!(elm = sk_X509_value(chain, i))) | ||
| 2748 | continue; | ||
| 2749 | CRYPTO_add(&elm->references, 1, CRYPTO_LOCK_X509); | ||
| 2750 | } | ||
| 2751 | } | ||
| 2752 | |||
| 2753 | if (!X509_STORE_CTX_init(&ctx, store, crt, chain)) { | ||
| 2754 | sk_X509_pop_free(chain, X509_free); | ||
| 2755 | return throwssl(L, "x509.store:verify"); | ||
| 2756 | } | ||
| 2757 | |||
| 2758 | ERR_clear_error(); | ||
| 2759 | |||
| 2760 | ok = X509_verify_cert(&ctx); | ||
| 2761 | |||
| 2762 | switch (ok) { | ||
| 2763 | case 1: /* verified */ | ||
| 2764 | *proof = X509_STORE_CTX_get1_chain(&ctx); | ||
| 2765 | |||
| 2766 | X509_STORE_CTX_cleanup(&ctx); | ||
| 2767 | |||
| 2768 | if (!*proof) | ||
| 2769 | return throwssl(L, "x509.store:verify"); | ||
| 2770 | |||
| 2771 | lua_pushboolean(L, 1); | ||
| 2772 | lua_pushvalue(L, -2); | ||
| 2773 | |||
| 2774 | return 2; | ||
| 2775 | case 0: /* not verified */ | ||
| 2776 | why = X509_STORE_CTX_get_error(&ctx); | ||
| 2777 | |||
| 2778 | X509_STORE_CTX_cleanup(&ctx); | ||
| 2779 | |||
| 2780 | lua_pushboolean(L, 0); | ||
| 2781 | lua_pushstring(L, X509_verify_cert_error_string(why)); | ||
| 2782 | |||
| 2783 | return 2; | ||
| 2784 | default: | ||
| 2785 | X509_STORE_CTX_cleanup(&ctx); | ||
| 2786 | |||
| 2787 | return throwssl(L, "x509.store:verify"); | ||
| 2788 | } | ||
| 2789 | } /* xs_verify() */ | ||
| 2790 | |||
| 2791 | |||
| 2725 | static int xs__gc(lua_State *L) { | 2792 | static int xs__gc(lua_State *L) { |
| 2726 | X509_STORE **ud = luaL_checkudata(L, 1, X509_STORE_CLASS); | 2793 | X509_STORE **ud = luaL_checkudata(L, 1, X509_STORE_CLASS); |
| 2727 | 2794 | ||
| @@ -2733,8 +2800,9 @@ static int xs__gc(lua_State *L) { | |||
| 2733 | 2800 | ||
| 2734 | 2801 | ||
| 2735 | static const luaL_Reg xs_methods[] = { | 2802 | static const luaL_Reg xs_methods[] = { |
| 2736 | { "add", &xs_add }, | 2803 | { "add", &xs_add }, |
| 2737 | { NULL, NULL }, | 2804 | { "verify", &xs_verify }, |
| 2805 | { NULL, NULL }, | ||
| 2738 | }; | 2806 | }; |
| 2739 | 2807 | ||
| 2740 | static const luaL_Reg xs_metatable[] = { | 2808 | static const luaL_Reg xs_metatable[] = { |