1 files changed, 40 insertions, 2 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index e75a678..5ac7761 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -284,7 +284,9 @@ field & type:default & description\\\hline
 .bits & number:1024 & private key size \\
-.exp & number:65537 & RSA or Diffie-Hellman exponent \\
+.exp & number:65537 & RSA exponent \\
+.generator & number:2 & Diffie-Hellman generator \\
 .dhparam & string & PEM encoded string with precomputed DH parameters \\
@@ -933,11 +935,17 @@ Sets the private key \module{openssl.pkey} object $key$ for use during SSL conne
 Sets the allowed public key and private key algorithm(s). The string format is documented in the \href{http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT}{OpenSSL ciphers(1) utility documentation}.
+\subsubsection[\fn{context:setCurvesList}]{\fn{context:setCurvesList($string$ [, ...])}}
+Sets the supported curves. The string format is a list of colon separated curve names similar to \texttt{ctx:setCipherList(...)}. A list of supported curves can be found by running \texttt{openssl ecparam -list\_curves}.
+\emph{Only supported since OpenSSL 1.0.2.}
 \subsubsection[\fn{context:setEphemeralKey}]{\fn{context:setEphemeralKey($key$)}}
 Sets \module{openssl.pkey} object $key$ as the ephemeral key during key exchanges which use that particular key type. Typically $key$ will be either a Diffie-Hellman or Elliptic Curve key.
-\emph{In order to configure an SSL server to support an ephemeral key exchange cipher suite (i.e. DHE-* and ECDHE-*), the application must explicitly set the ephemeral keys. Simply enabling the cipher suite is not sufficient. The application can statically generate Diffie-Hellman public key parameters, and many servers ship with such a key compiled into the software. Elliptic curve keys are necessarily static, and instantiated by curve name\footnote{\href{http://en.wikipedia.org/w/index.php?title=Comparison\_of\_TLS\_implementations&oldid=629779090\#Supported\_elliptic\_curves}{According to Wikipedia} the most widely supported curve is prime256v1, so to enable ECDHE-* applications can simply do \texttt{ctx:setEphemeralKey(pkey.new\{ type = ``EC'', curve = ``prime256v1'' \})}. To achieve Perfect Forward Secrecy for ECDHE-*, applications must also do \texttt{ctx:setOptions(context.OP\_SINGLE\_ECDH\_USE)}. The \texttt{ctx} object must then be used to configure each SSL session, such as by passing it to \fn{cqueues.socket:starttls()}.}.}
+\emph{In order to configure an SSL server to support an ephemeral key exchange cipher suite (i.e. DHE-* and ECDHE-*), the application must explicitly set the ephemeral keys. Simply enabling the cipher suite is not sufficient. The application can statically generate Diffie-Hellman public key parameters, and many servers ship with such a key compiled into the software. Elliptic curve keys are necessarily static, and instantiated by curve name\footnote{OpenSSL < 1.0.2 only supports a single curve, \href{http://en.wikipedia.org/w/index.php?title=Comparison\_of\_TLS\_implementations&oldid=629779090\#Supported\_elliptic\_curves}{according to Wikipedia} the most widely supported curve is prime256v1, so to enable ECDHE-*, applications can simply do \texttt{ctx:setEphemeralKey(pkey.new\{ type = ``EC'', curve = ``prime256v1'' \})}. To achieve Perfect Forward Secrecy for ECDHE-*, applications must also do \texttt{ctx:setOptions(context.OP\_SINGLE\_ECDH\_USE)}. The \texttt{ctx} object must then be used to configure each SSL session, such as by passing it to \fn{cqueues.socket:starttls()}.}.}
 \emph{In addition, to attain Perfect Forward Secrecy the options \texttt{OP\_SINGLE\_DH\_USE} and \texttt{OP\_SINGLE\_ECDH\_USE} must be set so that OpenSSL discards and regenerates the secret keying parameters for each key exchange.}
@@ -997,6 +1005,30 @@ Returns the option flags of the SSL connection instance. See \fn{openssl.ssl.con
 Clears the option flags of the SSL connection instance. See \fn{openssl.ssl.context:clearOptions}.
+\subsubsection[\fn{ssl:setVerify}]{\fn{ssl:setVerify([$mode$][, $depth$])}}
+Sets the verification mode flags and maximum validation chain depth.
+See \fn{openssl.ssl.context:setVerify}.
+\subsubsection[\fn{ssl:getVerify}]{\fn{ssl:getVerify()}}
+Returns two values: the bitwise verification mode flags, and the maximum validation depth.
+See \fn{openssl.ssl.context:getVerify}.
+\subsubsection[\fn{ssl:getVerifyResult}]{\fn{ssl:getVerifyResult()}}
+Returns two values: the integer verification result code and the string representation of that code.
+\subsubsection[\fn{ssl:setCertificate}]{\fn{ssl:setCertificate($crt$)}}
+Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:setCertificate}.
+\subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}}
+Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:setPrivateKey}.
 \subsubsection[\fn{ssl:getPeerCertificate}]{\fn{ssl:getPeerCertificate()}}
 Returns the X.509 peer certificate as an \module{openssl.x509} object. If no peer certificate is available, returns $nil$.
@@ -1046,6 +1078,12 @@ TLS1\_2\_VERSION & 16-bit TLSv1.2 identifier (0x0303).  \\
 Returns the SSL/TLS version supported by the client, which should be greater than or equal to the negotiated version. See \fn{ssl:getVersion}.
+\subsubsection[\fn{ssl:setCurvesList}]{\fn{ssl:setCurvesList($string$ [, ...])}}
+Sets the supported curves for this SSL connection instance. See \fn{openssl.ssl.context:setCurvesList}.
+\emph{Only supported since OpenSSL 1.0.2.}
 \subsubsection[\fn{ssl:getAlpnSelected}]{\fn{ssl:getAlpnSelected()}}
 Returns the negotiated ALPN protocol as a string.

diff --git a/doc/luaossl.tex b/doc/luaossl.tex index e75a678..5ac7761 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex
@@ -284,7 +284,9 @@ field & type:default & description\\\hline
284		284
285	.bits & number:1024 & private key size \\	285	.bits & number:1024 & private key size \\
286		286
287	.exp & number:65537 & RSA or Diffie-Hellman exponent \\	287	.exp & number:65537 & RSA exponent \\
		288
		289	.generator & number:2 & Diffie-Hellman generator \\
288		290
289	.dhparam & string & PEM encoded string with precomputed DH parameters \\	291	.dhparam & string & PEM encoded string with precomputed DH parameters \\
290		292
@@ -933,11 +935,17 @@ Sets the private key \module{openssl.pkey} object $key$ for use during SSL conne
933		935
934	Sets the allowed public key and private key algorithm(s). The string format is documented in the \href{http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT}{OpenSSL ciphers(1) utility documentation}.	936	Sets the allowed public key and private key algorithm(s). The string format is documented in the \href{http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT}{OpenSSL ciphers(1) utility documentation}.
935		937
		938	\subsubsection[\fn{context:setCurvesList}]{\fn{context:setCurvesList($string$ [, ...])}}
		939
		940	Sets the supported curves. The string format is a list of colon separated curve names similar to \texttt{ctx:setCipherList(...)}. A list of supported curves can be found by running \texttt{openssl ecparam -list\_curves}.
		941
		942	\emph{Only supported since OpenSSL 1.0.2.}
		943
936	\subsubsection[\fn{context:setEphemeralKey}]{\fn{context:setEphemeralKey($key$)}}	944	\subsubsection[\fn{context:setEphemeralKey}]{\fn{context:setEphemeralKey($key$)}}
937		945
938	Sets \module{openssl.pkey} object $key$ as the ephemeral key during key exchanges which use that particular key type. Typically $key$ will be either a Diffie-Hellman or Elliptic Curve key.	946	Sets \module{openssl.pkey} object $key$ as the ephemeral key during key exchanges which use that particular key type. Typically $key$ will be either a Diffie-Hellman or Elliptic Curve key.
939		947
940	\emph{In order to configure an SSL server to support an ephemeral key exchange cipher suite (i.e. DHE-* and ECDHE-), the application must explicitly set the ephemeral keys. Simply enabling the cipher suite is not sufficient. The application can statically generate Diffie-Hellman public key parameters, and many servers ship with such a key compiled into the software. Elliptic curve keys are necessarily static, and instantiated by curve name\footnote{\href{http://en.wikipedia.org/w/index.php?title=Comparison\_of\_TLS\_implementations&oldid=629779090\#Supported\_elliptic\_curves}{According to Wikipedia} the most widely supported curve is prime256v1, so to enable ECDHE- applications can simply do \texttt{ctx:setEphemeralKey(pkey.new\{ type = ``EC'', curve = ``prime256v1'' \})}. To achieve Perfect Forward Secrecy for ECDHE-*, applications must also do \texttt{ctx:setOptions(context.OP\_SINGLE\_ECDH\_USE)}. The \texttt{ctx} object must then be used to configure each SSL session, such as by passing it to \fn{cqueues.socket:starttls()}.}.}	948	\emph{In order to configure an SSL server to support an ephemeral key exchange cipher suite (i.e. DHE-* and ECDHE-), the application must explicitly set the ephemeral keys. Simply enabling the cipher suite is not sufficient. The application can statically generate Diffie-Hellman public key parameters, and many servers ship with such a key compiled into the software. Elliptic curve keys are necessarily static, and instantiated by curve name\footnote{OpenSSL < 1.0.2 only supports a single curve, \href{http://en.wikipedia.org/w/index.php?title=Comparison\_of\_TLS\_implementations&oldid=629779090\#Supported\_elliptic\_curves}{according to Wikipedia} the most widely supported curve is prime256v1, so to enable ECDHE-, applications can simply do \texttt{ctx:setEphemeralKey(pkey.new\{ type = ``EC'', curve = ``prime256v1'' \})}. To achieve Perfect Forward Secrecy for ECDHE-*, applications must also do \texttt{ctx:setOptions(context.OP\_SINGLE\_ECDH\_USE)}. The \texttt{ctx} object must then be used to configure each SSL session, such as by passing it to \fn{cqueues.socket:starttls()}.}.}
941		949
942	\emph{In addition, to attain Perfect Forward Secrecy the options \texttt{OP\_SINGLE\_DH\_USE} and \texttt{OP\_SINGLE\_ECDH\_USE} must be set so that OpenSSL discards and regenerates the secret keying parameters for each key exchange.}	950	\emph{In addition, to attain Perfect Forward Secrecy the options \texttt{OP\_SINGLE\_DH\_USE} and \texttt{OP\_SINGLE\_ECDH\_USE} must be set so that OpenSSL discards and regenerates the secret keying parameters for each key exchange.}
943		951
@@ -997,6 +1005,30 @@ Returns the option flags of the SSL connection instance. See \fn{openssl.ssl.con
997		1005
998	Clears the option flags of the SSL connection instance. See \fn{openssl.ssl.context:clearOptions}.	1006	Clears the option flags of the SSL connection instance. See \fn{openssl.ssl.context:clearOptions}.
999		1007
		1008	\subsubsection[\fn{ssl:setVerify}]{\fn{ssl:setVerify([$mode$][, $depth$])}}
		1009
		1010	Sets the verification mode flags and maximum validation chain depth.
		1011	See \fn{openssl.ssl.context:setVerify}.
		1012
		1013	\subsubsection[\fn{ssl:getVerify}]{\fn{ssl:getVerify()}}
		1014
		1015	Returns two values: the bitwise verification mode flags, and the maximum validation depth.
		1016	See \fn{openssl.ssl.context:getVerify}.
		1017
		1018	\subsubsection[\fn{ssl:getVerifyResult}]{\fn{ssl:getVerifyResult()}}
		1019
		1020	Returns two values: the integer verification result code and the string representation of that code.
		1021
		1022	\subsubsection[\fn{ssl:setCertificate}]{\fn{ssl:setCertificate($crt$)}}
		1023
		1024	Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes.
		1025	See \fn{openssl.ssl.context:setCertificate}.
		1026
		1027	\subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}}
		1028
		1029	Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
		1030	See \fn{openssl.ssl.context:setPrivateKey}.
		1031
1000	\subsubsection[\fn{ssl:getPeerCertificate}]{\fn{ssl:getPeerCertificate()}}	1032	\subsubsection[\fn{ssl:getPeerCertificate}]{\fn{ssl:getPeerCertificate()}}
1001		1033
1002	Returns the X.509 peer certificate as an \module{openssl.x509} object. If no peer certificate is available, returns $nil$.	1034	Returns the X.509 peer certificate as an \module{openssl.x509} object. If no peer certificate is available, returns $nil$.
@@ -1046,6 +1078,12 @@ TLS1\_2\_VERSION & 16-bit TLSv1.2 identifier (0x0303). \\
1046		1078
1047	Returns the SSL/TLS version supported by the client, which should be greater than or equal to the negotiated version. See \fn{ssl:getVersion}.	1079	Returns the SSL/TLS version supported by the client, which should be greater than or equal to the negotiated version. See \fn{ssl:getVersion}.
1048		1080
		1081	\subsubsection[\fn{ssl:setCurvesList}]{\fn{ssl:setCurvesList($string$ [, ...])}}
		1082
		1083	Sets the supported curves for this SSL connection instance. See \fn{openssl.ssl.context:setCurvesList}.
		1084
		1085	\emph{Only supported since OpenSSL 1.0.2.}
		1086
1049	\subsubsection[\fn{ssl:getAlpnSelected}]{\fn{ssl:getAlpnSelected()}}	1087	\subsubsection[\fn{ssl:getAlpnSelected}]{\fn{ssl:getAlpnSelected()}}
1050		1088
1051	Returns the negotiated ALPN protocol as a string.	1089	Returns the negotiated ALPN protocol as a string.