2 files changed, 195 insertions, 21 deletions
diff --git a/src/GNUmakefile b/src/GNUmakefile
index ee263b0..6a0bb3c 100644
--- a/src/GNUmakefile
+++ b/src/GNUmakefile
@@ -20,7 +20,7 @@ OS_$(d) = $(shell $(d)/../mk/vendor.os)
 CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc)
 LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/lua.path -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2))
-CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..))
+CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIUNSIGNED
 CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))
 LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))
 SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))
diff --git a/src/openssl.c b/src/openssl.c
index d18cf67..4a290a9 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -401,6 +401,70 @@ static const char *pushnid(lua_State *L, int nid) {
 } /* pushnid() */
+/*
+ * Lua 5.3 distinguishes integers and numbers, and by default uses 64-bit
+ * integers. The following routines try to preserve this distinction and
+ * where possible detect range issues.
+ *
+ * The signed range checking assumes two's complement, no padding bits, and
+ * sizeof lua_Integer <= sizeof long long. Which is a safe bet where OpenSSL
+ * is typically used.
+ */
+#define lib_Integer long long
+#define lib_Unsigned unsigned long long
+#define lua_IntegerMax ((1ULL << (sizeof (lua_Integer) * 8 - 1)) - 1)
+#define lua_IntegerMin (-lua_IntegerMax - 1)
+static void lib_pushinteger(lua_State *L, lib_Integer i) {
+        /*
+         * TODO: Check value explicitly, but will need to silence compiler
+         * diagnostics about useless comparisons.
+         */
+        if (sizeof (lua_Integer) >= sizeof i) {
+                lua_pushinteger(L, i);
+        } else {
+                /* TODO: Check overflow. */
+                lua_pushnumber(L, i);
+        }
+} /* lib_pushinteger() */
+NOTUSED static void lib_pushunsigned(lua_State *L, lib_Unsigned i) {
+        if (i <= lua_IntegerMax) {
+                lua_pushinteger(L, i);
+        } else if (i == (lib_Unsigned)(lua_Number)i) {
+                lua_pushnumber(L, i);
+        } else {
+                luaL_error(L, "unsigned integer value not representable as lua_Integer or lua_Number");
+        }
+} /* lib_pushunsigned() */
+static lib_Integer lib_checkinteger(lua_State *L, int index) {
+        if (sizeof (lua_Integer) >= sizeof (lib_Integer)) {
+                return luaL_checkinteger(L, index);
+        } else {
+                /* TODO: Check overflow. */
+                return (lib_Integer)luaL_checknumber(L, index);
+        }
+} /* lib_checkinteger() */
+typedef struct {
+        const char *name;
+        lib_Integer value;
+} integer_Reg;
+static void lib_setintegers(lua_State *L, const integer_Reg *l) {
+        for (; l->name; l++) {
+                lib_pushinteger(L, l->value);
+                lua_setfield(L, -2, l->name);
+        }
+} /* lib_setintegers() */
 static void initall(lua_State *L);
@@ -3954,6 +4018,35 @@ static int sx_interpose(lua_State *L) {
 } /* sx_interpose() */
+static int sx_setOptions(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_Integer options = lib_checkinteger(L, 2);
+        lib_pushinteger(L, SSL_CTX_set_options(ctx, options));
+        return 1;
+} /* sx_setOptions() */
+static int sx_getOptions(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_pushinteger(L, SSL_CTX_get_options(ctx));
+        return 1;
+} /* sx_getOptions() */
+static int sx_clearOptions(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_Integer options = lib_checkinteger(L, 2);
+        lib_pushinteger(L, SSL_CTX_clear_options(ctx, options));
+        return 1;
+} /* sx_clearOptions() */
 static int sx_setStore(lua_State *L) {
        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
        X509_STORE *store = checksimple(L, 2, X509_STORE_CLASS);
@@ -4052,12 +4145,15 @@ static int sx__gc(lua_State *L) {
 static const luaL_Reg sx_methods[] = {
-        { "setStore",  &sx_setStore },
+        { "setOptions",     &sx_setOptions },
-        { "setVerify", &sx_setVerify },
+        { "getOptions",     &sx_getOptions },
-        { "getVerify", &sx_getVerify },
+        { "clearOptions",   &sx_clearOptions },
+        { "setStore",       &sx_setStore },
+        { "setVerify",      &sx_setVerify },
+        { "getVerify",      &sx_getVerify },
        { "setCertificate", &sx_setCertificate },
-        { "setPrivateKey", &sx_setPrivateKey },
+        { "setPrivateKey",  &sx_setPrivateKey },
-        { "setCipherList", &sx_setCipherList },
+        { "setCipherList",  &sx_setCipherList },
        { NULL, NULL },
 };
@@ -4072,22 +4168,66 @@ static const luaL_Reg sx_globals[] = {
        { NULL,        NULL },
 };
+static const integer_Reg sx_verify[] = {
+        { "VERIFY_NONE", SSL_VERIFY_NONE },
+        { "VERIFY_PEER", SSL_VERIFY_PEER },
+        { "VERIFY_FAIL_IF_NO_PEER_CERT", SSL_VERIFY_FAIL_IF_NO_PEER_CERT },
+        { "VERIFY_CLIENT_ONCE", SSL_VERIFY_CLIENT_ONCE },
+        { NULL, 0 },
+};
+static const integer_Reg sx_option[] = {
+        { "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG },
+        { "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG },
+        { "OP_LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT },
+        { "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
+        { "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG },
+        { "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER },
+        { "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING },
+        { "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
+        { "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG },
+        { "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG },
+#if defined SSL_OP_NO_TLSv1_1
+        { "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 },
+#endif
+        { "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
+        { "OP_ALL", SSL_OP_ALL },
+        { "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU },
+        { "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE },
+        { "OP_NO_TICKET", SSL_OP_NO_TICKET },
+        { "OP_CISCO_ANYCONNECT", SSL_OP_CISCO_ANYCONNECT },
+        { "OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
+#if defined SSL_OP_NO_COMPRESSION
+        { "OP_NO_COMPRESSION", SSL_OP_NO_COMPRESSION },
+#endif
+        { "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
+        { "OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE },
+        { "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE },
+        { "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA },
+        { "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE },
+        { "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG },
+        { "OP_NO_SSLv2", SSL_OP_NO_SSLv2 },
+        { "OP_NO_SSLv3", SSL_OP_NO_SSLv3 },
+        { "OP_NO_TLSv1", SSL_OP_NO_TLSv1 },
+#if defined SSL_OP_NO_TLSv1_2
+        { "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 },
+#endif
+        { "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 },
+        { "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 },
+        { "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG },
+        { "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG },
+#if defined SSL_OP_CRYPTOPRO_TLSEXT_BUG
+        { "OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
+#endif
+        { NULL, 0 },
+};
 int luaopen__openssl_ssl_context(lua_State *L) {
        initall(L);
        luaL_newlib(L, sx_globals);
+        lib_setintegers(L, sx_verify);
-        lua_pushinteger(L, SSL_VERIFY_NONE);
+        lib_setintegers(L, sx_option);
-        lua_setfield(L, -2, "VERIFY_NONE");
-        lua_pushinteger(L, SSL_VERIFY_PEER);
-        lua_setfield(L, -2, "VERIFY_PEER");
-        lua_pushinteger(L, SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
-        lua_setfield(L, -2, "VERIFY_FAIL_IF_NO_PEER_CERT");
-        lua_pushinteger(L, SSL_VERIFY_CLIENT_ONCE);
-        lua_setfield(L, -2, "VERIFY_CLIENT_ONCE");
        return 1;
 } /* luaopen__openssl_ssl_context() */
@@ -4110,6 +4250,35 @@ static int ssl_interpose(lua_State *L) {
 } /* ssl_interpose() */
+static int ssl_setOptions(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_Integer options = lib_checkinteger(L, 2);
+        lib_pushinteger(L, SSL_set_options(ssl, options));
+        return 1;
+} /* ssl_setOptions() */
+static int ssl_getOptions(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_pushinteger(L, SSL_get_options(ssl));
+        return 1;
+} /* ssl_getOptions() */
+static int ssl_clearOptions(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
+        lib_Integer options = lib_checkinteger(L, 2);
+        lib_pushinteger(L, SSL_clear_options(ssl, options));
+        return 1;
+} /* ssl_clearOptions() */
 static int ssl_getPeerCertificate(lua_State *L) {
        SSL *ssl = checksimple(L, 1, SSL_CLASS);
        X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -4171,10 +4340,13 @@ static int ssl__gc(lua_State *L) {
 static const luaL_Reg ssl_methods[] = {
+        { "setOptions",    &ssl_setOptions },
+        { "getOptions",    &ssl_getOptions },
+        { "clearOptions",  &ssl_clearOptions },
        { "getPeerCertificate", &ssl_getPeerCertificate },
-        { "getPeerChain",       &ssl_getPeerChain },
+        { "getPeerChain",  &ssl_getPeerChain },
-        { "getCipherInfo",      &ssl_getCipherInfo },
+        { "getCipherInfo", &ssl_getCipherInfo },
-        { NULL,                 NULL },
+        { NULL,            NULL },
 };
 static const luaL_Reg ssl_metatable[] = {
@@ -4192,6 +4364,8 @@ int luaopen__openssl_ssl(lua_State *L) {
        initall(L);
        luaL_newlib(L, ssl_globals);
+        lib_setintegers(L, sx_verify);
+        lib_setintegers(L, sx_option);
        return 1;
 } /* luaopen__openssl_ssl() */

diff --git a/src/GNUmakefile b/src/GNUmakefile index ee263b0..6a0bb3c 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile
@@ -20,7 +20,7 @@ OS_$(d) = $(shell $(d)/../mk/vendor.os)
20	CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc)	20	CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc)
21	LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/lua.path -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2))	21	LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/lua.path -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2))
22		22
23	CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..))	23	CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIUNSIGNED
24	CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))	24	CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))
25	LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))	25	LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))
26	SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))	26	SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))


diff --git a/src/openssl.c b/src/openssl.c index d18cf67..4a290a9 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -401,6 +401,70 @@ static const char pushnid(lua_State L, int nid) {
401	} /* pushnid() */	401	} /* pushnid() */
402		402
403		403
		404	/*
		405	* Lua 5.3 distinguishes integers and numbers, and by default uses 64-bit
		406	* integers. The following routines try to preserve this distinction and
		407	* where possible detect range issues.
		408	*
		409	* The signed range checking assumes two's complement, no padding bits, and
		410	* sizeof lua_Integer <= sizeof long long. Which is a safe bet where OpenSSL
		411	* is typically used.
		412	*/
		413	#define lib_Integer long long
		414	#define lib_Unsigned unsigned long long
		415
		416	#define lua_IntegerMax ((1ULL << (sizeof (lua_Integer) * 8 - 1)) - 1)
		417	#define lua_IntegerMin (-lua_IntegerMax - 1)
		418
		419
		420	static void lib_pushinteger(lua_State *L, lib_Integer i) {
		421	/*
		422	* TODO: Check value explicitly, but will need to silence compiler
		423	* diagnostics about useless comparisons.
		424	*/
		425	if (sizeof (lua_Integer) >= sizeof i) {
		426	lua_pushinteger(L, i);
		427	} else {
		428	/* TODO: Check overflow. */
		429	lua_pushnumber(L, i);
		430	}
		431	} /* lib_pushinteger() */
		432
		433
		434	NOTUSED static void lib_pushunsigned(lua_State *L, lib_Unsigned i) {
		435	if (i <= lua_IntegerMax) {
		436	lua_pushinteger(L, i);
		437	} else if (i == (lib_Unsigned)(lua_Number)i) {
		438	lua_pushnumber(L, i);
		439	} else {
		440	luaL_error(L, "unsigned integer value not representable as lua_Integer or lua_Number");
		441	}
		442	} /* lib_pushunsigned() */
		443
		444
		445	static lib_Integer lib_checkinteger(lua_State *L, int index) {
		446	if (sizeof (lua_Integer) >= sizeof (lib_Integer)) {
		447	return luaL_checkinteger(L, index);
		448	} else {
		449	/* TODO: Check overflow. */
		450	return (lib_Integer)luaL_checknumber(L, index);
		451	}
		452	} /* lib_checkinteger() */
		453
		454
		455	typedef struct {
		456	const char *name;
		457	lib_Integer value;
		458	} integer_Reg;
		459
		460	static void lib_setintegers(lua_State L, const integer_Reg l) {
		461	for (; l->name; l++) {
		462	lib_pushinteger(L, l->value);
		463	lua_setfield(L, -2, l->name);
		464	}
		465	} /* lib_setintegers() */
		466
		467
404	static void initall(lua_State *L);	468	static void initall(lua_State *L);
405		469
406		470
@@ -3954,6 +4018,35 @@ static int sx_interpose(lua_State *L) {
3954	} /* sx_interpose() */	4018	} /* sx_interpose() */
3955		4019
3956		4020
		4021	static int sx_setOptions(lua_State *L) {
		4022	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		4023	lib_Integer options = lib_checkinteger(L, 2);
		4024
		4025	lib_pushinteger(L, SSL_CTX_set_options(ctx, options));
		4026
		4027	return 1;
		4028	} /* sx_setOptions() */
		4029
		4030
		4031	static int sx_getOptions(lua_State *L) {
		4032	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		4033
		4034	lib_pushinteger(L, SSL_CTX_get_options(ctx));
		4035
		4036	return 1;
		4037	} /* sx_getOptions() */
		4038
		4039
		4040	static int sx_clearOptions(lua_State *L) {
		4041	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		4042	lib_Integer options = lib_checkinteger(L, 2);
		4043
		4044	lib_pushinteger(L, SSL_CTX_clear_options(ctx, options));
		4045
		4046	return 1;
		4047	} /* sx_clearOptions() */
		4048
		4049
3957	static int sx_setStore(lua_State *L) {	4050	static int sx_setStore(lua_State *L) {
3958	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);	4051	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
3959	X509_STORE *store = checksimple(L, 2, X509_STORE_CLASS);	4052	X509_STORE *store = checksimple(L, 2, X509_STORE_CLASS);
@@ -4052,12 +4145,15 @@ static int sx__gc(lua_State *L) {
4052		4145
4053		4146
4054	static const luaL_Reg sx_methods[] = {	4147	static const luaL_Reg sx_methods[] = {
4055	{ "setStore", &sx_setStore },	4148	{ "setOptions", &sx_setOptions },
4056	{ "setVerify", &sx_setVerify },	4149	{ "getOptions", &sx_getOptions },
4057	{ "getVerify", &sx_getVerify },	4150	{ "clearOptions", &sx_clearOptions },
		4151	{ "setStore", &sx_setStore },
		4152	{ "setVerify", &sx_setVerify },
		4153	{ "getVerify", &sx_getVerify },
4058	{ "setCertificate", &sx_setCertificate },	4154	{ "setCertificate", &sx_setCertificate },
4059	{ "setPrivateKey", &sx_setPrivateKey },	4155	{ "setPrivateKey", &sx_setPrivateKey },
4060	{ "setCipherList", &sx_setCipherList },	4156	{ "setCipherList", &sx_setCipherList },
4061	{ NULL, NULL },	4157	{ NULL, NULL },
4062	};	4158	};
4063		4159
@@ -4072,22 +4168,66 @@ static const luaL_Reg sx_globals[] = {
4072	{ NULL, NULL },	4168	{ NULL, NULL },
4073	};	4169	};
4074		4170
		4171	static const integer_Reg sx_verify[] = {
		4172	{ "VERIFY_NONE", SSL_VERIFY_NONE },
		4173	{ "VERIFY_PEER", SSL_VERIFY_PEER },
		4174	{ "VERIFY_FAIL_IF_NO_PEER_CERT", SSL_VERIFY_FAIL_IF_NO_PEER_CERT },
		4175	{ "VERIFY_CLIENT_ONCE", SSL_VERIFY_CLIENT_ONCE },
		4176	{ NULL, 0 },
		4177	};
		4178
		4179	static const integer_Reg sx_option[] = {
		4180	{ "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG },
		4181	{ "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG },
		4182	{ "OP_LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT },
		4183	{ "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
		4184	{ "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG },
		4185	{ "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER },
		4186	{ "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING },
		4187	{ "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
		4188	{ "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG },
		4189	{ "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG },
		4190	#if defined SSL_OP_NO_TLSv1_1
		4191	{ "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 },
		4192	#endif
		4193	{ "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
		4194	{ "OP_ALL", SSL_OP_ALL },
		4195	{ "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU },
		4196	{ "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE },
		4197	{ "OP_NO_TICKET", SSL_OP_NO_TICKET },
		4198	{ "OP_CISCO_ANYCONNECT", SSL_OP_CISCO_ANYCONNECT },
		4199	{ "OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
		4200	#if defined SSL_OP_NO_COMPRESSION
		4201	{ "OP_NO_COMPRESSION", SSL_OP_NO_COMPRESSION },
		4202	#endif
		4203	{ "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
		4204	{ "OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE },
		4205	{ "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE },
		4206	{ "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA },
		4207	{ "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE },
		4208	{ "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG },
		4209	{ "OP_NO_SSLv2", SSL_OP_NO_SSLv2 },
		4210	{ "OP_NO_SSLv3", SSL_OP_NO_SSLv3 },
		4211	{ "OP_NO_TLSv1", SSL_OP_NO_TLSv1 },
		4212	#if defined SSL_OP_NO_TLSv1_2
		4213	{ "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 },
		4214	#endif
		4215	{ "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 },
		4216	{ "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 },
		4217	{ "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG },
		4218	{ "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG },
		4219	#if defined SSL_OP_CRYPTOPRO_TLSEXT_BUG
		4220	{ "OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
		4221	#endif
		4222	{ NULL, 0 },
		4223	};
		4224
4075	int luaopen__openssl_ssl_context(lua_State *L) {	4225	int luaopen__openssl_ssl_context(lua_State *L) {
4076	initall(L);	4226	initall(L);
4077		4227
4078	luaL_newlib(L, sx_globals);	4228	luaL_newlib(L, sx_globals);
4079		4229	lib_setintegers(L, sx_verify);
4080	lua_pushinteger(L, SSL_VERIFY_NONE);	4230	lib_setintegers(L, sx_option);
4081	lua_setfield(L, -2, "VERIFY_NONE");
4082
4083	lua_pushinteger(L, SSL_VERIFY_PEER);
4084	lua_setfield(L, -2, "VERIFY_PEER");
4085
4086	lua_pushinteger(L, SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
4087	lua_setfield(L, -2, "VERIFY_FAIL_IF_NO_PEER_CERT");
4088
4089	lua_pushinteger(L, SSL_VERIFY_CLIENT_ONCE);
4090	lua_setfield(L, -2, "VERIFY_CLIENT_ONCE");
4091		4231
4092	return 1;	4232	return 1;
4093	} /* luaopen__openssl_ssl_context() */	4233	} /* luaopen__openssl_ssl_context() */
@@ -4110,6 +4250,35 @@ static int ssl_interpose(lua_State *L) {
4110	} /* ssl_interpose() */	4250	} /* ssl_interpose() */
4111		4251
4112		4252
		4253	static int ssl_setOptions(lua_State *L) {
		4254	SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
		4255	lib_Integer options = lib_checkinteger(L, 2);
		4256
		4257	lib_pushinteger(L, SSL_set_options(ssl, options));
		4258
		4259	return 1;
		4260	} /* ssl_setOptions() */
		4261
		4262
		4263	static int ssl_getOptions(lua_State *L) {
		4264	SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
		4265
		4266	lib_pushinteger(L, SSL_get_options(ssl));
		4267
		4268	return 1;
		4269	} /* ssl_getOptions() */
		4270
		4271
		4272	static int ssl_clearOptions(lua_State *L) {
		4273	SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
		4274	lib_Integer options = lib_checkinteger(L, 2);
		4275
		4276	lib_pushinteger(L, SSL_clear_options(ssl, options));
		4277
		4278	return 1;
		4279	} /* ssl_clearOptions() */
		4280
		4281
4113	static int ssl_getPeerCertificate(lua_State *L) {	4282	static int ssl_getPeerCertificate(lua_State *L) {
4114	SSL *ssl = checksimple(L, 1, SSL_CLASS);	4283	SSL *ssl = checksimple(L, 1, SSL_CLASS);
4115	X509 **x509 = prepsimple(L, X509_CERT_CLASS);	4284	X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -4171,10 +4340,13 @@ static int ssl__gc(lua_State *L) {
4171		4340
4172		4341
4173	static const luaL_Reg ssl_methods[] = {	4342	static const luaL_Reg ssl_methods[] = {
		4343	{ "setOptions", &ssl_setOptions },
		4344	{ "getOptions", &ssl_getOptions },
		4345	{ "clearOptions", &ssl_clearOptions },
4174	{ "getPeerCertificate", &ssl_getPeerCertificate },	4346	{ "getPeerCertificate", &ssl_getPeerCertificate },
4175	{ "getPeerChain", &ssl_getPeerChain },	4347	{ "getPeerChain", &ssl_getPeerChain },
4176	{ "getCipherInfo", &ssl_getCipherInfo },	4348	{ "getCipherInfo", &ssl_getCipherInfo },
4177	{ NULL, NULL },	4349	{ NULL, NULL },
4178	};	4350	};
4179		4351
4180	static const luaL_Reg ssl_metatable[] = {	4352	static const luaL_Reg ssl_metatable[] = {
@@ -4192,6 +4364,8 @@ int luaopen__openssl_ssl(lua_State *L) {
4192	initall(L);	4364	initall(L);
4193		4365
4194	luaL_newlib(L, ssl_globals);	4366	luaL_newlib(L, ssl_globals);
		4367	lib_setintegers(L, sx_verify);
		4368	lib_setintegers(L, sx_option);
4195		4369
4196	return 1;	4370	return 1;
4197	} /* luaopen__openssl_ssl() */	4371	} /* luaopen__openssl_ssl() */