/** * Set the depth for certificate checking. */ static int set_depth(lua_State *L) { SSL_CTX *ctx = ctx_getcontext(L, 1); SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2)); lua_pushboolean(L, 1); return 1; }
/** * Load the key file -- only in PEM format. */ static int load_key(lua_State *L) { int ret = 1; SSL_CTX *ctx = ctx_getcontext(L, 1); const char *filename = luaL_checkstring(L, 2); switch (lua_type(L, 3)) { case LUA_TSTRING: case LUA_TFUNCTION: SSL_CTX_set_default_passwd_cb(ctx, passwd_cb); SSL_CTX_set_default_passwd_cb_userdata(ctx, L); /* fallback */ case LUA_TNIL: if (SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM) == 1) lua_pushboolean(L, 1); else { ret = 2; lua_pushboolean(L, 0); lua_pushfstring(L, "error loading private key (%s)", ERR_reason_error_string(ERR_get_error())); } SSL_CTX_set_default_passwd_cb(ctx, NULL); SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL); break; default: lua_pushstring(L, "invalid callback value"); lua_error(L); } return ret; }
/** * Set the cipher list. */ static int set_cipher(lua_State *L) { SSL_CTX *ctx = ctx_getcontext(L, 1); const char *list = luaL_checkstring(L, 2); if (SSL_CTX_set_cipher_list(ctx, list) != 1) { lua_pushboolean(L, 0); lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error())); return 2; } lua_pushboolean(L, 1); return 1; }
/** * Load the certificate file. */ static int load_cert(lua_State *L) { SSL_CTX *ctx = ctx_getcontext(L, 1); const char *filename = luaL_checkstring(L, 2); if (SSL_CTX_use_certificate_chain_file(ctx, filename) != 1) { lua_pushboolean(L, 0); lua_pushfstring(L, "error loading certificate (%s)", ERR_reason_error_string(ERR_get_error())); return 2; } lua_pushboolean(L, 1); return 1; }
/** * Load the trusting certificates. */ static int load_locations(lua_State *L) { SSL_CTX *ctx = ctx_getcontext(L, 1); const char *cafile = luaL_optstring(L, 2, NULL); const char *capath = luaL_optstring(L, 3, NULL); if (SSL_CTX_load_verify_locations(ctx, cafile, capath) != 1) { lua_pushboolean(L, 0); lua_pushfstring(L, "error loading CA locations (%s)", ERR_reason_error_string(ERR_get_error())); return 2; } lua_pushboolean(L, 1); return 1; }
/** * Create a new TLS/SSL object and mark it as new. */ static int meth_create(lua_State *L) { p_ssl ssl; int mode = ctx_getmode(L, 1); SSL_CTX *ctx = ctx_getcontext(L, 1); if (mode == MD_CTX_INVALID) { lua_pushnil(L); lua_pushstring(L, "invalid mode"); return 2; } ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl)); if (!ssl) { lua_pushnil(L); lua_pushstring(L, "error creating SSL object"); return 2; } ssl->ssl = SSL_new(ctx); if (!ssl->ssl) { lua_pushnil(L); lua_pushstring(L, "error creating SSL object"); return 2;; } ssl->state = ST_SSL_NEW; SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #if defined(SSL_MODE_RELEASE_BUFFERS) SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); #endif if (mode == MD_CTX_SERVER) SSL_set_accept_state(ssl->ssl); else SSL_set_connect_state(ssl->ssl); io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, (p_error) ssl_ioerror, ssl); timeout_init(&ssl->tm, -1, -1); buffer_init(&ssl->buf, &ssl->io, &ssl->tm); luaL_getmetatable(L, "SSL:Connection"); lua_setmetatable(L, -2); return 1; }
/** * Set the protocol options. */ static int set_options(lua_State *L) { int i; unsigned long flag = 0L; SSL_CTX *ctx = ctx_getcontext(L, 1); int max = lua_gettop(L); /* any option? */ if (max > 1) { for (i = 2; i <= max; i++) { if (!set_option_flag(luaL_checkstring(L, i), &flag)) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid option"); return 2; } } SSL_CTX_set_options(ctx, flag); } lua_pushboolean(L, 1); return 1; }
/** * Set the handshake verify options. */ static int set_verify(lua_State *L) { int i; int flag = 0; SSL_CTX *ctx = ctx_getcontext(L, 1); int max = lua_gettop(L); /* any flag? */ if (max > 1) { for (i = 2; i <= max; i++) { if (!set_verify_flag(luaL_checkstring(L, i), &flag)) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid verify option"); return 2; } } SSL_CTX_set_verify(ctx, flag, NULL); } lua_pushboolean(L, 1); return 1; }