aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatarLibravatar daurnimator <quae@daurnimator.com> 2018-10-30 17:59:57 +1100
committerLibravatarLibravatar daurnimator <quae@daurnimator.com> 2018-10-31 13:13:26 +1100
commit14381ef9d1a1f61e50a78eb7e9dfd51fab046cdd (patch)
tree66051ea02d92b06731eafc11463306e2068da96f
parent7f297d41be8c77bffbbbac1dfced2586f07f538b (diff)
downloadluaossl-14381ef9d1a1f61e50a78eb7e9dfd51fab046cdd.tar.gz
luaossl-14381ef9d1a1f61e50a78eb7e9dfd51fab046cdd.tar.bz2
luaossl-14381ef9d1a1f61e50a78eb7e9dfd51fab046cdd.zip
Add ssl.context:useServerInfo() and ssl.context:useServerInfoFile()
-rw-r--r--doc/luaossl.tex14
-rw-r--r--src/openssl.c54
2 files changed, 68 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 66a205e..ddfde04 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -1029,6 +1029,20 @@ See \fn{context:setTicketKeys}
\emph{Only supported since OpenSSL 1.0.0.}
+\subsubsection[\fn{context:useServerInfo}]{\fn{context:useServerInfo($version$, $serverinfo$)}}
+
+If version is $1$ then the extensions in the array must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of extension data. The type value has the same meaning as for \fn{context:addCustomExtension}.
+
+If version is $2$ then the extensions in the array must consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for \fn{context:addCustomExtension}. If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate).
+
+\emph{Only supported since OpenSSL 1.0.2, ServerInfo version 2 is only supported since OpenSSL 1.1.1}
+
+\subsubsection[\fn{context:useServerInfoFile}]{\fn{context:useServerInfoFile($file$)}}
+
+Loads one or more serverinfo extensions from $file$ into $context$. The extensions must be in PEM format. Each extension must be in a format as described above for \fn{context:useServerInfo}. Each PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for version 2 data or "BEGIN SERVERINFO FOR " for version 1 data.
+
+\emph{Only supported since OpenSSL 1.0.2}
+
\subsubsection[\fn{context:addCustomExtension}]{\fn{context:addCustomExtension($ext\_type$, $ext\_context$, $add\_cb$, $parse\_cb$)}}
Adds a custom extension with the TLS extension type (see RFC 5246) $ext\_type$ that may be present in the context(s) specifed by $ext\_context$, which should be a bitmask of the flags:
diff --git a/src/openssl.c b/src/openssl.c
index ba1ff63..d8d9e01 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -339,6 +339,18 @@
#define HAVE_SSL_CTX_GET_TLSEXT_TICKET_KEYS OPENSSL_PREREQ(1,0,0)
#endif
+#ifndef HAVE_SSL_CTX_USE_SERVERINFO
+#define HAVE_SSL_CTX_USE_SERVERINFO OPENSSL_PREREQ(1,0,2)
+#endif
+
+#ifndef HAVE_SSL_CTX_USE_SERVERINFO_EX
+#define HAVE_SSL_CTX_USE_SERVERINFO_EX OPENSSL_PREREQ(1,1,1)
+#endif
+
+#ifndef HAVE_SSL_CTX_USE_SERVERINFO_FILE
+#define HAVE_SSL_CTX_USE_SERVERINFO_FILE OPENSSL_PREREQ(1,0,2)
+#endif
+
#ifndef HAVE_SSL_GET0_ALPN_SELECTED
#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
#endif
@@ -9049,6 +9061,42 @@ static int sx_getTicketKeys(lua_State *L) {
#endif
+#if HAVE_SSL_CTX_USE_SERVERINFO_FILE
+static int sx_useServerInfoFile(lua_State *L) {
+ SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+ const char *file = luaL_checkstring(L, 2);
+
+ if (!SSL_CTX_use_serverinfo_file(ctx, file))
+ return auxL_error(L, auxL_EOPENSSL, "ssl.context:useServerInfoFile");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* sx_useServerInfoFile() */
+#endif
+
+
+#if HAVE_SSL_CTX_USE_SERVERINFO_EX || HAVE_SSL_CTX_USE_SERVERINFO
+static int sx_useServerInfo(lua_State *L) {
+ SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+ unsigned int version = auxL_checkunsigned(L, 2, 1, (HAVE_SSL_CTX_USE_SERVERINFO_EX) ? auxL_UnsignedMax : 1);
+ size_t serverinfo_length;
+ const unsigned char *serverinfo = (const unsigned char *)luaL_checklstring(L, 3, &serverinfo_length);
+
+#if HAVE_SSL_CTX_USE_SERVERINFO_EX
+ if (!SSL_CTX_use_serverinfo_ex(ctx, version, serverinfo, serverinfo_length))
+#else
+ if (!SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length))
+#endif
+ return auxL_error(L, auxL_EOPENSSL, "ssl.context:useServerInfo");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* sx_useServerInfoFile() */
+#endif
+
+
#if HAVE_SSL_CTX_ADD_CUSTOM_EXT
static int sx_custom_ext_add_cb_helper(lua_State *L) {
SSL *s = lua_touserdata(L, 2);
@@ -9391,6 +9439,12 @@ static const auxL_Reg sx_methods[] = {
#if HAVE_SSL_CTX_GET_TLSEXT_TICKET_KEYS
{ "getTicketKeys", &sx_getTicketKeys },
#endif
+#if HAVE_SSL_CTX_USE_SERVERINFO_FILE
+ { "useServerInfoFile", &sx_useServerInfoFile },
+#endif
+#if HAVE_SSL_CTX_USE_SERVERINFO_EX || HAVE_SSL_CTX_USE_SERVERINFO
+ { "useServerInfo", &sx_useServerInfo },
+#endif
#if HAVE_SSL_CTX_ADD_CUSTOM_EXT
{ "addCustomExtension", &sx_addCustomExtension },
#endif