diff options
| author |   daurnimator <quae@daurnimator.com>
| 2017-04-06 14:51:22 +1000 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com>
| 2017-04-12 15:35:48 +1000 |
| commit | f92ced1a1448c07ae19c3832a278867859371f76 (patch) | |
| tree | 621c2583562ab12a2eebaa93a4b5c3c467cf3bc3 | |
| parent | a0346d8054d3b19a7e30b5de70048c001d8c2c26 (diff) | |
| download | luaossl-f92ced1a1448c07ae19c3832a278867859371f76.tar.gz luaossl-f92ced1a1448c07ae19c3832a278867859371f76.tar.bz2 luaossl-f92ced1a1448c07ae19c3832a278867859371f76.zip | |
openssl.ssl: Bind SSL_set1_curves_list as ssl:setCurvesList()
| -rw-r--r-- | doc/luaossl.tex | 6 | ||||
| -rw-r--r-- | src/openssl.c | 22 | ||||
| -rw-r--r-- | src/openssl.ssl.lua | 20 |
3 files changed, 46 insertions, 2 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 32a4dba..76821a1 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -978,6 +978,12 @@ TLS1\_2\_VERSION & 16-bit TLSv1.2 identifier (0x0303). \\ Returns the SSL/TLS version supported by the client, which should be greater than or equal to the negotiated version. See \fn{ssl:getVersion}. +\subsubsection[\fn{ssl:setCurvesList}]{\fn{ssl:setCurvesList($string$ [, ...])}} + +Sets the supported curves for this SSL connection instance. See \fn{openssl.ssl.context:setCurvesList}. + +\emph{Only supported since OpenSSL 1.0.2.} + \subsubsection[\fn{ssl:getAlpnSelected}]{\fn{ssl:getAlpnSelected()}} Returns the negotiated ALPN protocol as a string. diff --git a/src/openssl.c b/src/openssl.c index 652e38a..8217deb 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -294,6 +294,10 @@ #define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS #endif +#ifndef HAVE_SSL_SET_CURVES_LIST +#define HAVE_SSL_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) +#endif + #ifndef HAVE_SSL_SET1_PARAM #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) #endif @@ -8214,6 +8218,21 @@ static int ssl_getCipherInfo(lua_State *L) { } /* ssl_getCipherInfo() */ +#if HAVE_SSL_SET_CURVES_LIST +static int ssl_setCurvesList(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char *curves = luaL_checkstring(L, 2); + + if (!SSL_set1_curves_list(ssl, curves)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setCurvesList"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setCurvesList() */ +#endif + + static int ssl_getHostName(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); const char *host; @@ -8357,6 +8376,9 @@ static const auxL_Reg ssl_methods[] = { { "getPeerCertificate", &ssl_getPeerCertificate }, { "getPeerChain", &ssl_getPeerChain }, { "getCipherInfo", &ssl_getCipherInfo }, +#if HAVE_SSL_SET_CURVES_LIST + { "setCurvesList", &ssl_setCurvesList }, +#endif { "getHostName", &ssl_getHostName }, { "setHostName", &ssl_setHostName }, { "getVersion", &ssl_getVersion }, diff --git a/src/openssl.ssl.lua b/src/openssl.ssl.lua index 3c348f6..bf90f29 100644 --- a/src/openssl.ssl.lua +++ b/src/openssl.ssl.lua @@ -1,3 +1,19 @@ -local ctx = require"_openssl.ssl" +local ssl = require"_openssl.ssl" -return ctx +local pack = table.pack or function(...) return { n = select("#", ...); ... } end + +-- Allow passing a vararg of curves, or an array +local setCurvesList = ssl.interpose("setCurvesList", nil) +if setCurvesList then + ssl.interpose("setCurvesList", function (self, curves, ...) + if (...) then + local curves_t = pack(curves, ...) + curves = table.concat(curves_t, ":", 1, curves_t.n) + elseif type(curves) == "table" then + curves = table.concat(curves, ":") + end + return setCurvesList(self, curves) + end) +end + +return ssl |