diff options
author | daurnimator <quae@daurnimator.com> | 2018-12-07 12:29:48 -0800 |
---|---|---|
committer | daurnimator <quae@daurnimator.com> | 2018-12-07 13:46:36 -0800 |
commit | 39a331b41a5a2c96495633e31bc4bbfbe3000f04 (patch) | |
tree | b198ef456468e085a60f72fe9510df35951c6aaa /src | |
parent | 747ddf8a775355b1d41fe36cb5c9b47cd2987b81 (diff) | |
download | luaossl-39a331b41a5a2c96495633e31bc4bbfbe3000f04.tar.gz luaossl-39a331b41a5a2c96495633e31bc4bbfbe3000f04.tar.bz2 luaossl-39a331b41a5a2c96495633e31bc4bbfbe3000f04.zip |
src/openssl.c: Add bindings to chain management
Adds support for setting and retrieving intermediate certificates
Diffstat (limited to 'src')
-rw-r--r-- | src/openssl.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c index 0940e7c..9248b0d 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -279,6 +279,10 @@ #define HAVE_SSL_CTX_ADD_CUSTOM_EXT OPENSSL_PREREQ(1,1,1) #endif +#ifndef HAVE_SSL_CTX_GET0_CHAIN_CERTS +#define HAVE_SSL_CTX_GET0_CHAIN_CERTS OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_CTX_GET0_PARAM #define HAVE_SSL_CTX_GET0_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,7,0)) #endif @@ -315,6 +319,10 @@ #define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || OPENSSL_PREREQ(1,1,1)) /* backwards compatible with old macro name */ #endif +#ifndef HAVE_SSL_CTX_SET1_CHAIN +#define HAVE_SSL_CTX_SET1_CHAIN OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_CTX_SET1_PARAM #define HAVE_SSL_CTX_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,0)) #endif @@ -363,6 +371,10 @@ #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS #endif +#ifndef HAVE_SSL_GET0_CHAIN_CERTS +#define HAVE_SSL_GET0_CHAIN_CERTS OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_GET0_PARAM #define HAVE_SSL_GET0_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,7,0)) #endif @@ -387,6 +399,10 @@ #define HAVE_SSL_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) #endif +#ifndef HAVE_SSL_SET1_CHAIN +#define HAVE_SSL_SET1_CHAIN OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_SET1_PARAM #define HAVE_SSL_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) #endif @@ -8758,6 +8774,36 @@ static int sx_getCertificate(lua_State *L) { #endif +#if HAVE_SSL_CTX_SET1_CHAIN +static int sx_setCertificateChain(lua_State *L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + STACK_OF(X509) *certs = checksimple(L, 2, X509_CHAIN_CLASS); + + if (!SSL_CTX_set1_chain(ctx, certs)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificateChain"); + + lua_pushboolean(L, 1); + + return 1; +} /* sx_setCertificateChain() */ +#endif + + +#if HAVE_SSL_CTX_GET0_CHAIN_CERTS +static int sx_getCertificateChain(lua_State *L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + STACK_OF(X509) *certs; + + if (!SSL_CTX_get0_chain_certs(ctx, &certs)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:getCertificateChain"); + + xl_dup(L, certs, 1); + + return 1; +} /* sx_getCertificateChain() */ +#endif + + static int sx_setPrivateKey(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); @@ -9500,6 +9546,12 @@ static const auxL_Reg sx_methods[] = { #if HAVE_SSL_CTX_GET0_CERTIFICATE { "getCertificate", &sx_getCertificate }, #endif +#if HAVE_SSL_CTX_SET1_CHAIN + { "setCertificateChain", &sx_setCertificateChain }, +#endif +#if HAVE_SSL_CTX_GET0_CHAIN_CERTS + { "getCertificateChain", &sx_getCertificateChain }, +#endif { "setPrivateKey", &sx_setPrivateKey }, { "setCipherList", &sx_setCipherList }, #if HAVE_SSL_CTX_SET_CURVES_LIST @@ -9982,6 +10034,36 @@ static int ssl_setCertificate(lua_State *L) { } /* ssl_setCertificate() */ +#if HAVE_SSL_SET1_CHAIN +static int ssl_setCertificateChain(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + STACK_OF(X509) *certs = checksimple(L, 2, X509_CHAIN_CLASS); + + if (!SSL_set1_chain(ssl, certs)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificateChain"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setCertificateChain() */ +#endif + + +#if HAVE_SSL_GET0_CHAIN_CERTS +static int ssl_getCertificateChain(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + STACK_OF(X509) *certs; + + if (!SSL_get0_chain_certs(ssl, &certs)) + return auxL_error(L, auxL_EOPENSSL, "ssl:getCertificateChain"); + + xl_dup(L, X509_chain_up_ref(certs), 1); + + return 1; +} /* ssl_getCertificateChain() */ +#endif + + static int ssl_setPrivateKey(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); @@ -10392,6 +10474,12 @@ static const auxL_Reg ssl_methods[] = { { "getVerify", &ssl_getVerify }, { "getVerifyResult", &ssl_getVerifyResult }, { "setCertificate", &ssl_setCertificate }, +#if HAVE_SSL_SET1_CHAIN + { "setCertificateChain", &ssl_setCertificateChain }, +#endif +#if HAVE_SSL_GET0_CHAIN_CERTS + { "getCertificateChain", &ssl_getCertificateChain }, +#endif { "setPrivateKey", &ssl_setPrivateKey }, { "getCertificate", &ssl_getCertificate }, { "getPeerCertificate", &ssl_getPeerCertificate }, |