diff options
| -rw-r--r-- | doc/luaossl.tex | 14 | ||||
| -rw-r--r-- | src/openssl.c | 54 |
2 files changed, 68 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 66a205e..ddfde04 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -1029,6 +1029,20 @@ See \fn{context:setTicketKeys} \emph{Only supported since OpenSSL 1.0.0.} +\subsubsection[\fn{context:useServerInfo}]{\fn{context:useServerInfo($version$, $serverinfo$)}} + +If version is $1$ then the extensions in the array must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of extension data. The type value has the same meaning as for \fn{context:addCustomExtension}. + +If version is $2$ then the extensions in the array must consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for \fn{context:addCustomExtension}. If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate). + +\emph{Only supported since OpenSSL 1.0.2, ServerInfo version 2 is only supported since OpenSSL 1.1.1} + +\subsubsection[\fn{context:useServerInfoFile}]{\fn{context:useServerInfoFile($file$)}} + +Loads one or more serverinfo extensions from $file$ into $context$. The extensions must be in PEM format. Each extension must be in a format as described above for \fn{context:useServerInfo}. Each PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for version 2 data or "BEGIN SERVERINFO FOR " for version 1 data. + +\emph{Only supported since OpenSSL 1.0.2} + \subsubsection[\fn{context:addCustomExtension}]{\fn{context:addCustomExtension($ext\_type$, $ext\_context$, $add\_cb$, $parse\_cb$)}} Adds a custom extension with the TLS extension type (see RFC 5246) $ext\_type$ that may be present in the context(s) specifed by $ext\_context$, which should be a bitmask of the flags: diff --git a/src/openssl.c b/src/openssl.c index ba1ff63..d8d9e01 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -339,6 +339,18 @@ #define HAVE_SSL_CTX_GET_TLSEXT_TICKET_KEYS OPENSSL_PREREQ(1,0,0) #endif +#ifndef HAVE_SSL_CTX_USE_SERVERINFO +#define HAVE_SSL_CTX_USE_SERVERINFO OPENSSL_PREREQ(1,0,2) +#endif + +#ifndef HAVE_SSL_CTX_USE_SERVERINFO_EX +#define HAVE_SSL_CTX_USE_SERVERINFO_EX OPENSSL_PREREQ(1,1,1) +#endif + +#ifndef HAVE_SSL_CTX_USE_SERVERINFO_FILE +#define HAVE_SSL_CTX_USE_SERVERINFO_FILE OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_GET0_ALPN_SELECTED #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS #endif @@ -9049,6 +9061,42 @@ static int sx_getTicketKeys(lua_State *L) { #endif +#if HAVE_SSL_CTX_USE_SERVERINFO_FILE +static int sx_useServerInfoFile(lua_State *L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + const char *file = luaL_checkstring(L, 2); + + if (!SSL_CTX_use_serverinfo_file(ctx, file)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:useServerInfoFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* sx_useServerInfoFile() */ +#endif + + +#if HAVE_SSL_CTX_USE_SERVERINFO_EX || HAVE_SSL_CTX_USE_SERVERINFO +static int sx_useServerInfo(lua_State *L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + unsigned int version = auxL_checkunsigned(L, 2, 1, (HAVE_SSL_CTX_USE_SERVERINFO_EX) ? auxL_UnsignedMax : 1); + size_t serverinfo_length; + const unsigned char *serverinfo = (const unsigned char *)luaL_checklstring(L, 3, &serverinfo_length); + +#if HAVE_SSL_CTX_USE_SERVERINFO_EX + if (!SSL_CTX_use_serverinfo_ex(ctx, version, serverinfo, serverinfo_length)) +#else + if (!SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length)) +#endif + return auxL_error(L, auxL_EOPENSSL, "ssl.context:useServerInfo"); + + lua_pushboolean(L, 1); + + return 1; +} /* sx_useServerInfoFile() */ +#endif + + #if HAVE_SSL_CTX_ADD_CUSTOM_EXT static int sx_custom_ext_add_cb_helper(lua_State *L) { SSL *s = lua_touserdata(L, 2); @@ -9391,6 +9439,12 @@ static const auxL_Reg sx_methods[] = { #if HAVE_SSL_CTX_GET_TLSEXT_TICKET_KEYS { "getTicketKeys", &sx_getTicketKeys }, #endif +#if HAVE_SSL_CTX_USE_SERVERINFO_FILE + { "useServerInfoFile", &sx_useServerInfoFile }, +#endif +#if HAVE_SSL_CTX_USE_SERVERINFO_EX || HAVE_SSL_CTX_USE_SERVERINFO + { "useServerInfo", &sx_useServerInfo }, +#endif #if HAVE_SSL_CTX_ADD_CUSTOM_EXT { "addCustomExtension", &sx_addCustomExtension }, #endif |