aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/luaossl.tex26
-rw-r--r--src/openssl.c88
2 files changed, 114 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 8db0d4e..c63df57 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -967,6 +967,18 @@ Returns the X.509 certificate \module{openssl.x509} object to be sent during SSL
\emph{Only supported since OpenSSL 1.0.2.}
+\subsubsection[\fn{context:setCertificateChain}]{\fn{context:setCertificateChain($chain$)}}
+
+Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes.
+
+\emph{Only supported since OpenSSL 1.0.2.}
+
+\subsubsection[\fn{context:getCertificateChain}]{\fn{context:getCertificateChain()}}
+
+Returns the X.509 certificate chain \module{openssl.x509.chain} object to be sent during SSL connection instance handshakes.
+
+\emph{Only supported since OpenSSL 1.0.2.}
+
\subsubsection[\fn{context:setPrivateKey}]{\fn{context:setPrivateKey($key$)}}
Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
@@ -1171,6 +1183,20 @@ Returns two values: the integer verification result code and the string represen
Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes.
See \fn{openssl.ssl.context:setCertificate}.
+\subsubsection[\fn{ssl:setCertificateChain}]{\fn{ssl:setCertificateChain($chain$)}}
+
+Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:setCertificateChain}.
+
+\emph{Only supported since OpenSSL 1.0.2.}
+
+\subsubsection[\fn{context:getCertificateChain}]{\fn{context:getCertificateChain()}}
+
+Returns the X.509 certificate chain \module{openssl.x509.chain} object to be sent during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:getCertificateChain}.
+
+\emph{Only supported since OpenSSL 1.0.2.}
+
\subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}}
Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
diff --git a/src/openssl.c b/src/openssl.c
index 0940e7c..9248b0d 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -279,6 +279,10 @@
#define HAVE_SSL_CTX_ADD_CUSTOM_EXT OPENSSL_PREREQ(1,1,1)
#endif
+#ifndef HAVE_SSL_CTX_GET0_CHAIN_CERTS
+#define HAVE_SSL_CTX_GET0_CHAIN_CERTS OPENSSL_PREREQ(1,0,2)
+#endif
+
#ifndef HAVE_SSL_CTX_GET0_PARAM
#define HAVE_SSL_CTX_GET0_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,7,0))
#endif
@@ -315,6 +319,10 @@
#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || OPENSSL_PREREQ(1,1,1)) /* backwards compatible with old macro name */
#endif
+#ifndef HAVE_SSL_CTX_SET1_CHAIN
+#define HAVE_SSL_CTX_SET1_CHAIN OPENSSL_PREREQ(1,0,2)
+#endif
+
#ifndef HAVE_SSL_CTX_SET1_PARAM
#define HAVE_SSL_CTX_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,0))
#endif
@@ -363,6 +371,10 @@
#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
#endif
+#ifndef HAVE_SSL_GET0_CHAIN_CERTS
+#define HAVE_SSL_GET0_CHAIN_CERTS OPENSSL_PREREQ(1,0,2)
+#endif
+
#ifndef HAVE_SSL_GET0_PARAM
#define HAVE_SSL_GET0_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,7,0))
#endif
@@ -387,6 +399,10 @@
#define HAVE_SSL_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
#endif
+#ifndef HAVE_SSL_SET1_CHAIN
+#define HAVE_SSL_SET1_CHAIN OPENSSL_PREREQ(1,0,2)
+#endif
+
#ifndef HAVE_SSL_SET1_PARAM
#define HAVE_SSL_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
#endif
@@ -8758,6 +8774,36 @@ static int sx_getCertificate(lua_State *L) {
#endif
+#if HAVE_SSL_CTX_SET1_CHAIN
+static int sx_setCertificateChain(lua_State *L) {
+ SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+ STACK_OF(X509) *certs = checksimple(L, 2, X509_CHAIN_CLASS);
+
+ if (!SSL_CTX_set1_chain(ctx, certs))
+ return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificateChain");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* sx_setCertificateChain() */
+#endif
+
+
+#if HAVE_SSL_CTX_GET0_CHAIN_CERTS
+static int sx_getCertificateChain(lua_State *L) {
+ SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+ STACK_OF(X509) *certs;
+
+ if (!SSL_CTX_get0_chain_certs(ctx, &certs))
+ return auxL_error(L, auxL_EOPENSSL, "ssl.context:getCertificateChain");
+
+ xl_dup(L, certs, 1);
+
+ return 1;
+} /* sx_getCertificateChain() */
+#endif
+
+
static int sx_setPrivateKey(lua_State *L) {
SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -9500,6 +9546,12 @@ static const auxL_Reg sx_methods[] = {
#if HAVE_SSL_CTX_GET0_CERTIFICATE
{ "getCertificate", &sx_getCertificate },
#endif
+#if HAVE_SSL_CTX_SET1_CHAIN
+ { "setCertificateChain", &sx_setCertificateChain },
+#endif
+#if HAVE_SSL_CTX_GET0_CHAIN_CERTS
+ { "getCertificateChain", &sx_getCertificateChain },
+#endif
{ "setPrivateKey", &sx_setPrivateKey },
{ "setCipherList", &sx_setCipherList },
#if HAVE_SSL_CTX_SET_CURVES_LIST
@@ -9982,6 +10034,36 @@ static int ssl_setCertificate(lua_State *L) {
} /* ssl_setCertificate() */
+#if HAVE_SSL_SET1_CHAIN
+static int ssl_setCertificateChain(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ STACK_OF(X509) *certs = checksimple(L, 2, X509_CHAIN_CLASS);
+
+ if (!SSL_set1_chain(ssl, certs))
+ return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificateChain");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* ssl_setCertificateChain() */
+#endif
+
+
+#if HAVE_SSL_GET0_CHAIN_CERTS
+static int ssl_getCertificateChain(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ STACK_OF(X509) *certs;
+
+ if (!SSL_get0_chain_certs(ssl, &certs))
+ return auxL_error(L, auxL_EOPENSSL, "ssl:getCertificateChain");
+
+ xl_dup(L, X509_chain_up_ref(certs), 1);
+
+ return 1;
+} /* ssl_getCertificateChain() */
+#endif
+
+
static int ssl_setPrivateKey(lua_State *L) {
SSL *ssl = checksimple(L, 1, SSL_CLASS);
EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -10392,6 +10474,12 @@ static const auxL_Reg ssl_methods[] = {
{ "getVerify", &ssl_getVerify },
{ "getVerifyResult", &ssl_getVerifyResult },
{ "setCertificate", &ssl_setCertificate },
+#if HAVE_SSL_SET1_CHAIN
+ { "setCertificateChain", &ssl_setCertificateChain },
+#endif
+#if HAVE_SSL_GET0_CHAIN_CERTS
+ { "getCertificateChain", &ssl_getCertificateChain },
+#endif
{ "setPrivateKey", &ssl_setPrivateKey },
{ "getCertificate", &ssl_getCertificate },
{ "getPeerCertificate", &ssl_getPeerCertificate },