aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/luaossl.pdfbin274840 -> 275845 bytes
-rw-r--r--doc/luaossl.tex20
-rw-r--r--src/openssl.c69
3 files changed, 89 insertions, 0 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index 106b4ea..b8fb40a 100644
--- a/doc/luaossl.pdf
+++ b/doc/luaossl.pdf
Binary files differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index e75a678..3567978 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -997,6 +997,26 @@ Returns the option flags of the SSL connection instance. See \fn{openssl.ssl.con
Clears the option flags of the SSL connection instance. See \fn{openssl.ssl.context:clearOptions}.
+\subsubsection[\fn{ssl:setVerify}]{\fn{ssl:setVerify([$mode$][, $depth$])}}
+
+Sets the verification mode flags and maximum validation chain depth.
+See \fn{openssl.ssl.context:setVerify}.
+
+\subsubsection[\fn{ssl:getVerify}]{\fn{ssl:getVerify()}}
+
+Returns two values: the bitwise verification mode flags, and the maximum validation depth.
+See \fn{openssl.ssl.context:getVerify}.
+
+\subsubsection[\fn{ssl:setCertificate}]{\fn{ssl:setCertificate($crt$)}}
+
+Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:setCertificate}.
+
+\subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}}
+
+Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
+See \fn{openssl.ssl.context:setPrivateKey}.
+
\subsubsection[\fn{ssl:getPeerCertificate}]{\fn{ssl:getPeerCertificate()}}
Returns the X.509 peer certificate as an \module{openssl.x509} object. If no peer certificate is available, returns $nil$.
diff --git a/src/openssl.c b/src/openssl.c
index a01fde5..b0bc5f6 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -8389,6 +8389,33 @@ static int ssl_getParam(lua_State *L) {
} /* ssl_getParam() */
+static int ssl_setVerify(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ int mode = luaL_optinteger(L, 2, -1);
+ int depth = luaL_optinteger(L, 3, -1);
+
+ if (mode != -1)
+ SSL_set_verify(ssl, mode, 0);
+
+ if (depth != -1)
+ SSL_set_verify_depth(ssl, depth);
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* ssl_setVerify() */
+
+
+static int ssl_getVerify(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+
+ lua_pushinteger(L, SSL_get_verify_mode(ssl));
+ lua_pushinteger(L, SSL_get_verify_depth(ssl));
+
+ return 2;
+} /* ssl_getVerify() */
+
+
static int ssl_getVerifyResult(lua_State *L) {
SSL *ssl = checksimple(L, 1, SSL_CLASS);
long res = SSL_get_verify_result(ssl);
@@ -8398,6 +8425,44 @@ static int ssl_getVerifyResult(lua_State *L) {
} /* ssl_getVerifyResult() */
+static int ssl_setCertificate(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ X509 *crt = X509_dup(checksimple(L, 2, X509_CERT_CLASS));
+ int ok;
+
+ ok = SSL_use_certificate(ssl, crt);
+ X509_free(crt);
+
+ if (!ok)
+ return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificate");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* ssl_setCertificate() */
+
+
+static int ssl_setPrivateKey(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
+ /*
+ * NOTE: No easy way to dup the key, but a shared reference should
+ * be okay as keys are less mutable than certificates.
+ *
+ * FIXME: SSL_use_PrivateKey will return true even if the
+ * EVP_PKEY object has no private key. Instead, we'll just get a
+ * segfault during the SSL handshake. We need to check that a
+ * private key is actually defined in the object.
+ */
+ if (!SSL_use_PrivateKey(ssl, key))
+ return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKey");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* ssl_setPrivateKey() */
+
+
static int ssl_getPeerCertificate(lua_State *L) {
SSL *ssl = checksimple(L, 1, SSL_CLASS);
X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -8694,7 +8759,11 @@ static const auxL_Reg ssl_methods[] = {
{ "clearOptions", &ssl_clearOptions },
{ "setParam", &ssl_setParam },
{ "getParam", &ssl_getParam },
+ { "setVerify", &ssl_setVerify },
+ { "getVerify", &ssl_getVerify },
{ "getVerifyResult", &ssl_getVerifyResult },
+ { "setCertificate", &ssl_setCertificate },
+ { "setPrivateKey", &ssl_setPrivateKey },
{ "getPeerCertificate", &ssl_getPeerCertificate },
{ "getPeerChain", &ssl_getPeerChain },
{ "getCipherInfo", &ssl_getCipherInfo },