diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/luaossl.pdf | bin | 289161 -> 272910 bytes | |||
| -rw-r--r-- | doc/luaossl.tex | 39 |
2 files changed, 34 insertions, 5 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf Binary files differindex dccba97..28e9984 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 15881a8..d733ccf 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -286,8 +286,13 @@ field & type:default & description\\\hline .exp & number:65537 & RSA or Diffie-Hellman exponent \\ +.dhparam & string & PEM encoded string with precomputed DH parameters \\ + .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve \end{ctabular} + +The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field. + \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} Add or interpose a pkey class method. Returns the previous method, if any. @@ -389,7 +394,19 @@ Binds the X.509 extension OpenSSL object. \subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}} -Returns a new X.509 extension. If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is an OpenSSL configuration string defining any referenced identifiers in $value$. +Returns a new X.509 extension. +If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. +Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is either an OpenSSL configuration string defining any referenced identifiers in $value$, or a table with members: + +\begin{ctabular}{ l | l | p{8cm} } +field & type:default & description\\\hline +.db & string:$nil$ & OpenSSL configuration string\\ +.issuer & \module{openssl.x509}:$nil$ & issuer certificate\\ +.subject & \module{openssl.x509}:$nil$ & subject certificate\\ +.request & \module{openssl.x509.csr}:$nil$ & certificate signing request\\ +.crl & \module{openssl.x509.crl}:$nil$ & certificate revocation list\\ +.flags & integer:$0$ & a bitwise combination of flags +\end{ctabular} \subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}} @@ -528,7 +545,7 @@ Sets the basic constraints critical flag. \subsubsection[\fn{x509:addExtension}]{\fn{x509:addExtension($ext$)}} -Adds a copy of the \module{x509.extension} object to the certificate. +Adds a copy of the \module{x509.extension} object to the certificate. \subsubsection[\fn{x509:getExtension}]{\fn{x509:getExtension($key$)}} @@ -558,6 +575,10 @@ Sets the public key component referenced by the \module{openssl.pkey} object $ke Returns the digest of the public key as a binary string. $type$ is an optional string describing the digest type, and defaults to ``sha1''. +\subsubsection[\fn{x509:getSignatureName}]{\fn{x509:getSignatureName()}} + +Returns the type of signature used to sign the certificate as a string. e.g. ``RSA-SHA1'' + \subsubsection[\fn{x509:sign}]{\fn{x509:sign($key$ [, $type$])}} Signs and updates the instance certificate using the \module{openssl.pkey} $key$. $type$ is an optional string describing the digest type. See \module{pkey:sign}, regarding which types of digests are valid. If $type$ is omitted than a default type is used---``sha1'' for RSA keys, ``dss1'' for DSA keys, and ``ecdsa-with-SHA1'' for EC keys. @@ -678,7 +699,7 @@ Add the certificate identified by $serial$ to the revocation list. $serial$ shou \subsubsection[\fn{crl:addExtension}]{\fn{crl:addExtension($ext$)}} -Adds a copy of the \module{x509.extension} object to the revocation list. +Adds a copy of the \module{x509.extension} object to the revocation list. \subsubsection[\fn{crl:getExtension}]{\fn{crl:getExtension($key$)}} @@ -692,6 +713,10 @@ Returns the integer count of the number of extensions. Signs the instance CRL using the \module{openssl.pkey} $key$. +\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}} + +Verifies the instance CRL using a public key. + \subsubsection[\fn{crl:text}]{\fn{crl:text()}} Returns a human-readable textual representation of the instance CRL. @@ -767,6 +792,10 @@ Add or interpose a store class method. Returns the previous method, if any. Returns a PKCS \#12 binary encoded string. +\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}} + +Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil. + \end{Module} @@ -785,7 +814,7 @@ Returns a new context object. $protocol$ is an optional string identifier select \begin{ctabular}{ c | p{14cm} } \multicolumn{2}{c}{$protocol$ identifiers}\\\hline\hline name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_new.html}{description} \\\hline -TLS & Supports TLS 1.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 and +TLS & Supports TLS 1.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 and SSLv3 using \texttt{SSL\_OP\_NO\_SSLv2} and \texttt{SSL\_OP\_NO\_SSLv3}.\\ SSL & Supports SSL 3.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 using \texttt{SSL\_OP\_NO\_SSLv2}.\\ @@ -951,7 +980,7 @@ Similar to :getPeerCertifiate, but returns the entire chain sent by the peer as \subsubsection[\fn{ssl:getCipherInfo}]{\fn{ssl:getCipherInfo()}} -Returns a table of information on the current cipher. +Returns a table of information on the current cipher. \begin{tabular}{ c | l } field & description\\\hline |