From 0aaec41e02fbf7cb71eb317effdd6d34fe2e5e95 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Wed, 31 Oct 2018 15:43:19 +1100 Subject: Add ssl:setCipherList() --- doc/luaossl.tex | 4 ++++ src/openssl.c | 14 ++++++++++++++ src/openssl.ssl.lua | 11 +++++++++++ 3 files changed, 29 insertions(+) diff --git a/doc/luaossl.tex b/doc/luaossl.tex index b5ae2f6..96ed900 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -1225,6 +1225,10 @@ TLS1\_2\_VERSION & 16-bit TLSv1.2 identifier (0x0303). \\ Returns the SSL/TLS version supported by the client, which should be greater than or equal to the negotiated version. See \fn{ssl:getVersion}. +\subsubsection[\fn{ssl:setCipherList}]{\fn{ssl:setCipherList($string$ [, ...])}} + +Sets the allowed public key and private key algorithm(s). See \fn{openssl.ssl.context:setCipherList}. + \subsubsection[\fn{ssl:setCurvesList}]{\fn{ssl:setCurvesList($string$ [, ...])}} Sets the supported curves for this SSL connection instance. See \fn{openssl.ssl.context:setCurvesList}. diff --git a/src/openssl.c b/src/openssl.c index e49c0e7..2495a09 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -10026,6 +10026,19 @@ static int ssl_getCipherInfo(lua_State *L) { } /* ssl_getCipherInfo() */ +static int ssl_setCipherList(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char *ciphers = luaL_checkstring(L, 2); + + if (!SSL_set_cipher_list(ssl, ciphers)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setCipherList"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setCipherList() */ + + #if HAVE_SSL_SET_CURVES_LIST static int ssl_setCurvesList(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); @@ -10344,6 +10357,7 @@ static const auxL_Reg ssl_methods[] = { { "getPeerCertificate", &ssl_getPeerCertificate }, { "getPeerChain", &ssl_getPeerChain }, { "getCipherInfo", &ssl_getCipherInfo }, + { "setCipherList", &ssl_setCipherList }, #if HAVE_SSL_SET_CURVES_LIST { "setCurvesList", &ssl_setCurvesList }, #endif diff --git a/src/openssl.ssl.lua b/src/openssl.ssl.lua index 4f9f82b..22311cd 100644 --- a/src/openssl.ssl.lua +++ b/src/openssl.ssl.lua @@ -8,6 +8,17 @@ ssl.interpose("setStore", function(self, store) return true end) +-- Allow passing a vararg of ciphers, or an array +local setCipherList; setCipherList = ssl.interpose("setCipherList", function (self, ciphers, ...) + if (...) then + local ciphers_t = pack(ciphers, ...) + ciphers = table.concat(ciphers_t, ":", 1, ciphers_t.n) + elseif type(ciphers) == "table" then + ciphers = table.concat(ciphers, ":") + end + return setCipherList(self, ciphers) +end) + -- Allow passing a vararg of curves, or an array local setCurvesList = ssl.interpose("setCurvesList", nil) if setCurvesList then -- cgit v1.2.3-59-g8ed1b