From 55fd8c9610fd2dda02eb436de8c03a0fa5704048 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Sat, 28 Feb 2015 19:36:41 -0500 Subject: Bind SSL_CTX_set_alpn_protos and SSL_get0_alpn_selected --- src/openssl.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'src/openssl.c') diff --git a/src/openssl.c b/src/openssl.c index 6e3039f..ab19410 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -4516,6 +4516,44 @@ static int sx_setEphemeralKey(lua_State *L) { return 1; } /* sx_setEphemeralKey() */ +static int sx_setAlpnProtos(lua_State *L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + size_t len; + const char *tmp; + unsigned protos_len = 0; + luaL_Buffer B; + luaL_checktype(L, 2, LUA_TTABLE); + luaL_buffinit(L, &B); + + while (1) { + protos_len++; + lua_rawgeti(L, 2, protos_len); + switch (lua_type(L, -1)) { + case LUA_TNIL: + goto done; + case LUA_TSTRING: + break; + default: + return luaL_argerror(L, 2, "array of strings expected"); + } + tmp = luaL_checklstring(L, -1, &len); + luaL_argcheck(L, len <= UCHAR_MAX, 2, "proto string too long"); + luaL_addchar(&B, (unsigned char)len); + luaL_addlstring(&B, tmp, len); + lua_pop(L, 1); + } +done: + luaL_pushresult(&B); + + if (0 != SSL_CTX_set_alpn_protos(ctx, (const unsigned char*)lua_tostring(L, -1), protos_len)) { + lua_pushnil(L); + return 1; + } + + lua_pushboolean(L, 1); + + return 1; +} /* sx_setAlpnprotos */ static int sx__gc(lua_State *L) { SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS); @@ -4540,6 +4578,7 @@ static const luaL_Reg sx_methods[] = { { "setPrivateKey", &sx_setPrivateKey }, { "setCipherList", &sx_setCipherList }, { "setEphemeralKey", &sx_setEphemeralKey }, + { "setAlpnProtos", &sx_setAlpnProtos }, { NULL, NULL }, }; @@ -4790,6 +4829,18 @@ static int ssl_getClientVersion(lua_State *L) { return 1; } /* ssl_getClientVersion() */ +static int ssl_getAlpnSelected(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const unsigned char *data; + unsigned len; + SSL_get0_alpn_selected(ssl, &data, &len); + if (0 == len) { + lua_pushnil(L); + } else { + lua_pushlstring(L, data, len); + } + return 1; +} /*ssl_getAlpnSelected */ static int ssl__gc(lua_State *L) { SSL **ud = luaL_checkudata(L, 1, SSL_CLASS); @@ -4814,6 +4865,7 @@ static const luaL_Reg ssl_methods[] = { { "setHostName", &ssl_setHostName }, { "getVersion", &ssl_getVersion }, { "getClientVersion", &ssl_getClientVersion }, + { "getAlpnSelected", &ssl_getAlpnSelected }, { NULL, NULL }, }; -- cgit v1.2.3-59-g8ed1b From a7dd84a94c8543ffa2dc044099cbcb731fca30d4 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Sun, 1 Mar 2015 01:36:04 -0500 Subject: improve ALPN validation --- src/openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/openssl.c') diff --git a/src/openssl.c b/src/openssl.c index ab19410..f9ff4d5 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -4537,7 +4537,7 @@ static int sx_setAlpnProtos(lua_State *L) { return luaL_argerror(L, 2, "array of strings expected"); } tmp = luaL_checklstring(L, -1, &len); - luaL_argcheck(L, len <= UCHAR_MAX, 2, "proto string too long"); + luaL_argcheck(L, len > 0 && len <= UCHAR_MAX, 2, "proto string length invalid"); luaL_addchar(&B, (unsigned char)len); luaL_addlstring(&B, tmp, len); lua_pop(L, 1); -- cgit v1.2.3-59-g8ed1b From e08e76d91148fb360c918ac08be4c7c6ad76e749 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Sun, 1 Mar 2015 02:09:15 -0500 Subject: SSL_CTX_set_alpn_protos takes the full length, not the number of strings --- src/openssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/openssl.c') diff --git a/src/openssl.c b/src/openssl.c index f9ff4d5..562927d 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -4544,8 +4544,8 @@ static int sx_setAlpnProtos(lua_State *L) { } done: luaL_pushresult(&B); - - if (0 != SSL_CTX_set_alpn_protos(ctx, (const unsigned char*)lua_tostring(L, -1), protos_len)) { + tmp = lua_tolstring(L, -1, &len); + if (0 != SSL_CTX_set_alpn_protos(ctx, (const unsigned char*)tmp, len)) { lua_pushnil(L); return 1; } -- cgit v1.2.3-59-g8ed1b