local require = require -- may be overloaded by regress.require local regress = { openssl = require"openssl", bignum = require"openssl.bignum", kdf = require"openssl.kdf", pkey = require"openssl.pkey", x509 = require"openssl.x509", name = require"openssl.x509.name", altname = require"openssl.x509.altname", chain = require"openssl.x509.chain", store = require"openssl.x509.store", verify_param = require"openssl.x509.verify_param", crl = require"openssl.x509.crl", csr = require"openssl.x509.csr", pack = table.pack or function (...) local t = { ... } t.n = select("#", ...) return t end, unpack = table.unpack or unpack, } local emit_progname = os.getenv"REGRESS_PROGNAME" or "regress" local emit_verbose = tonumber(os.getenv"REGRESS_VERBOSE" or 1) local emit_info = {} local emit_ll = 0 local function emit(fmt, ...) local msg = string.format(fmt, ...) for txt, nl in msg:gmatch("([^\n]*)(\n?)") do if emit_ll == 0 and #txt > 0 then io.stderr:write(emit_progname, ": ") emit_ll = #emit_progname + 2 end io.stderr:write(txt, nl) if nl == "\n" then emit_ll = 0 else emit_ll = emit_ll + #txt end end end -- emit local function emitln(fmt, ...) if emit_ll > 0 then emit"\n" end emit(fmt .. "\n", ...) end -- emitln local function emitinfo() for _, txt in ipairs(emit_info) do emitln("%s", txt) end end -- emitinfo function regress.say(...) emitln(...) end -- say function regress.panic(...) emitinfo() emitln(...) os.exit(1) end -- panic function regress.info(...) if emit_verbose > 1 then emitln(...) else emit_info[#emit_info + 1] = string.format(...) if emit_verbose > 0 then if emit_ll > 78 then emit"\n." else emit"." end end end end -- info function regress.check(v, ...) if v then return v, ... else regress.panic(...) end end -- check function regress.export(...) for _, pat in ipairs{ ... } do for k, v in pairs(regress) do if string.match(k, pat) then _G[k] = v end end end return regress end -- export function regress.require(modname) local ok, module = pcall(require, modname) regress.check(ok, "module %s required", modname) return module end -- regress.require local counter = 0 function regress.genkey(type, ca_key, ca_crt) local pkey = regress.require"openssl.pkey" local x509 = regress.require"openssl.x509" local name = regress.require"openssl.x509.name" local altname = regress.require"openssl.x509.altname" local key type = string.upper(type or "RSA") if type == "EC" then key = regress.check(pkey.new{ type = "EC", curve = "prime192v1" }) else key = regress.check(pkey.new{ type = type, bits = 1024 }) end local dn = name.new() dn:add("C", "US") dn:add("ST", "California") dn:add("L", "San Francisco") dn:add("O", "Acme, Inc.") dn:add("CN", string.format("acme%d.inc", counter)) counter = counter + 1 local alt = altname.new() alt:add("DNS", "acme.inc") alt:add("DNS", "localhost") local crt = x509.new() crt:setVersion(3) crt:setSerial(47) crt:setSubject(dn) crt:setIssuer((ca_crt or crt):getSubject()) crt:setSubjectAlt(alt) local issued, expires = crt:getLifetime() crt:setLifetime(issued, expires + 60) crt:setBasicConstraints{ CA = true, pathLen = 2 } crt:setBasicConstraintsCritical(true) crt:setPublicKey(key) crt:sign(ca_key or key) return key, crt end -- regress.genkey local function getsubtable(t, name, ...) name = name or false -- cannot be nil if not t[name] then t[name] = {} end if select('#', ...) > 0 then return getsubtable(t[name], ...) else return t[name] end end -- getsubtable function regress.newsslctx(protocol, accept, keytype) local context = regress.require"openssl.ssl.context" local ctx = context.new(protocol, accept) if keytype or keytype == nil then local key, crt = regress.genkey(keytype) ctx:setCertificate(crt) ctx:setPrivateKey(key) end return ctx end -- require.newsslctx local ctxcache = {} function regress.getsslctx(protocol, accept, keytype) local keycache = getsubtable(ctxcache, protocol, accept) if keytype == nil then keytype = "RSA" end local ctx = keycache[keytype] if not ctx then ctx = regress.newsslctx(protocol, accept, keytype) keycache[keytype] = ctx end return ctx end -- regress.getsslctx return regress