+++ /dev/null
-/*
- * nixio - Linux I/O library for lua
- *
- * Copyright (C) 2009 Steven Barth <steven@midlink.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "nixio-tls.h"
-#include <string.h>
-
-static SSL_CTX* nixio__checktlsctx(lua_State *L) {
- SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
- luaL_argcheck(L, *ctx, 1, "invalid context");
- return *ctx;
-}
-
-static int nixio__tls_perror(lua_State *L, int code) {
- lua_pushnil(L);
- lua_pushinteger(L, code);
- return 2;
-}
-
-static int nixio__tls_pstatus(lua_State *L, int code) {
- if (code == 1) {
- lua_pushboolean(L, 1);
- return 1;
- } else {
- return nixio__tls_perror(L, code);
- }
-}
-
-static int nixio_tls_ctx(lua_State * L) {
- const char *method = luaL_optlstring(L, 1, "client", NULL);
-
- luaL_getmetatable(L, NIXIO_TLS_CTX_META);
- SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *));
- if (!ctx) {
- return luaL_error(L, "out of memory");
- }
-
- /* create userdata */
- lua_pushvalue(L, -2);
- lua_setmetatable(L, -2);
-
- if (!strcmp(method, "client")) {
- *ctx = SSL_CTX_new(TLSv1_client_method());
- } else if (!strcmp(method, "server")) {
- *ctx = SSL_CTX_new(TLSv1_server_method());
- } else {
- return luaL_argerror(L, 1, "supported values: client, server");
- }
-
- if (!(*ctx)) {
- return luaL_error(L, "unable to create TLS context");
- }
-
-#ifdef WITH_CYASSL
- SSL_CTX_set_verify(*ctx, SSL_VERIFY_NONE, NULL);
-#endif
-
- return 1;
-}
-
-static int nixio_tls_ctx_create(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- int fd = nixio__checkfd(L, 2);
-
- lua_createtable(L, 0, 3);
- nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock));
- if (!sock) {
- return luaL_error(L, "out of memory");
- }
- memset(sock, 0, sizeof(nixio_tls_sock));
-
- /* create userdata */
- luaL_getmetatable(L, NIXIO_TLS_SOCK_META);
- lua_pushvalue(L, -1);
- lua_setmetatable(L, -3);
-
- sock->socket = SSL_new(ctx);
- if (!sock->socket) {
- return nixio__tls_perror(L, 0);
- }
-
- if (SSL_set_fd(sock->socket, fd) != 1) {
- return nixio__tls_perror(L, 0);
- }
-
- /* save context and socket to prevent GC from collecting them */
- lua_setmetatable(L, -3);
- lua_setfield(L, -2, "connection");
-
- lua_pushvalue(L, 1);
- lua_setfield(L, -2, "context");
-
- lua_pushvalue(L, 2);
- lua_setfield(L, -2, "socket");
-
- return 1;
-}
-
-static int nixio_tls_ctx_set_cert(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- const char *cert = luaL_checkstring(L, 2);
- const char *type = luaL_optstring(L, 3, "chain");
- int ktype;
-
- if (!strcmp(type, "chain")) {
- return nixio__tls_pstatus(L,
- SSL_CTX_use_certificate_chain_file(ctx, cert));
- } else if (!strcmp(type, "pem")) {
- ktype = SSL_FILETYPE_PEM;
- } else if (!strcmp(type, "asn1")) {
- ktype = SSL_FILETYPE_ASN1;
- } else {
- return luaL_argerror(L, 3, "supported values: chain, pem, asn1");
- }
-
- return nixio__tls_pstatus(L,
- SSL_CTX_use_certificate_file(ctx, cert, ktype));
-}
-
-static int nixio_tls_ctx_set_verify_locations(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- const char *CAfile = luaL_optstring(L, 2, NULL);
- const char *CApath = luaL_optstring(L, 3, NULL);
- return nixio__tls_pstatus(L, SSL_CTX_load_verify_locations(ctx,
- CAfile, CApath));
-}
-
-static int nixio_tls_ctx_set_key(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- const char *cert = luaL_checkstring(L, 2);
- const char *type = luaL_optstring(L, 3, "pem");
- int ktype;
-
- if (!strcmp(type, "pem")) {
- ktype = SSL_FILETYPE_PEM;
- } else if (!strcmp(type, "asn1")) {
- ktype = SSL_FILETYPE_ASN1;
- } else {
- return luaL_argerror(L, 3, "supported values: pem, asn1");
- }
-
- return nixio__tls_pstatus(L, SSL_CTX_use_PrivateKey_file(ctx, cert, ktype));
-}
-
-static int nixio_tls_ctx_set_ciphers(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- size_t len;
- const char *ciphers = luaL_checklstring(L, 2, &len);
- luaL_argcheck(L, len < 255, 2, "cipher string too long");
- return nixio__tls_pstatus(L, SSL_CTX_set_cipher_list(ctx, ciphers));
-}
-
-static int nixio_tls_ctx_set_verify(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- const int j = lua_gettop(L);
- int flags = 0;
- for (int i=2; i<=j; i++) {
- const char *flag = luaL_checkstring(L, i);
- if (!strcmp(flag, "none")) {
- flags |= SSL_VERIFY_NONE;
- } else if (!strcmp(flag, "peer")) {
- flags |= SSL_VERIFY_PEER;
- } else if (!strcmp(flag, "verify_fail_if_no_peer_cert")) {
- flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- } else if (!strcmp(flag, "client_once")) {
- flags |= SSL_VERIFY_CLIENT_ONCE;
- } else {
- return luaL_argerror(L, i, "supported values: none, peer, "
- "verify_fail_if_no_peer_cert, client_once");
- }
- }
- SSL_CTX_set_verify(ctx, flags, NULL);
- return 0;
-}
-
-static int nixio_tls_ctx__gc(lua_State *L) {
- SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
- if (*ctx) {
- SSL_CTX_free(*ctx);
- *ctx = NULL;
- }
- return 0;
-}
-
-static int nixio_tls_ctx__tostring(lua_State *L) {
- SSL_CTX *ctx = nixio__checktlsctx(L);
- lua_pushfstring(L, "nixio TLS context: %p", ctx);
- return 1;
-}
-
-/* module table */
-static const luaL_reg R[] = {
- {"tls", nixio_tls_ctx},
- {NULL, NULL}
-};
-
-/* ctx function table */
-static const luaL_reg CTX_M[] = {
- {"set_cert", nixio_tls_ctx_set_cert},
- {"set_verify_locations", nixio_tls_ctx_set_verify_locations},
- {"set_key", nixio_tls_ctx_set_key},
- {"set_ciphers", nixio_tls_ctx_set_ciphers},
- {"set_verify", nixio_tls_ctx_set_verify},
- {"create", nixio_tls_ctx_create},
- {"__gc", nixio_tls_ctx__gc},
- {"__tostring", nixio_tls_ctx__tostring},
- {NULL, NULL}
-};
-
-
-void nixio_open_tls_context(lua_State *L) {
- /* initialize tls library */
- SSL_load_error_strings();
- SSL_library_init();
-
- /* register module functions */
- luaL_register(L, NULL, R);
-
-#if defined (WITH_AXTLS)
- lua_pushliteral(L, "axtls");
-#elif defined (WITH_CYASSL)
- lua_pushliteral(L, "cyassl");
-#else
- lua_pushliteral(L, "openssl");
-#endif
- lua_setfield(L, -2, "tls_provider");
-
- /* create context metatable */
- luaL_newmetatable(L, NIXIO_TLS_CTX_META);
- lua_pushvalue(L, -1);
- lua_setfield(L, -2, "__index");
- luaL_register(L, NULL, CTX_M);
- lua_setfield(L, -2, "meta_tls_context");
-}
projects / project / luci.git / blobdiff