From: Steven Barth Date: Tue, 24 Feb 2009 17:54:48 +0000 (+0000) Subject: nixio: Finetuning of TLS-support X-Git-Tag: 0.9.0~649 X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=ff2bc9081bb24e42dec9ccd46cdb4c377333dc59;hp=cebe6f031bc475e8e21102c4b5e378e1fa7bcf54;p=project%2Fluci.git nixio: Finetuning of TLS-support httpclient: HTTPS support axTLS: enable diagnostic mode --- diff --git a/libs/httpclient/luasrc/httpclient.lua b/libs/httpclient/luasrc/httpclient.lua index 6681f82aaf..542e6b6cd5 100644 --- a/libs/httpclient/luasrc/httpclient.lua +++ b/libs/httpclient/luasrc/httpclient.lua @@ -110,11 +110,11 @@ function request_raw(uri, options) return nil, -1, "unable to parse URI" end - if pr ~= "http" then + if pr ~= "http" and pr ~= "https" then return nil, -2, "protocol not supported" end - port = #port > 0 and port or "80" + port = #port > 0 and port or (pr == "https" and "443" or "80") path = #path > 0 and path or "/" options.depth = options.depth or 10 @@ -135,6 +135,15 @@ function request_raw(uri, options) sock:setsockopt("socket", "sndtimeo", options.sndtimeo or 15) sock:setsockopt("socket", "rcvtimeo", options.rcvtimeo or 15) + if pr == "https" then + local tls = options.tls_context or nixio.tls() + sock = tls:create(sock) + local stat, code, error = sock:connect() + if not stat then + return stat, code, error + end + end + -- Pre assemble fixes if protocol == "HTTP/1.1" then headers.Host = headers.Host or host diff --git a/libs/nixio/.gitignore b/libs/nixio/.gitignore index d9c7ea0124..cbfe6d666e 100644 --- a/libs/nixio/.gitignore +++ b/libs/nixio/.gitignore @@ -1 +1,4 @@ src/libaxtls.a +.depend +.config.* +_stage diff --git a/libs/nixio/axTLS/config/.config b/libs/nixio/axTLS/config/.config index beb0d85fca..ccb745dfc5 100644 --- a/libs/nixio/axTLS/config/.config +++ b/libs/nixio/axTLS/config/.config @@ -24,8 +24,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS="" # # CONFIG_SSL_SERVER_ONLY is not set # CONFIG_SSL_CERT_VERIFICATION is not set -CONFIG_SSL_ENABLE_CLIENT=y -# CONFIG_SSL_FULL_MODE is not set +# CONFIG_SSL_ENABLE_CLIENT is not set +CONFIG_SSL_FULL_MODE=y # CONFIG_SSL_SKELETON_MODE is not set # CONFIG_SSL_PROT_LOW is not set CONFIG_SSL_PROT_MEDIUM=y diff --git a/libs/nixio/axTLS/config/config.h b/libs/nixio/axTLS/config/config.h index 46a53cf0ee..61303c4852 100644 --- a/libs/nixio/axTLS/config/config.h +++ b/libs/nixio/axTLS/config/config.h @@ -25,8 +25,8 @@ */ #undef CONFIG_SSL_SERVER_ONLY #undef CONFIG_SSL_CERT_VERIFICATION -#define CONFIG_SSL_ENABLE_CLIENT 1 -#undef CONFIG_SSL_FULL_MODE +#undef CONFIG_SSL_ENABLE_CLIENT +#define CONFIG_SSL_FULL_MODE 1 #undef CONFIG_SSL_SKELETON_MODE #undef CONFIG_SSL_PROT_LOW #define CONFIG_SSL_PROT_MEDIUM 1 diff --git a/libs/nixio/axtls-config/.config b/libs/nixio/axtls-config/.config index beb0d85fca..ccb745dfc5 100644 --- a/libs/nixio/axtls-config/.config +++ b/libs/nixio/axtls-config/.config @@ -24,8 +24,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS="" # # CONFIG_SSL_SERVER_ONLY is not set # CONFIG_SSL_CERT_VERIFICATION is not set -CONFIG_SSL_ENABLE_CLIENT=y -# CONFIG_SSL_FULL_MODE is not set +# CONFIG_SSL_ENABLE_CLIENT is not set +CONFIG_SSL_FULL_MODE=y # CONFIG_SSL_SKELETON_MODE is not set # CONFIG_SSL_PROT_LOW is not set CONFIG_SSL_PROT_MEDIUM=y diff --git a/libs/nixio/axtls-config/config.h b/libs/nixio/axtls-config/config.h index 46a53cf0ee..61303c4852 100644 --- a/libs/nixio/axtls-config/config.h +++ b/libs/nixio/axtls-config/config.h @@ -25,8 +25,8 @@ */ #undef CONFIG_SSL_SERVER_ONLY #undef CONFIG_SSL_CERT_VERIFICATION -#define CONFIG_SSL_ENABLE_CLIENT 1 -#undef CONFIG_SSL_FULL_MODE +#undef CONFIG_SSL_ENABLE_CLIENT +#define CONFIG_SSL_FULL_MODE 1 #undef CONFIG_SSL_SKELETON_MODE #undef CONFIG_SSL_PROT_LOW #define CONFIG_SSL_PROT_MEDIUM 1 diff --git a/libs/nixio/lua/nixio/util.lua b/libs/nixio/lua/nixio/util.lua index 5bfcc48d9f..760ec8f820 100644 --- a/libs/nixio/lua/nixio/util.lua +++ b/libs/nixio/lua/nixio/util.lua @@ -14,7 +14,7 @@ $Id$ local table = require "table" local nixio = require "nixio" -local setmetatable, assert = setmetatable, assert +local getmetatable, assert = getmetatable, assert module "nixio.util" @@ -22,6 +22,16 @@ local BUFFERSIZE = 8096 local socket = nixio.socket_meta local tls_socket = nixio.tls_socket_meta +function socket.is_socket(self) + return (getmetatable(self) == socket) +end +tls_socket.is_socket = socket.is_socket + +function socket.is_tls_socket(self) + return (getmetatable(self) == tls_socket) +end +tls_socket.is_tls_socket = socket.is_tls_socket + function socket.recvall(self, len) local block, code, msg = self:recv(len) @@ -133,4 +143,9 @@ function socket.blocksource(self, bs, limit) end end end -tls_socket.blocksource = socket.blocksource \ No newline at end of file +tls_socket.blocksource = socket.blocksource + +function tls_socket.close(self) + self:shutdown() + return self.socket:close() +end \ No newline at end of file diff --git a/libs/nixio/src/openssl-compat.c b/libs/nixio/src/openssl-compat.c index ee7600c08f..2c5b746c2d 100644 --- a/libs/nixio/src/openssl-compat.c +++ b/libs/nixio/src/openssl-compat.c @@ -264,7 +264,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *s, const char *str) int SSL_get_error(const SSL *ssl, int ret) { ssl_display_error(ret); - return 0; /* TODO: return proper return code */ + return ret; /* TODO: return proper return code */ } void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {} diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c index ff3feeb4d3..c555176308 100644 --- a/libs/nixio/src/tls-context.c +++ b/libs/nixio/src/tls-context.c @@ -74,6 +74,7 @@ static int nixio_tls_ctx_create(lua_State *L) { SSL_CTX *ctx = nixio__checktlsctx(L); int fd = nixio__checkfd(L, 2); + lua_createtable(L, 0, 3); nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock)); if (!sock) { return luaL_error(L, "out of memory"); @@ -82,7 +83,8 @@ static int nixio_tls_ctx_create(lua_State *L) { /* create userdata */ luaL_getmetatable(L, NIXIO_TLS_SOCK_META); - lua_setmetatable(L, -2); + lua_pushvalue(L, -1); + lua_setmetatable(L, -3); sock->socket = SSL_new(ctx); if (!sock->socket) { @@ -93,6 +95,16 @@ static int nixio_tls_ctx_create(lua_State *L) { return nixio__tls_perror(L, 0); } + /* save context and socket to prevent GC from collecting them */ + lua_setmetatable(L, -3); + lua_setfield(L, -2, "connection"); + + lua_pushvalue(L, 1); + lua_setfield(L, -2, "context"); + + lua_pushvalue(L, 2); + lua_setfield(L, -2, "socket"); + return 1; } diff --git a/libs/nixio/src/tls-socket.c b/libs/nixio/src/tls-socket.c index b26d140b45..b0cfb5c3f1 100644 --- a/libs/nixio/src/tls-socket.c +++ b/libs/nixio/src/tls-socket.c @@ -22,9 +22,8 @@ static int nixio__tls_sock_perror(lua_State *L, SSL *sock, int code) { lua_pushnil(L); - lua_pushinteger(L, code); lua_pushinteger(L, SSL_get_error(sock, code)); - return 3; + return 2; } static int nixio__tls_sock_pstatus(lua_State *L, SSL *sock, int code) { @@ -37,6 +36,10 @@ static int nixio__tls_sock_pstatus(lua_State *L, SSL *sock, int code) { } static SSL* nixio__checktlssock(lua_State *L) { + if (lua_istable(L, 1)) { + lua_getfield(L, 1, "connection"); + lua_replace(L, 1); + } nixio_tls_sock *sock = luaL_checkudata(L, 1, NIXIO_TLS_SOCK_META); luaL_argcheck(L, sock->socket, 1, "invalid context"); return sock->socket; @@ -186,7 +189,7 @@ static int nixio_tls_sock__gc(lua_State *L) { static int nixio_tls_sock__tostring(lua_State *L) { SSL *sock = nixio__checktlssock(L); - lua_pushfstring(L, "nixio TLS socket: %p", sock); + lua_pushfstring(L, "nixio TLS connection: %p", sock); return 1; }