2 * nixio - Linux I/O library for lua
4 * Copyright (C) 2009 Steven Barth <steven@midlink.org>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
19 #include "nixio-tls.h"
22 static SSL_CTX
* nixio__checktlsctx(lua_State
*L
) {
23 SSL_CTX
**ctx
= (SSL_CTX
**)luaL_checkudata(L
, 1, NIXIO_TLS_CTX_META
);
24 luaL_argcheck(L
, *ctx
, 1, "invalid context");
28 static int nixio__tls_perror(lua_State
*L
, int code
) {
30 lua_pushinteger(L
, code
);
34 static int nixio__tls_pstatus(lua_State
*L
, int code
) {
36 lua_pushboolean(L
, 1);
39 return nixio__tls_perror(L
, code
);
43 static int nixio_tls_ctx(lua_State
* L
) {
44 const char *method
= luaL_optlstring(L
, 1, "tlsv1", NULL
);
46 SSL_CTX
**ctx
= lua_newuserdata(L
, sizeof(SSL_CTX
*));
48 return luaL_error(L
, "out of memory");
52 luaL_getmetatable(L
, NIXIO_TLS_CTX_META
);
53 lua_setmetatable(L
, -2);
55 if (!strcmp(method
, "tlsv1")) {
56 *ctx
= SSL_CTX_new(TLSv1_method());
57 } else if (!strcmp(method
, "sslv23")) {
58 *ctx
= SSL_CTX_new(SSLv23_method());
60 return luaL_argerror(L
, 1, "supported values: tlsv1, sslv23");
64 SSL_CTX_set_options(*ctx
, SSL_OP_NO_SSLv2
| SSL_OP_NO_SSLv3
);
67 return luaL_error(L
, "unable to create TLS context");
73 static int nixio_tls_ctx_create(lua_State
*L
) {
74 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
75 int fd
= nixio__checkfd(L
, 2);
77 nixio_tls_sock
*sock
= lua_newuserdata(L
, sizeof(nixio_tls_sock
));
79 return luaL_error(L
, "out of memory");
81 memset(sock
, 0, sizeof(nixio_tls_sock
));
84 luaL_getmetatable(L
, NIXIO_TLS_SOCK_META
);
85 lua_setmetatable(L
, -2);
87 sock
->socket
= SSL_new(ctx
);
89 return nixio__tls_perror(L
, 0);
92 if (SSL_set_fd(sock
->socket
, fd
) != 1) {
93 return nixio__tls_perror(L
, 0);
99 static int nixio_tls_ctx_set_cert(lua_State
*L
) {
100 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
101 const char *cert
= luaL_checkstring(L
, 2);
102 return nixio__tls_pstatus(L
, SSL_CTX_use_certificate_chain_file(ctx
, cert
));
105 static int nixio_tls_ctx_set_key(lua_State
*L
) {
106 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
107 const char *cert
= luaL_checkstring(L
, 2);
108 const int ktype
= SSL_FILETYPE_PEM
;
109 return nixio__tls_pstatus(L
, SSL_CTX_use_PrivateKey_file(ctx
, cert
, ktype
));
112 static int nixio_tls_ctx_set_ciphers(lua_State
*L
) {
113 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
115 const char *ciphers
= luaL_checklstring(L
, 2, &len
);
116 luaL_argcheck(L
, len
< 255, 2, "cipher string too long");
117 return nixio__tls_pstatus(L
, SSL_CTX_set_cipher_list(ctx
, ciphers
));
120 static int nixio_tls_ctx_set_verify_depth(lua_State
*L
) {
121 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
122 const int depth
= luaL_checkinteger(L
, 2);
123 SSL_CTX_set_verify_depth(ctx
, depth
);
127 static int nixio_tls_ctx_set_verify(lua_State
*L
) {
128 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
129 const int j
= lua_gettop(L
);
131 for (int i
=2; i
<=j
; i
++) {
132 const char *flag
= luaL_checkstring(L
, i
);
133 if (!strcmp(flag
, "none")) {
134 flags
|= SSL_VERIFY_NONE
;
135 } else if (!strcmp(flag
, "peer")) {
136 flags
|= SSL_VERIFY_PEER
;
137 } else if (!strcmp(flag
, "verify_fail_if_no_peer_cert")) {
138 flags
|= SSL_VERIFY_FAIL_IF_NO_PEER_CERT
;
139 } else if (!strcmp(flag
, "client_once")) {
140 flags
|= SSL_VERIFY_CLIENT_ONCE
;
142 return luaL_argerror(L
, i
, "supported values: none, peer, "
143 "verify_fail_if_no_peer_cert, client_once");
146 SSL_CTX_set_verify(ctx
, flags
, NULL
);
150 static int nixio_tls_ctx__gc(lua_State
*L
) {
151 SSL_CTX
**ctx
= (SSL_CTX
**)luaL_checkudata(L
, 1, NIXIO_TLS_CTX_META
);
159 static int nixio_tls_ctx__tostring(lua_State
*L
) {
160 SSL_CTX
*ctx
= nixio__checktlsctx(L
);
161 lua_pushfstring(L
, "nixio TLS context: %p", ctx
);
166 static const luaL_reg R
[] = {
167 {"tls", nixio_tls_ctx
},
171 /* ctx function table */
172 static const luaL_reg CTX_M
[] = {
173 {"set_cert", nixio_tls_ctx_set_cert
},
174 {"set_key", nixio_tls_ctx_set_key
},
175 {"set_ciphers", nixio_tls_ctx_set_ciphers
},
176 {"set_verify_depth", nixio_tls_ctx_set_verify_depth
},
177 {"set_verify", nixio_tls_ctx_set_verify
},
178 {"create", nixio_tls_ctx_create
},
179 {"__gc", nixio_tls_ctx__gc
},
180 {"__tostring", nixio_tls_ctx__tostring
},
185 void nixio_open_tls_context(lua_State
*L
) {
186 /* initialize tls library */
187 SSL_load_error_strings();
190 /* register module functions */
191 luaL_register(L
, NULL
, R
);
193 /* create context metatable */
194 luaL_newmetatable(L
, NIXIO_TLS_CTX_META
);
195 lua_pushvalue(L
, -1);
196 lua_setfield(L
, -2, "__index");
197 luaL_register(L
, NULL
, CTX_M
);