Annotate

util/sslconfig.lua @ 12514:194469fb46f9

net.server_epoll: Wrap LuaSocket object earlier to reuse option setting method Since it provides some protection and error handling in the form of logging.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jul 2021 00:57:42 +0200
parent 12481:2ee27587fec7
child 12975:d10957394a3c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
1 -- util to easily merge multiple sets of LuaSec context options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
2
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
3 local type = type;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
4 local pairs = pairs;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
5 local rawset = rawset;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
6 local rawget = rawget;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
7 local error = error;
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
8 local t_concat = table.concat;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
9 local t_insert = table.insert;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
10 local setmetatable = setmetatable;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
11 local resolve_path = require"util.paths".resolve_relative_path;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
12
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
13 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8278
diff changeset
14 -- luacheck: std none
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local handlers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local finalisers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local id = function (v) return v end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
20 -- All "handlers" behave like extended rawset(table, key, value) with extra
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
21 -- processing usually merging the new value with the old in some reasonable
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
22 -- way
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
23 -- If a field does not have a defined handler then a new value simply
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
24 -- replaces the old.
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
25
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
26
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
27 -- Convert either a list or a set into a special type of set where each
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
28 -- item is either positive or negative in order for a later set of options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
29 -- to be able to remove options from this set by filtering out the negative ones
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
30 function handlers.options(config, field, new)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
31 local options = config[field] or { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
32 if type(new) ~= "table" then new = { new } end
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
33 for key, value in pairs(new) do
6671
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
34 if value == true or value == false then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
35 options[key] = value;
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
36 else -- list item
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
37 options[value] = true;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
40 rawset(config, field, options)
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 handlers.verifyext = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
45 -- finalisers take something produced by handlers and return what luasec
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
46 -- expects it to be
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
47
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
48 -- Produce a list of "positive" options from the set
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
49 function finalisers.options(options)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
50 local output = {};
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
51 for opt, enable in pairs(options) do
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 if enable then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
53 output[#output+1] = opt;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
56 return output;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 finalisers.verifyext = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
61 -- We allow ciphers to be a list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
62
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
63 function finalisers.ciphers(cipherlist)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
64 if type(cipherlist) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
65 return t_concat(cipherlist, ":");
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
67 return cipherlist;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69
8278
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
70 -- Curve list too
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
71 finalisers.curveslist = finalisers.ciphers;
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
72
10920
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
73 -- TLS 1.3 ciphers
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
74 finalisers.ciphersuites = finalisers.ciphers;
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
75
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
76 -- Path expansion
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
77 function finalisers.key(path, config)
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
78 if type(path) == "string" then
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
79 return resolve_path(config._basedir, path);
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
80 else
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
81 return nil
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
82 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
83 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
84 finalisers.certificate = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
85 finalisers.cafile = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
86 finalisers.capath = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
87 -- XXX: copied from core/certmanager.lua, but this seems odd, because it would remove a dhparam function from the config
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
88 finalisers.dhparam = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
89
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
90 -- protocol = "x" should enable only that protocol
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
91 -- protocol = "x+" should enable x and later versions
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
92
9584
2860f8dabf35 util.sslconfig: Recognise TLS 1.3 as a protocol version
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
93 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2", "tlsv1_3" };
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
96 -- this interacts with ssl.options as well to add no_x
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
97 local function protocol(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
98 local min_protocol = protocols[config.protocol];
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 if min_protocol then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
100 config.protocol = "sslv23";
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 for i = 1, min_protocol do
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
102 t_insert(config.options, "no_"..protocols[i]);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
107 -- Merge options from 'new' config into 'config'
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
108 local function apply(config, new)
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
109 rawset(config, "_cache", nil);
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
110 if type(new) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
111 for field, value in pairs(new) do
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
112 -- exclude keys which are internal to the config builder
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
113 if field:sub(1, 1) ~= "_" then
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
114 (handlers[field] or rawset)(config, field, value);
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
115 end
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 end
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
118 return config
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
121 -- Finalize the config into the form LuaSec expects
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
122 local function final(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
123 local output = { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
124 for field, value in pairs(config) do
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
125 -- exclude keys which are internal to the config builder
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
126 if field:sub(1, 1) ~= "_" then
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
127 output[field] = (finalisers[field] or id)(value, config);
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
128 end
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
129 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
130 -- Need to handle protocols last because it adds to the options list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
131 protocol(output);
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
132 return output;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
133 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
135 local function build(config)
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
136 local cached = rawget(config, "_cache");
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
137 if cached then
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
138 return cached, nil
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
139 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
140
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
141 local ctx, err = rawget(config, "_context_factory")(config:final(), config);
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
142 if ctx then
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
143 rawset(config, "_cache", ctx);
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
144 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
145 return ctx, err
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
146 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
147
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148 local sslopts_mt = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 __index = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 final = final;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
152 build = build;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 };
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
154 __newindex = function()
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
155 error("SSL config objects cannot be modified directly. Use :apply()")
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
156 end;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
158
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
159
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
160 -- passing basedir through everything is required to avoid sslconfig depending
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
161 -- on prosody.paths.config
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
162 local function new(context_factory, basedir)
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
163 return setmetatable({
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
164 _context_factory = context_factory,
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
165 _basedir = basedir,
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
166 options={},
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
167 }, sslopts_mt);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
168 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
169
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
170 local function clone(config)
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
171 local result = new();
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
172 for k, v in pairs(config) do
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
173 -- note that we *do* copy the internal keys on clone -- we have to carry
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
174 -- both the factory and the cache with us
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
175 rawset(result, k, v);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
176 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
177 return result
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
178 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
179
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
180 sslopts_mt.__index.clone = clone;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
181
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
182 return {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
183 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
184 final = final;
12481
2ee27587fec7 net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents: 12480
diff changeset
185 _new = new;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
186 };