Software / code / prosody
Annotate
util/sslconfig.lua @ 8439:293dbb08427b
util.ip: Add CGNAT network range reserved in RFC 6598
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Dec 2017 03:13:52 +0100 |
| parent | 8278:a349299038ff |
| child | 8555:4f0f5b49bb03 |
| rev | line source |
|---|---|
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
1 -- util to easily merge multiple sets of LuaSec context options |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
2 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
3 local type = type; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
4 local pairs = pairs; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
5 local rawset = rawset; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
6 local t_concat = table.concat; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
7 local t_insert = table.insert; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
8 local setmetatable = setmetatable; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
9 |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
10 local _ENV = nil; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local handlers = { }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local finalisers = { }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local id = function (v) return v end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
16 -- All "handlers" behave like extended rawset(table, key, value) with extra |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
17 -- processing usually merging the new value with the old in some reasonable |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
18 -- way |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
19 -- If a field does not have a defined handler then a new value simply |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
20 -- replaces the old. |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
21 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
22 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
23 -- Convert either a list or a set into a special type of set where each |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
24 -- item is either positive or negative in order for a later set of options |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
25 -- to be able to remove options from this set by filtering out the negative ones |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
26 function handlers.options(config, field, new) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
27 local options = config[field] or { }; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
28 if type(new) ~= "table" then new = { new } end |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
29 for key, value in pairs(new) do |
|
6671
2d5e2ed44c22
util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents:
6292
diff
changeset
|
30 if value == true or value == false then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
31 options[key] = value; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
32 else -- list item |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
33 options[value] = true; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
36 config[field] = options; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 handlers.verifyext = handlers.options; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
41 -- finalisers take something produced by handlers and return what luasec |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
42 -- expects it to be |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
43 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
44 -- Produce a list of "positive" options from the set |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
45 function finalisers.options(options) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
46 local output = {}; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
47 for opt, enable in pairs(options) do |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 if enable then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
49 output[#output+1] = opt; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
52 return output; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 finalisers.verifyext = finalisers.options; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
57 -- We allow ciphers to be a list |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
58 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
59 function finalisers.ciphers(cipherlist) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
60 if type(cipherlist) == "table" then |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
61 return t_concat(cipherlist, ":"); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
63 return cipherlist; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
|
8278
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
66 -- Curve list too |
|
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
67 finalisers.curveslist = finalisers.ciphers; |
|
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
68 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
69 -- protocol = "x" should enable only that protocol |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
70 -- protocol = "x+" should enable x and later versions |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
71 |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
75 -- this interacts with ssl.options as well to add no_x |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
76 local function protocol(config) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
77 local min_protocol = protocols[config.protocol]; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 if min_protocol then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
79 config.protocol = "sslv23"; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 for i = 1, min_protocol do |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
81 t_insert(config.options, "no_"..protocols[i]); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
86 -- Merge options from 'new' config into 'config' |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
87 local function apply(config, new) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
88 if type(new) == "table" then |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
89 for field, value in pairs(new) do |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
90 (handlers[field] or rawset)(config, field, value); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
95 -- Finalize the config into the form LuaSec expects |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
96 local function final(config) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
97 local output = { }; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
98 for field, value in pairs(config) do |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
99 output[field] = (finalisers[field] or id)(value); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
101 -- Need to handle protocols last because it adds to the options list |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
102 protocol(output); |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
103 return output; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 local sslopts_mt = { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 __index = { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 apply = apply; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 final = final; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 local function new() |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 return setmetatable({options={}}, sslopts_mt); |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 return { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 apply = apply; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 final = final; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 new = new; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 }; |
