Software /
code /
prosody
Annotate
util/openssl.lua @ 6077:6999d4415a58
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 15 Apr 2014 00:32:11 +0200 |
parent | 5544:d911d9fb3929 |
child | 6902:d2d7ad2563f9 |
rev | line source |
---|---|
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local type, tostring, pairs, ipairs = type, tostring, pairs, ipairs; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local t_insert, t_concat = table.insert, table.concat; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local s_format = string.format; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local oid_xmppaddr = "1.3.6.1.5.5.7.8.5"; -- [XMPP-CORE] |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local oid_dnssrv = "1.3.6.1.5.5.7.8.7"; -- [SRV-ID] |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local idna_to_ascii = require "util.encodings".idna.to_ascii; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local _M = {}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local config = {}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 _M.config = config; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local ssl_config = {}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local ssl_config_mt = {__index=ssl_config}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 function config.new() |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 return setmetatable({ |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 req = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 distinguished_name = "distinguished_name", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 req_extensions = "v3_extensions", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 x509_extensions = "v3_extensions", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 prompt = "no", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 }, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 distinguished_name = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 countryName = "GB", |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
27 -- stateOrProvinceName = "", |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 localityName = "The Internet", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 organizationName = "Your Organisation", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 organizationalUnitName = "XMPP Department", |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
31 commonName = "example.com", |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 emailAddress = "xmpp@example.com", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 }, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 v3_extensions = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 basicConstraints = "CA:FALSE", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 keyUsage = "digitalSignature,keyEncipherment", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 extendedKeyUsage = "serverAuth,clientAuth", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 subjectAltName = "@subject_alternative_name", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 }, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 subject_alternative_name = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 DNS = {}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 otherName = {}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 }, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 }, ssl_config_mt); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
47 local DN_order = { |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
48 "countryName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
49 "stateOrProvinceName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
50 "localityName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
51 "streetAddress"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
52 "organizationName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
53 "organizationalUnitName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
54 "commonName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
55 "emailAddress"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
56 } |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
57 _M._DN_order = DN_order; |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 function ssl_config:serialize() |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 local s = ""; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 for k, t in pairs(self) do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 s = s .. ("[%s]\n"):format(k); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 if k == "subject_alternative_name" then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 for san, n in pairs(t) do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 for i = 1,#n do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 end |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
68 elseif k == "distinguished_name" then |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
69 for i=1,#DN_order do |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
70 local k = DN_order[i] |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
71 local v = t[k]; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
72 if v then |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
73 s = s .. ("%s = %s\n"):format(k, v); |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
74 end |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
75 end |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 else |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 for k, v in pairs(t) do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 s = s .. ("%s = %s\n"):format(k, v); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 s = s .. "\n"; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 return s; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 local function utf8string(s) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 -- This is how we tell openssl not to encode UTF-8 strings as fake Latin1 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 return s_format("FORMAT:UTF8,UTF8:%s", s); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 local function ia5string(s) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 return s_format("IA5STRING:%s", s); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 _M.util = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 utf8string = utf8string, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 ia5string = ia5string, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 }; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 function ssl_config:add_dNSName(host) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 function ssl_config:add_sRVName(host, service) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 t_insert(self.subject_alternative_name.otherName, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .."." .. idna_to_ascii(host)))); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 function ssl_config:add_xmppAddr(host) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 t_insert(self.subject_alternative_name.otherName, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 s_format("%s;%s", oid_xmppaddr, utf8string(host))); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 |
5290
befb1923527d
util.openssl: Cleanup; remove some unused variables.
Kim Alvefur <zash@zash.se>
parents:
4823
diff
changeset
|
114 function ssl_config:from_prosody(hosts, config, certhosts) |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 -- TODO Decide if this should go elsewhere |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 local found_matching_hosts = false; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 for i = 1,#certhosts do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 local certhost = certhosts[i]; |
5290
befb1923527d
util.openssl: Cleanup; remove some unused variables.
Kim Alvefur <zash@zash.se>
parents:
4823
diff
changeset
|
119 for name in pairs(hosts) do |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 if name == certhost or name:sub(-1-#certhost) == "."..certhost then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 found_matching_hosts = true; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 self:add_dNSName(name); |
5379
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
123 --print(name .. "#component_module: " .. (config.get(name, "component_module") or "nil")); |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
124 if config.get(name, "component_module") == nil then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 self:add_sRVName(name, "xmpp-client"); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 end |
5379
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
127 --print(name .. "#anonymous_login: " .. tostring(config.get(name, "anonymous_login"))); |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
128 if not (config.get(name, "anonymous_login") or |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
129 config.get(name, "authentication") == "anonymous") then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 self:add_sRVName(name, "xmpp-server"); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 self:add_xmppAddr(name); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 if not found_matching_hosts then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 return nil, "no-matching-hosts"; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 do -- Lua to shell calls. |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 local function shell_escape(s) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 return s:gsub("'",[['\'']]); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 local function serialize(f,o) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 local r = {"openssl", f}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 for k,v in pairs(o) do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 if type(k) == "string" then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 t_insert(r, ("-%s"):format(k)); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 if v ~= true then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 end |
5290
befb1923527d
util.openssl: Cleanup; remove some unused variables.
Kim Alvefur <zash@zash.se>
parents:
4823
diff
changeset
|
156 for _,v in ipairs(o) do |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 return t_concat(r, " "); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
162 local os_execute = os.execute; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 setmetatable(_M, { |
5290
befb1923527d
util.openssl: Cleanup; remove some unused variables.
Kim Alvefur <zash@zash.se>
parents:
4823
diff
changeset
|
164 __index=function(_,f) |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 return function(opts) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {})); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 end; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 end; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 }); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
170 end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
171 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
172 return _M; |