prosody
7e9ebdc75ce4
util/sslconfig.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/sslconfig.lua @ 12480:7e9ebdc75ce4

net: isolate LuaSec-specifics For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.
author Jonas Schäfer <jonas@wielicki.name>
date Wed, 27 Apr 2022 17:44:14 +0200
parent 10920:c171b4c59bd1
child 12481:2ee27587fec7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
1 -- util to easily merge multiple sets of LuaSec context options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
2
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
3 local type = type;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
4 local pairs = pairs;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
5 local rawset = rawset;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
6 local rawget = rawget;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
7 local error = error;
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
8 local t_concat = table.concat;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
9 local t_insert = table.insert;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
10 local setmetatable = setmetatable;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
11 local config_path = prosody.paths.config or ".";
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
12 local resolve_path = require"util.paths".resolve_relative_path;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
13
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
14 -- TODO: use net.server directly here
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
15 local tls_impl = require"net.tls_luasec";
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
16
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
17 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8278
diff changeset
18 -- luacheck: std none
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 local handlers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local finalisers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local id = function (v) return v end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
24 -- All "handlers" behave like extended rawset(table, key, value) with extra
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
25 -- processing usually merging the new value with the old in some reasonable
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
26 -- way
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
27 -- If a field does not have a defined handler then a new value simply
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
28 -- replaces the old.
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
29
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
30
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
31 -- Convert either a list or a set into a special type of set where each
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
32 -- item is either positive or negative in order for a later set of options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
33 -- to be able to remove options from this set by filtering out the negative ones
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
34 function handlers.options(config, field, new)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
35 local options = config[field] or { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
36 if type(new) ~= "table" then new = { new } end
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
37 for key, value in pairs(new) do
6671
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
38 if value == true or value == false then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
39 options[key] = value;
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
40 else -- list item
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
41 options[value] = true;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
44 rawset(config, field, options)
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 handlers.verifyext = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
49 -- finalisers take something produced by handlers and return what luasec
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
50 -- expects it to be
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
51
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
52 -- Produce a list of "positive" options from the set
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
53 function finalisers.options(options)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
54 local output = {};
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
55 for opt, enable in pairs(options) do
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 if enable then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
57 output[#output+1] = opt;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
60 return output;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 finalisers.verifyext = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
65 -- We allow ciphers to be a list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
66
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
67 function finalisers.ciphers(cipherlist)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
68 if type(cipherlist) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
69 return t_concat(cipherlist, ":");
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
71 return cipherlist;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73
8278
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
74 -- Curve list too
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
75 finalisers.curveslist = finalisers.ciphers;
a349299038ff util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents: 7867
diff changeset
76
10920
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
77 -- TLS 1.3 ciphers
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
78 finalisers.ciphersuites = finalisers.ciphers;
c171b4c59bd1 util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents: 9584
diff changeset
79
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
80 -- Path expansion
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
81 function finalisers.key(path)
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
82 if type(path) == "string" then
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
83 return resolve_path(config_path, path);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
84 else
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
85 return nil
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
86 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
87 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
88 finalisers.certificate = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
89 finalisers.cafile = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
90 finalisers.capath = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
91 -- XXX: copied from core/certmanager.lua, but this seems odd, because it would remove a dhparam function from the config
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
92 finalisers.dhparam = finalisers.key;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
93
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
94 -- protocol = "x" should enable only that protocol
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
95 -- protocol = "x+" should enable x and later versions
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
96
9584
2860f8dabf35 util.sslconfig: Recognise TLS 1.3 as a protocol version
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
97 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2", "tlsv1_3" };
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
100 -- this interacts with ssl.options as well to add no_x
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
101 local function protocol(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
102 local min_protocol = protocols[config.protocol];
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 if min_protocol then
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
104 config.protocol = "sslv23";
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 for i = 1, min_protocol do
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
106 t_insert(config.options, "no_"..protocols[i]);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
111 -- Merge options from 'new' config into 'config'
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
112 local function apply(config, new)
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
113 -- 0 == cache
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
114 rawset(config, 0, nil);
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
115 if type(new) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
116 for field, value in pairs(new) do
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
117 (handlers[field] or rawset)(config, field, value);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 end
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
120 return config
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
123 -- Finalize the config into the form LuaSec expects
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
124 local function final(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
125 local output = { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
126 for field, value in pairs(config) do
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
127 output[field] = (finalisers[field] or id)(value);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
128 end
7004
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
129 -- Need to handle protocols last because it adds to the options list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
130 protocol(output);
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents: 6777
diff changeset
131 return output;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
133
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
134 local function build(config)
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
135 local cached = rawget(config, 0);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
136 if cached then
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
137 return cached, nil
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
138 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
139
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
140 local ctx, err = tls_impl.new_context(config:final(), config);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
141 if ctx then
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
142 rawset(config, 0, ctx);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
143 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
144 return ctx, err
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
145 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
146
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
147 local sslopts_mt = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148 __index = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150 final = final;
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
151 build = build;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
152 };
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
153 __newindex = function()
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
154 error("SSL config objects cannot be modified directly. Use :apply()")
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
155 end;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
158
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
159 local function new()
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
160 return setmetatable({options={}}, sslopts_mt);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
161 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
162
12480
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
163 local function clone(config)
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
164 local result = new();
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
165 for k, v in pairs(config) do
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
166 rawset(result, k, v);
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
167 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
168 return result
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
169 end
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
170
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
171 sslopts_mt.__index.clone = clone;
7e9ebdc75ce4 net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents: 10920
diff changeset
172
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
173 return {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
174 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
175 final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
176 new = new;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
177 };