Annotate

util/sslconfig.lua @ 6832:9566a15d3e59

mod_tls: Fix inhertinance of 'ssl' option from "parent" host to subdomain (fixes #511)
author Kim Alvefur <zash@zash.se>
date Tue, 15 Sep 2015 17:51:56 +0200
parent 6777:5de6b93d0190
child 7004:ddb03cc4ce04
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
1 local type = type;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
2 local pairs = pairs;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
3 local rawset = rawset;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
4 local t_concat = table.concat;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
5 local t_insert = table.insert;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
6 local setmetatable = setmetatable;
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
7
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
8 local _ENV = nil;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local handlers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local finalisers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local id = function (v) return v end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 function handlers.options(a, k, b)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local o = a[k] or { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 if type(b) ~= "table" then b = { b } end
6671
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
17 for key, value in pairs(b) do
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
18 if value == true or value == false then
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
19 o[key] = value;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 else
6671
2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents: 6292
diff changeset
21 o[value] = true;
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 a[k] = o;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 handlers.verify = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 handlers.verifyext = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 function finalisers.options(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 local o = {};
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 for opt, enable in pairs(a) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 if enable then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 o[#o+1] = opt;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 return o;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 finalisers.verify = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 finalisers.verifyext = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 function finalisers.ciphers(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 if type(a) == "table" then
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
45 return t_concat(a, ":");
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 return a;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 local function protocol(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 local min_protocol = protocols[a.protocol];
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 if min_protocol then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 a.protocol = "sslv23";
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 for i = 1, min_protocol do
6777
5de6b93d0190 util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents: 6671
diff changeset
58 t_insert(a.options, "no_"..protocols[i]);
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 local function apply(a, b)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 if type(b) == "table" then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 for k,v in pairs(b) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 (handlers[k] or rawset)(a, k, v);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 local function final(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 local f = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 for k,v in pairs(a) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 f[k] = (finalisers[k] or id)(v);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 protocol(f);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 return f;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 local sslopts_mt = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 __index = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 local function new()
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 return setmetatable({options={}}, sslopts_mt);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 return {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 new = new;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 };