Software / code / prosody
Annotate
util/sslconfig.lua @ 13532:9970d333a63f
mod_pubsub: Use error registry
This is what util.error was made for!
This replaces the custom error stanza builder with common code in
util.stanza that knows enough about util.error and namespaced errors.
Some awkwardness remains in the way util.pubsub returns conflicting
form fields.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 27 Oct 2024 15:18:24 +0100 |
| parent | 13502:61da4491eebc |
| rev | line source |
|---|---|
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
1 -- util to easily merge multiple sets of LuaSec context options |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
2 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
3 local type = type; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
4 local pairs = pairs; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
5 local rawset = rawset; |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
6 local rawget = rawget; |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
7 local error = error; |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
8 local t_concat = table.concat; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
9 local t_insert = table.insert; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
10 local setmetatable = setmetatable; |
|
12975
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12481
diff
changeset
|
11 local resolve_path = require"prosody.util.paths".resolve_relative_path; |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
12 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6671
diff
changeset
|
13 local _ENV = nil; |
|
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8278
diff
changeset
|
14 -- luacheck: std none |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local handlers = { }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local finalisers = { }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local id = function (v) return v end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
20 -- All "handlers" behave like extended rawset(table, key, value) with extra |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
21 -- processing usually merging the new value with the old in some reasonable |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
22 -- way |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
23 -- If a field does not have a defined handler then a new value simply |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
24 -- replaces the old. |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
25 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
26 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
27 -- Convert either a list or a set into a special type of set where each |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
28 -- item is either positive or negative in order for a later set of options |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
29 -- to be able to remove options from this set by filtering out the negative ones |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
30 function handlers.options(config, field, new) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
31 local options = config[field] or { }; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
32 if type(new) ~= "table" then new = { new } end |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
33 for key, value in pairs(new) do |
|
6671
2d5e2ed44c22
util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents:
6292
diff
changeset
|
34 if value == true or value == false then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
35 options[key] = value; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
36 else -- list item |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
37 options[value] = true; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
40 rawset(config, field, options) |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 handlers.verifyext = handlers.options; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
45 -- finalisers take something produced by handlers and return what luasec |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
46 -- expects it to be |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
47 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
48 -- Produce a list of "positive" options from the set |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
49 function finalisers.options(options) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
50 local output = {}; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
51 for opt, enable in pairs(options) do |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 if enable then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
53 output[#output+1] = opt; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
56 return output; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 finalisers.verifyext = finalisers.options; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
61 -- We allow ciphers to be a list |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
62 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
63 function finalisers.ciphers(cipherlist) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
64 if type(cipherlist) == "table" then |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
65 return t_concat(cipherlist, ":"); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
67 return cipherlist; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
|
8278
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
70 -- Curve list too |
|
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
71 finalisers.curveslist = finalisers.ciphers; |
|
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7867
diff
changeset
|
72 |
|
10920
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9584
diff
changeset
|
73 -- TLS 1.3 ciphers |
|
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9584
diff
changeset
|
74 finalisers.ciphersuites = finalisers.ciphers; |
|
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9584
diff
changeset
|
75 |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
76 -- Path expansion |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
77 function finalisers.key(path, config) |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
78 if type(path) == "string" then |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
79 return resolve_path(config._basedir, path); |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
80 else |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
81 return nil |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
82 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
83 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
84 finalisers.certificate = finalisers.key; |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
85 finalisers.cafile = finalisers.key; |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
86 finalisers.capath = finalisers.key; |
|
13502
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
87 |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
88 function finalisers.dhparam(value, config) |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
89 if type(value) == "string" then |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
90 if value:sub(1, 10) == "-----BEGIN" then |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
91 -- literal value |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
92 return value; |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
93 else |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
94 -- assume a filename |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
95 return resolve_path(config._basedir, value); |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
96 end |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
97 end |
|
61da4491eebc
util.sslconfig: Support DH parameters as literal string
Kim Alvefur <zash@zash.se>
parents:
12975
diff
changeset
|
98 end |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
99 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
100 -- protocol = "x" should enable only that protocol |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
101 -- protocol = "x+" should enable x and later versions |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
102 |
|
9584
2860f8dabf35
util.sslconfig: Recognise TLS 1.3 as a protocol version
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
103 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2", "tlsv1_3" }; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
106 -- this interacts with ssl.options as well to add no_x |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
107 local function protocol(config) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
108 local min_protocol = protocols[config.protocol]; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 if min_protocol then |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
110 config.protocol = "sslv23"; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 for i = 1, min_protocol do |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
112 t_insert(config.options, "no_"..protocols[i]); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
117 -- Merge options from 'new' config into 'config' |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
118 local function apply(config, new) |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
119 rawset(config, "_cache", nil); |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
120 if type(new) == "table" then |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
121 for field, value in pairs(new) do |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
122 -- exclude keys which are internal to the config builder |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
123 if field:sub(1, 1) ~= "_" then |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
124 (handlers[field] or rawset)(config, field, value); |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
125 end |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 end |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
128 return config |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
131 -- Finalize the config into the form LuaSec expects |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
132 local function final(config) |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
133 local output = { }; |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
134 for field, value in pairs(config) do |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
135 -- exclude keys which are internal to the config builder |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
136 if field:sub(1, 1) ~= "_" then |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
137 output[field] = (finalisers[field] or id)(value, config); |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
138 end |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 end |
|
7004
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
140 -- Need to handle protocols last because it adds to the options list |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
141 protocol(output); |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
142 return output; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
145 local function build(config) |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
146 local cached = rawget(config, "_cache"); |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
147 if cached then |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
148 return cached, nil |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
149 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
150 |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
151 local ctx, err = rawget(config, "_context_factory")(config:final(), config); |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
152 if ctx then |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
153 rawset(config, "_cache", ctx); |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
154 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
155 return ctx, err |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
156 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
157 |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 local sslopts_mt = { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 __index = { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 apply = apply; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 final = final; |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
162 build = build; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 }; |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
164 __newindex = function() |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
165 error("SSL config objects cannot be modified directly. Use :apply()") |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
166 end; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 }; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
169 |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
170 -- passing basedir through everything is required to avoid sslconfig depending |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
171 -- on prosody.paths.config |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
172 local function new(context_factory, basedir) |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
173 return setmetatable({ |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
174 _context_factory = context_factory, |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
175 _basedir = basedir, |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
176 options={}, |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
177 }, sslopts_mt); |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
178 end |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
179 |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
180 local function clone(config) |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
181 local result = new(); |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
182 for k, v in pairs(config) do |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
183 -- note that we *do* copy the internal keys on clone -- we have to carry |
|
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
184 -- both the factory and the cache with us |
|
12480
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
185 rawset(result, k, v); |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
186 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
187 return result |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
188 end |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
189 |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
190 sslopts_mt.__index.clone = clone; |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10920
diff
changeset
|
191 |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
192 return { |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
193 apply = apply; |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
194 final = final; |
|
12481
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12480
diff
changeset
|
195 _new = new; |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
196 }; |
