Annotate

util/sslconfig.lua @ 6518:c0d221b0c94c

mod_saslauth: Break out tls-unique channel binding callback so it is instantiated once
author Kim Alvefur <zash@zash.se>
date Wed, 19 Nov 2014 14:44:41 +0100
parent 6292:751618071e89
child 6671:2d5e2ed44c22
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6292
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local handlers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local finalisers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local id = function (v) return v end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 function handlers.options(a, k, b)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local o = a[k] or { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 if type(b) ~= "table" then b = { b } end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 for k,v in pairs(b) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 if v == true or v == false then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 o[k] = v;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 else
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 o[v] = true;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 a[k] = o;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 handlers.verify = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 handlers.verifyext = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 function finalisers.options(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 local o = {};
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 for opt, enable in pairs(a) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 if enable then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 o[#o+1] = opt;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 return o;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 finalisers.verify = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 finalisers.verifyext = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 function finalisers.ciphers(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 if type(a) == "table" then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 return table.concat(a, ":");
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 return a;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 local function protocol(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 local min_protocol = protocols[a.protocol];
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 if min_protocol then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 a.protocol = "sslv23";
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 for i = 1, min_protocol do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 table.insert(a.options, "no_"..protocols[i]);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 local function apply(a, b)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 if type(b) == "table" then
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 for k,v in pairs(b) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 (handlers[k] or rawset)(a, k, v);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 local function final(a)
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 local f = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 for k,v in pairs(a) do
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 f[k] = (finalisers[k] or id)(v);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 protocol(f);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 return f;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 local sslopts_mt = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 __index = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 local function new()
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 return setmetatable({options={}}, sslopts_mt);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 return {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 new = new;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 };