prosody
8f82d3cd0631
net/http.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

net/http.lua @ 8199:8f82d3cd0631

net.http: Validate HTTPS certificates (fixes #659)
author Kim Alvefur <zash@zash.se>
date Fri, 07 Jul 2017 21:04:30 +0200
parent 8197:55826e29c719
child 8200:e92585ab4998
comparison
equal deleted inserted replaced
8198:db82ce3decee 8199:8f82d3cd0631
9 local b64 = require "util.encodings".base64.encode; 9 local b64 = require "util.encodings".base64.encode;
10 local url = require "socket.url" 10 local url = require "socket.url"
11 local httpstream_new = require "net.http.parser".new; 11 local httpstream_new = require "net.http.parser".new;
12 local util_http = require "util.http"; 12 local util_http = require "util.http";
13 local events = require "util.events"; 13 local events = require "util.events";
14 local verify_identity = require"util.x509".verify_identity;
14 15
15 local ssl_available = pcall(require, "ssl"); 16 local ssl_available = pcall(require, "ssl");
16 17
17 local server = require "net.server" 18 local server = require "net.server"
18 19
32 33
33 local listener = { default_port = 80, default_mode = "*a" }; 34 local listener = { default_port = 80, default_mode = "*a" };
34 35
35 function listener.onconnect(conn) 36 function listener.onconnect(conn)
36 local req = requests[conn]; 37 local req = requests[conn];
38
39 -- Validate certificate
40 if conn:ssl() then
41 local sock = conn:socket();
42 local chain_valid = sock.getpeerverification and sock:getpeerverification();
43 if not chain_valid then
44 req.callback("certificate-chain-invalid", 0, req);
45 req.callback = nil;
46 conn:close();
47 return;
48 end
49 local cert = sock.getpeercertificate and sock:getpeercertificate();
50 if not cert or not verify_identity(req.host, false, cert) then
51 req.callback("certificate-verify-failed", 0, req);
52 req.callback = nil;
53 conn:close();
54 return;
55 end
56 end
57
37 -- Send the request 58 -- Send the request
38 local request_line = { req.method or "GET", " ", req.path, " HTTP/1.1\r\n" }; 59 local request_line = { req.method or "GET", " ", req.path, " HTTP/1.1\r\n" };
39 if req.query then 60 if req.query then
40 t_insert(request_line, 4, "?"..req.query); 61 t_insert(request_line, 4, "?"..req.query);
41 end 62 end