Software / code / prosody
Diff
net/server_epoll.lua @ 12480:7e9ebdc75ce4
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Wed, 27 Apr 2022 17:44:14 +0200 |
| parent | 12342:cba0b93320b7 |
| child | 12481:2ee27587fec7 |
line wrap: on
line diff
--- a/net/server_epoll.lua Mon Apr 25 16:35:10 2022 +0100 +++ b/net/server_epoll.lua Wed Apr 27 17:44:14 2022 +0200 @@ -18,7 +18,6 @@ local logger = require "util.logger"; local log = logger.init("server_epoll"); local socket = require "socket"; -local luasec = require "ssl"; local realtime = require "util.time".now; local monotonic = require "util.time".monotonic; local indexedbheap = require "util.indexedbheap"; @@ -614,6 +613,30 @@ self._sslctx = sslctx; end +function interface:sslctx() + return self.tls_ctx +end + +function interface:ssl_info() + local sock = self.conn; + return sock.info and sock:info(); +end + +function interface:ssl_peercertificate() + local sock = self.conn; + return sock.getpeercertificate and sock:getpeercertificate(); +end + +function interface:ssl_peerverification() + local sock = self.conn; + return sock.getpeerverification and sock:getpeerverification(); +end + +function interface:ssl_peerfinished() + local sock = self.conn; + return sock.getpeerfinished and sock:getpeerfinished(); +end + function interface:starttls(tls_ctx) if tls_ctx then self.tls_ctx = tls_ctx; end self.starttls = false; @@ -641,11 +664,7 @@ self.starttls = false; self:debug("Starting TLS now"); self:updatenames(); -- Can't getpeer/sockname after wrap() - local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx); - if not ok then - conn, err = ok, conn; - self:debug("Failed to initialize TLS: %s", err); - end + local conn, err = self.tls_ctx:wrap(self.conn); if not conn then self:on("disconnect", err); self:destroy(); @@ -656,8 +675,8 @@ if conn.sni then if self.servername then conn:sni(self.servername); - elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then - conn:sni(self._server.hosts, true); + elseif next(self.tls_ctx._sni_contexts) ~= nil then + conn:sni(self.tls_ctx._sni_contexts, true); end end if self.extra and self.extra.tlsa and conn.settlsa then
