net: isolate LuaSec-specifics For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.

author: Jonas Schäfer <jonas@wielicki.name>
date: Wed, 27 Apr 2022 17:44:14 +0200
parent: 11835:a405884c62f4
child: 12808:12bd40b8e105
--- a/plugins/mod_s2s_auth_certs.lua	Mon Apr 25 16:35:10 2022 +0100
+++ b/plugins/mod_s2s_auth_certs.lua	Wed Apr 27 17:44:14 2022 +0200
@@ -9,7 +9,7 @@
 
 module:hook("s2s-check-certificate", function(event)
 	local session, host, cert = event.session, event.host, event.cert;
-	local conn = session.conn:socket();
+	local conn = session.conn;
 	local log = session.log or log;
 
 	if not cert then
@@ -18,8 +18,8 @@
 	end
 
 	local chain_valid, errors;
-	if conn.getpeerverification then
-		chain_valid, errors = conn:getpeerverification();
+	if conn.ssl_peerverification then
+		chain_valid, errors = conn:ssl_peerverification();
 	else
 		chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
 	end
author	Jonas Schäfer <jonas@wielicki.name>
date	Wed, 27 Apr 2022 17:44:14 +0200
parent	11835:a405884c62f4
child	12808:12bd40b8e105