File

util-src/compat.c @ 11749:83d6d6a70edf

net.http: fail open if surrounding code does not configure TLS Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.
author Jonas Schäfer <jonas@wielicki.name>
date Sun, 29 Aug 2021 15:04:47 +0200
parent 9561:cfc7b2f7251e
child 12976:a187600ec7d6
line wrap: on
line source


#include <lua.h>
#include <lauxlib.h>


static int lc_xpcall (lua_State *L) {
  int ret;
  int n_arg = lua_gettop(L);
  /* f, msgh, p1, p2... */
  luaL_argcheck(L, n_arg >= 2, 2, "value expected");
  lua_pushvalue(L, 1);  /* f to top */
  lua_pushvalue(L, 2);  /* msgh to top */
  lua_replace(L, 1); /* msgh to 1 */
  lua_replace(L, 2); /* f to 2 */
  /* msgh, f, p1, p2... */
  ret = lua_pcall(L, n_arg - 2, LUA_MULTRET, 1);
  lua_pushboolean(L, ret == 0);
  lua_replace(L, 1);
  return lua_gettop(L);
}

int luaopen_util_compat(lua_State *L) {
	lua_createtable(L, 0, 2);
	{
		lua_pushcfunction(L, lc_xpcall);
		lua_setfield(L, -2, "xpcall");
	}
	return 1;
}