• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

zhaozg / lua-openssl / 17914554859

22 Sep 2025 12:00PM UTC coverage: 93.583%. Remained the same
17914554859

push

travis-ci

zhaozg
doc: LDoc documentation and doc check

Co-authored-by: zhaozg <542599+zhaozg@users.noreply.github.com>

1 of 1 new or added line in 1 file covered. (100.0%)

411 existing lines in 18 files now uncovered.

9640 of 10301 relevant lines covered (93.58%)

2556.19 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.67
/src/ssl.c
1
/***
2
ssl modules to create SSL/TLS server or client, send and recv data over SSL channels.
3

4
@module ssl
5
@usage
6
  ssl = require('openssl').ssl
7
*/
8
#include <openssl/dh.h>
9
#include <openssl/ec.h>
10
#include <openssl/rsa.h>
11
#include <openssl/ssl.h>
12

13
#include "openssl.h"
14
#include "private.h"
15
#include "ssl_options.h"
16

17
#include <stdint.h>
18

19
#if OPENSSL_VERSION_NUMBER > 0x30000000
20
#ifndef SSL_get_peer_certificate
21
#define SSL_get_peer_certificate SSL_get1_peer_certificate
22
#endif
23
#ifndef SSL_DEFAULT_CIPHER_LIST
24
#define SSL_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
25
#endif
26
#endif
27

28
/***
29
create ssl_ctx object, which mapping to SSL_CTX in openssl.
30
@function ctx_new
31
@tparam string protocol support 'SSLv3', 'SSLv23', 'SSLv2', 'TSLv1', 'TSLv1_1','TSLv1_2','TLS',
32
'DTLSv1','DTLSv1_2', and can be follow by '_server' or '_client', in general you should use 'TLS' to
33
negotiate highest available SSL/TLS version
34
@tparam[opt] string support_ciphers, if not given, default of openssl will be used
35
@treturn ssl_ctx
36
*/
37
#if OPENSSL_VERSION_NUMBER > 0x10100000L
38
#define TLS_PROTOCOL_TIPS                                                                          \
39
  "only support TLS, DTLS to negotiate highest available SSL/TLS or DTLS "                         \
40
  "version above openssl v1.1.0\n"                                                                 \
41
  "optional followed by _client or _server\n"                                                      \
42
  "default is TLS\n"
43
#define DEFAULT_PROTOCOL "TLS"
44
#else
45
#define TLS_PROTOCOL_TIPS                                                                          \
46
  "SSLv23, TLSv1_2, TLSv1_1, TLSv1, DTLSv1_2 or DTLSv1, optional followed by _client or _server\n" \
47
  "optional followed by _client or _server\n"                                                      \
48
  "default is SSLv23 to negotiate highest available SSL/TLS\n"
49
#define DEFAULT_PROTOCOL "SSLv23"
50
#endif
51

52
typedef enum
53
{
54
  SSL_CTX_SESSION_ADD = 0,
55
  SSL_CTX_SESSION_GET,
56
  SSL_CTX_SESSION_DEL,
57
#if OPENSSL_VERSION_NUMBER < 0x10100000L
58

59
  SSL_CTX_TEMP_DH,
60
  SSL_CTX_TEMP_RSA,
61
  SSL_CTX_TEMP_ECDH,
62
#endif
63
  SSL_CTX_MAX_IDX
64
} SSL_CTX_INDEX;
65

66
/***
67
create a new SSL context object
68
@function new
69
@tparam[opt="TLS"] string method SSL/TLS protocol method ("TLS", "SSLv23", "TLSv1", "TLSv1_1", "TLSv1_2", etc.)
70
@treturn ssl_ctx SSL context object
71
*/
72
static int
73
openssl_ssl_ctx_new(lua_State *L)
793✔
74
{
75
  const char *meth = luaL_optstring(L, 1, DEFAULT_PROTOCOL);
793✔
76
#if OPENSSL_VERSION_NUMBER >= 0x01000000L
77
  const
78
#endif
79
    SSL_METHOD *method
793✔
80
    = NULL;
81
  const char *ciphers;
82
  SSL_CTX    *ctx;
83

84
  if (strcmp(meth, "SSLv23") == 0)
793✔
85
    method = SSLv23_method();
3✔
86
  else if (strcmp(meth, "SSLv23_server") == 0)
790✔
87
    method = SSLv23_server_method();
6✔
88
  else if (strcmp(meth, "SSLv23_client") == 0)
784✔
89
    method = SSLv23_client_method();
5✔
90

91
#if OPENSSL_VERSION_NUMBER > 0x10100000L
92
  else if (strcmp(meth, "TLS") == 0)
753✔
93
    method = TLS_method();
642✔
94
  else if (strcmp(meth, "TLS_server") == 0)
111✔
95
    method = TLS_server_method();
21✔
96
  else if (strcmp(meth, "TLS_client") == 0)
90✔
97
    method = TLS_client_method();
6✔
98

99
  else if (strcmp(meth, "DTLS") == 0)
84✔
100
    method = DTLS_method();
3✔
101
  else if (strcmp(meth, "DTLS_server") == 0)
81✔
102
    method = DTLS_server_method();
3✔
103
  else if (strcmp(meth, "DTLS_client") == 0)
78✔
104
    method = DTLS_client_method();
6✔
105
#endif
106

107
#if !defined(OPENSSL_NO_DEPRECATED) && !defined(OPENSSL_NO_DTLS1_2_METHOD) && \
108
  OPENSSL_VERSION_NUMBER < 0x10100000L
109
  else if (strcmp(meth, "DTLSv1_2") == 0)
26✔
110
    method = DTLSv1_2_method();
111
  else if (strcmp(meth, "DTLSv1_2_server") == 0)
26✔
112
    method = DTLSv1_2_server_method();
113
  else if (strcmp(meth, "DTLSv1_2_client") == 0)
26✔
114
    method = DTLSv1_2_client_method();
1✔
115
#endif
116

117
#if !defined(OPENSSL_NO_DEPRECATED) && !defined(OPENSSL_NO_DTLS1_METHOD) && \
118
  OPENSSL_VERSION_NUMBER < 0x10100000L
119

120
  else if (strcmp(meth, "DTLSv1") == 0)
25✔
121
    method = DTLSv1_method();
122
  else if (strcmp(meth, "DTLSv1_server") == 0)
25✔
123
    method = DTLSv1_server_method();
124
  else if (strcmp(meth, "DTLSv1_client") == 0)
25✔
125
    method = DTLSv1_client_method();
1✔
126
#endif
127

128
#if !defined(OPENSSL_NO_DEPRECATED) && !defined(OPENSSL_NO_TLS1_2_METHOD) && \
129
  OPENSSL_VERSION_NUMBER < 0x10100000L
130

131
  else if (strcmp(meth, "TLSv1_2") == 0)
24✔
132
    method = TLSv1_2_method();
133
  else if (strcmp(meth, "TLSv1_2_server") == 0)
24✔
134
    method = TLSv1_2_server_method();
135
  else if (strcmp(meth, "TLSv1_2_client") == 0)
24✔
136
    method = TLSv1_2_client_method();
1✔
137
#endif
138

139
#if !defined(OPENSSL_NO_DEPRECATED) && !defined(OPENSSL_NO_TLS1_1_METHOD) && \
140
  OPENSSL_VERSION_NUMBER < 0x10100000L
141

142
  else if (strcmp(meth, "TLSv1_1") == 0)
23✔
143
    method = TLSv1_1_method();
144
  else if (strcmp(meth, "TLSv1_1_server") == 0)
23✔
145
    method = TLSv1_1_server_method();
146
  else if (strcmp(meth, "TLSv1_1_client") == 0)
23✔
147
    method = TLSv1_1_client_method();
1✔
148
#endif
149

150
#if !defined(OPENSSL_NO_DEPRECATED) && !defined(OPENSSL_NO_TLS1_METHOD) && \
151
  OPENSSL_VERSION_NUMBER < 0x10100000L
152

153
  else if (strcmp(meth, "TLSv1") == 0)
22✔
154
    method = TLSv1_method();
155
  else if (strcmp(meth, "TLSv1_server") == 0)
22✔
156
    method = TLSv1_server_method();
157
  else if (strcmp(meth, "TLSv1_client") == 0)
22✔
158
    method = TLSv1_client_method();
1✔
159
#endif
160

161
#ifndef OPENSSL_NO_SSL3_METHOD
162
  else if (strcmp(meth, "SSLv3") == 0)
21✔
163
    method = SSLv3_method();
164
  else if (strcmp(meth, "SSLv3_server") == 0)
21✔
165
    method = SSLv3_server_method();
166
  else if (strcmp(meth, "SSLv3_client") == 0)
21✔
167
    method = SSLv3_client_method();
1✔
168
#endif
169

170
#ifdef LOAD_SSL_CUSTOM
171
  LOAD_SSL_CUSTOM
172
#endif
173
  else luaL_argerror(L, 1, TLS_PROTOCOL_TIPS);
92✔
174

175
  ctx = SSL_CTX_new(method);
701✔
176
  if (!ctx) luaL_argerror(L, 1, TLS_PROTOCOL_TIPS);
701✔
177

178
  ciphers = luaL_optstring(L, 2, SSL_DEFAULT_CIPHER_LIST);
701✔
179
#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
180
  if (!SSL_CTX_set_ciphersuites(ctx, ciphers) && !SSL_CTX_set_cipher_list(ctx, ciphers))
684✔
181
#else
182
  if (!SSL_CTX_set_cipher_list(ctx, ciphers))
17✔
183
#endif
UNCOV
184
    luaL_argerror(L, 2, "Error to set cipher list");
×
185

186
  PUSH_OBJECT(ctx, "openssl.ssl_ctx");
701✔
187
  SSL_CTX_set_app_data(ctx, openssl_mainthread(L));
701✔
188
  openssl_newvalue(L, ctx);
701✔
189

190
  return 1;
701✔
191
}
192

193
/***
194
get alert_type for ssl state
195
@function alert_type
196
@tparam number alert
197
@tparam[opt=false] boolean long
198
@treturn string alert type
199
*/
200
static int
201
openssl_ssl_alert_type(lua_State *L)
24✔
202
{
203
  int         v = luaL_checkint(L, 1);
24✔
204
  int         _long = lua_isnone(L, 2) ? 0 : auxiliar_checkboolean(L, 2);
24✔
205
  const char *val;
206

207
  if (_long)
24✔
208
    val = SSL_alert_type_string_long(v << 8);
12✔
209
  else
210
    val = SSL_alert_type_string(v << 8);
12✔
211
  lua_pushstring(L, val);
24✔
212

213
  return 1;
24✔
214
}
215

216
/***
217
get alert_desc for ssl state
218
@function alert_desc
219
@tparam number alert
220
@tparam[opt=false] boolean long
221
@treturn string alert type
222
@treturn string desc string, if long set true will return long info
223
*/
224
static int
225
openssl_ssl_alert_desc(lua_State *L)
96✔
226
{
227
  int         v = luaL_checkint(L, 1);
96✔
228
  int         _long = lua_isnone(L, 2) ? 0 : auxiliar_checkboolean(L, 2);
96✔
229
  const char *val;
230

231
  if (_long)
96✔
232
    val = SSL_alert_desc_string_long(v);
48✔
233
  else
234
    val = SSL_alert_desc_string(v);
48✔
235
  lua_pushstring(L, val);
96✔
236

237
  return 1;
96✔
238
}
239

240
/***
241
create new SSL session object
242
@function session_new
243
@treturn ssl_session new SSL session object
244
*/
245
static int
246
openssl_ssl_session_new(lua_State *L)
4✔
247
{
248
  SSL_SESSION *ss = SSL_SESSION_new();
4✔
249
  PUSH_OBJECT(ss, "openssl.ssl_session");
4✔
250
  return 1;
4✔
251
}
252

253
/***
254
read SSL session from BIO or string data
255
@function session_read
256
@tparam bio|string input BIO object or string containing session data (PEM or DER format)
257
@treturn ssl_session|nil SSL session object or nil on error
258
*/
259
static int
260
openssl_ssl_session_read(lua_State *L)
4✔
261
{
262
  BIO         *in = load_bio_object(L, 1);
4✔
263
  SSL_SESSION *ss = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
4✔
264
  if (!ss) {
4✔
UNCOV
265
    (void)BIO_reset(in);
×
UNCOV
266
    ss = d2i_SSL_SESSION_bio(in, NULL);
×
267
  }
268
  BIO_free(in);
4✔
269
  if (ss) {
4✔
270
    PUSH_OBJECT(ss, "openssl.ssl_session");
4✔
271
    return 1;
4✔
272
  }
UNCOV
273
  return openssl_pushresult(L, 0);
×
274
}
275

276
static luaL_Reg R[] = {
277
  { "ctx_new",      openssl_ssl_ctx_new      },
278
  { "alert_type",   openssl_ssl_alert_type   },
279
  { "alert_desc",   openssl_ssl_alert_desc   },
280

281
  { "session_new",  openssl_ssl_session_new  },
282
  { "session_read", openssl_ssl_session_read },
283
  { NULL,           NULL                     }
284
};
285

286
/****************************SSL CTX********************************/
287
/***
288
openssl.ssl_ctx object
289
@type ssl_ctx
290
*/
291

292
/***
293
tell ssl_ctx use private key and certificate, and check private key
294
@function use
295
@tparam evp_pkey pkey
296
@tparam x509 cert
297
@treturn boolean result return true for ok, or nil followed by errmsg and errval
298
*/
299
static int
300
openssl_ssl_ctx_use(lua_State *L)
666✔
301
{
302
  int       ret;
303
  SSL_CTX  *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
666✔
304
  EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
666✔
305

306
  if (lua_isstring(L, 3)) {
666✔
UNCOV
307
    ret = SSL_CTX_use_certificate_chain_file(ctx, luaL_checkstring(L, 3));
×
308
  } else {
309
    X509 *cert = CHECK_OBJECT(3, X509, "openssl.x509");
666✔
310
    ret = SSL_CTX_use_certificate(ctx, cert);
666✔
311
  }
312
  if (ret == 1) {
666✔
313
    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
666✔
314
    if (ret == 1) {
666✔
315
      ret = SSL_CTX_check_private_key(ctx);
666✔
316
    }
317
  }
318
  return openssl_pushresult(L, ret);
666✔
319
}
320

321
/***
322
add client ca cert and option extra chain cert
323
@function add
324
@tparam x509 clientca
325
@tparam[opt] table extra_chain_cert_array
326
@treturn boolean result
327
*/
328
static int
329
openssl_ssl_ctx_add(lua_State *L)
4✔
330
{
331
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
4✔
332
  X509    *x = CHECK_OBJECT(2, X509, "openssl.x509");
4✔
333
  int      ret = SSL_CTX_add_client_CA(ctx, x);
4✔
334
  if (ret == 1 && !lua_isnone(L, 3)) {
4✔
335
    size_t i;
336
    luaL_checktable(L, 3);
4✔
337

338
    for (i = 1; ret == 1 && i <= lua_rawlen(L, 3); i++) {
16✔
339
      lua_rawgeti(L, 3, i);
12✔
340
      x = CHECK_OBJECT(2, X509, "openssl.x509");
12✔
341
      lua_pop(L, 1);
12✔
342
      X509_up_ref(x);
12✔
343
      ret = SSL_CTX_add_extra_chain_cert(ctx, x);
12✔
344
    }
345
  }
346
  return openssl_pushresult(L, ret);
4✔
347
}
348

349
static int
350
openssl_ssl_ctx_gc(lua_State *L)
701✔
351
{
352
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
701✔
353
  SSL_CTX_free(ctx);
701✔
354
  openssl_freevalue(L, ctx);
701✔
355

356
  return 0;
701✔
357
}
358

359
/***
360
get timeout
361
@function timeout
362
@return number
363
*/
364
/***
365
set timeout
366
@function timeout
367
@tparam number timeout
368
@treturn number previous timeout
369
*/
370
static int
371
openssl_ssl_ctx_timeout(lua_State *L)
26✔
372
{
373
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
26✔
374
  long     t;
375
  if (!lua_isnone(L, 2)) {
26✔
376
    t = SSL_CTX_set_timeout(ctx, luaL_checkint(L, 2));
13✔
377
    lua_pushinteger(L, t);
13✔
378
    return 1;
13✔
379
  }
380
  t = SSL_CTX_get_timeout(ctx);
13✔
381
  lua_pushinteger(L, t);
13✔
382
  return 1;
13✔
383
}
384

385
static const int iMode_options[] = { SSL_MODE_ENABLE_PARTIAL_WRITE,
386
                                     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER,
387
                                     SSL_MODE_AUTO_RETRY,
388
                                     SSL_MODE_NO_AUTO_CHAIN,
389
#ifdef SSL_MODE_RELEASE_BUFFERS
390
                                     SSL_MODE_RELEASE_BUFFERS,
391
#endif
392
                                     0 };
393

394
static const char *sMode_options[] = { "enable_partial_write",
395
                                       "accept_moving_write_buffer",
396
                                       "auto_retry",
397
                                       "no_auto_chain",
398
#ifdef SSL_MODE_RELEASE_BUFFERS
399
                                       "release_buffers",
400
#endif
401
                                       NULL };
402

403
/***
404
clean given mode
405
mode support
406
'enable_partial_write','accept_moving_write_buffer','auto_retry','no_auto_chain','release_buffers'
407
@function mode
408
@tparam boolean clear must be true
409
@tparam string mode
410
@param[opt] ...
411
@treturn string
412
@treturn ...
413
@usage
414
 modes = { ssl_ctx:mode('enable_partial_write','accept_moving_write_buffer','auto_retry') },
415

416
  for  i, v in ipairs(modes)
417
    print(v)
418
 end
419
 --output 'enable_partial_write','accept_moving_write_buffer','auto_retry'
420
*/
421
static int
422
openssl_ssl_ctx_mode(lua_State *L)
8✔
423
{
424
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
8✔
425
  int      mode = 0;
8✔
426
  int      ret;
427
  int      i;
428
  if (!lua_isnoneornil(L, 2)) {
8✔
429
    int clear = 0;
8✔
430
    if (lua_isboolean(L, 2)) {
8✔
431
      clear = lua_toboolean(L, 2);
8✔
432
      i = 3;
8✔
433
    } else
UNCOV
434
      i = 2;
×
435
    while (i <= lua_gettop(L)) {
40✔
436
      mode = mode | auxiliar_checkoption(L, i++, NULL, sMode_options, iMode_options);
32✔
437
    }
438
    if (clear != 0)
8✔
439
      mode = SSL_CTX_set_mode(ctx, mode);
4✔
440
    else
441
      mode = SSL_CTX_clear_mode(ctx, mode);
4✔
442
  } else
UNCOV
443
    mode = SSL_CTX_get_mode(ctx);
×
444
  ret = 0;
8✔
445
  for (i = 0; i < sizeof(iMode_options) / sizeof(int); i++) {
56✔
446
    if (mode & iMode_options[i]) {
48✔
447
      lua_pushstring(L, sMode_options[i]);
16✔
448
      ret++;
16✔
449
    }
450
  }
451
  return ret;
8✔
452
};
453

454
/***
455
get options
456
@function options
457
@treturn table string list of current options
458
*/
459

460
/***
461
set options
462
@function options
463
@tparam string option, support "microsoft_sess_id_bug", "netscape_challenge_bug",
464
"netscape_reuse_cipher_change_bug", "sslref2_reuse_cert_type_bug", "microsoft_big_sslv3_buffer",
465
"msie_sslv3_rsa_padding","ssleay_080_client_dh_bug",
466
"tls_d5_bug","tls_block_padding_bug","dont_insert_empty_fragments","all", please to see
467
ssl_options.h
468
@treturn table string list of current options after set new option
469
*/
470

471
/***
472
clear options
473
@function options
474
@tparam boolean clear set true to clear options
475
@tparam string option, support "microsoft_sess_id_bug", "netscape_challenge_bug",
476
"netscape_reuse_cipher_change_bug", "sslref2_reuse_cert_type_bug", "microsoft_big_sslv3_buffer",
477
"msie_sslv3_rsa_padding","ssleay_080_client_dh_bug",
478
"tls_d5_bug","tls_block_padding_bug","dont_insert_empty_fragments","all",  please to see
479
ssl_options.h
480
@treturn table string list of current options after clear some option
481
*/
482
static int
483
openssl_ssl_ctx_options(lua_State *L)
687✔
484
{
485
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
687✔
486
  long     options = 0;
687✔
487
  int      ret;
488
  int      i;
489
  if (!lua_isnone(L, 2)) {
687✔
490
    int top = lua_gettop(L);
40✔
491
    int clear = 0;
40✔
492
    if (lua_isboolean(L, 2)) {
40✔
493
      clear = lua_toboolean(L, 2);
8✔
494
      i = 3;
8✔
495
    } else
496
      i = 2;
32✔
497
    for (; i <= top; i++) {
84✔
498
      if (lua_isnumber(L, i))
48✔
499
        options |= (long)luaL_checkinteger(L, i);
36✔
500
      else {
501
        const char *s = luaL_checkstring(L, i);
12✔
502
        int         j;
503
        for (j = 0; ssl_options[j].name; j++) {
176✔
504
          LuaL_Enumeration e = ssl_options[j];
176✔
505
          if (strcasecmp(s, e.name) == 0) {
176✔
506
            options |= e.val;
8✔
507
            break;
8✔
508
          }
509
        }
510
      }
511
    }
512

513
    if (clear != 0)
36✔
514
      options = SSL_CTX_clear_options(ctx, options);
4✔
515
    else
516
      options = SSL_CTX_set_options(ctx, options);
32✔
517
  } else
518
    options = SSL_CTX_get_options(ctx);
647✔
519

520
  lua_newtable(L);
683✔
521
  ret = 0;
683✔
522
  for (i = 0; ssl_options[i].name; i++) {
23,905✔
523
    LuaL_Enumeration e = ssl_options[i];
23,222✔
524
    if (options & e.val) {
23,222✔
525
      lua_pushstring(L, e.name);
1,189✔
526
      ret++;
1,189✔
527
      lua_rawseti(L, -2, ret);
1,189✔
528
    }
529
  }
530
  return 1;
683✔
531
}
532

533
/***
534
get min_proto_version and max_proto_version
535
@function version
536
@treturn[1] integer min_proto_version
537
@treturn[2] integer man_proto_version
538
*/
539

540
/***
541
set min_proto_version and max_proto_version
542
@function options
543
@tparam integer min
544
@tparam integer max
545
@treturn boolean result or fail
546
*/
547
#if OPENSSL_VERSION_NUMBER > 0x10100000L
548
static int
549
openssl_ssl_ctx_version(lua_State *L)
21✔
550
{
551
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
21✔
552
  int      ret;
553
  int      minv = SSL_CTX_get_min_proto_version(ctx);
21✔
554
  int      maxv = SSL_CTX_get_max_proto_version(ctx);
21✔
555

556
  if (lua_isnone(L, 2)) {
21✔
557
    lua_pushinteger(L, minv);
558
    lua_pushinteger(L, maxv);
559
    return 2;
560
  }
561

562
  minv = luaL_optinteger(L, 2, minv);
21✔
563
  maxv = luaL_optinteger(L, 3, maxv);
21✔
564
  luaL_argcheck(L, minv <= maxv, 3, "max version can't less than min");
21✔
565

566
  ret = SSL_CTX_set_min_proto_version(ctx, minv);
21✔
567
  if (ret == 1) ret = SSL_CTX_set_min_proto_version(ctx, maxv);
21✔
568

569
  if (ret == 1) {
21✔
570
    lua_pushvalue(L, 1);
21✔
571
    return 1;
21✔
572
  }
573
  return openssl_pushresult(L, ret);
574
}
575
#endif
576

577
/***
578
get quit_shutdown is set or not
579
Normally when a SSL connection is finished, the parties must send out
580
"close notify" alert messages using ***SSL:shutdown"*** for a clean shutdown.
581
@function quiet_shutdown
582
@treturn boolean result
583
*/
584
/***
585
set quiet_shutdown
586
@function quiet_shutdown
587
@tparam boolean quiet
588
When setting the "quiet shutdown" flag to 1, ***SSL:shutdown*** will set the internal flags
589
to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. ***SSL:shutdown*** then behaves like
590
***SSL:set_shutdown*** called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
591
The session is thus considered to be shutdown, but no "close notify" alert
592
is sent to the peer. This behaviour violates the TLS standard.
593
The default is normal shutdown behaviour as described by the TLS standard.
594
@treturn boolean result
595
*/
596
static int
597
openssl_ssl_ctx_quiet_shutdown(lua_State *L)
26✔
598
{
599
  SSL_CTX *s = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
26✔
600
  if (lua_isnone(L, 2)) {
26✔
601
    int m = SSL_CTX_get_quiet_shutdown(s);
13✔
602
    lua_pushinteger(L, m);
13✔
603
    return 1;
13✔
604
  } else {
605
    int m = luaL_checkint(L, 2);
13✔
606
    SSL_CTX_set_quiet_shutdown(s, m);
13✔
607
    return 0;
13✔
608
  }
609
};
610

611
/***
612
set verify locations with cafile and capath
613
ssl_ctx:verify_locations specifies the locations for *ctx*, at
614
which CA certificates for verification purposes are located. The certificates
615
available via *CAfile* and *CApath* are trusted.
616
@function verify_locations
617
@tparam string cafile
618
@tparam string capath
619
@treturn boolean result
620
*/
621
static int
622
openssl_ssl_ctx_load_verify_locations(lua_State *L)
646✔
623
{
624
  SSL_CTX    *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
646✔
625
  const char *CAfile = luaL_checkstring(L, 2);
646✔
626
  const char *CApath = luaL_optstring(L, 3, NULL);
646✔
627
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
628
  int ret = !(CAfile == NULL && CApath == NULL);
430✔
629
  if (CAfile != NULL) ret = SSL_CTX_load_verify_file(ctx, CAfile);
430✔
630
  if (ret == 1 && CApath != NULL) ret = SSL_CTX_load_verify_dir(ctx, CApath);
430✔
631
#else
632
  int ret = SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
216✔
633
#endif
634
  return openssl_pushresult(L, ret);
646✔
635
}
636

637
/***
638
get certificate verification store of ssl_ctx
639
@function cert_store
640
@treturn x509_store store
641
*/
642
/***
643
set or replaces then certificate verification store of ssl_ctx
644
@function cert_store
645
@tparam x509_store store
646
@treturn x509_store store
647
*/
648
static int
649
openssl_ssl_ctx_cert_store(lua_State *L)
649✔
650
{
651
#if OPENSSL_VERSION_NUMBER > 0x10002000L
652
  SSL_CTX    *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
649✔
653
  X509_STORE *store = NULL;
649✔
654
  if (lua_isnone(L, 2)) {
649✔
655
    store = SSL_CTX_get_cert_store(ctx);
13✔
656
    X509_STORE_up_ref(store);
13✔
657
    PUSH_OBJECT(store, "openssl.x509_store");
13✔
658
    return 1;
13✔
659
  } else {
660
    store = CHECK_OBJECT(2, X509_STORE, "openssl.x509_store");
636✔
661
    X509_STORE_up_ref(store);
636✔
662
    SSL_CTX_set_cert_store(ctx, store);
636✔
663
    X509_STORE_set_trust(store, 1);
636✔
664
    return 0;
636✔
665
  }
666
#else
667
  luaL_error(L, "NYI, openssl below 1.0.2 not fully support this feature");
668
  return 0;
669
#endif
670
}
671

672
#ifndef OPENSSL_NO_ENGINE
673
/***
674
set client certificate engine for SSL context
675
@function set_engine
676
@tparam engine eng engine object to use for client certificates
677
@treturn boolean result true for success
678
*/
679
static int
680
openssl_ssl_ctx_set_engine(lua_State *L)
4✔
681
{
682
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
4✔
683
  ENGINE  *eng = CHECK_OBJECT(2, ENGINE, "openssl.engine");
4✔
684
  int      ret = SSL_CTX_set_client_cert_engine(ctx, eng);
4✔
685
  return openssl_pushresult(L, ret);
4✔
686
}
687
#endif
688

689
/****************************************************************************/
690
/***
691
create ssl object
692
@function ssl
693
@tparam number fd
694
@tparam[opt=false] boolean server, true will make ssl server
695
@treturn ssl
696
*/
697
/***
698
create ssl object
699
@function ssl
700
@tparam bio input
701
@tparam[opt=input] bio ouput, default will use input as output
702
@tparam[opt=false] boolean server, true will make ssl server
703
@treturn ssl
704
*/
705
static int
706
openssl_ssl_ctx_new_ssl(lua_State *L)
1,244✔
707
{
708
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
1,244✔
709
  int      server = 0;
1,244✔
710
  int      mode_idx = 2;
1,244✔
711
  SSL     *ssl = SSL_new(ctx);
1,244✔
712
  int      ret = 1;
1,244✔
713

714
  if (auxiliar_getclassudata(L, "openssl.bio", 2)) {
1,244✔
715
    BIO *bi = CHECK_OBJECT(2, BIO, "openssl.bio");
1,240✔
716
    BIO *bo = bi;
1,240✔
717

718
    /* avoid bi be gc */
719
    BIO_up_ref(bi);
1,240✔
720

721
    if (auxiliar_getclassudata(L, "openssl.bio", 3)) {
1,240✔
722
      bo = CHECK_OBJECT(3, BIO, "openssl.bio");
8✔
723
      mode_idx = 4;
8✔
724
    } else
725
      mode_idx = 3;
1,232✔
726

727
    /* avoid bo be gc */
728
    BIO_up_ref(bo);
1,240✔
729

730
#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
731
    SSL_set0_rbio(ssl, bi);
1,230✔
732
    SSL_set0_wbio(ssl, bo);
1,230✔
733
#else
734
    SSL_set_bio(ssl, bi, bo);
10✔
735
#endif
736
    ret = 1;
1,240✔
737
  } else if (lua_isnumber(L, 2)) {
4✔
UNCOV
738
    ret = SSL_set_fd(ssl, luaL_checkint(L, 2));
×
UNCOV
739
    mode_idx = 3;
×
740
  }
741

742
  if (ret == 1 && !lua_isnone(L, mode_idx)) {
1,244✔
743
    server = lua_isnil(L, mode_idx) ? 0 : auxiliar_checkboolean(L, mode_idx);
1,224✔
744
  }
745

746
  if (ret == 1) {
1,244✔
747
    if (server)
1,244✔
748
      SSL_set_accept_state(ssl);
612✔
749
    else
750
      SSL_set_connect_state(ssl);
632✔
751

752
    PUSH_OBJECT(ssl, "openssl.ssl");
1,244✔
753
    openssl_newvalue(L, ssl);
1,244✔
754

755
    /* ref to ctx */
756
    lua_pushvalue(L, 1);
1,244✔
757
    openssl_valueset(L, ssl, "ctx");
1,244✔
758
  } else {
UNCOV
759
    SSL_free(ssl);
×
UNCOV
760
    openssl_freevalue(L, ssl);
×
UNCOV
761
    return openssl_pushresult(L, ret);
×
762
  }
763
  return 1;
1,244✔
764
}
765

766
/***
767
create bio object
768
@function bio
769
@tparam string host_addr format like 'host:port'
770
@tparam[opt=false] boolean server, true listen at host_addr,false connect to host_addr
771
@tparam[opt=true] boolean autoretry ssl operation autoretry mode
772
@treturn bio bio object
773
*/
774
static int
775
openssl_ssl_ctx_new_bio(lua_State *L)
909✔
776
{
777
  SSL_CTX    *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
909✔
778
  const char *host_addr = luaL_checkstring(L, 2);
909✔
779
  int         server = lua_isnone(L, 3) ? 0 : auxiliar_checkboolean(L, 3);
909✔
780
  int         autoretry = lua_isnone(L, 4) ? 1 : auxiliar_checkboolean(L, 4);
909✔
781

782
  BIO *bio = server ? BIO_new_ssl(ctx, 0) : BIO_new_ssl_connect(ctx);
909✔
783
  if (bio) {
909✔
784
    int ret = 0;
909✔
785
    if (autoretry) {
909✔
786
      SSL *ssl = NULL;
909✔
787
      ret = BIO_get_ssl(bio, &ssl);
909✔
788
      if (ret == 1) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
909✔
789
    }
790
    if (server) {
909✔
791
      BIO *acpt = BIO_new_accept((char *)host_addr);
9✔
792
      BIO_set_accept_bios(acpt, bio);
9✔
793
      bio = acpt;
9✔
794
    } else {
795
      ret = BIO_set_conn_hostname(bio, host_addr);
900✔
796
    }
797
    if (ret == 1) {
909✔
798
      PUSH_OBJECT(bio, "openssl.bio");
909✔
799
      return 1;
909✔
800
    } else
UNCOV
801
      return openssl_pushresult(L, ret);
×
802
  } else {
UNCOV
803
    BIO_free(bio);
×
UNCOV
804
    bio = NULL;
×
UNCOV
805
    return 0;
×
806
  }
807
}
808

809
/***
810
get verify depth when cert chain veirition
811
@function verify_depth
812
@treturn number depth
813
*/
814
/***
815
set verify depth when cert chain veirition
816
@function verify_depth
817
@tparam number depth
818
@treturn number depth
819
*/
820
static int
821
openssl_ssl_ctx_verify_depth(lua_State *L)
10✔
822
{
823
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
10✔
824
  int      depth;
825
  if (!lua_isnone(L, 2)) {
10✔
826
    depth = luaL_checkint(L, 2);
10✔
827
    SSL_CTX_set_verify_depth(ctx, depth);
10✔
828
  }
829
  depth = SSL_CTX_get_verify_depth(ctx);
10✔
830
  lua_pushinteger(L, depth);
10✔
831
  return 1;
10✔
832
}
833

834
static const int iVerifyMode_Options[] = { SSL_VERIFY_NONE,
835
                                           SSL_VERIFY_PEER,
836
                                           SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
837
                                           SSL_VERIFY_CLIENT_ONCE,
838
                                           0 };
839

840
static const char *sVerifyMode_Options[] = { "none",
841
                                             "peer",
842
                                             "fail", /* fail_if_no_peer_cert */
843
                                             "once",
844
                                             NULL };
845

846
/***
847
get verify_mode, return number mode and all string modes list
848
@function verify_mode
849
@treturn number mode_code
850
@return ...
851
  none: not verify client cert
852
  peer: verify client cert
853
  fail: if client not have cert, will failure
854
  once: verify client only once.
855
@usage
856
  mode = {ctx:verify_mode()}
857
  print('integer mode',mode[1])
858
  for i=2, #mode then
859
    print('string mode:'..mode[i])
860
  end
861
*/
862
/***
863
set ssl verify mode and callback
864
@function verify_mode
865
@tparam number mode, mode set to ctx, must be ssl.none or ssl.peer, and ssl.peer support combine
866
with ssl.fail or ssl.once
867
@tparam[opt=nil] function ssl verify callback in lua function, not give will use default openssl
868
callback, when mode is 'none', will be ignore this verify_cb must be boolean function(verifyarg)
869
prototype, return true to continue or false to end ssl handshake verifyarg has field 'error',
870
'error_string','error_depth','current_cert', and 'preverify_ok'
871
@treturn boolean result
872
*/
873
static int
874
openssl_ssl_ctx_verify_mode(lua_State *L)
1,271✔
875
{
876
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
1,271✔
877
  if (lua_gettop(L) > 1) {
1,271✔
878
    int mode = luaL_checkint(L, 2);
1,261✔
879
    luaL_argcheck(
1,261✔
880
      L,
881
      mode == SSL_VERIFY_NONE
882
        || (mode & ~(SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE))
883
             == 0,
884
      2,
885
      "must be none or peer(combined with fail, once or none");
886

887
    luaL_argcheck(L, lua_isnone(L, 3) || lua_isfunction(L, 3), 3, "must be callback function");
1,261✔
888

889
    if (lua_isfunction(L, 3)) {
1,261✔
890
      lua_pushvalue(L, 3);
622✔
891
      openssl_valueset(L, ctx, "verify_cb");
622✔
892
      SSL_CTX_set_verify(ctx, mode, openssl_verify_cb);
622✔
893
    } else {
894
      lua_pushnil(L);
639✔
895
      openssl_valueset(L, ctx, "verify_cb");
639✔
896
      SSL_CTX_set_verify(ctx, mode, openssl_verify_cb);
639✔
897
    }
898
    return 0;
1,261✔
899
  } else {
900
    int i = 0;
10✔
901
    int mode = SSL_CTX_get_verify_mode(ctx);
10✔
902
    lua_pushinteger(L, mode);
10✔
903
    i += 1;
10✔
904

905
    if (mode == SSL_VERIFY_NONE) {
10✔
906
      lua_pushstring(L, "none");
4✔
907
      i += 1;
4✔
908
    } else {
909
      if (mode & SSL_VERIFY_PEER) {
6✔
910
        lua_pushstring(L, "peer");
6✔
911
        i += 1;
6✔
912

913
        if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
6✔
914
          lua_pushstring(L, "fail");
6✔
915
          i += 1;
6✔
916
        }
917
        if (mode & SSL_VERIFY_CLIENT_ONCE) {
6✔
UNCOV
918
          lua_pushstring(L, "once");
×
UNCOV
919
          i += 1;
×
920
        }
921
      }
922
    }
923
    return i;
10✔
924
  }
925
}
926

927
/***
928
set certificate verify callback function
929
@function set_cert_verify
930
@tparam[opt] function cert_verify_cb with boolean function(verifyargs) prototype, if nil or none
931
will use openssl default callback verifyargs has field 'error',
932
'error_string','error_depth','current_cert'
933
@treturn various return value
934
*/
935
/***
936
set certificate verify options
937
@function set_cert_verify
938
@tparam table verify_cb_flag support field always_continue with boolean value and verify_depth with
939
number value.
940
@treturn boolean result true for success
941
*/
942
static int
943
openssl_ssl_ctx_set_cert_verify(lua_State *L)
635✔
944
{
945
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
635✔
946
  luaL_argcheck(L,
635✔
947
                lua_isnone(L, 2) || lua_isfunction(L, 2) || lua_istable(L, 2),
948
                2,
949
                "need function or table contains flags");
950
  if (lua_istable(L, 2)) {
635✔
951
    lua_pushvalue(L, 2);
21✔
952
    openssl_valueset(L, ctx, "verify_cb_flags");
21✔
953
    SSL_CTX_set_cert_verify_callback(ctx, openssl_cert_verify_cb, openssl_mainthread(L));
21✔
954
  } else if (lua_isfunction(L, 2)) {
614✔
955
    lua_pushvalue(L, 2);
606✔
956
    openssl_valueset(L, ctx, "cert_verify_cb");
606✔
957
    SSL_CTX_set_cert_verify_callback(ctx, openssl_cert_verify_cb, openssl_mainthread(L));
606✔
958
  } else
959
    SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
8✔
960
  return 0;
635✔
961
}
962

963
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
964
/***
965
set the list of client ALPN protocols available to be negotiated by the server
966
@function set_alpn_protos
967
@tparam table protos the protocol list
968
@treturn various return value
969
*/
970
static int
971
openssl_ssl_ctx_set_alpn_protos(lua_State *L)
600✔
972
{
973
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
600✔
974

975
  if (lua_istable(L, 2)) {
600✔
976
    size_t         proto_list_len = 0;
600✔
977
    size_t         proto_list_size = 256;
600✔
978
    unsigned char *proto_list = malloc(proto_list_size);
600✔
979
    size_t         proto_len;
980
    const char    *proto;
981
    int            i;
982
    int            l = lua_rawlen(L, 2);
600✔
983
    char          *err = NULL;
600✔
984

985
    for (i = 1; i <= l; i++) {
1,800✔
986
      lua_rawgeti(L, 2, i);
1,200✔
987
      proto = lua_tolstring(L, -1, &proto_len);
1,200✔
988
      lua_pop(L, 1);
1,200✔
989
      if (proto == NULL) {
1,200✔
UNCOV
990
        err = "invalid protocol value";
×
UNCOV
991
        break;
×
992
      }
993
      if (proto_len > 255) {
1,200✔
UNCOV
994
        err = "too long protocol value";
×
UNCOV
995
        break;
×
996
      }
997
      if (proto_list_len + proto_len >= proto_list_size) {
1,200✔
998
        do {
UNCOV
999
          proto_list_size = proto_list_size * 2;
×
UNCOV
1000
        } while (proto_list_len + proto_len >= proto_list_size);
×
UNCOV
1001
        proto_list = realloc(proto_list, proto_list_size);
×
1002
      }
1003
      if (proto_list == NULL) {
1,200✔
1004
        err = "fail to allocate protocol list";
×
UNCOV
1005
        break;
×
1006
      }
1007
      proto_list[proto_list_len++] = proto_len;
1,200✔
1008
      memcpy(proto_list + proto_list_len, proto, proto_len);
1,200✔
1009
      proto_list_len += proto_len;
1,200✔
1010
    }
1011
    if (err == NULL) {
600✔
1012
      if (SSL_CTX_set_alpn_protos(ctx, proto_list, proto_list_len) != 0) {
600✔
1013
        err = "fail to set ALPN protocols";
×
1014
      }
1015
    }
1016
    free(proto_list);
600✔
1017
    if (err != NULL) return luaL_error(L, err);
600✔
1018
  } else
UNCOV
1019
    return luaL_error(L, "table expected");
×
1020

1021
  return 0;
600✔
1022
}
1023

1024
static int
1025
openssl_mem_search(const unsigned char *mem, int memsize, const unsigned char *part, int partsize)
300✔
1026
{
1027
  int mempos, partpos;
1028
  for (mempos = 0; mempos <= memsize - partsize; mempos++) {
600✔
1029
    for (partpos = 0; partpos < partsize; partpos++)
3,000✔
1030
      if (mem[mempos + partpos] != part[partpos]) break;
2,700✔
1031
    if (partpos == partsize) return mempos;
600✔
1032
  }
UNCOV
1033
  return -1;
×
1034
}
1035

1036
static int
1037
openssl_alpn_select_cb(SSL                  *ssl,
300✔
1038
                       const unsigned char **out,
1039
                       unsigned char        *outlen,
1040
                       const unsigned char  *in,
1041
                       unsigned int          inlen,
1042
                       void                 *arg)
1043
{
1044
  lua_State *L = (lua_State *)arg;
300✔
1045
  int        result = SSL_TLSEXT_ERR_ALERT_FATAL;
300✔
1046
  SSL_CTX   *ctx = SSL_get_SSL_CTX(ssl);
300✔
1047

1048
  if (L) {
300✔
1049
    openssl_valueget(L, ctx, "alpn_select_cb");
300✔
1050
    if (lua_isfunction(L, -1)) {
300✔
1051
      int index = 1;
300✔
1052
      int pos = 0;
300✔
1053
      // the function is on the stack, adding the table of protocols to be selected
1054
      lua_newtable(L);
300✔
1055
      while (pos < inlen) {
900✔
1056
        int len = in[pos++];
600✔
1057
        lua_pushlstring(L, (const char *)in + pos, len);
600✔
1058
        lua_rawseti(L, -2, index++);
600✔
1059
        pos += len;
600✔
1060
      }
1061
      if (lua_pcall(L, 1, 1, 0) == 0) {
300✔
1062
        size_t      sellen;
1063
        const char *selected = lua_tolstring(L, -1, &sellen);
300✔
1064
        if (selected) {
300✔
1065
          pos = openssl_mem_search(in, inlen, (const unsigned char *)selected, sellen);
300✔
1066
          if (pos != -1) {
300✔
1067
            *out = in + pos;
300✔
1068
            *outlen = sellen;
300✔
1069
            result = SSL_TLSEXT_ERR_OK;
300✔
1070
          }
1071
        }
1072
      } else {
UNCOV
1073
        fprintf(stderr, "alpn select callback error: %s\n", lua_tostring(L, -1));
×
1074
      }
1075
      lua_pop(L, 1);
300✔
1076
    }
1077
  }
1078
  return result;
300✔
1079
}
1080

1081
/***
1082
set ALPN server protocol selection callback to select which protocol to use for the incoming
1083
connection
1084
@function set_alpn_select_cb
1085
@tparam[opt] function alpn_select_cb callback that receive the prototype list as a table and return
1086
the one selected as a string
1087
@treturn various return value
1088
*/
1089
static int
1090
openssl_ssl_ctx_set_alpn_select_cb(lua_State *L)
6✔
1091
{
1092
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
6✔
1093

1094
  if (lua_isfunction(L, 2)) {
6✔
1095
    lua_pushvalue(L, 2);
6✔
1096
    openssl_valueset(L, ctx, "alpn_select_cb");
6✔
1097
    SSL_CTX_set_alpn_select_cb(ctx, openssl_alpn_select_cb, openssl_mainthread(L));
6✔
1098
  } else
UNCOV
1099
    SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
×
1100

1101
  return 0;
6✔
1102
}
1103
#endif
1104

1105
#if OPENSSL_VERSION_NUMBER < 0x10100000L
1106
static DH *
1107
tmp_dh_callback(SSL *ssl, int is_export, int keylength)
1108
{
1109
  DH        *dh_tmp = NULL;
1110
  SSL_CTX   *ctx = SSL_get_SSL_CTX(ssl);
1111
  lua_State *L = SSL_CTX_get_app_data(ctx);
1112

1113
  int type = openssl_valuegeti(L, ctx, SSL_CTX_TEMP_DH);
1114
  if (type == LUA_TFUNCTION) {
1115
    int ret;
1116
    /* top is callback function */
1117
    /* Invoke the callback */
1118
    lua_pushboolean(L, is_export);
1119
    lua_pushnumber(L, keylength);
1120
    ret = lua_pcall(L, 2, 1, 0);
1121
    if (ret == 0) {
1122
      BIO *bio;
1123
      /* Load parameters from returned value */
1124
      if (lua_type(L, -1) != LUA_TSTRING) {
1125
        lua_pop(L, 2); /* Remove values from stack */
1126
        return NULL;
1127
      }
1128
      bio = BIO_new_mem_buf((void *)lua_tostring(L, -1), lua_rawlen(L, -1));
1129
      if (bio) {
1130
        dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1131
        BIO_free(bio);
1132
      }
1133
    } else {
1134
      lua_error(L);
1135
    }
1136

1137
    lua_pop(L, 2); /* Remove values from stack */
1138
    return dh_tmp;
1139
  }
1140
  lua_pop(L, 1);
1141
  return NULL;
1142
}
1143

1144
static RSA *
1145
tmp_rsa_callback(SSL *ssl, int is_export, int keylength)
1146
{
1147
  RSA       *rsa_tmp = NULL;
1148
  SSL_CTX   *ctx = SSL_get_SSL_CTX(ssl);
1149
  lua_State *L = SSL_CTX_get_app_data(ctx);
1150
  int        type = openssl_valuegeti(L, ctx, SSL_CTX_TEMP_RSA);
1151
  if (type == LUA_TFUNCTION) {
1152
    int ret;
1153
    /* top is callback function */
1154
    /* Invoke the callback */
1155
    lua_pushboolean(L, is_export);
1156
    lua_pushnumber(L, keylength);
1157
    ret = lua_pcall(L, 2, 1, 0);
1158
    if (ret == 0) {
1159
      BIO *bio;
1160
      /* Load parameters from returned value */
1161
      if (lua_type(L, -1) != LUA_TSTRING) {
1162
        lua_pop(L, 2); /* Remove values from stack */
1163
        return NULL;
1164
      }
1165
      bio = BIO_new_mem_buf((void *)lua_tostring(L, -1), lua_rawlen(L, -1));
1166
      if (bio) {
1167
        rsa_tmp = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
1168
        BIO_free(bio);
1169
      }
1170
    } else {
1171
      lua_error(L);
1172
    }
1173

1174
    lua_pop(L, 2); /* Remove values from stack */
1175
    return rsa_tmp;
1176
  }
1177
  lua_pop(L, 1);
1178
  return NULL;
1179
}
1180

1181
static EC_KEY *
1182
tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
1183
{
1184
  EC_KEY    *ec_tmp = NULL;
1185
  SSL_CTX   *ctx = SSL_get_SSL_CTX(ssl);
1186
  lua_State *L = SSL_CTX_get_app_data(ctx);
1187
  int        type = openssl_valuegeti(L, ctx, SSL_CTX_TEMP_ECDH);
1188
  if (type == LUA_TFUNCTION) {
1189
    int ret;
1190
    /* top is callback function */
1191
    /* Invoke the callback */
1192
    lua_pushboolean(L, is_export);
1193
    lua_pushnumber(L, keylength);
1194
    ret = lua_pcall(L, 2, 1, 0);
1195
    if (ret == 0) {
1196
      BIO *bio;
1197
      /* Load parameters from returned value */
1198
      if (lua_type(L, -1) != LUA_TSTRING) {
1199
        lua_pop(L, 2); /* Remove values from stack */
1200
        return NULL;
1201
      }
1202
      bio = BIO_new_mem_buf((void *)lua_tostring(L, -1), lua_rawlen(L, -1));
1203
      if (bio) {
1204
        ec_tmp = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL);
1205
        BIO_free(bio);
1206
      }
1207
    } else {
1208
      lua_error(L);
1209
    }
1210

1211
    lua_pop(L, 2); /* Remove values from stack */
1212
    return ec_tmp;
1213
  }
1214
  lua_pop(L, 1);
1215
  return NULL;
1216
}
1217

1218
/***
1219
set temp callback
1220
@function set_tmp
1221
@tparam string keytype, 'dh','ecdh',or 'rsa'
1222
@tparam function tmp_cb
1223
@param[opt] vararg
1224
@treturn userdata object created
1225
*/
1226
/***
1227
set tmp key content pem format
1228
@function set_tmp
1229
@tparam string keytype, 'dh','ecdh',or 'rsa'
1230
@tparam[opt] string private key file
1231
@treturn boolean result true for success
1232
*/
1233

1234
static int
1235
openssl_ssl_ctx_set_tmp(lua_State *L)
1236
{
1237
  SSL_CTX           *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
1238
  static const char *which[] = { "dh", "rsa", "ecdh", NULL };
1239

1240
  int nwhich = luaL_checkoption(L, 2, "rsa", which);
1241

1242
  if (lua_isfunction(L, 3)) {
1243
    lua_pushvalue(L, 3);
1244
    /* set callback function */
1245
    switch (nwhich) {
1246
    case 0:
1247
      openssl_valueseti(L, ctx, SSL_CTX_TEMP_DH);
1248
      SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
1249
      break;
1250
    case 1:
1251
      openssl_valueseti(L, ctx, SSL_CTX_TEMP_RSA);
1252
      SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_callback);
1253
      break;
1254
    case 2:
1255
      openssl_valueseti(L, ctx, SSL_CTX_TEMP_ECDH);
1256
      SSL_CTX_set_tmp_ecdh_callback(ctx, tmp_ecdh_callback);
1257
      break;
1258
    }
1259
    lua_pushboolean(L, 1);
1260
    return 1;
1261
  } else if (lua_isuserdata(L, 3)) {
1262
    luaL_argerror(L, 3, "userdata arg NYI");
1263
  } else {
1264
    int  ret;
1265
    BIO *bio = lua_isstring(L, 3) ? load_bio_object(L, 3) : NULL;
1266
    switch (nwhich) {
1267
    case 0: {
1268
      DH *dh = NULL;
1269
      if (bio) {
1270
        dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1271
        BIO_free(bio);
1272
      } else {
1273
        int bits = 1024;
1274
        int generator = 2;
1275
        dh = DH_new();
1276
        ret = DH_generate_parameters_ex(dh, bits, generator, NULL);
1277
        if (ret == 1) {
1278
          ret = DH_generate_key(dh);
1279
        }
1280
        if (ret != 1) {
1281
          DH_free(dh);
1282
          dh = NULL;
1283
        }
1284
      }
1285
      if (dh) {
1286
        ret = SSL_CTX_set_tmp_dh(ctx, dh);
1287
        if (ret)
1288
          PUSH_OBJECT(dh, "openssl.dh");
1289
        else {
1290
          DH_free(dh);
1291
          lua_pushnil(L);
1292
        }
1293
        return 1;
1294
      } else
1295
        luaL_error(L, "load or generate new tmp dh fail");
1296
    } break;
1297
    case 1: {
1298
      RSA *rsa = NULL;
1299
      if (bio) {
1300
        rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
1301
        BIO_free(bio);
1302
      } else {
1303
        BIGNUM *e = BN_new();
1304
        rsa = RSA_new();
1305
        BN_set_word(e, RSA_F4);
1306
        ret = RSA_generate_key_ex(rsa, 2048, e, NULL);
1307
        BN_free(e);
1308
        if (ret != 0) {
1309
          RSA_free(rsa);
1310
          rsa = NULL;
1311
        }
1312
      }
1313

1314
      if (rsa) {
1315
        ret = SSL_CTX_set_tmp_rsa(ctx, rsa);
1316
        if (ret) {
1317
          PUSH_OBJECT(rsa, "openssl.rsa");
1318
        } else {
1319
          RSA_free(rsa);
1320
          lua_pushnil(L);
1321
        }
1322
        return 1;
1323
      } else
1324
        luaL_error(L, "load or generate new tmp rsa fail");
1325
    } break;
1326
    case 2: {
1327
      int       nid = NID_undef;
1328
      EC_GROUP *g = NULL;
1329
      EC_KEY   *ec = NULL;
1330

1331
      if (lua_isstring(L, 3)) {
1332
        nid = OBJ_txt2nid(lua_tostring(L, 3));
1333
        if (nid != NID_undef) {
1334
          BIO_free(bio);
1335
          bio = NULL;
1336
        }
1337
      } else {
1338
        nid = OBJ_txt2nid("prime256v1");
1339
      }
1340
      if (nid != NID_undef) g = EC_GROUP_new_by_curve_name(nid);
1341

1342
      if (bio) {
1343
        ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL);
1344
        BIO_free(bio);
1345
      } else if (g) {
1346
        ec = EC_KEY_new();
1347
        EC_KEY_set_group(ec, g);
1348
        EC_GROUP_free(g);
1349
        ret = EC_KEY_generate_key(ec);
1350
        if (ret != 1) {
1351
          EC_KEY_free(ec);
1352
          ec = NULL;
1353
        }
1354
      }
1355

1356
      if (ec) {
1357
        ret = SSL_CTX_set_tmp_ecdh(ctx, ec);
1358
        if (ret) {
1359
          PUSH_OBJECT(ec, "openssl.ec_key");
1360
        } else {
1361
          EC_KEY_free(ec);
1362
          lua_pushnil(L);
1363
        }
1364
        return 1;
1365
      } else
1366
        luaL_error(L, "load or generate new tmp ec_key fail");
1367
    } break;
1368
    }
1369
  }
1370

1371
  return openssl_pushresult(L, 0);
1372
}
1373
#endif
1374

1375
static int
1376
tlsext_servername_callback(SSL *ssl, int *ad, void *arg)
621✔
1377
{
1378
  SSL_CTX    *newctx = NULL;
621✔
1379
  SSL_CTX    *ctx = arg;
621✔
1380
  lua_State  *L = SSL_CTX_get_app_data(ctx);
621✔
1381
  const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
621✔
1382
  (void)ad;
1383

1384
  /* No name, use default context */
1385
  if (!name) return SSL_TLSEXT_ERR_NOACK;
621✔
1386

1387
  /* Search for the name in the map */
1388
  openssl_valueget(L, ctx, "tlsext_servername");
16✔
1389
  if (lua_istable(L, -1)) {
16✔
1390
    lua_getfield(L, -1, name);
13✔
1391
    newctx = GET_OBJECT(-1, SSL_CTX, "openssl.ssl_ctx");
13✔
1392
    lua_pop(L, 2);
13✔
1393
  } else {
1394
    lua_pushstring(L, name);
3✔
1395
    if (lua_pcall(L, 1, 1, 0) == 0) {
3✔
1396
      newctx = GET_OBJECT(-1, SSL_CTX, "openssl.ssl_ctx");
3✔
1397
    } else
UNCOV
1398
      return lua_error(L);
×
1399
  }
1400
  if (newctx) {
16✔
1401
    SSL_set_SSL_CTX(ssl, newctx);
16✔
1402
    return SSL_TLSEXT_ERR_OK;
16✔
1403
  }
1404

UNCOV
1405
  return SSL_TLSEXT_ERR_ALERT_FATAL;
×
1406
}
1407

1408
/***
1409
set servername callback
1410
@function set_servername_callback
1411
@tparam table|function info `function(name) return ctx end` or table
1412
@treturn ssl_ctx|fail
1413
*/
1414
static int
1415
openssl_ssl_ctx_set_servername_callback(lua_State *L)
14✔
1416
{
1417
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
14✔
1418
  luaL_argcheck(L, lua_istable(L, 2) || lua_isfunction(L, 2), 2, "must be table or function");
14✔
1419

1420
  lua_pushvalue(L, 2);
14✔
1421
  openssl_valueset(L, ctx, "tlsext_servername");
14✔
1422
  SSL_CTX_set_tlsext_servername_callback(ctx, tlsext_servername_callback);
14✔
1423
  SSL_CTX_set_tlsext_servername_arg(ctx, ctx);
14✔
1424

1425
  return 0;
14✔
1426
}
1427

1428
/***
1429
set session callback
1430
@function set_session_callback
1431
@tparam function new
1432
@tparam function get
1433
@tparam function remove
1434
@treturn various return value
1435
*/
1436

1437
static int
1438
openssl_add_session(SSL *ssl, SSL_SESSION *session)
47✔
1439
{
1440
  int        ret;
1441
  SSL_CTX   *ctx = SSL_get_SSL_CTX(ssl);
47✔
1442
  lua_State *L = SSL_CTX_get_app_data(ctx);
47✔
1443

1444
  openssl_valuegeti(L, ctx, SSL_CTX_SESSION_ADD);
47✔
1445
  SSL_up_ref(ssl);
47✔
1446
  PUSH_OBJECT(ssl, "openssl.ssl");
47✔
1447
  openssl_newvalue(L, ssl);
47✔
1448
  PUSH_OBJECT(session, "openssl.ssl_session");
47✔
1449

1450
  ret = lua_pcall(L, 2, 1, 0);
47✔
1451
  if (ret != LUA_OK) {
47✔
UNCOV
1452
    fprintf(stderr, "add session callback error: %s\n", lua_tostring(L, -1));
×
UNCOV
1453
    ret = 0;
×
1454
  } else
1455
    ret = lua_isboolean(L, -1) ? lua_toboolean(L, -1) : lua_tointeger(L, -1);
47✔
1456

1457
  lua_pop(L, 1);
47✔
1458
  return ret;
47✔
1459
}
1460

1461
static SSL_SESSION *
1462
openssl_get_session(SSL *ssl, CONSTIFY_OPENSSL unsigned char *id, int idlen, int *do_copy)
4✔
1463
{
1464
  int          ret;
1465
  SSL_CTX     *ctx = SSL_get_SSL_CTX(ssl);
4✔
1466
  lua_State   *L = SSL_CTX_get_app_data(ctx);
4✔
1467
  SSL_SESSION *session = NULL;
4✔
1468

1469
  openssl_valuegeti(L, ctx, SSL_CTX_SESSION_GET);
4✔
1470
  SSL_up_ref(ssl);
4✔
1471
  PUSH_OBJECT(ssl, "openssl.ssl");
4✔
1472
  openssl_newvalue(L, ssl);
4✔
1473
  lua_pushlstring(L, (const char *)id, idlen);
4✔
1474

1475
  ret = lua_pcall(L, 2, 1, 0);
4✔
1476
  if (ret != LUA_OK) {
4✔
UNCOV
1477
    fprintf(stderr, "get session callback error: %s\n", lua_tostring(L, -1));
×
UNCOV
1478
    lua_pop(L, 1);
×
UNCOV
1479
    return NULL;
×
1480
  }
1481
  if (lua_isstring(L, -1)) {
4✔
UNCOV
1482
    size_t               size = 0;
×
UNCOV
1483
    const unsigned char *p = (const unsigned char *)lua_tolstring(L, -1, &size);
×
UNCOV
1484
    *do_copy = 0;
×
UNCOV
1485
    session = d2i_SSL_SESSION(NULL, &p, (int)size);
×
1486
  } else if ((session = GET_OBJECT(-1, SSL_SESSION, "openssl.ssl_session")) != NULL) {
4✔
1487
    *do_copy = 1;
4✔
UNCOV
1488
  } else if (lua_type(L, -1) != LUA_TNIL) {
×
UNCOV
1489
    fprintf(stderr,
×
1490
            "get session callback return unaccpet value: (type=%s)%s\n",
1491
            luaL_typename(L, -1),
1492
            lua_tostring(L, -1));
1493
  }
1494
  lua_pop(L, 1);
4✔
1495
  return session;
4✔
1496
}
1497

1498
static void
1499
openssl_del_session(SSL_CTX *ctx, SSL_SESSION *session)
16✔
1500
{
1501
  int          ret;
1502
  unsigned int len = 0;
16✔
1503
  ;
1504
  const unsigned char *id = NULL;
16✔
1505
  lua_State           *L = SSL_CTX_get_app_data(ctx);
16✔
1506

1507
  openssl_valuegeti(L, ctx, SSL_CTX_SESSION_DEL);
16✔
1508

1509
  id = SSL_SESSION_get_id(session, &len);
16✔
1510
  lua_pushlstring(L, (const char *)id, len);
16✔
1511

1512
  ret = lua_pcall(L, 1, 0, 0);
16✔
1513
  if (ret != LUA_OK) {
16✔
UNCOV
1514
    fprintf(stderr, "del session callback error: %s\n", lua_tostring(L, -1));
×
UNCOV
1515
    lua_pop(L, 1);
×
1516
  }
1517
}
16✔
1518

1519
static int
1520
openssl_ssl_ctx_set_session_callback(lua_State *L)
28✔
1521
{
1522
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
28✔
1523
  if (!lua_isnoneornil(L, 2)) {
28✔
1524
    luaL_checktype(L, 2, LUA_TFUNCTION);
28✔
1525
    lua_pushvalue(L, 2);
28✔
1526
    openssl_valueseti(L, ctx, SSL_CTX_SESSION_ADD);
28✔
1527
    SSL_CTX_sess_set_new_cb(ctx, openssl_add_session);
28✔
1528
  }
1529
  if (!lua_isnoneornil(L, 3)) {
28✔
1530
    luaL_checktype(L, 3, LUA_TFUNCTION);
28✔
1531
    lua_pushvalue(L, 3);
28✔
1532
    openssl_valueseti(L, ctx, SSL_CTX_SESSION_GET);
28✔
1533
    SSL_CTX_sess_set_get_cb(ctx, openssl_get_session);
28✔
1534
  }
1535
  if (!lua_isnoneornil(L, 4)) {
28✔
1536
    luaL_checktype(L, 4, LUA_TFUNCTION);
28✔
1537
    lua_pushvalue(L, 4);
28✔
1538
    openssl_valueseti(L, ctx, SSL_CTX_SESSION_DEL);
28✔
1539
    SSL_CTX_sess_set_remove_cb(ctx, openssl_del_session);
28✔
1540
  }
1541
  lua_pushvalue(L, 1);
28✔
1542
  return 1;
28✔
1543
}
1544

1545
/***
1546
flush sessions
1547
@function flush
1548
@treturn various return value
1549
*/
1550
static int
1551
openssl_ssl_ctx_flush_sessions(lua_State *L)
4✔
1552
{
1553
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
4✔
1554
  long     tm = luaL_checkinteger(L, 2);
4✔
1555
  SSL_CTX_flush_sessions(ctx, tm);
4✔
1556
  return 0;
4✔
1557
}
1558

1559
/***
1560
set ssl session
1561
@function sessions
1562
@treturn various return value
1563
*/
1564
static int
1565
openssl_ssl_ctx_sessions(lua_State *L)
12✔
1566
{
1567
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
12✔
1568
  if (lua_isstring(L, 2)) {
12✔
1569
    size_t         s;
1570
    unsigned char *sid_ctx = (unsigned char *)luaL_checklstring(L, 2, &s);
4✔
1571
    int            ret = SSL_CTX_set_session_id_context(ctx, sid_ctx, s);
4✔
1572
    return openssl_pushresult(L, ret);
4✔
1573
  } else {
1574
    SSL_SESSION *s = CHECK_OBJECT(2, SSL_SESSION, "openssl.ssl_session");
8✔
1575
    int          add = lua_isnone(L, 3) ? 1 : auxiliar_checkboolean(L, 3);
8✔
1576

1577
    if (add)
8✔
1578
      add = SSL_CTX_add_session(ctx, s);
4✔
1579
    else
1580
      add = SSL_CTX_remove_session(ctx, s);
4✔
1581
    return openssl_pushresult(L, add);
8✔
1582
  }
1583
}
1584

1585
/***
1586
get current session cache mode
1587
@function session_cache_mode
1588
@treturn table modes as array, mode is 'no_auto_clear','server','client','both','off'
1589
*/
1590

1591
/***
1592
set session cache mode,and return old mode
1593
@function session_cache_mode
1594
@tparam string mode support 'no_auto_clear','server','client','both','off',
1595
@treturn table old modes as array
1596
*/
1597
static int
1598
openssl_session_cache_mode(lua_State *L)
76✔
1599
{
1600
  static const char *smode[] = { "off",
1601
                                 "client",
1602
                                 "server",
1603
                                 "both",
1604
                                 "no_auto_clear",
1605
                                 "no_internal_lookup",
1606
                                 "no_internal_store",
1607
                                 "no_internal",
1608
                                 NULL };
1609
  static const int   imode[] = { SSL_SESS_CACHE_OFF,
1610
                                 SSL_SESS_CACHE_CLIENT,
1611
                                 SSL_SESS_CACHE_SERVER,
1612
                                 SSL_SESS_CACHE_BOTH,
1613
                                 SSL_SESS_CACHE_NO_AUTO_CLEAR,
1614
                                 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP,
1615
                                 SSL_SESS_CACHE_NO_INTERNAL_STORE,
1616
                                 SSL_SESS_CACHE_NO_INTERNAL,
1617
                                 -1 };
1618

1619
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
76✔
1620
  int      n = lua_gettop(L);
76✔
1621
  long     mode = 0;
76✔
1622
  int      i;
1623
  if (n > 1) {
76✔
1624
    if (lua_isnumber(L, 2)) {
48✔
1625
      mode = luaL_checkinteger(L, 2);
4✔
1626
      mode = SSL_CTX_set_session_cache_mode(ctx, mode);
4✔
1627
    } else {
1628
      for (i = 2; i <= n; i++) {
144✔
1629
        int j = auxiliar_checkoption(L, i, NULL, smode, imode);
100✔
1630
        mode |= j;
100✔
1631
      }
1632
      mode = SSL_CTX_set_session_cache_mode(ctx, mode);
44✔
1633
    }
1634
  } else {
1635
    mode = SSL_CTX_get_session_cache_mode(ctx);
28✔
1636
  };
1637

1638
  lua_newtable(L);
76✔
1639
  i = 0;
76✔
1640
  if (mode == SSL_SESS_CACHE_OFF) {
76✔
1641
    lua_pushstring(L, "off");
8✔
1642
    lua_rawseti(L, -2, ++i);
8✔
1643
  } else {
1644
    if (mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) {
68✔
1645
      lua_pushstring(L, "no_auto_clear");
8✔
1646
      lua_rawseti(L, -2, ++i);
8✔
1647
    }
1648
    if ((mode & SSL_SESS_CACHE_BOTH) == SSL_SESS_CACHE_BOTH) {
68✔
1649
      lua_pushstring(L, "both");
24✔
1650
      lua_rawseti(L, -2, ++i);
24✔
1651
    } else if (mode & SSL_SESS_CACHE_SERVER) {
44✔
1652
      lua_pushstring(L, "server");
36✔
1653
      lua_rawseti(L, -2, ++i);
36✔
1654
    } else if (mode & SSL_SESS_CACHE_CLIENT) {
8✔
1655
      lua_pushstring(L, "client");
8✔
1656
      lua_rawseti(L, -2, ++i);
8✔
1657
    }
1658
    if ((mode & SSL_SESS_CACHE_NO_INTERNAL) == SSL_SESS_CACHE_NO_INTERNAL) {
68✔
1659
      lua_pushstring(L, "no_internal");
24✔
1660
      lua_rawseti(L, -2, ++i);
24✔
1661
    } else if (mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) {
44✔
1662
      lua_pushstring(L, "no_internal_lookup");
8✔
1663
      lua_rawseti(L, -2, ++i);
8✔
1664
    } else if (mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
36✔
1665
      lua_pushstring(L, "no_internal_store");
8✔
1666
      lua_rawseti(L, -2, ++i);
8✔
1667
    }
1668
  }
1669

1670
  return 1;
76✔
1671
}
1672

1673
#if OPENSSL_VERSION_NUMBER > 0x1010100FL && !defined(LIBRESSL_VERSION_NUMBER)
1674
/***
1675
get or set number of TLS tickets
1676
@function num_tickets
1677
@tparam[opt] number num number of tickets to set
1678
@treturn number current number of tickets
1679
*/
1680
static int
1681
openssl_ssl_ctx_num_tickets(lua_State *L)
6✔
1682
{
1683
  SSL_CTX *ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
6✔
1684
  size_t   num;
1685
  if (!lua_isnone(L, 2)) {
6✔
1686
    num = luaL_checkinteger(L, 2);
3✔
1687
    SSL_CTX_set_num_tickets(ctx, num);
3✔
1688
  } else
1689
    num = SSL_CTX_get_num_tickets(ctx);
3✔
1690

1691
  lua_pushinteger(L, num);
6✔
1692
  return 1;
6✔
1693
}
1694
#endif
1695

1696
#ifdef SSL_CTX_EXT_DEFINE
1697
SSL_CTX_EXT_DEFINE
1698
#endif
1699

1700
static luaL_Reg ssl_ctx_funcs[] = {
1701
  { "ssl",                     openssl_ssl_ctx_new_ssl                 },
1702
  { "bio",                     openssl_ssl_ctx_new_bio                 },
1703
#ifndef SSL_CTX_USE_EXT
1704
  { "use",                     openssl_ssl_ctx_use                     },
1705
#else
1706
  SSL_CTX_USE_EXT
1707
#endif
1708
  { "add",                     openssl_ssl_ctx_add                     },
1709
  { "mode",                    openssl_ssl_ctx_mode                    },
1710
  { "timeout",                 openssl_ssl_ctx_timeout                 },
1711
  { "options",                 openssl_ssl_ctx_options                 },
1712
#if OPENSSL_VERSION_NUMBER > 0x10100000L
1713
  { "version",                 openssl_ssl_ctx_version                 },
1714
#endif
1715
#if OPENSSL_VERSION_NUMBER > 0x1010100FL && !defined(LIBRESSL_VERSION_NUMBER)
1716
  { "num_tickets",             openssl_ssl_ctx_num_tickets             },
1717
#endif
1718
  { "quiet_shutdown",          openssl_ssl_ctx_quiet_shutdown          },
1719
  { "verify_locations",        openssl_ssl_ctx_load_verify_locations   },
1720
  { "cert_store",              openssl_ssl_ctx_cert_store              },
1721
#ifndef OPENSSL_NO_ENGINE
1722
  { "set_engine",              openssl_ssl_ctx_set_engine              },
1723
#endif
1724
  { "verify_mode",             openssl_ssl_ctx_verify_mode             },
1725
  { "set_cert_verify",         openssl_ssl_ctx_set_cert_verify         },
1726
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
1727
  { "set_alpn_protos",         openssl_ssl_ctx_set_alpn_protos         },
1728
  { "set_alpn_select_cb",      openssl_ssl_ctx_set_alpn_select_cb      },
1729
#endif
1730

1731
  { "verify_depth",            openssl_ssl_ctx_verify_depth            },
1732
#if OPENSSL_VERSION_NUMBER < 0x10100000L
1733
  { "set_tmp",                 openssl_ssl_ctx_set_tmp                 },
1734
#endif
1735
  { "flush_sessions",          openssl_ssl_ctx_flush_sessions          },
1736
  { "session",                 openssl_ssl_ctx_sessions                },
1737
  { "session_cache_mode",      openssl_session_cache_mode              },
1738
  { "set_session_callback",    openssl_ssl_ctx_set_session_callback    },
1739
  { "set_servername_callback", openssl_ssl_ctx_set_servername_callback },
1740

1741
  { "__gc",                    openssl_ssl_ctx_gc                      },
1742
  { "__tostring",              auxiliar_tostring                       },
1743

1744
  { NULL,                      NULL                                    },
1745
};
1746

1747
/****************************SSL SESSION********************************/
1748
/***
1749
get peer certificate verify result
1750
@function getpeerverification
1751
@treturn boolean true for success
1752
@treturn table all certificate in chains verify result
1753
 preverify_ok as boolean verify result
1754
 error as number error code
1755
 error_string as string error message
1756
 error_depth as number verify depth
1757
 current_cert as x509 certificate to verified
1758
*/
1759
static int
1760
openssl_ssl_getpeerverification(lua_State *L)
604✔
1761
{
1762
  long err;
1763
  SSL *ssl = CHECK_OBJECT(1, SSL, "openssl.ssl");
604✔
1764

1765
  err = SSL_get_verify_result(ssl);
604✔
1766
  lua_pushboolean(L, err == X509_V_OK);
604✔
1767
  openssl_valueget(L, ssl, "verify_cert");
604✔
1768
  return 2;
604✔
1769
}
1770

1771
/***
1772
get or set SSL session time
1773
@function time
1774
@tparam[opt] number time session time to set (Unix timestamp)
1775
@treturn number current session time (if getting) or previous time (if setting)
1776
*/
1777
static int
1778
openssl_ssl_session_time(lua_State *L)
8✔
1779
{
1780
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
8✔
1781
  int          time;
1782
  if (!lua_isnone(L, 2)) {
8✔
1783
    time = luaL_checklong(L, 2);
4✔
1784
    time = SSL_SESSION_set_time(session, time);
4✔
1785
    lua_pushinteger(L, time);
4✔
1786
    return 1;
4✔
1787
  }
1788
  time = SSL_SESSION_get_time(session);
4✔
1789
  lua_pushinteger(L, time);
4✔
1790
  return 1;
4✔
1791
}
1792

1793
/***
1794
get or set SSL session timeout
1795
@function timeout
1796
@tparam[opt] number timeout session timeout in seconds to set
1797
@treturn number current session timeout (if getting) or previous timeout (if setting)
1798
*/
1799
static int
1800
openssl_ssl_session_timeout(lua_State *L)
8✔
1801
{
1802
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
8✔
1803
  int          time;
1804
  if (!lua_isnone(L, 2)) {
8✔
1805
    time = luaL_checkint(L, 2);
4✔
1806
    time = SSL_SESSION_set_timeout(session, time);
4✔
1807
    lua_pushinteger(L, time);
4✔
1808
    return 1;
4✔
1809
  }
1810
  time = SSL_SESSION_get_timeout(session);
4✔
1811
  lua_pushinteger(L, time);
4✔
1812
  return 1;
4✔
1813
}
1814

1815
static int
1816
openssl_ssl_session_gc(lua_State *L)
63✔
1817
{
1818
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
63✔
1819
  SSL_SESSION_free(session);
63✔
1820
  return 0;
63✔
1821
}
1822

1823
/***
1824
get peer certificate from SSL session
1825
@function peer
1826
@treturn x509 peer certificate from the session
1827
*/
1828
static int
1829
openssl_ssl_session_peer(lua_State *L)
4✔
1830
{
1831
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
4✔
1832
  X509        *x = SSL_SESSION_get0_peer(session);
4✔
1833
  X509_up_ref(x);
4✔
1834
  PUSH_OBJECT(x, "openssl.x509");
4✔
1835
  return 1;
4✔
1836
}
1837

1838
/***
1839
get or set SSL session ID
1840
@function id
1841
@tparam[opt] string id optional session ID to set
1842
@treturn string current session ID when called without parameters
1843
@treturn boolean true when setting session ID successfully (OpenSSL 1.1.0+)
1844
*/
1845
static int
1846
openssl_ssl_session_id(lua_State *L)
67✔
1847
{
1848
  CONSTIFY_OPENSSL
1849
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
67✔
1850

1851
  if (lua_isnone(L, 2)) {
67✔
1852
    unsigned int         len;
1853
    const unsigned char *id = SSL_SESSION_get_id(session, &len);
59✔
1854
    lua_pushlstring(L, (const char *)id, len);
59✔
1855
    return 1;
59✔
1856
  } else {
1857
#if OPENSSL_VERSION_NUMBER > 0x10100000L
1858
    size_t      len;
1859
    const char *id = luaL_checklstring(L, 2, &len);
6✔
1860
    int         ret = SSL_SESSION_set1_id((SSL_SESSION *)session, (const unsigned char *)id, len);
6✔
1861
    lua_pushboolean(L, ret);
6✔
1862
#else
1863
    lua_pushnil(L);
2✔
1864
#endif
1865
    return 1;
8✔
1866
  }
1867
}
1868

1869
static int
1870
openssl_ssl_session_compress_id(lua_State *L)
4✔
1871
{
1872
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
4✔
1873
  unsigned int id = SSL_SESSION_get_compress_id(session);
4✔
1874
  lua_pushinteger(L, id);
4✔
1875
  return 1;
4✔
1876
}
1877

1878
/***
1879
export SSL session to PEM or DER format
1880
@function export
1881
@tparam[opt=true] boolean pem true for PEM format, false for DER format
1882
@treturn string exported session data in specified format
1883
*/
1884
static int
1885
openssl_ssl_session_export(lua_State *L)
4✔
1886
{
1887
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
4✔
1888
  int          pem = lua_isnone(L, 2) ? 1 : auxiliar_checkboolean(L, 2);
4✔
1889
  BIO         *bio = BIO_new(BIO_s_mem());
4✔
1890
  BUF_MEM     *bio_buf;
1891
  if (pem) {
4✔
1892
    PEM_write_bio_SSL_SESSION(bio, session);
4✔
1893
  } else {
UNCOV
1894
    i2d_SSL_SESSION_bio(bio, session);
×
1895
  }
1896

1897
  BIO_get_mem_ptr(bio, &bio_buf);
4✔
1898
  lua_pushlstring(L, bio_buf->data, bio_buf->length);
4✔
1899
  BIO_free(bio);
4✔
1900
  return 1;
4✔
1901
}
1902

1903
#if OPENSSL_VERSION_NUMBER > 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
1904
/***
1905
check if SSL session is resumable
1906
@function is_resumable
1907
@treturn boolean true if session can be resumed
1908
*/
1909
static int
1910
openssl_ssl_session_is_resumable(lua_State *L)
3✔
1911
{
1912
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
3✔
1913
  int          ret = SSL_SESSION_is_resumable(session);
3✔
1914
  lua_pushboolean(L, ret);
3✔
1915
  return 1;
3✔
1916
}
1917
#endif
1918

1919
#if OPENSSL_VERSION_NUMBER > 0x10100000L
1920
/***
1921
check if SSL session has a ticket
1922
@function has_ticket
1923
@treturn boolean true if session has a ticket
1924
*/
1925
static int
1926
openssl_ssl_session_has_ticket(lua_State *L)
3✔
1927
{
1928
  SSL_SESSION *session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
3✔
1929
  int          ret = SSL_SESSION_has_ticket(session);
3✔
1930
  lua_pushboolean(L, ret);
3✔
1931
  return 1;
3✔
1932
}
1933
#endif
1934

1935
static luaL_Reg ssl_session_funcs[] = {
1936
  { "id",           openssl_ssl_session_id           },
1937
  { "time",         openssl_ssl_session_time         },
1938
  { "timeout",      openssl_ssl_session_timeout      },
1939
  { "compress_id",  openssl_ssl_session_compress_id  },
1940
  { "peer",         openssl_ssl_session_peer         },
1941
  { "export",       openssl_ssl_session_export       },
1942
#if OPENSSL_VERSION_NUMBER > 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
1943
  { "is_resumable", openssl_ssl_session_is_resumable },
1944
#endif
1945
#if OPENSSL_VERSION_NUMBER > 0x10100000L
1946
  { "has_ticket",   openssl_ssl_session_has_ticket   },
1947
#endif
1948

1949
  { "__gc",         openssl_ssl_session_gc           },
1950
  { "__tostring",   auxiliar_tostring                },
1951

1952
  { NULL,           NULL                             },
1953
};
1954

1955
/***************************SSL**********************************/
1956
/***
1957
openssl.ssl object
1958
All SSL object IO operation methods(connect, accept, handshake, read,
1959
peek or write) return nil or false when fail or error.
1960
When nil returned, it followed by 'ssl' or 'syscall', means SSL layer or
1961
system layer error. When false returned, it followed by number 0,
1962
'want_read','want_write','want_x509_lookup','want_connect','want_accept'.
1963
Numnber 0 means SSL connection closed, others means you should do some
1964
SSL operation.
1965
@type ssl
1966
*/
1967

1968
/***
1969
reset ssl object to allow another connection
1970
@function clear
1971
@treturn boolean result true for success
1972
*/
1973
static int
1974
openssl_ssl_clear(lua_State *L)
8✔
1975
{
1976
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
1977
  lua_pushboolean(L, SSL_clear(s));
8✔
1978
  return 1;
8✔
1979
}
1980

1981
/***
1982
tell ssl use private key and certificate, and check private key
1983
@function use
1984
@tparam evp_pkey pkey
1985
@tparam[opt] x509 cert
1986
@treturn boolean result return true for ok, or nil followed by errmsg and errval
1987
*/
1988
static int
1989
openssl_ssl_use(lua_State *L)
8✔
1990
{
1991
  SSL      *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
1992
  X509     *x = CHECK_OBJECT(2, X509, "openssl.x509");
8✔
1993
  EVP_PKEY *pkey = CHECK_OBJECT(3, EVP_PKEY, "openssl.evp_pkey");
8✔
1994
  int       ret;
1995

1996
  ret = SSL_use_PrivateKey(s, pkey);
8✔
1997
  if (ret == 1) {
8✔
1998
    ret = SSL_use_certificate(s, x);
8✔
1999
    if (ret == 1) {
8✔
2000
      ret = SSL_check_private_key(s);
8✔
2001
    }
2002
  }
2003
  return openssl_pushresult(L, ret);
8✔
2004
}
2005

2006
/***
2007
get peer certificate and certificate chains
2008
@function peer
2009
@treturn[1] x509 certificate
2010
@treturn[1] sk_of_x509 chains of peer
2011
*/
2012
static int
2013
openssl_ssl_peer(lua_State *L)
20✔
2014
{
2015
  SSL  *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
20✔
2016
  X509 *x = SSL_get_peer_certificate(s);
20✔
2017
  STACK_OF(X509) *sk = SSL_get_peer_cert_chain(s);
20✔
2018
  PUSH_OBJECT(x, "openssl.x509");
20✔
2019
  if (sk) {
20✔
2020
    openssl_sk_x509_totable(L, sk);
20✔
2021
    return 2;
20✔
2022
  }
UNCOV
2023
  return 1;
×
2024
}
2025

2026
static int
2027
openssl_ssl_gc(lua_State *L)
2,499✔
2028
{
2029
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
2,499✔
2030
  SSL_free(s);
2,499✔
2031
  openssl_freevalue(L, s);
2,499✔
2032

2033
  return 0;
2,499✔
2034
}
2035

2036
/***
2037
get want to do
2038
@function want
2039
@treturn[1] string 'nothing', 'reading', 'writing', 'x509_lookup'
2040
@treturn[1] number state want
2041
*/
2042
static int
2043
openssl_ssl_want(lua_State *L)
17✔
2044
{
2045
  SSL        *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
17✔
2046
  int         st = SSL_want(s);
17✔
2047
  const char *state = NULL;
17✔
2048
  if (st == SSL_NOTHING)
17✔
2049
    state = "nothing";
9✔
2050
  else if (st == SSL_READING)
8✔
2051
    state = "reading";
8✔
UNCOV
2052
  else if (st == SSL_WRITING)
×
UNCOV
2053
    state = "writing";
×
UNCOV
2054
  else if (st == SSL_X509_LOOKUP)
×
UNCOV
2055
    state = "x509_lookup";
×
2056

2057
  lua_pushstring(L, state);
17✔
2058
  lua_pushinteger(L, st);
17✔
2059
  return 2;
17✔
2060
}
2061
#if !defined(OPENSSL_NO_COMP)
2062
/***
2063
get current compression name
2064
@function current_compression
2065
@treturn string
2066
*/
2067
static int
2068
openssl_ssl_current_compression(lua_State *L)
4✔
2069
{
2070
  SSL               *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2071
  const COMP_METHOD *comp = SSL_get_current_compression(s);
4✔
2072
  if (comp)
4✔
2073
    lua_pushstring(L, SSL_COMP_get_name(comp));
1✔
2074
  else
2075
    lua_pushnil(L);
3✔
2076
  return 1;
4✔
2077
}
2078
#endif
2079

2080
/***
2081
get current cipher info
2082
@function current_cipher
2083
@treturn table include name,version,id,bits,algbits and description
2084
*/
2085
static int
2086
openssl_ssl_current_cipher(lua_State *L)
600✔
2087
{
2088
  SSL              *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
600✔
2089
  const SSL_CIPHER *c = SSL_get_current_cipher(s);
600✔
2090
  if (c) {
600✔
2091
    int  bits, algbits;
2092
    char err[LUAL_BUFFERSIZE] = { 0 };
600✔
2093

2094
    lua_newtable(L);
600✔
2095

2096
    AUXILIAR_SET(L, -1, "name", SSL_CIPHER_get_name(c), string);
600✔
2097
    AUXILIAR_SET(L, -1, "version", SSL_CIPHER_get_version(c), string);
600✔
2098

2099
    AUXILIAR_SET(L, -1, "id", SSL_CIPHER_get_id(c), integer);
600✔
2100
    bits = SSL_CIPHER_get_bits(c, &algbits);
600✔
2101
    AUXILIAR_SET(L, -1, "bits", bits, integer);
600✔
2102
    AUXILIAR_SET(L, -1, "algbits", algbits, integer);
600✔
2103

2104
    AUXILIAR_SET(
600✔
2105
      L, -1, "description", SSL_CIPHER_description((SSL_CIPHER *)c, err, sizeof(err)), string);
2106

2107
    return 1;
600✔
2108
  }
UNCOV
2109
  return 0;
×
2110
}
2111

2112
/***
2113
get number of bytes available inside SSL fro immediate read
2114
@function pending
2115
@treturn number
2116
*/
2117
static int
2118
openssl_ssl_pending(lua_State *L)
4✔
2119
{
2120
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2121
  lua_pushinteger(L, SSL_pending(s));
4✔
2122
  return 1;
4✔
2123
}
2124

2125
/*********************************************/
2126
static int
2127
openssl_ssl_pushresult(lua_State *L, SSL *ssl, int ret_code)
3,140✔
2128
{
2129
  int err = SSL_get_error(ssl, ret_code);
3,140✔
2130
  switch (err) {
3,140✔
2131
  case SSL_ERROR_NONE:
1,850✔
2132
    lua_pushboolean(L, 1);
1,850✔
2133
    lua_pushinteger(L, ret_code);
1,850✔
2134
    break;
1,850✔
2135
  case SSL_ERROR_ZERO_RETURN:
600✔
2136
    lua_pushboolean(L, 0);
600✔
2137
    lua_pushinteger(L, 0);
600✔
2138
    break;
600✔
2139
  case SSL_ERROR_SSL:
21✔
2140
    lua_pushnil(L);
21✔
2141
    lua_pushstring(L, "ssl");
21✔
2142
    break;
21✔
2143
  case SSL_ERROR_WANT_READ:
53✔
2144
    lua_pushboolean(L, 0);
53✔
2145
    lua_pushstring(L, "want_read");
53✔
2146
    break;
53✔
UNCOV
2147
  case SSL_ERROR_WANT_WRITE:
×
UNCOV
2148
    lua_pushboolean(L, 0);
×
UNCOV
2149
    lua_pushstring(L, "want_write");
×
UNCOV
2150
    break;
×
UNCOV
2151
  case SSL_ERROR_WANT_X509_LOOKUP:
×
UNCOV
2152
    lua_pushboolean(L, 0);
×
UNCOV
2153
    lua_pushstring(L, "want_x509_lookup");
×
UNCOV
2154
    break;
×
2155
  case SSL_ERROR_SYSCALL:
616✔
2156
    lua_pushnil(L);
616✔
2157
    lua_pushstring(L, "syscall");
616✔
2158
    break;
616✔
UNCOV
2159
  case SSL_ERROR_WANT_CONNECT:
×
UNCOV
2160
    lua_pushboolean(L, 0);
×
UNCOV
2161
    lua_pushstring(L, "want_connect");
×
UNCOV
2162
    break;
×
UNCOV
2163
  case SSL_ERROR_WANT_ACCEPT:
×
UNCOV
2164
    lua_pushboolean(L, 0);
×
UNCOV
2165
    lua_pushstring(L, "want_accept");
×
UNCOV
2166
    break;
×
UNCOV
2167
  default:
×
UNCOV
2168
    return 0;
×
2169
  }
2170
  return 2;
3,140✔
2171
}
2172

2173
/***
2174
get socket fd of ssl
2175
@function getfd
2176
@treturn number fd
2177
*/
2178
static int
2179
openssl_ssl_getfd(lua_State *L)
600✔
2180
{
2181
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
600✔
2182
  lua_pushinteger(L, SSL_get_fd(s));
600✔
2183
  return 1;
600✔
2184
}
2185

2186
/***
2187
check SSL is a server
2188
@function is_server
2189
@treturn boolean is_server
2190
*/
2191
static int
2192
openssl_ssl_is_server(lua_State *L)
600✔
2193
{
2194
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
600✔
2195
  lua_pushboolean(L, SSL_is_server(s));
600✔
2196
  return 1;
600✔
2197
}
2198

2199
/***
2200
get value according to arg
2201
@function get
2202
@tparam string arg
2203
 <br/>certificate:  return SSL certificates
2204
 <br/>fd: return file or network connect fd
2205
 <br/>rfd:
2206
 <br/>wfd:
2207
 <br/>client_CA_list
2208
 <br/>read_ahead: -> boolean
2209
 <br/>shared_ciphers: string
2210
 <br/>cipher_list -> string
2211
 <br/>verify_mode: number
2212
 <br/>verify_depth
2213
 <br/>state_string
2214
 <br/>state_string_long
2215
 <br/>rstate_string
2216
 <br/>rstate_string_long
2217
 <br/>iversion
2218
 <br/>version
2219
 <br/>default_timeout,
2220
 <br/>certificate
2221
 <br/>verify_result
2222
 <br/>state
2223
 <br/>hostname
2224
 <br/>state_string
2225
 <br/>side
2226
@return according to arg
2227
*/
2228
static int
2229
openssl_ssl_get(lua_State *L)
696✔
2230
{
2231
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
696✔
2232
  int  i;
2233
  int  top = lua_gettop(L);
696✔
2234
  for (i = 2; i <= top; i++) {
1,392✔
2235
    const char *what = luaL_checklstring(L, i, NULL);
696✔
2236
    if (strcmp(what, "fd") == 0) {
696✔
2237
      lua_pushinteger(L, SSL_get_fd(s));
4✔
2238
    } else if (strcmp(what, "rfd") == 0) {
692✔
2239
      lua_pushinteger(L, SSL_get_rfd(s));
4✔
2240
    } else if (strcmp(what, "wfd") == 0) {
688✔
2241
      lua_pushinteger(L, SSL_get_wfd(s));
4✔
2242
    } else if (strcmp(what, "client_CA_list") == 0) {
684✔
2243
      STACK_OF(X509_NAME) *sn = SSL_get_client_CA_list(s);
4✔
2244
      openssl_sk_x509_name_totable(L, sn);
4✔
2245
    } else if (strcmp(what, "read_ahead") == 0) {
680✔
2246
      lua_pushboolean(L, SSL_get_read_ahead(s));
4✔
2247
    } else if (strcmp(what, "shared_ciphers") == 0) {
676✔
2248
      char buf[LUAL_BUFFERSIZE] = { 0 };
4✔
2249
      lua_pushstring(L, SSL_get_shared_ciphers(s, buf, sizeof(buf)));
4✔
2250
    } else if (strcmp(what, "cipher_list") == 0) {
672✔
2251
      lua_pushstring(L, SSL_get_cipher_list(s, 0));
4✔
2252
    } else if (strcmp(what, "verify_mode") == 0) {
668✔
2253
      lua_pushinteger(L, SSL_get_verify_mode(s));
4✔
2254
    } else if (strcmp(what, "verify_depth") == 0) {
664✔
2255
      lua_pushinteger(L, SSL_get_verify_depth(s));
4✔
2256
    } else if (strcmp(what, "state_string") == 0) {
660✔
2257
      lua_pushstring(L, SSL_state_string(s));
8✔
2258
    } else if (strcmp(what, "state_string_long") == 0) {
652✔
2259
      lua_pushstring(L, SSL_state_string_long(s));
4✔
2260
    } else if (strcmp(what, "rstate_string") == 0) {
648✔
2261
      lua_pushstring(L, SSL_rstate_string(s));
4✔
2262
    } else if (strcmp(what, "rstate_string_long") == 0) {
644✔
2263
      lua_pushstring(L, SSL_rstate_string_long(s));
4✔
2264
    } else if (strcmp(what, "version") == 0) {
640✔
2265
      lua_pushstring(L, SSL_get_version(s));
8✔
2266
    } else if (strcmp(what, "iversion") == 0) {
632✔
2267
      lua_pushinteger(L, SSL_version(s));
4✔
2268
    } else if (strcmp(what, "default_timeout") == 0) {
628✔
2269
      lua_pushinteger(L, SSL_get_default_timeout(s));
4✔
2270
    } else if (strcmp(what, "certificate") == 0) {
624✔
2271
      X509 *cert = SSL_get_certificate(s);
4✔
2272
      if (cert) {
4✔
2273
        X509_up_ref(cert);
4✔
2274
        PUSH_OBJECT(cert, "openssl.x509");
4✔
2275
      } else
UNCOV
2276
        lua_pushnil(L);
×
2277
    } else if (strcmp(what, "verify_result") == 0) {
620✔
2278
      long l = SSL_get_verify_result(s);
4✔
2279
      lua_pushinteger(L, l);
4✔
2280
    } else if (strcmp(what, "state") == 0) {
616✔
2281
      lua_pushinteger(L, SSL_get_state(s));
4✔
2282
    } else if (strcmp(what, "hostname") == 0) {
612✔
2283
      lua_pushstring(L, SSL_get_servername(s, TLSEXT_NAMETYPE_host_name));
8✔
2284
    } else if (strcmp(what, "side") == 0) {
604✔
2285
      lua_pushstring(L, SSL_is_server(s) ? "server" : "client");
604✔
2286
    } else
UNCOV
2287
      luaL_argerror(L, i, "can't understant");
×
2288
  }
2289
  return top - 1;
696✔
2290
}
2291

2292
/***
2293
set value according to arg
2294
@function set
2295
@tparam string arg
2296
 <br/>certificate:  return SSL certificates
2297
 <br/>fd: return file or network connect fd
2298
 <br/>rfd:
2299
 <br/>wfd:
2300
 <br/>client_CA:
2301
 <br/>read_ahead:
2302
 <br/>cipher_list:
2303
 <br/>verify_depth:
2304
 <br/>purpose:
2305
 <br/>trust:
2306
 <br/>verify_result:
2307
 <br/>hostname:
2308
@param value val type accroding to arg
2309
@return value
2310
*/
2311
static int
2312
openssl_ssl_set(lua_State *L)
60✔
2313
{
2314
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
60✔
2315
  int  i;
2316
  int  top = lua_gettop(L);
60✔
2317
  int  ret = 1;
60✔
2318
  for (i = 2; i <= top; i += 2) {
117✔
2319
    const char *what = luaL_checklstring(L, i, NULL);
60✔
2320
    if (strcmp(what, "fd") == 0) {
60✔
2321
      ret = SSL_set_fd(s, luaL_checkint(L, i + 1));
4✔
2322
    } else if (strcmp(what, "rfd") == 0) {
56✔
2323
      ret = SSL_set_wfd(s, luaL_checkint(L, i + 1));
4✔
2324
    } else if (strcmp(what, "wfd") == 0) {
52✔
2325
      ret = SSL_set_wfd(s, luaL_checkint(L, i + 1));
4✔
2326
    } else if (strcmp(what, "client_CA") == 0) {
48✔
2327
      X509 *x = CHECK_OBJECT(i + 1, X509, "openssl.x509");
4✔
2328
      ret = SSL_add_client_CA(s, x);
4✔
2329
    } else if (strcmp(what, "read_ahead") == 0) {
44✔
2330
      int yes = auxiliar_checkboolean(L, i + 1);
4✔
2331
      SSL_set_read_ahead(s, yes);
4✔
2332
    } else if (strcmp(what, "cipher_list") == 0) {
40✔
2333
      const char *list = lua_tostring(L, i + 1);
4✔
2334
      ret = SSL_set_cipher_list(s, list);
4✔
2335
    } else if (strcmp(what, "verify_depth") == 0) {
36✔
2336
      int depth = luaL_checkint(L, i + 1);
4✔
2337
      SSL_set_verify_depth(s, depth);
4✔
2338
    } else if (strcmp(what, "purpose") == 0) {
32✔
2339
      int purpose = luaL_checkint(L, i + 1);
4✔
2340
      ret = SSL_set_purpose(s, purpose);
4✔
2341
    } else if (strcmp(what, "trust") == 0) {
28✔
2342
      int trust = luaL_checkint(L, i + 1);
4✔
2343
      ret = SSL_set_trust(s, trust);
4✔
2344
    } else if (strcmp(what, "verify_result") == 0) {
24✔
2345
      int result = luaL_checkint(L, i + 1);
4✔
2346
      SSL_set_verify_result(s, result);
4✔
2347
    } else if (strcmp(what, "hostname") == 0) {
20✔
2348
      const char *hostname = luaL_checkstring(L, i + 1);
20✔
2349
      SSL_set_tlsext_host_name(s, hostname);
20✔
2350
    } else
UNCOV
2351
      luaL_argerror(L, i, "don't understand");
×
2352

2353
    if (ret != 1) return openssl_pushresult(L, ret);
60✔
2354
  }
2355
  return 0;
57✔
2356
}
2357

2358
/***
2359
do ssl server accept
2360
@function accept
2361
@treturn boolean true for success
2362
@treturn string fail reason
2363
*/
2364
static int
2365
openssl_ssl_accept(lua_State *L)
300✔
2366
{
2367
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
300✔
2368
  int  ret = SSL_accept(s);
300✔
2369
  return openssl_ssl_pushresult(L, s, ret);
300✔
2370
}
2371

2372
/***
2373
do ssl client connect
2374
@function connect
2375
@treturn boolean true for success
2376
@treturn string fail reasion
2377
*/
2378
static int
2379
openssl_ssl_connect(lua_State *L)
600✔
2380
{
2381
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
600✔
2382
  int  ret = SSL_connect(s);
600✔
2383
  return openssl_ssl_pushresult(L, s, ret);
600✔
2384
}
2385

2386
/***
2387
do ssl read
2388
@function read
2389
@tparam[opt=4096] number length to read
2390
@treturn string data, nil or false for fail
2391
@treturn string fail reason
2392
*/
2393
static int
2394
openssl_ssl_read(lua_State *L)
120,632✔
2395
{
2396
  SSL  *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
120,632✔
2397
  int   num = luaL_optint(L, 2, SSL_pending(s));
120,632✔
2398
  void *buf;
2399
  int   ret;
2400
  num = num ? num : 4096;
120,632✔
2401
  buf = malloc(num);
120,632✔
2402
  ret = SSL_read(s, buf, num);
120,632✔
2403
  if (ret > 0) {
120,632✔
2404
    lua_pushlstring(L, buf, ret);
120,024✔
2405
    ret = 1;
120,024✔
2406
  } else {
2407
    ret = openssl_ssl_pushresult(L, s, ret);
608✔
2408
  }
2409
  free(buf);
120,632✔
2410
  return ret;
120,632✔
2411
}
2412

2413
/***
2414
do ssl peak, data can be read again
2415
@function peek
2416
@tparam[opt=4096] number length to read
2417
@treturn string data, nil or false for fail
2418
@treturn string fail reason
2419
*/
2420
static int
2421
openssl_ssl_peek(lua_State *L)
4✔
2422
{
2423
  SSL  *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2424
  int   num = luaL_optint(L, 2, SSL_pending(s));
4✔
2425
  void *buf;
2426
  int   ret;
2427

2428
  num = num ? num : 4096;
4✔
2429
  buf = malloc(num);
4✔
2430
  ret = SSL_peek(s, buf, num);
4✔
2431
  if (ret > 0) {
4✔
2432
    lua_pushlstring(L, buf, ret);
4✔
2433
    ret = 1;
4✔
2434
  } else {
UNCOV
2435
    ret = openssl_ssl_pushresult(L, s, ret);
×
2436
  }
2437
  free(buf);
4✔
2438
  return ret;
4✔
2439
}
2440

2441
/***
2442
do ssl write
2443
@function write
2444
@tparam string data
2445
@treturn number count of bytes write successfully
2446
@treturn string fail reason
2447
*/
2448
static int
2449
openssl_ssl_write(lua_State *L)
120,024✔
2450
{
2451
  SSL        *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
120,024✔
2452
  size_t      size;
2453
  const char *buf = luaL_checklstring(L, 2, &size);
120,024✔
2454
  int         ret = SSL_write(s, buf, size);
120,024✔
2455
  if (ret > 0) {
120,024✔
2456
    lua_pushinteger(L, ret);
120,024✔
2457
    return 1;
120,024✔
2458
  } else {
UNCOV
2459
    return openssl_ssl_pushresult(L, s, ret);
×
2460
  }
2461
}
2462

2463
/***
2464
do ssl handshake, support both server and client side
2465
@function handshake
2466
@treturn boolean true for success
2467
@treturn string fail reasion
2468
*/
2469
static int
2470
openssl_ssl_do_handshake(lua_State *L)
396✔
2471
{
2472
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
396✔
2473
  int  ret = SSL_do_handshake(s);
396✔
2474
  return openssl_ssl_pushresult(L, s, ret);
396✔
2475
}
2476

2477
/***
2478
do ssl renegotiate
2479
@function renegotiate
2480
@treturn boolean true for success
2481
@treturn string fail reasion
2482
*/
2483
static int
2484
openssl_ssl_renegotiate(lua_State *L)
4✔
2485
{
2486
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2487
  int  ret = SSL_renegotiate(s);
4✔
2488
  return openssl_ssl_pushresult(L, s, ret);
4✔
2489
}
2490

2491
/***
2492
perform abbreviated SSL renegotiation
2493
@function renegotiate_abbreviated
2494
@treturn boolean result true for success
2495
*/
2496
static int
2497
openssl_ssl_renegotiate_abbreviated(lua_State *L)
4✔
2498
{
2499
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2500
  int  ret = SSL_renegotiate_abbreviated(s);
4✔
2501
  return openssl_ssl_pushresult(L, s, ret);
4✔
2502
}
2503

2504
/***
2505
get ssl renegotiate_pending
2506
@function renegotiate_pending
2507
@treturn boolean true for success
2508
@treturn string fail reasion
2509
*/
2510
/***
2511
do ssl renegotiate_pending
2512
@function renegotiate_pending
2513
@treturn boolean true for success
2514
@treturn string fail reasion
2515
*/
2516
static int
2517
openssl_ssl_renegotiate_pending(lua_State *L)
4✔
2518
{
2519
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2520
  int  ret = SSL_renegotiate_pending(s);
4✔
2521
  return openssl_ssl_pushresult(L, s, ret);
4✔
2522
}
2523

2524
/***
2525
shutdown ssl connection with quite or noquite mode
2526
@function shutdown
2527
@tparam boolean mode
2528
@treturn boolean if mode is true, return true or false for quite
2529
@treturn string if mode is false, return 'read' or 'write' for shutdown direction
2530
*/
2531
/***
2532
shutdown SSL connection
2533
@function shutdown
2534
@treturn boolean result true for success
2535
*/
2536
/***
2537
shutdown ssl connect with special mode, disable read or write,
2538
enable or disable quite shutdown
2539
@function shutdown
2540
@tparam string mode support 'read','write', 'quite', 'noquite'
2541
*/
2542
static int
2543
openssl_ssl_shutdown(lua_State *L)
1,248✔
2544
{
2545
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
1,248✔
2546
  if (lua_isnone(L, 2)) {
1,248✔
2547
    int ret = SSL_shutdown(s);
1,224✔
2548
    return openssl_ssl_pushresult(L, s, ret);
1,224✔
2549
  } else if (lua_isstring(L, 2)) {
24✔
2550
    const static char *sMode[] = { "read", "write", "quiet", "noquiet", NULL };
2551
    int                mode = luaL_checkoption(L, 2, NULL, sMode);
16✔
2552
    if (mode == 0)
16✔
2553
      SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN);
4✔
2554
    else if (mode == 1)
12✔
2555
      SSL_set_shutdown(s, SSL_SENT_SHUTDOWN);
4✔
2556
    else if (mode == 2)
8✔
2557
      SSL_set_quiet_shutdown(s, 1);
4✔
2558
    else if (mode == 3)
4✔
2559
      SSL_set_quiet_shutdown(s, 0);
4✔
2560
  } else if (lua_isboolean(L, 2)) {
8✔
2561
    int quiet = lua_toboolean(L, 2);
8✔
2562
    if (quiet)
8✔
2563
      lua_pushboolean(L, SSL_get_quiet_shutdown(s));
4✔
2564
    else {
2565
      int shut = SSL_get_shutdown(s);
4✔
2566
      if (shut == SSL_RECEIVED_SHUTDOWN)
4✔
UNCOV
2567
        lua_pushstring(L, "read");
×
2568
      else if (shut == SSL_SENT_SHUTDOWN)
4✔
2569
        lua_pushstring(L, "write");
4✔
UNCOV
2570
      else if (shut == 0)
×
UNCOV
2571
        lua_pushnil(L);
×
2572
      else
UNCOV
2573
        luaL_error(L, "Can't understand SSL_get_shutdown result");
×
2574
    }
2575
    return 1;
8✔
2576
  } else
UNCOV
2577
    luaL_argerror(L, 2, "should be boolean or string[read|write|quiet|noquite]");
×
2578

2579
  return 0;
16✔
2580
};
2581

2582
/***
2583
make ssl to client mode
2584
@function set_connect_state
2585
@treturn various return value
2586
*/
2587
static int
2588
openssl_ssl_set_connect_state(lua_State *L)
8✔
2589
{
2590
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
2591
  SSL_set_connect_state(s);
8✔
2592
  return 0;
8✔
2593
}
2594

2595
/***
2596
make ssl to server mode
2597
@function set_accept_state
2598
@treturn various return value
2599
*/
2600
static int
2601
openssl_ssl_set_accept_state(lua_State *L)
8✔
2602
{
2603
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
2604
  SSL_set_accept_state(s);
8✔
2605
  return 0;
8✔
2606
}
2607

2608
/***
2609
duplicate ssl object
2610
@treturn ssl
2611
@function dup
2612
*/
2613
static int
2614
openssl_ssl_dup(lua_State *L)
8✔
2615
{
2616
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
2617
  BIO *rio = SSL_get_rbio(s);
8✔
2618
  BIO *wio = SSL_get_wbio(s);
8✔
2619
  if (rio != NULL || wio != NULL) {
8✔
2620
    lua_pushnil(L);
4✔
2621
    lua_pushliteral(L, "invalid state: rbio or wbio already set");
4✔
2622
    return 2;
4✔
2623
  }
2624

2625
  s = SSL_dup(s);
4✔
2626
  if (s) {
4✔
2627
    PUSH_OBJECT(s, "openssl.ssl");
4✔
2628
    openssl_newvalue(L, s);
4✔
2629
    return 1;
4✔
2630
  }
2631
  return openssl_pushresult(L, 0);
×
2632
}
2633

2634
/***
2635
get ssl session resused
2636
@function session_reused
2637
@treturn boolean success status
2638
*/
2639
static int
2640
openssl_ssl_session_reused(lua_State *L)
4✔
2641
{
2642
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2643
  int  ret = SSL_session_reused(s);
4✔
2644
  lua_pushboolean(L, ret);
4✔
2645
  return 1;
4✔
2646
}
2647

2648
/***
2649
check if SSL session was reused (cache hit)
2650
@function cache_hit
2651
@treturn boolean true if session was not reused (cache miss)
2652
*/
2653
static int
2654
openssl_ssl_cache_hit(lua_State *L)
4✔
2655
{
2656
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
4✔
2657
  int  ret = SSL_session_reused(s);
4✔
2658
  lua_pushboolean(L, ret == 0);
4✔
2659
  return 1;
4✔
2660
}
2661
#if OPENSSL_VERSION_NUMBER < 0x10100000L
2662
/***
2663
set debug level for SSL connection
2664
@function set_debug
2665
@tparam number debug debug level to set
2666
@treturn number always returns 0
2667
*/
2668
static int
2669
openssl_ssl_set_debug(lua_State *L)
2670
{
2671
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
2672
  int  debug = luaL_checkint(L, 2);
2673
  SSL_set_debug(s, debug);
2674
  return 0;
2675
}
2676
#endif
2677

2678
/***
2679
get ssl_ctx associate with current ssl
2680
@function ctx
2681
@treturn ssl_ctx
2682
*/
2683
/***
2684
set ssl_ctx associate to current ssl
2685
@function ctx
2686
@tparam ssl_ctx ctx
2687
@treturn ssl_ctx orgine ssl_ctx object
2688
*/
2689
static int
2690
openssl_ssl_ctx(lua_State *L)
8✔
2691
{
2692
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
8✔
2693
  if (!lua_isnone(L, 2)) {
8✔
2694
    SSL_CTX *ctx = CHECK_OBJECT(2, SSL_CTX, "openssl.ssl_ctx");
4✔
2695
    ctx = SSL_set_SSL_CTX(s, ctx);
4✔
2696
    lua_pushvalue(L, 2);
4✔
2697
    openssl_valueset(L, s, "ctx");
4✔
2698
  }
2699
  openssl_valueget(L, s, "ctx");
8✔
2700
  return 1;
8✔
2701
}
2702

2703
/***
2704
get ssl session
2705
@treturn ssl_session session object
2706
@function session
2707
*/
2708
/***
2709
set ssl session
2710
@function session
2711
@tparam string|ssl_session sesion
2712
 reuse session would speed up ssl handshake
2713
@treturn boolean result
2714
*/
2715
static int
2716
openssl_ssl_session(lua_State *L)
12✔
2717
{
2718
  SSL         *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
12✔
2719
  SSL_SESSION *ss;
2720

2721
  if (lua_isnone(L, 2)) {
12✔
2722
    ss = SSL_get1_session(s);
8✔
2723
    PUSH_OBJECT(ss, "openssl.ssl_session");
8✔
2724
  } else {
2725
    if (lua_isstring(L, 3)) {
4✔
2726
      size_t      sz;
UNCOV
2727
      const char *sid_ctx = luaL_checklstring(L, 2, &sz);
×
UNCOV
2728
      int         ret = SSL_set_session_id_context(s, (unsigned char *)sid_ctx, sz);
×
UNCOV
2729
      lua_pushboolean(L, ret);
×
2730
    } else {
2731
      ss = CHECK_OBJECT(2, SSL_SESSION, "openssl.ssl_session");
4✔
2732
      if (lua_isnone(L, 3)) {
4✔
2733
        int ret = SSL_set_session(s, ss);
4✔
2734
        lua_pushboolean(L, ret);
4✔
2735
      } else {
2736
#ifdef SSL_add_session
2737
        int add = auxiliar_checkboolean(L, 3);
2738
        if (add)
2739
          add = SSL_add_session(s, ss);
2740
        else
2741
          add = SSL_remove_session(s, ss);
2742
        lua_pushboolean(L, add);
2743
#endif
2744
      }
2745
    }
2746
  }
2747
  return 1;
12✔
2748
}
2749

2750
/***
2751
convert SSL object to string representation
2752
@function __tostring
2753
@treturn string string representation of SSL object
2754
*/
2755
static int
2756
openssl_ssl_tostring(lua_State *L)
651✔
2757
{
2758
  SSL *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
651✔
2759
  lua_pushfstring(L, "openssl.ssl %p", s);
651✔
2760
  return 1;
651✔
2761
}
2762

2763
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
2764
/***
2765
get the ALPN protocol selected
2766
@treturn the ALPN protocol selected or nil
2767
@function get_alpn_selected
2768
*/
2769
static int
2770
openssl_ssl_get_alpn_selected(lua_State *L)
600✔
2771
{
2772
  SSL                 *s = CHECK_OBJECT(1, SSL, "openssl.ssl");
600✔
2773
  const unsigned char *data;
2774
  unsigned             len = 0;
600✔
2775
  SSL_get0_alpn_selected(s, &data, &len);
600✔
2776
  if (len == 0)
600✔
2777
    lua_pushnil(L);
300✔
2778
  else
2779
    lua_pushlstring(L, (const char *)data, len);
300✔
2780
  return 1;
600✔
2781
}
2782
#endif
2783

2784
static luaL_Reg ssl_funcs[] = {
2785
  { "set",                     openssl_ssl_set                     },
2786
  { "get",                     openssl_ssl_get                     },
2787
  { "use",                     openssl_ssl_use                     },
2788
  { "peer",                    openssl_ssl_peer                    },
2789
  { "getfd",                   openssl_ssl_getfd                   },
2790
  { "is_server",               openssl_ssl_is_server               },
2791

2792
  { "current_cipher",          openssl_ssl_current_cipher          },
2793
#if !defined(OPENSSL_NO_COMP)
2794
  { "current_compression",     openssl_ssl_current_compression     },
2795
#endif
2796
  { "getpeerverification",     openssl_ssl_getpeerverification     },
2797

2798
  { "session",                 openssl_ssl_session                 },
2799

2800
  { "dup",                     openssl_ssl_dup                     },
2801
  { "ctx",                     openssl_ssl_ctx                     },
2802
  { "clear",                   openssl_ssl_clear                   },
2803
  { "want",                    openssl_ssl_want                    },
2804
  { "pending",                 openssl_ssl_pending                 },
2805
  { "accept",                  openssl_ssl_accept                  },
2806
  { "connect",                 openssl_ssl_connect                 },
2807
  { "read",                    openssl_ssl_read                    },
2808
  { "peek",                    openssl_ssl_peek                    },
2809
  { "write",                   openssl_ssl_write                   },
2810

2811
  { "renegotiate",             openssl_ssl_renegotiate             },
2812
  { "handshake",               openssl_ssl_do_handshake            },
2813
  { "shutdown",                openssl_ssl_shutdown                },
2814

2815
  { "session_reused",          openssl_ssl_session_reused          },
2816
#if OPENSSL_VERSION_NUMBER < 0x10100000L
2817
  { "set_debug",               openssl_ssl_set_debug               },
2818
#endif
2819
  { "cache_hit",               openssl_ssl_cache_hit               },
2820
  { "renegotiate_abbreviated", openssl_ssl_renegotiate_abbreviated },
2821
  { "renegotiate_pending",     openssl_ssl_renegotiate_pending     },
2822
  { "set_connect_state",       openssl_ssl_set_connect_state       },
2823
  { "set_accept_state",        openssl_ssl_set_accept_state        },
2824
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
2825
  { "get_alpn_selected",       openssl_ssl_get_alpn_selected       },
2826
#endif
2827

2828
  { "__gc",                    openssl_ssl_gc                      },
2829
  { "__tostring",              openssl_ssl_tostring                },
2830

2831
  { NULL,                      NULL                                },
2832
};
2833

2834
int
2835
luaopen_ssl(lua_State *L)
43✔
2836
{
2837
  int i;
2838

2839
  auxiliar_newclass(L, "openssl.ssl_ctx", ssl_ctx_funcs);
43✔
2840
  auxiliar_newclass(L, "openssl.ssl_session", ssl_session_funcs);
43✔
2841
  auxiliar_newclass(L, "openssl.ssl", ssl_funcs);
43✔
2842

2843
  lua_newtable(L);
43✔
2844
  luaL_setfuncs(L, R, 0);
43✔
2845

2846
  auxiliar_enumerate(L, -1, ssl_options);
43✔
2847
  for (i = 0; sVerifyMode_Options[i]; i++) {
215✔
2848
    lua_pushinteger(L, iVerifyMode_Options[i]);
172✔
2849
    lua_setfield(L, -2, sVerifyMode_Options[i]);
172✔
2850
  }
2851
  lua_pushstring(L, DEFAULT_PROTOCOL);
43✔
2852
  lua_setfield(L, -2, "default");
43✔
2853

2854
  lua_pushstring(L, SSL_DEFAULT_CIPHER_LIST);
43✔
2855
  lua_setfield(L, -2, "DEFAULT_CIPHER_LIST");
43✔
2856

2857
  return 1;
43✔
2858
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc