diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf index b7a09dc..306c636 100644 Binary files a/doc/luaossl.pdf and b/doc/luaossl.pdf differ diff --git a/doc/luaossl.tex b/doc/luaossl.tex index efc6422..2109499 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -1069,6 +1069,10 @@ \section{Modules} \emph{Only supported since OpenSSL 1.0.2.} +\subsubsection[\fn{context:setCertificateChainFromFile}]{\fn{context:setCertificateChainFromFile($filepath$[, $format$])}} + +Sets the X.509 certificate chain \module{openssl.x509.chain} object to send during SSL connection instance handshakes, load the certificate chain from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default). + \subsubsection[\fn{context:setCertificateChain}]{\fn{context:setCertificateChain($chain$)}} Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes. @@ -1081,6 +1085,10 @@ \section{Modules} \emph{Only supported since OpenSSL 1.0.2.} +\subsubsection[\fn{context:setPrivateKeyFromFile}]{\fn{context:setPrivateKeyFromFile($filepath$[, $format$])}} + +Sets the private key \module{openssl.pkey} object to send during SSL connection instance handshakes, load the key from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default). + \subsubsection[\fn{context:setPrivateKey}]{\fn{context:setPrivateKey($key$)}} Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes. @@ -1286,6 +1294,13 @@ \section{Modules} Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes. See \fn{openssl.ssl.context:setCertificate}. +\subsubsection[\fn{ssl:setCertificateChainFromFile}]{\fn{ssl:setCertificateChainFromFile($filepath$[, $format$])}} + +Sets the X.509 certificate chain \module{openssl.x509.chain} object to send during SSL connection instance handshakes, load the certificate chain from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default). +See \fn{openssl.ssl.context:setCertificateChainFromFile}. + +\emph{Only supported since OpenSSL 1.1.0.} + \subsubsection[\fn{ssl:setCertificateChain}]{\fn{ssl:setCertificateChain($chain$)}} Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes. @@ -1293,13 +1308,18 @@ \section{Modules} \emph{Only supported since OpenSSL 1.0.2.} -\subsubsection[\fn{context:getCertificateChain}]{\fn{context:getCertificateChain()}} +\subsubsection[\fn{ssl:getCertificateChain}]{\fn{ssl:getCertificateChain()}} Returns the X.509 certificate chain \module{openssl.x509.chain} object to be sent during SSL connection instance handshakes. See \fn{openssl.ssl.context:getCertificateChain}. \emph{Only supported since OpenSSL 1.0.2.} +\subsubsection[\fn{ssl:setPrivateKeyFromFile}]{\fn{ssl:setPrivateKeyFromFile($filepath$[, $format$])}} + +Sets the private key \module{openssl.pkey} object to send during SSL connection instance handshakes, load the key from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default). +See \fn{openssl.ssl.context:setPrivateKeyFromFile}. + \subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}} Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes. diff --git a/src/openssl.c b/src/openssl.c index b56c78a..d2cfeef 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -501,6 +501,10 @@ #define HAVE_SSL_SET1_CHAIN OPENSSL_PREREQ(1,0,2) #endif +#ifndef HAVE_SSL_USE_CHAIN_FILE +#define HAVE_SSL_USE_CHAIN_FILE (OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,3,3)) +#endif + #ifndef HAVE_SSL_SET1_PARAM #define HAVE_SSL_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) #endif @@ -613,6 +617,10 @@ #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0) #endif +#ifndef HAVE_USE_CERTIFICATE_CHAIN_FILE +#define HAVE_USE_CERTIFICATE_CHAIN_FILE (OPENSSL_PREREQ(0,9,4) || LIBRESSL_PREREQ(2,0,0)) +#endif + #if HAVE_EVP_PKEY_CTX_KDF || HAVE_EVP_KDF_CTX #include #endif @@ -852,6 +860,25 @@ static int optencoding(lua_State *L, int index, const char *def, int allow) { return type; } /* optencoding() */ +static int optfiletype(lua_State *L, int index, const char *def) { + static const char *const opts[] = { "pem", "asn1", NULL }; + int type = 0; + + switch (auxL_checkoption(L, index, def, opts, 1)) { + case 0: + type = SSL_FILETYPE_PEM; + break; + case 1: + type = SSL_FILETYPE_ASN1; + break; + } + + if (!type) { + luaL_argerror(L, index, lua_pushfstring(L, "invalid option %s", luaL_checkstring(L, index))); + } + + return type; +} static _Bool rawgeti(lua_State *L, int index, int n) { lua_rawgeti(L, index, n); @@ -9482,6 +9509,20 @@ static int sx_setCertificateChain(lua_State *L) { #endif +#if HAVE_USE_CERTIFICATE_CHAIN_FILE +static int sx_setCertificateChainFromFile(lua_State* L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + const char *filepath = luaL_checkstring(L, 2); + + if (!SSL_CTX_use_certificate_chain_file(ctx, filepath)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificateChainFromFile"); + + lua_pushboolean(L, 1); + return 1; +} /* sx_setCertificateChainFromFile() */ +#endif + + #if HAVE_SSL_CTX_GET0_CHAIN_CERTS static int sx_getCertificateChain(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); @@ -9519,6 +9560,20 @@ static int sx_setPrivateKey(lua_State *L) { } /* sx_setPrivateKey() */ +static int sx_setPrivateKeyFromFile(lua_State* L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + const char* filepath = luaL_checkstring(L, 2); + int type = optfiletype(L, 3, "PEM"); + + if (!SSL_CTX_use_PrivateKey_file(ctx, filepath, type)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:setPrivateKeyFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* sx_setPrivateKeyFromFile() */ + + static int sx_setCipherList(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); const char *ciphers = luaL_checkstring(L, 2); @@ -10270,7 +10325,6 @@ static int sx__gc(lua_State *L) { return 0; } /* sx__gc() */ - static const auxL_Reg sx_methods[] = { { "setOptions", &sx_setOptions }, { "getOptions", &sx_getOptions }, @@ -10293,8 +10347,12 @@ static const auxL_Reg sx_methods[] = { #if HAVE_SSL_CTX_GET0_CHAIN_CERTS { "getCertificateChain", &sx_getCertificateChain }, #endif - { "setPrivateKey", &sx_setPrivateKey }, - { "setCipherList", &sx_setCipherList }, +#if HAVE_USE_CERTIFICATE_CHAIN_FILE + { "setCertificateChainFromFile", &sx_setCertificateChainFromFile }, +#endif + { "setPrivateKey", &sx_setPrivateKey }, + { "setPrivateKeyFromFile", &sx_setPrivateKeyFromFile }, + { "setCipherList", &sx_setCipherList }, #if HAVE_SSL_CTX_SET_CIPHERSUITES { "setCipherSuites", &sx_setCipherSuites }, #endif @@ -10791,6 +10849,21 @@ static int ssl_setCertificateChain(lua_State *L) { #endif +#if HAVE_SSL_USE_CHAIN_FILE +static int ssl_setCertificateChainFromFile(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char *filepath = luaL_checkstring(L, 2); + + if (!SSL_use_certificate_chain_file(ssl, filepath)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificateChainFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setCertificateChainFromFile() */ +#endif + + #if HAVE_SSL_GET0_CHAIN_CERTS static int ssl_getCertificateChain(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); @@ -10827,6 +10900,21 @@ static int ssl_setPrivateKey(lua_State *L) { } /* ssl_setPrivateKey() */ +static int ssl_setPrivateKeyFromFile(lua_State* L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char* filepath = luaL_checkstring(L, 2); + int type = optfiletype(L, 3, "PEM"); + + if (!SSL_use_PrivateKey_file(ssl, filepath, type)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKeyFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setPrivateKeyFromFile() */ + + + static int ssl_getCertificate(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); X509 *x509; @@ -11219,15 +11307,19 @@ static const auxL_Reg ssl_methods[] = { #if HAVE_SSL_SET1_CHAIN { "setCertificateChain", &ssl_setCertificateChain }, #endif +#if HAVE_SSL_USE_CHAIN_FILE + { "setCertificateChainFromFile", &ssl_setCertificateChainFromFile}, +#endif #if HAVE_SSL_GET0_CHAIN_CERTS { "getCertificateChain", &ssl_getCertificateChain }, #endif - { "setPrivateKey", &ssl_setPrivateKey }, - { "getCertificate", &ssl_getCertificate }, - { "getPeerCertificate", &ssl_getPeerCertificate }, - { "getPeerChain", &ssl_getPeerChain }, - { "getCipherInfo", &ssl_getCipherInfo }, - { "setCipherList", &ssl_setCipherList }, + { "setPrivateKey", &ssl_setPrivateKey }, + { "setPrivateKeyFromFile", &ssl_setPrivateKeyFromFile }, + { "getCertificate", &ssl_getCertificate }, + { "getPeerCertificate", &ssl_getPeerCertificate }, + { "getPeerChain", &ssl_getPeerChain }, + { "getCipherInfo", &ssl_getCipherInfo }, + { "setCipherList", &ssl_setCipherList }, #if HAVE_SSL_SET_CIPHERSUITES { "setCipherSuites", &ssl_setCipherSuites }, #endif