prosody: util/sslconfig.lua@ddb03cc4ce04 (annotated)

7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	1	-- util to easily merge multiple sets of LuaSec context options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	2
6780 5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	3	local type = type;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	4	local pairs = pairs;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	5	local rawset = rawset;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	6	local t_concat = table.concat;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	7	local t_insert = table.insert;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	8	local setmetatable = setmetatable;
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	9
5de6b93d0190 util.: Remove use of module() function, make all module functions local and return them in a table at the end Kim Alvefur <zash@zash.se>* parents: 6674 diff changeset	10	local _ENV = nil;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	11
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	12	local handlers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	13	local finalisers = { };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	14	local id = function (v) return v end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	15
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	16	-- All "handlers" behave like extended rawset(table, key, value) with extra
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	17	-- processing usually merging the new value with the old in some reasonable
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	18	-- way
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	19	-- If a field does not have a defined handler then a new value simply
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	20	-- replaces the old.
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	21
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	22
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	23	-- Convert either a list or a set into a special type of set where each
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	24	-- item is either positive or negative in order for a later set of options
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	25	-- to be able to remove options from this set by filtering out the negative ones
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	26	function handlers.options(config, field, new)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	27	local options = config[field] or { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	28	if type(new) ~= "table" then new = { new } end
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	29	for key, value in pairs(new) do
6674 2d5e2ed44c22 util.sslconfig: Rename variable to avoid name clash [luacheck] Matthew Wild <mwild1@gmail.com> parents: 6292 diff changeset	30	if value == true or value == false then
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	31	options[key] = value;
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	32	else -- list item
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	33	options[value] = true;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	34	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	35	end
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	36	config[field] = options;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	37	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	38
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	39	handlers.verify = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	40	handlers.verifyext = handlers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	41
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	42	-- finalisers take something produced by handlers and return what luasec
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	43	-- expects it to be
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	44
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	45	-- Produce a list of "positive" options from the set
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	46	function finalisers.options(options)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	47	local output = {};
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	48	for opt, enable in pairs(options) do
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	49	if enable then
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	50	output[#output+1] = opt;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	51	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	52	end
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	53	return output;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	54	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	55
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	56	finalisers.verify = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	57	finalisers.verifyext = finalisers.options;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	58
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	59	-- We allow ciphers to be a list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	60
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	61	function finalisers.ciphers(cipherlist)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	62	if type(cipherlist) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	63	return t_concat(cipherlist, ":");
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	64	end
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	65	return cipherlist;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	66	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	67
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	68	-- protocol = "x" should enable only that protocol
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	69	-- protocol = "x+" should enable x and later versions
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	70
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	71	local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	72	for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	73
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	74	-- this interacts with ssl.options as well to add no_x
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	75	local function protocol(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	76	local min_protocol = protocols[config.protocol];
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	77	if min_protocol then
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	78	config.protocol = "sslv23";
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	79	for i = 1, min_protocol do
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	80	t_insert(config.options, "no_"..protocols[i]);
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	81	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	82	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	83	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	84
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	85	-- Merge options from 'new' config into 'config'
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	86	local function apply(config, new)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	87	if type(new) == "table" then
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	88	for field, value in pairs(new) do
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	89	(handlers[field] or rawset)(config, field, value);
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	90	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	91	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	92	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	93
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	94	-- Finalize the config into the form LuaSec expects
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	95	local function final(config)
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	96	local output = { };
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	97	for field, value in pairs(config) do
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	98	output[field] = (finalisers[field] or id)(value);
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	99	end
7007 ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	100	-- Need to handle protocols last because it adds to the options list
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	101	protocol(output);
ddb03cc4ce04 util.sslconfig: More descriptive variable names and also comments Kim Alvefur <zash@zash.se> parents: 6780 diff changeset	102	return output;
6292 751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	103	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	104
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	105	local sslopts_mt = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	106	__index = {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	107	apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	108	final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	109	};
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	110	};
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	111
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	112	local function new()
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	113	return setmetatable({options={}}, sslopts_mt);
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	114	end
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	115
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	116	return {
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	117	apply = apply;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	118	final = final;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	119	new = new;
751618071e89 util.sslconfig: Add lib to deal with LuaSec SSL context configs Kim Alvefur <zash@zash.se> parents: diff changeset	120	};

author	Kim Alvefur <zash@zash.se>
	Sun, 13 Dec 2015 21:21:09 +0100
changeset 7007	ddb03cc4ce04
parent 6780	5de6b93d0190
child 7870	194f540e13e2
permissions	-rw-r--r--