author | Matthew Wild <mwild1@gmail.com> |
Thu, 06 Oct 2022 11:12:57 +0100 | |
changeset 12745 | 7b3deafb9162 |
parent 12485 | 2ee27587fec7 |
child 12979 | d10957394a3c |
permissions | -rw-r--r-- |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
1 |
-- util to easily merge multiple sets of LuaSec context options |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
2 |
|
6780
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
3 |
local type = type; |
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
4 |
local pairs = pairs; |
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
5 |
local rawset = rawset; |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
6 |
local rawget = rawget; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
7 |
local error = error; |
6780
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
8 |
local t_concat = table.concat; |
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
9 |
local t_insert = table.insert; |
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
10 |
local setmetatable = setmetatable; |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
11 |
local resolve_path = require"util.paths".resolve_relative_path; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
12 |
|
6780
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
6674
diff
changeset
|
13 |
local _ENV = nil; |
8558
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8281
diff
changeset
|
14 |
-- luacheck: std none |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local handlers = { }; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
local finalisers = { }; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local id = function (v) return v end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
20 |
-- All "handlers" behave like extended rawset(table, key, value) with extra |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
21 |
-- processing usually merging the new value with the old in some reasonable |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
22 |
-- way |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
23 |
-- If a field does not have a defined handler then a new value simply |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
24 |
-- replaces the old. |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
25 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
26 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
27 |
-- Convert either a list or a set into a special type of set where each |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
28 |
-- item is either positive or negative in order for a later set of options |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
29 |
-- to be able to remove options from this set by filtering out the negative ones |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
30 |
function handlers.options(config, field, new) |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
31 |
local options = config[field] or { }; |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
32 |
if type(new) ~= "table" then new = { new } end |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
33 |
for key, value in pairs(new) do |
6674
2d5e2ed44c22
util.sslconfig: Rename variable to avoid name clash [luacheck]
Matthew Wild <mwild1@gmail.com>
parents:
6292
diff
changeset
|
34 |
if value == true or value == false then |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
35 |
options[key] = value; |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
36 |
else -- list item |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
37 |
options[value] = true; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
end |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
40 |
rawset(config, field, options) |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
handlers.verifyext = handlers.options; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
45 |
-- finalisers take something produced by handlers and return what luasec |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
46 |
-- expects it to be |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
47 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
48 |
-- Produce a list of "positive" options from the set |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
49 |
function finalisers.options(options) |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
50 |
local output = {}; |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
51 |
for opt, enable in pairs(options) do |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
if enable then |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
53 |
output[#output+1] = opt; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
end |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
56 |
return output; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
|
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
finalisers.verifyext = finalisers.options; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
61 |
-- We allow ciphers to be a list |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
62 |
|
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
63 |
function finalisers.ciphers(cipherlist) |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
64 |
if type(cipherlist) == "table" then |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
65 |
return t_concat(cipherlist, ":"); |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
end |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
67 |
return cipherlist; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
|
8281
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7870
diff
changeset
|
70 |
-- Curve list too |
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7870
diff
changeset
|
71 |
finalisers.curveslist = finalisers.ciphers; |
a349299038ff
util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951)
Kim Alvefur <zash@zash.se>
parents:
7870
diff
changeset
|
72 |
|
10924
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9587
diff
changeset
|
73 |
-- TLS 1.3 ciphers |
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9587
diff
changeset
|
74 |
finalisers.ciphersuites = finalisers.ciphers; |
c171b4c59bd1
util.sslconfig: Process TLS 1.3-specific cipher list
Kim Alvefur <zash@zash.se>
parents:
9587
diff
changeset
|
75 |
|
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
76 |
-- Path expansion |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
77 |
function finalisers.key(path, config) |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
78 |
if type(path) == "string" then |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
79 |
return resolve_path(config._basedir, path); |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
80 |
else |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
81 |
return nil |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
82 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
83 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
84 |
finalisers.certificate = finalisers.key; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
85 |
finalisers.cafile = finalisers.key; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
86 |
finalisers.capath = finalisers.key; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
87 |
-- XXX: copied from core/certmanager.lua, but this seems odd, because it would remove a dhparam function from the config |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
88 |
finalisers.dhparam = finalisers.key; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
89 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
90 |
-- protocol = "x" should enable only that protocol |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
91 |
-- protocol = "x+" should enable x and later versions |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
92 |
|
9587
2860f8dabf35
util.sslconfig: Recognise TLS 1.3 as a protocol version
Kim Alvefur <zash@zash.se>
parents:
8558
diff
changeset
|
93 |
local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2", "tlsv1_3" }; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
96 |
-- this interacts with ssl.options as well to add no_x |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
97 |
local function protocol(config) |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
98 |
local min_protocol = protocols[config.protocol]; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
if min_protocol then |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
100 |
config.protocol = "sslv23"; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
for i = 1, min_protocol do |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
102 |
t_insert(config.options, "no_"..protocols[i]); |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
107 |
-- Merge options from 'new' config into 'config' |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
108 |
local function apply(config, new) |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
109 |
rawset(config, "_cache", nil); |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
110 |
if type(new) == "table" then |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
111 |
for field, value in pairs(new) do |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
112 |
-- exclude keys which are internal to the config builder |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
113 |
if field:sub(1, 1) ~= "_" then |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
114 |
(handlers[field] or rawset)(config, field, value); |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
115 |
end |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 |
end |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
118 |
return config |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 |
|
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
121 |
-- Finalize the config into the form LuaSec expects |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
122 |
local function final(config) |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
123 |
local output = { }; |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
124 |
for field, value in pairs(config) do |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
125 |
-- exclude keys which are internal to the config builder |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
126 |
if field:sub(1, 1) ~= "_" then |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
127 |
output[field] = (finalisers[field] or id)(value, config); |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
128 |
end |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 |
end |
7007
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
130 |
-- Need to handle protocols last because it adds to the options list |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
131 |
protocol(output); |
ddb03cc4ce04
util.sslconfig: More descriptive variable names and also comments
Kim Alvefur <zash@zash.se>
parents:
6780
diff
changeset
|
132 |
return output; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 |
|
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
135 |
local function build(config) |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
136 |
local cached = rawget(config, "_cache"); |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
137 |
if cached then |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
138 |
return cached, nil |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
139 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
140 |
|
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
141 |
local ctx, err = rawget(config, "_context_factory")(config:final(), config); |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
142 |
if ctx then |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
143 |
rawset(config, "_cache", ctx); |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
144 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
145 |
return ctx, err |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
146 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
147 |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
local sslopts_mt = { |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 |
__index = { |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 |
apply = apply; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 |
final = final; |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
152 |
build = build; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 |
}; |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
154 |
__newindex = function() |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
155 |
error("SSL config objects cannot be modified directly. Use :apply()") |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
156 |
end; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 |
}; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
|
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
159 |
|
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
160 |
-- passing basedir through everything is required to avoid sslconfig depending |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
161 |
-- on prosody.paths.config |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
162 |
local function new(context_factory, basedir) |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
163 |
return setmetatable({ |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
164 |
_context_factory = context_factory, |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
165 |
_basedir = basedir, |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
166 |
options={}, |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
167 |
}, sslopts_mt); |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
end |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 |
|
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
170 |
local function clone(config) |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
171 |
local result = new(); |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
172 |
for k, v in pairs(config) do |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
173 |
-- note that we *do* copy the internal keys on clone -- we have to carry |
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
174 |
-- both the factory and the cache with us |
12484
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
175 |
rawset(result, k, v); |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
176 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
177 |
return result |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
178 |
end |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
179 |
|
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
180 |
sslopts_mt.__index.clone = clone; |
7e9ebdc75ce4
net: isolate LuaSec-specifics
Jonas Schäfer <jonas@wielicki.name>
parents:
10924
diff
changeset
|
181 |
|
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
182 |
return { |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
183 |
apply = apply; |
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
184 |
final = final; |
12485
2ee27587fec7
net: refactor sslconfig to not depend on LuaSec
Jonas Schäfer <jonas@wielicki.name>
parents:
12484
diff
changeset
|
185 |
_new = new; |
6292
751618071e89
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
186 |
}; |