luaossl icon indicating copy to clipboard operation
luaossl copied to clipboard

Published 20 hours ago verified publisher icon wahern

Support SSL_CTX_use_certificate_chain_file and SSL_CTX_use_private_key_file

Open Mehgugs opened this issue 4 years ago • 4 comments

  • ctx:setCertificateFromFile calls SSL_CTX_use_certificate_chain_file to add a certificate chain from a pem encoded file specified by the string argument path.

  • ctx:setPrivateKeyFromFile calls SSL_CTX_use_private_key_file to add a private key from a PEM or ASN1 encoded file using the string argument path and filetype integer flag argument. The filetype is optional and will default to PEM if not specified.

  • openssl.filetypes is a new table in the openssl module which contains the two filetypes used by setPrivateKeyFromFile. The .PEM field is the value of SSL_FILETYPE_PEM and the .ASN1 field is the value of SSL_FILETYPE_ASN1.

Mehgugs avatar Jul 24 '21 22:07 Mehgugs

I'll do another commit adding tex when I'm finished with the code.

Support for DER encoded private keys (SSL_FILETYPE_ASN1) in SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added in 0.9.8.

Will this need to be reflected with a version pre-req somehow?

Mehgugs avatar Aug 01 '21 14:08 Mehgugs

Hello, in the meantime how can one load a certificate and a key from files on the current version available from Luarocks?

Simon-L avatar Jul 05 '24 12:07 Simon-L

Hello, in the meantime how can one load a certificate and a key from files on the current version available from Luarocks?

local Pkey        = require "openssl.pkey"
local Crt         = require "openssl.x509"
local Chain       = require"openssl.x509.chain"

local function decode_fullchain(crtfile, iscontent)
    local crtf  = assert(io.open(crtfile, "r"))
    local crttxt = crtf:read"a"
    crtf:close()

    local crts, pos = {}, 1

    repeat
        local st, ed = crttxt:find("-----BEGIN CERTIFICATE-----", pos, true)
        if st then
            local st2, ed2 = crttxt:find("-----END CERTIFICATE-----", ed + 1, true)
            if st2 then
                table.insert(crts, crttxt:sub(st, ed2))
                pos = ed2+1
            end
        end
    until st == nil

    local chain = Chain.new()
    local primary = asserts(Crt.new(crts[1]))
    for i = 2, #crts do
        local crt = asserts(Crt.new(crts[i]))
        chain:add(crt)
    end
    return primary,chain
end

function example_usage(ctx, crtpath, keypath) 
    local keyfile = asserts(openf(keypath, "r"))
    local primary,crt = decode_fullchain(crtpath)
    asserts(ctx:setPrivateKey(Pkey.new(keyfile:read"a")))
    asserts(ctx:setCertificate(primary))
    asserts(ctx:setCertificateChain(crt))
    keyfile:close()
end

This is my "good enough" solution but it doesnt really address all the situtations covered by these two functions.

Apologies for not continuing to develop this PR further; I am a consumer of this library by way of lua-http and cqueues and it was easier for me to set up a reverse proxy to handle all the https and have the lua processes all run behind that.

Mehgugs avatar Jul 09 '24 09:07 Mehgugs