luaossl icon indicating copy to clipboard operation
luaossl copied to clipboard

Published 20 hours ago verified publisher icon wahern

Added support for verify callback

Open bigben93 opened this issue 2 years ago • 1 comments

I need some additional certificate checking during verification. Vanilla OpenSSL library provides support for custom verify callback as described here https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_verify.html

Unfortunately luaossl doesn't support this feature at the moment. This pull request contains my proposal of this feature. I extended the openssl.context:setVerify. Now you can pass an optional third argument with a custom verify callback written in LUA. I also added X509_STCTX_CLASS with methods getCurrentCert (X509_STORE_CTX_get_current_cert) and getCert (X509_STORE_CTX_get0_cert). Both methods return openssl.x509 object.

Example:

...
local function verifyCallback(preverify, x509Ctx)
    local cert = x509Ctx:getCert()
    print(cert:getSubject())
    return preverify
end
...
ctx:setVerify(yourFlags, nil, verifyCallback)
...

bigben93 avatar Nov 14 '22 11:11 bigben93

I've fixed typos and added wrapper for X509_STORE_CTX_get_error_depth

bigben93 avatar Aug 21 '23 08:08 bigben93