luaossl
luaossl copied to clipboard
wahern
Most comprehensive OpenSSL module in the Lua universe.
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html This new api replaces the older `HostNameCallback`. Should support yielding via > A callback may also return a negative value to suspend the handshake, and the handshake function will...
Only available in openssl 1.1.0+ - `CTLOG_STORE` module (see `man CTLOG_STORE_new`) - `CTLOG_STORE_load_default_file` (which appends) - `CTLOG_STORE_load_file` (which appends) - (low priority) `CTLOG_STORE_get0_log_by_id`. Needs `CTLOG` module - `SSL_CTX_set0_ctlog_store` and `SSL_CTX_get0_ctlog_store`...
Continuing https://github.com/wahern/luaossl/issues/75#issuecomment-266281607
```C int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); int SSL_set_min_proto_version(SSL *ssl, int version); int SSL_set_max_proto_version(SSL *ssl, int version); ``` These functions are new in openssl 1.1.0 and...
- [x] Way to read OCSP url from cert (related to #12) To implement an OCSP validating client - [x] Way to call `SSL_set_tlsext_status_type(mySSL, TLSEXT_STATUSTYPE_ocsp)` on an `SSL` object _before_...
TLS False Start allows for less round trips to start an SSL connection http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#TLS_FALSE_START It's supported by all major browsers as long as ALPN is used. On some openssl forks...
``` C static void randL_checkpid(struct randL_state *st) { if (st->pid != getpid()) (void)randL_stir(st, 16); } /* randL_checkpid() */ ``` ^^ This code is currently used to ensure that a forked...
Current the bignum bitops are not bound https://www.openssl.org/docs/crypto/BN_set_bit.html Lua5.3 has bitwise operators+metamethods we can use. For other luas, make them available as methods (might as well do with other operations...
From https://github.com/wahern/luaossl/commit/c6a00deb359b38ec72aeeba3b07a22fdda209dbc#commitcomment-10810431 > I need to either make it optional at runtime to pin the module, or implement > dladdr on AIX. Actually, both should happen eventually.
extensions currently do not have a `__tostring` metamethod. Add one that uses `X509V3_EXT_print`.