Conversation
daurnimator
left a comment
daurnimator
left a comment
There was a problem hiding this comment.
I haven't reviewed thoroughly, just made some cursory notes.
I vaguely recall that such a function wasn't required, as you could always do the verify step manually? or during some other callback.
| }; | ||
|
|
||
| static const auxL_Reg stx_globals[] = { | ||
| { "new", &stx_new }, |
There was a problem hiding this comment.
Why was this removed?
There was a problem hiding this comment.
As was mentioned in comment in src/openssl.c: X509_STORE_CTX is an temporary object used internally in OpenSSL library. On line 8930 you can find "#if 0" which disables this structure from Luaossl. At the moment I see no point in allowing an end user to create this type of object.
|
|
||
|
|
||
| static const auxL_Reg stx_methods[] = { | ||
| { "add", &stx_add }, |
There was a problem hiding this comment.
Why was this removed?
There was a problem hiding this comment.
The same situation as "stx_new".
src/openssl.c
Outdated
| x509_ctx_lua = prepsimple(L, X509_STCTX_CLASS); | ||
| *x509_ctx_lua = x509_ctx; | ||
|
|
||
| /* passed LUA callback, preferify_ok, x509_ctx */ |
src/openssl.c
Outdated
|
|
||
| ctx = SSL_get_SSL_CTX(ssl); | ||
|
|
||
| /* expect one value: LUA callback */ |
src/openssl.c
Outdated
| SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); | ||
| int mode = luaL_optinteger(L, 2, -1); | ||
| int depth = luaL_optinteger(L, 3, -1); | ||
| int error = 1; |
|
I've fixed typos and added wrapper for X509_STORE_CTX_get_error_depth |
2 participants
I need some additional certificate checking during verification. Vanilla OpenSSL library provides support for custom verify callback as described here https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_verify.html
Unfortunately luaossl doesn't support this feature at the moment. This pull request contains my proposal of this feature. I extended the openssl.context:setVerify. Now you can pass an optional third argument with a custom verify callback written in LUA. I also added X509_STCTX_CLASS with methods getCurrentCert (X509_STORE_CTX_get_current_cert) and getCert (X509_STORE_CTX_get0_cert). Both methods return openssl.x509 object.
Example: