nixio: Export more constants, introduce {g,s}et{g,u}id, getpid, getppid

[oweals/luci.git] / libs / nixio / src / tls-context.c

diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c
index 723f8a85fdfca3610f2cb7c82dd16a10ddce0bbe..bcbe1fc2428ce2af9ace88bad7c029184de7c94d 100644 (file)
--- a/libs/nixio/src/tls-context.c
+++ b/libs/nixio/src/tls-context.c
@@ -16,12 +16,8 @@
  *  limitations under the License.
  */
 
-#include "nixio.h"
-#include "string.h"
-
-#ifndef WITHOUT_OPENSSL
-#include <openssl/ssl.h>
-#endif
+#include "nixio-tls.h"
+#include <string.h>
 
 static SSL_CTX* nixio__checktlsctx(lua_State *L) {
        SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
@@ -47,14 +43,16 @@ static int nixio__tls_pstatus(lua_State *L, int code) {
 static int nixio_tls_ctx(lua_State * L) {
        const char *method = luaL_optlstring(L, 1, "tlsv1", NULL);
 
+       luaL_getmetatable(L, NIXIO_TLS_CTX_META);
        SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *));
        if (!ctx) {
                return luaL_error(L, "out of memory");
        }
 
        /* create userdata */
-       luaL_getmetatable(L, NIXIO_TLS_CTX_META);
+       lua_pushvalue(L, -2);
        lua_setmetatable(L, -2);
+       lua_getfield(L, -1, "tls_defaultkey");
 
        if (!strcmp(method, "tlsv1")) {
                *ctx = SSL_CTX_new(TLSv1_method());
@@ -64,13 +62,18 @@ static int nixio_tls_ctx(lua_State * L) {
                return luaL_argerror(L, 1, "supported values: tlsv1, sslv23");
        }
 
-
-       SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-
        if (!(*ctx)) {
                return luaL_error(L, "unable to create TLS context");
        }
 
+       const char *autoload = lua_tostring(L, -1);
+       if (autoload) {
+               SSL_CTX_use_PrivateKey_file(*ctx, autoload, SSL_FILETYPE_PEM);
+       }
+       lua_pop(L, 1);
+
+       SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
        return 1;
 }
 
@@ -78,24 +81,37 @@ static int nixio_tls_ctx_create(lua_State *L) {
        SSL_CTX *ctx = nixio__checktlsctx(L);
        int fd = nixio__checkfd(L, 2);
 
-       SSL **sock = lua_newuserdata(L, sizeof(SSL *));
+       lua_createtable(L, 0, 3);
+       nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock));
        if (!sock) {
                return luaL_error(L, "out of memory");
        }
+       memset(sock, 0, sizeof(nixio_tls_sock));
 
        /* create userdata */
        luaL_getmetatable(L, NIXIO_TLS_SOCK_META);
-       lua_setmetatable(L, -2);
+       lua_pushvalue(L, -1);
+       lua_setmetatable(L, -3);
 
-       *sock = SSL_new(ctx);
-       if (!(*sock)) {
+       sock->socket = SSL_new(ctx);
+       if (!sock->socket) {
                return nixio__tls_perror(L, 0);
        }
 
-       if (SSL_set_fd(*sock, fd) != 1) {
+       if (SSL_set_fd(sock->socket, fd) != 1) {
                return nixio__tls_perror(L, 0);
        }
 
+       /* save context and socket to prevent GC from collecting them */
+       lua_setmetatable(L, -3);
+       lua_setfield(L, -2, "connection");
+
+       lua_pushvalue(L, 1);
+       lua_setfield(L, -2, "context");
+
+       lua_pushvalue(L, 2);
+       lua_setfield(L, -2, "socket");
+
        return 1;
 }
 
@@ -193,10 +209,21 @@ void nixio_open_tls_context(lua_State *L) {
     /* register module functions */
     luaL_register(L, NULL, R);
 
+#ifndef WITH_AXTLS
+    lua_pushliteral(L, "openssl");
+#else
+    lua_pushliteral(L, "axtls");
+#endif
+    lua_setfield(L, -2, "tls_provider");
+
        /* create context metatable */
        luaL_newmetatable(L, NIXIO_TLS_CTX_META);
        lua_pushvalue(L, -1);
        lua_setfield(L, -2, "__index");
        luaL_register(L, NULL, CTX_M);
-       lua_pop(L, 1);
+#ifdef WITH_AXTLS
+    lua_pushliteral(L, "/etc/private.rsa");
+    lua_setfield(L, -2, "tls_defaultkey");
+#endif
+       lua_setfield(L, -2, "meta_tls_context");
 }