diff options
| author | Jonas Schäfer <jonas@wielicki.name> | 2022-04-27 17:44:14 +0200 |
|---|---|---|
| committer | Jonas Schäfer <jonas@wielicki.name> | 2022-04-27 17:44:14 +0200 |
| commit | 38346dd6f1dcd963e17722bf175445465d7683f4 (patch) | |
| tree | d8585ca60e8995f5967a7467916496937050a9db /net/server_event.lua | |
| parent | 07ee0f44708425c9cfb9381b9030692550a8cf32 (diff) | |
| download | prosody-38346dd6f1dcd963e17722bf175445465d7683f4.tar.gz prosody-38346dd6f1dcd963e17722bf175445465d7683f4.zip | |
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
Diffstat (limited to 'net/server_event.lua')
| -rw-r--r-- | net/server_event.lua | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/net/server_event.lua b/net/server_event.lua index c30181b8..dfd94db4 100644 --- a/net/server_event.lua +++ b/net/server_event.lua @@ -47,7 +47,7 @@ local s_sub = string.sub local coroutine_wrap = coroutine.wrap local coroutine_yield = coroutine.yield -local has_luasec, ssl = pcall ( require , "ssl" ) +local has_luasec = pcall ( require , "ssl" ) local socket = require "socket" local levent = require "luaevent.core" local inet = require "util.net"; @@ -153,7 +153,7 @@ function interface_mt:_start_ssl(call_onconnect) -- old socket will be destroyed _ = self.eventwrite and self.eventwrite:close( ) self.eventread, self.eventwrite = nil, nil local err - self.conn, err = ssl.wrap( self.conn, self._sslctx ) + self.conn, err = self._sslctx:wrap(self.conn) if err then self.fatalerror = err self.conn = nil -- cannot be used anymore @@ -168,8 +168,8 @@ function interface_mt:_start_ssl(call_onconnect) -- old socket will be destroyed if self.conn.sni then if self.servername then self.conn:sni(self.servername); - elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then - self.conn:sni(self._server.hosts, true); + elseif next(self._sslctx._sni_contexts) ~= nil then + self.conn:sni(self._sslctx._sni_contexts, true); end end @@ -274,6 +274,26 @@ function interface_mt:pause() return self:_lock(self.nointerface, true, self.nowriting); end +function interface_mt:sslctx() + return self._sslctx +end + +function interface_mt:ssl_info() + return self.conn.info and self.conn:info() +end + +function interface_mt:ssl_peercertificate() + return self.conn.getpeercertificate and self.conn:getpeercertificate() +end + +function interface_mt:ssl_peerverification() + return self.conn.getpeerverification and self.conn:getpeerverification() +end + +function interface_mt:ssl_peerfinished() + return self.conn.getpeerfinished and self.conn:getpeerfinished() +end + function interface_mt:resume() self:_lock(self.nointerface, false, self.nowriting); if self.readcallback and not self.eventread then |