net: isolate LuaSec-specifics

For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.
author: Jonas Schäfer <jonas@wielicki.name> 2022-04-27 17:44:14 +0200
committer: Jonas Schäfer <jonas@wielicki.name> 2022-04-27 17:44:14 +0200
commit: 38346dd6f1dcd963e17722bf175445465d7683f4 (patch)
tree: d8585ca60e8995f5967a7467916496937050a9db /net/server_select.lua
parent: 07ee0f44708425c9cfb9381b9030692550a8cf32 (diff)
download: prosody-38346dd6f1dcd963e17722bf175445465d7683f4.tar.gz
prosody-38346dd6f1dcd963e17722bf175445465d7683f4.zip
1 files changed, 15 insertions, 3 deletions
diff --git a/net/server_select.lua b/net/server_select.lua
index eea850ce..51439fca 100644
--- a/net/server_select.lua
+++ b/net/server_select.lua
@@ -359,6 +359,18 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
 	handler.sslctx = function ( )
 		return sslctx
 	end
+	handler.ssl_info = function( )
+		return socket.info and socket:info()
+	end
+	handler.ssl_peercertificate = function( )
+		return socket.getpeercertificate and socket:getpeercertificate()
+	end
+	handler.ssl_peerverification = function( )
+		return socket.getpeerverification and socket:getpeerverification()
+	end
+	handler.ssl_peerfinished = function( )
+		return socket.getpeerfinished and socket:getpeerfinished()
+	end
 	handler.send = function( _, data, i, j )
 		return send( socket, data, i, j )
 	end
@@ -652,7 +664,7 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
 			end
 			out_put( "server.lua: attempting to start tls on " .. tostring( socket ) )
 			local oldsocket, err = socket
-			socket, err = ssl_wrap( socket, sslctx )	-- wrap socket
+			socket, err = sslctx:wrap(socket)	-- wrap socket
 
 			if not socket then
 				out_put( "server.lua: error while starting tls on client: ", tostring(err or "unknown error") )
@@ -662,8 +674,8 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
 			if socket.sni then
 				if self.servername then
 					socket:sni(self.servername);
-				elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then
-					socket:sni(self.server().hosts, true);
+				elseif next(sslctx._sni_contexts) ~= nil then
+					socket:sni(sslctx._sni_contexts, true);
 				end
 			end
author	Jonas Schäfer <jonas@wielicki.name>	2022-04-27 17:44:14 +0200
committer	Jonas Schäfer <jonas@wielicki.name>	2022-04-27 17:44:14 +0200
commit	38346dd6f1dcd963e17722bf175445465d7683f4 (patch)
tree	d8585ca60e8995f5967a7467916496937050a9db /net/server_select.lua
parent	07ee0f44708425c9cfb9381b9030692550a8cf32 (diff)
download	prosody-38346dd6f1dcd963e17722bf175445465d7683f4.tar.gz prosody-38346dd6f1dcd963e17722bf175445465d7683f4.zip