aboutsummaryrefslogtreecommitdiffstats
path: root/util/sslconfig.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-07-04 23:05:27 +0200
committerKim Alvefur <zash@zash.se>2014-07-04 23:05:27 +0200
commit4ee00880c225db985b26614eeb0b3d0d39487c99 (patch)
tree41f4db74c0b05563f71d07478a4d8b3c106359af /util/sslconfig.lua
parent6c75e23434fd4ba3eed580582ade3ad8337fd585 (diff)
parent260fc78e4095f1e4ed74d4e76dc1eb23713bacf1 (diff)
downloadprosody-4ee00880c225db985b26614eeb0b3d0d39487c99.tar.gz
prosody-4ee00880c225db985b26614eeb0b3d0d39487c99.zip
Merge 0.10->trunk
Diffstat (limited to 'util/sslconfig.lua')
-rw-r--r--util/sslconfig.lua87
1 files changed, 87 insertions, 0 deletions
diff --git a/util/sslconfig.lua b/util/sslconfig.lua
new file mode 100644
index 00000000..98e61341
--- /dev/null
+++ b/util/sslconfig.lua
@@ -0,0 +1,87 @@
+
+local handlers = { };
+local finalisers = { };
+local id = function (v) return v end
+
+function handlers.options(a, k, b)
+ local o = a[k] or { };
+ if type(b) ~= "table" then b = { b } end
+ for k,v in pairs(b) do
+ if v == true or v == false then
+ o[k] = v;
+ else
+ o[v] = true;
+ end
+ end
+ a[k] = o;
+end
+
+handlers.verify = handlers.options;
+handlers.verifyext = handlers.options;
+
+function finalisers.options(a)
+ local o = {};
+ for opt, enable in pairs(a) do
+ if enable then
+ o[#o+1] = opt;
+ end
+ end
+ return o;
+end
+
+finalisers.verify = finalisers.options;
+finalisers.verifyext = finalisers.options;
+
+function finalisers.ciphers(a)
+ if type(a) == "table" then
+ return table.concat(a, ":");
+ end
+ return a;
+end
+
+local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
+for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
+
+local function protocol(a)
+ local min_protocol = protocols[a.protocol];
+ if min_protocol then
+ a.protocol = "sslv23";
+ for i = 1, min_protocol do
+ table.insert(a.options, "no_"..protocols[i]);
+ end
+ end
+end
+
+local function apply(a, b)
+ if type(b) == "table" then
+ for k,v in pairs(b) do
+ (handlers[k] or rawset)(a, k, v);
+ end
+ end
+end
+
+local function final(a)
+ local f = { };
+ for k,v in pairs(a) do
+ f[k] = (finalisers[k] or id)(v);
+ end
+ protocol(f);
+ return f;
+end
+
+local sslopts_mt = {
+ __index = {
+ apply = apply;
+ final = final;
+ };
+};
+
+local function new()
+ return setmetatable({options={}}, sslopts_mt);
+end
+
+return {
+ apply = apply;
+ final = final;
+ new = new;
+};