diff options
author | Kim Alvefur <zash@zash.se> | 2014-07-03 15:27:49 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2014-07-03 15:27:49 +0200 |
commit | 958d9530ea2211b545757a78904fef5276ec5483 (patch) | |
tree | 16e66b9d3a8a73ed6fcb4383bc25dc19f2d3c039 /util | |
parent | 3b2bde4646d3039cdb25fd847c0d756136a5c43c (diff) | |
download | prosody-958d9530ea2211b545757a78904fef5276ec5483.tar.gz prosody-958d9530ea2211b545757a78904fef5276ec5483.zip |
util.sslconfig: Add lib to deal with LuaSec SSL context configs
Diffstat (limited to 'util')
-rw-r--r-- | util/sslconfig.lua | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/util/sslconfig.lua b/util/sslconfig.lua new file mode 100644 index 00000000..98e61341 --- /dev/null +++ b/util/sslconfig.lua @@ -0,0 +1,87 @@ + +local handlers = { }; +local finalisers = { }; +local id = function (v) return v end + +function handlers.options(a, k, b) + local o = a[k] or { }; + if type(b) ~= "table" then b = { b } end + for k,v in pairs(b) do + if v == true or v == false then + o[k] = v; + else + o[v] = true; + end + end + a[k] = o; +end + +handlers.verify = handlers.options; +handlers.verifyext = handlers.options; + +function finalisers.options(a) + local o = {}; + for opt, enable in pairs(a) do + if enable then + o[#o+1] = opt; + end + end + return o; +end + +finalisers.verify = finalisers.options; +finalisers.verifyext = finalisers.options; + +function finalisers.ciphers(a) + if type(a) == "table" then + return table.concat(a, ":"); + end + return a; +end + +local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" }; +for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end + +local function protocol(a) + local min_protocol = protocols[a.protocol]; + if min_protocol then + a.protocol = "sslv23"; + for i = 1, min_protocol do + table.insert(a.options, "no_"..protocols[i]); + end + end +end + +local function apply(a, b) + if type(b) == "table" then + for k,v in pairs(b) do + (handlers[k] or rawset)(a, k, v); + end + end +end + +local function final(a) + local f = { }; + for k,v in pairs(a) do + f[k] = (finalisers[k] or id)(v); + end + protocol(f); + return f; +end + +local sslopts_mt = { + __index = { + apply = apply; + final = final; + }; +}; + +local function new() + return setmetatable({options={}}, sslopts_mt); +end + +return { + apply = apply; + final = final; + new = new; +}; |