1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
-- util to easily merge multiple sets of LuaSec context options
local type = type;
local pairs = pairs;
local rawset = rawset;
local t_concat = table.concat;
local t_insert = table.insert;
local setmetatable = setmetatable;
local _ENV = nil;
local handlers = { };
local finalisers = { };
local id = function (v) return v end
-- All "handlers" behave like extended rawset(table, key, value) with extra
-- processing usually merging the new value with the old in some reasonable
-- way
-- If a field does not have a defined handler then a new value simply
-- replaces the old.
-- Convert either a list or a set into a special type of set where each
-- item is either positive or negative in order for a later set of options
-- to be able to remove options from this set by filtering out the negative ones
function handlers.options(config, field, new)
local options = config[field] or { };
if type(new) ~= "table" then new = { new } end
for key, value in pairs(new) do
if value == true or value == false then
options[key] = value;
else -- list item
options[value] = true;
end
end
config[field] = options;
end
handlers.verifyext = handlers.options;
-- finalisers take something produced by handlers and return what luasec
-- expects it to be
-- Produce a list of "positive" options from the set
function finalisers.options(options)
local output = {};
for opt, enable in pairs(options) do
if enable then
output[#output+1] = opt;
end
end
return output;
end
finalisers.verifyext = finalisers.options;
-- We allow ciphers to be a list
function finalisers.ciphers(cipherlist)
if type(cipherlist) == "table" then
return t_concat(cipherlist, ":");
end
return cipherlist;
end
-- protocol = "x" should enable only that protocol
-- protocol = "x+" should enable x and later versions
local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
-- this interacts with ssl.options as well to add no_x
local function protocol(config)
local min_protocol = protocols[config.protocol];
if min_protocol then
config.protocol = "sslv23";
for i = 1, min_protocol do
t_insert(config.options, "no_"..protocols[i]);
end
end
end
-- Merge options from 'new' config into 'config'
local function apply(config, new)
if type(new) == "table" then
for field, value in pairs(new) do
(handlers[field] or rawset)(config, field, value);
end
end
end
-- Finalize the config into the form LuaSec expects
local function final(config)
local output = { };
for field, value in pairs(config) do
output[field] = (finalisers[field] or id)(value);
end
-- Need to handle protocols last because it adds to the options list
protocol(output);
return output;
end
local sslopts_mt = {
__index = {
apply = apply;
final = final;
};
};
local function new()
return setmetatable({options={}}, sslopts_mt);
end
return {
apply = apply;
final = final;
new = new;
};
|
