aboutsummaryrefslogtreecommitdiffstats
path: root/util/sslconfig.lua
blob: 71f27c9460f6548ab816e843d8012ddef25425c1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
local type = type;
local pairs = pairs;
local rawset = rawset;
local t_concat = table.concat;
local t_insert = table.insert;
local setmetatable = setmetatable;

local _ENV = nil;

local handlers = { };
local finalisers = { };
local id = function (v) return v end

function handlers.options(a, k, b)
	local o = a[k] or { };
	if type(b) ~= "table" then b = { b } end
	for key, value in pairs(b) do
		if value == true or value == false then
			o[key] = value;
		else
			o[value] = true;
		end
	end
	a[k] = o;
end

handlers.verify = handlers.options;
handlers.verifyext = handlers.options;

function finalisers.options(a)
	local o = {};
	for opt, enable in pairs(a) do
		if enable then
			o[#o+1] = opt;
		end
	end
	return o;
end

finalisers.verify = finalisers.options;
finalisers.verifyext = finalisers.options;

function finalisers.ciphers(a)
	if type(a) == "table" then
		return t_concat(a, ":");
	end
	return a;
end

local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end

local function protocol(a)
	local min_protocol = protocols[a.protocol];
	if min_protocol then
		a.protocol = "sslv23";
		for i = 1, min_protocol do
			t_insert(a.options, "no_"..protocols[i]);
		end
	end
end

local function apply(a, b)
	if type(b) == "table" then
		for k,v in pairs(b) do
			(handlers[k] or rawset)(a, k, v);
		end
	end
end

local function final(a)
	local f = { };
	for k,v in pairs(a) do
		f[k] = (finalisers[k] or id)(v);
	end
	protocol(f);
	return f;
end

local sslopts_mt = {
	__index = {
		apply = apply;
		final = final;
	};
};

local function new()
	return setmetatable({options={}}, sslopts_mt);
end

return {
	apply = apply;
	final = final;
	new = new;
};