From 563a083adcaac34816e7cdcb683b4a230db59825 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Wed, 29 May 2013 17:53:57 -0400 Subject: [PATCH 01/18] context.c: const correctness --- src/context.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/context.c b/src/context.c index 53e3d3a..68deec2 100644 --- a/src/context.c +++ b/src/context.c @@ -42,7 +42,7 @@ static int set_option_flag(const char *opt, unsigned long *flag) /** * Find the protocol. */ -static SSL_METHOD* str2method(const char *method) +const static SSL_METHOD* str2method(const char *method) { if (!strcmp(method, "sslv3")) return SSLv3_method(); if (!strcmp(method, "tlsv1")) return TLSv1_method(); @@ -103,7 +103,7 @@ static int passwd_cb(char *buf, int size, int flag, void *udata) static int create(lua_State *L) { p_context ctx; - SSL_METHOD *method; + const SSL_METHOD *method; method = str2method(luaL_checkstring(L, 1)); if (!method) { From aa74aac368cca9691ed0ea71adbcd3464ab6646a Mon Sep 17 00:00:00 2001 From: daurnimator Date: Wed, 29 May 2013 18:14:29 -0400 Subject: [PATCH 02/18] .gitignore: Ignore object files and sample certs --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3c2aa44 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +*.o +ssl.so +samples/certs/*.pem +samples/certs/*.srl +samples/key/*.pem From 8aa87ef1be3d9a569b34f7d4d49799283d4c9605 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:07:29 -0400 Subject: [PATCH 03/18] Add stats function to context --- src/context.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/context.c b/src/context.c index 68deec2..3c8d684 100644 --- a/src/context.c +++ b/src/context.c @@ -297,6 +297,40 @@ static int set_mode(lua_State *L) return 1; } +/** + * Return a table of context statistics + */ +static int ctx_stats(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + lua_createtable(L,0,12); + lua_pushnumber(L, SSL_CTX_sess_number(ctx)); + lua_setfield(L,-2,"number"); + lua_pushnumber(L, SSL_CTX_sess_connect(ctx)); + lua_setfield(L,-2,"connect"); + lua_pushnumber(L, SSL_CTX_sess_connect_good(ctx)); + lua_setfield(L,-2,"connect_good"); + lua_pushnumber(L, SSL_CTX_sess_connect_renegotiate(ctx)); + lua_setfield(L,-2,"connect_renegotiate"); + lua_pushnumber(L, SSL_CTX_sess_accept(ctx)); + lua_setfield(L,-2,"accept"); + lua_pushnumber(L, SSL_CTX_sess_accept_good(ctx)); + lua_setfield(L,-2,"accept_good"); + lua_pushnumber(L, SSL_CTX_sess_accept_renegotiate(ctx)); + lua_setfield(L,-2,"accept_renegotiate"); + lua_pushnumber(L, SSL_CTX_sess_hits(ctx)); + lua_setfield(L,-2,"hits"); + lua_pushnumber(L, SSL_CTX_sess_cb_hits(ctx)); + lua_setfield(L,-2,"cb_hits"); + lua_pushnumber(L, SSL_CTX_sess_misses(ctx)); + lua_setfield(L,-2,"misses"); + lua_pushnumber(L, SSL_CTX_sess_timeouts(ctx)); + lua_setfield(L,-2,"timeouts"); + lua_pushnumber(L, SSL_CTX_sess_cache_full(ctx)); + lua_setfield(L,-2,"cache_full"); + return 1; +} + /** * Return a pointer to SSL_CTX structure. */ @@ -320,6 +354,7 @@ static luaL_Reg funcs[] = { {"setverify", set_verify}, {"setoptions", set_options}, {"setmode", set_mode}, + {"stats", ctx_stats}, {"rawcontext", raw_ctx}, {NULL, NULL} }; From ad494fb9d15358cace1b9d015cec0ddd5c015c2d Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:11:55 -0400 Subject: [PATCH 04/18] Add session type; (s,g)etsession to ssl objects --- src/Makefile | 1 + src/session.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/session.h | 20 +++++++++++++++++ src/ssl.c | 30 ++++++++++++++++++++++++++ 4 files changed, 111 insertions(+) create mode 100644 src/session.c create mode 100644 src/session.h diff --git a/src/Makefile b/src/Makefile index 9b9520d..3adf964 100644 --- a/src/Makefile +++ b/src/Makefile @@ -7,6 +7,7 @@ OBJS= \ io.o \ usocket.o \ context.o \ + session.o \ ssl.o LIBS=-lssl -lcrypto diff --git a/src/session.c b/src/session.c new file mode 100644 index 0000000..2619efb --- /dev/null +++ b/src/session.c @@ -0,0 +1,60 @@ +/*-------------------------------------------------------------------------- + * + * Copyright (C) 2013 Daurnimator + * + *--------------------------------------------------------------------------*/ + +#include +#include + +#include "session.h" + +static void check_mt(lua_State *L); + +void pushSSL_SESSION (lua_State *L, SSL_SESSION *p) { + check_mt(L); + *(SSL_SESSION **)lua_newuserdata(L,sizeof(SSL_SESSION *)) = p; + luaL_getmetatable(L, "SSL:Session"); + lua_setmetatable(L, -2); +} + +SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg) { + return *(SSL_SESSION **)luaL_checkudata(L, narg, "SSL:Session"); +} + +/** + * Collect SSL session -- GC metamethod. + */ +static int session_free(lua_State *L) +{ + SSL_SESSION_free(checkSSL_SESSION(L, 1)); + return 0; +} + +/** + * SSL session -- tostring metamethod. + */ +static int session_tostring(lua_State *L) +{ + lua_pushfstring(L, "SSL session: %p", checkSSL_SESSION(L, 1)); + return 1; +} + +/** + * Session metamethods + */ +static luaL_Reg meta[] = { + {"__gc", session_free}, + {"__tostring", session_tostring}, + {NULL, NULL} +}; + +static void check_mt(lua_State *L) { + if (luaL_newmetatable(L, "SSL:Session")) { + /* meta.__index = meta */ + lua_pushvalue(L,-1); + lua_setfield(L,-2,"__index"); + + luaL_register(L, NULL, meta); + } +} diff --git a/src/session.h b/src/session.h new file mode 100644 index 0000000..dbf9eb2 --- /dev/null +++ b/src/session.h @@ -0,0 +1,20 @@ +#ifndef __SESSION_H__ +#define __SESSION_H__ + +/*-------------------------------------------------------------------------- + * + * Copyright (C) 2013 Daurnimator + * + *--------------------------------------------------------------------------*/ + +#include +#include + +#include "context.h" + +void pushSSL_SESSION (lua_State *L, SSL_SESSION *p); +SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg); + +LUASEC_API int luaopen_ssl_session(lua_State *L); + +#endif diff --git a/src/ssl.c b/src/ssl.c index bb5bbc7..14c4c21 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17,6 +17,7 @@ #include "timeout.h" #include "socket.h" #include "ssl.h" +#include "session.h" /** * Map error code into string. @@ -354,6 +355,33 @@ static int meth_rawconn(lua_State *L) return 1; } +/** + * Returns the session used by the SSL object + */ +static int meth_getsession(lua_State *L) +{ + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + pushSSL_SESSION(L,SSL_get1_session(ssl->ssl)); + return 1; +} + +/** + * Returns the session used by the SSL object + */ +static int meth_setsession(lua_State *L) +{ + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + SSL_SESSION *sess = checkSSL_SESSION(L, 2); + if (!SSL_set_session(ssl->ssl, sess)) { + lua_pushnil(L); + lua_pushstring(L,ERR_reason_error_string(ERR_get_error())); + return 2; + } + + lua_pushboolean(L,1); + return 1; +} + /*---------------------------------------------------------------------------*/ @@ -369,6 +397,8 @@ static luaL_Reg meta[] = { {"send", meth_send}, {"settimeout", meth_settimeout}, {"want", meth_want}, + {"getsession", meth_getsession}, + {"setsession", meth_setsession}, {NULL, NULL} }; From d090f4a272667bf99ef646977442861bca128163 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:12:20 -0400 Subject: [PATCH 05/18] session: Add `asn1` method --- src/session.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/session.c b/src/session.c index 2619efb..8fc1d9d 100644 --- a/src/session.c +++ b/src/session.c @@ -31,6 +31,20 @@ static int session_free(lua_State *L) return 0; } +/** + * Returns ASN1 representation of session + */ +static int session_asn1(lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + int len = i2d_SSL_SESSION(sess , NULL); + /* Allocate room for ASN1 representation on lua stack */ + void* buff = lua_newuserdata(L,len); + i2d_SSL_SESSION(sess , (unsigned char**)&buff); + lua_pushlstring(L, (char*)buff, len); + return 1; +} + /** * SSL session -- tostring metamethod. */ @@ -46,6 +60,7 @@ static int session_tostring(lua_State *L) static luaL_Reg meta[] = { {"__gc", session_free}, {"__tostring", session_tostring}, + {"asn1", session_asn1}, {NULL, NULL} }; From 6a83c1a723b7cc1bfa915fb91a6c2d37aa5ebff8 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:19:01 -0400 Subject: [PATCH 06/18] session: prevent double frees on manual __gc invocation --- src/session.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/session.c b/src/session.c index 8fc1d9d..d31187e 100644 --- a/src/session.c +++ b/src/session.c @@ -19,7 +19,12 @@ void pushSSL_SESSION (lua_State *L, SSL_SESSION *p) { } SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg) { - return *(SSL_SESSION **)luaL_checkudata(L, narg, "SSL:Session"); + SSL_SESSION **psess = (SSL_SESSION **)luaL_checkudata(L, narg, "SSL:Session"); + if(psess == NULL) { + /* Doesn't return */ + luaL_argerror(L, narg, "freed session"); + } + return *psess; } /** @@ -27,7 +32,11 @@ SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg) { */ static int session_free(lua_State *L) { - SSL_SESSION_free(checkSSL_SESSION(L, 1)); + SSL_SESSION **psess = luaL_checkudata(L, 1, "SSL:Session"); + if (psess != NULL) { + SSL_SESSION_free(*psess); + psess = NULL; + } return 0; } From a87f56d269a3153c3d18f496c2b48b341bf909c1 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:25:33 -0400 Subject: [PATCH 07/18] context: Add setsessionidcontext and setsessioncachemode --- src/context.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 2 deletions(-) diff --git a/src/context.c b/src/context.c index 3c8d684..56dec01 100644 --- a/src/context.c +++ b/src/context.c @@ -124,8 +124,6 @@ static int create(lua_State *L) return 2; } ctx->mode = MD_CTX_INVALID; - /* No session support */ - SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF); luaL_getmetatable(L, "SSL:Context"); lua_setmetatable(L, -2); return 1; @@ -297,6 +295,81 @@ static int set_mode(lua_State *L) return 1; } +/** + * Set context's session id context, see SSL_CTX_set_session_id_context(3) + */ +static int set_session_id_context(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + size_t len; + const unsigned char *str = (const unsigned char*)luaL_checklstring(L,2,&len); + if (SSL_CTX_set_session_id_context(ctx,str,len) == 1) { + lua_pushboolean(L,1); + return 1; + } else { + lua_pushboolean(L,0); + lua_pushfstring(L, "error setting session id (%s)", + ERR_reason_error_string(ERR_get_error())); + return 2; + } +} + +/** + * Set context's session cache mode, see SSL_CTX_set_session_cache_mode(3) + * Takes a vararg of items to be or'd together + */ +static int set_session_cache_mode(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + long mode = 0; + const char *str; + int i; + int top = lua_gettop(L); + for (i=2;i<=top;i++) { + switch(lua_type(L,i)) { + case LUA_TBOOLEAN: + if (lua_toboolean(L,i)) { + mode |= SSL_SESS_CACHE_BOTH; + } else { + mode |= SSL_SESS_CACHE_OFF; + } + break; + case LUA_TSTRING: + str = lua_tostring(L,i); + if (!strcmp("off",str)) { + mode |= SSL_SESS_CACHE_OFF; + break; + } else if (!strcmp("client",str)) { + mode |= SSL_SESS_CACHE_CLIENT; + break; + } else if (!strcmp("server",str)) { + mode |= SSL_SESS_CACHE_SERVER; + break; + } else if (!strcmp("both",str)) { + mode |= SSL_SESS_CACHE_BOTH; + break; + } else if (!strcmp("no_auto_clear",str)) { + mode |= SSL_SESS_CACHE_NO_AUTO_CLEAR; + break; + } else if (!strcmp("no_internal_lookup",str)) { + mode |= SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; + break; + } else if (!strcmp("no_internal_store",str)) { + mode |= SSL_SESS_CACHE_NO_INTERNAL_STORE; + break; + } else if (!strcmp("no_internal",str)) { + mode |= SSL_SESS_CACHE_NO_INTERNAL; + break; + } + default: + return luaL_argerror(L,i,"unknown session cache mode"); + } + } + SSL_CTX_set_session_cache_mode(ctx,mode); + lua_pushboolean(L,1); + return 1; +} + /** * Return a table of context statistics */ @@ -354,6 +427,8 @@ static luaL_Reg funcs[] = { {"setverify", set_verify}, {"setoptions", set_options}, {"setmode", set_mode}, + {"setsessionidcontext", set_session_id_context}, + {"setsessioncachemode", set_session_cache_mode}, {"stats", ctx_stats}, {"rawcontext", raw_ctx}, {NULL, NULL} From 7629c8937acde87667768e28bfc356b649fe7b3b Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:26:04 -0400 Subject: [PATCH 08/18] ssl: Add method `reused` which returns if a session has been regotiated or not --- src/ssl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 14c4c21..58ee5bb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -382,6 +382,16 @@ static int meth_setsession(lua_State *L) return 1; } +/** + * Return if a reused session was negotiated during handshake + */ +static int meth_session_reused(lua_State *L) +{ + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + lua_pushboolean(L,SSL_session_reused(ssl->ssl)); + return 1; +} + /*---------------------------------------------------------------------------*/ @@ -399,6 +409,7 @@ static luaL_Reg meta[] = { {"want", meth_want}, {"getsession", meth_getsession}, {"setsession", meth_setsession}, + {"reused", meth_session_reused}, {NULL, NULL} }; From 395b165e96c5c3a3041f14d8d9f9b542a8c6a8bd Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:27:04 -0400 Subject: [PATCH 09/18] ssl.lua: Add config options to initialise setsessioncachemode and setsessionidcontext --- src/ssl.lua | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/ssl.lua b/src/ssl.lua index 0170bc8..1a3c5b4 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -69,6 +69,13 @@ function newcontext(cfg) succ, msg = context.setdepth(ctx, cfg.depth) if not succ then return nil, msg end end + if cfg.mode == "server" and cfg.cachecontext then + succ, msg = context.setsessionidcontext(ctx, cfg.cachecontext) + if not succ then return nil, msg end + end + if cfg.cache then + context.setsessioncachemode(ctx, cfg.cache) + end return ctx end From f9c60005ec154cf1f8b2fe937f45e69305f60097 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:30:25 -0400 Subject: [PATCH 10/18] context: Use a seperate method table --- src/context.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/context.c b/src/context.c index 56dec01..4a259a0 100644 --- a/src/context.c +++ b/src/context.c @@ -419,6 +419,13 @@ static int raw_ctx(lua_State *L) */ static luaL_Reg funcs[] = { {"create", create}, + {NULL, NULL} +}; + +/* + * Context methods + */ +static luaL_Reg methods[] = { {"locations", load_locations}, {"loadcert", load_cert}, {"loadkey", load_key}, @@ -497,7 +504,11 @@ char ctx_getmode(lua_State *L, int idx) int luaopen_ssl_context(lua_State *L) { luaL_newmetatable(L, "SSL:Context"); + lua_newtable(L); + luaL_register(L, NULL, methods); + lua_setfield(L,-2,"__index"); luaL_register(L, NULL, meta); luaL_register(L, "ssl.context", funcs); + luaL_register(L, NULL, methods); /* Add methods to require-returned table (COMPAT) */ return 1; } From 9f4ff27f8f7edb27a56182a526dd62a4aeb6fa0e Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 15:31:09 -0400 Subject: [PATCH 11/18] Add sample of session reuse --- samples/caching/client.lua | 37 +++++++++++++++++++++++++++++++++++++ samples/caching/server.lua | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 samples/caching/client.lua create mode 100644 samples/caching/server.lua diff --git a/samples/caching/client.lua b/samples/caching/client.lua new file mode 100644 index 0000000..32a7cc8 --- /dev/null +++ b/samples/caching/client.lua @@ -0,0 +1,37 @@ +-- +-- Public domain +-- +require("socket") +require("ssl") + +local params = { + mode = "client", + protocol = "sslv3", + key = "../certs/clientAkey.pem", + certificate = "../certs/clientA.pem", + cafile = "../certs/rootA.pem", + verify = {"peer", "fail_if_no_peer_cert"}, + options = {"all", "no_sslv2"}, + cache = "client", +} + +local session + +while true do + local peer = socket.tcp() + assert( peer:connect("127.0.0.1", 8888) ) + + -- [[ SSL wrapper + peer = assert( ssl.wrap(peer, params) ) + if session then + session = peer:setsession(session) + end + assert( peer:dohandshake() ) + --]] + + session = peer:getsession() + print(peer:reused(),session) + + peer:receive("*l") + peer:close() +end diff --git a/samples/caching/server.lua b/samples/caching/server.lua new file mode 100644 index 0000000..db51298 --- /dev/null +++ b/samples/caching/server.lua @@ -0,0 +1,33 @@ +local socket = require("socket") +local ssl = require("ssl") + +local ctx = assert( ssl.newcontext { + mode = "server", + protocol = "sslv3", + key = "../certs/serverAkey.pem", + certificate = "../certs/serverA.pem", + cafile = "../certs/rootA.pem", + verify = {"peer", "fail_if_no_peer_cert"}, + options = {"all", "no_sslv2"}, + cachecontext = "serversample", + cache = "server" ; +} ) + +local server = socket.tcp() +server:setoption('reuseaddr', true) +assert( server:bind("127.0.0.1", 8888) ) +server:listen() + +while true do + local peer = server:accept() + + -- [[ SSL wrapper + peer = assert( ssl.wrap(peer, ctx) ) + assert( peer:dohandshake() ) + --]] + + print(peer:reused(),peer:getsession()) + + peer:send("loop test\n") + peer:close() +end From 854cad4e25a089d3d0f3ecf1366fb6877dd15e0d Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 16:33:45 -0400 Subject: [PATCH 12/18] context: Add cache size management --- samples/caching/server.lua | 3 ++- src/context.c | 24 ++++++++++++++++++++++++ src/ssl.lua | 3 +++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/samples/caching/server.lua b/samples/caching/server.lua index db51298..1c162e1 100644 --- a/samples/caching/server.lua +++ b/samples/caching/server.lua @@ -9,8 +9,9 @@ local ctx = assert( ssl.newcontext { cafile = "../certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, - cachecontext = "serversample", cache = "server" ; + cachesize = 1e6 ; + cachecontext = "serversample" ; } ) local server = socket.tcp() diff --git a/src/context.c b/src/context.c index 4a259a0..1595100 100644 --- a/src/context.c +++ b/src/context.c @@ -370,6 +370,28 @@ static int set_session_cache_mode(lua_State *L) return 1; } +/* + * Set context's session cache size, see SSL_CTX_sess_set_cache_size(3) + */ +static int set_cache_size(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + long n = luaL_checklong(L, 2); + SSL_CTX_sess_set_cache_size(ctx, n); + lua_pushboolean(L, 1); + return 1; +} + +/* + * Get context's session cache size, see SSL_CTX_sess_set_cache_size(3) + */ +static int get_cache_size(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + lua_pushnumber(L, SSL_CTX_sess_get_cache_size(ctx)); + return 1; +} + /** * Return a table of context statistics */ @@ -436,6 +458,8 @@ static luaL_Reg methods[] = { {"setmode", set_mode}, {"setsessionidcontext", set_session_id_context}, {"setsessioncachemode", set_session_cache_mode}, + {"setcachesize", set_cache_size}, + {"getcachesize", get_cache_size}, {"stats", ctx_stats}, {"rawcontext", raw_ctx}, {NULL, NULL} diff --git a/src/ssl.lua b/src/ssl.lua index 1a3c5b4..388dcf6 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -76,6 +76,9 @@ function newcontext(cfg) if cfg.cache then context.setsessioncachemode(ctx, cfg.cache) end + if cfg.cachesize then + context.setcachesize(ctx, cfg.cachesize) + end return ctx end From 84dc29308d54bf27057fca57ea3d90fa5389ffe7 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:04:00 -0400 Subject: [PATCH 13/18] Fix sample client (don't keep setting session) --- samples/caching/client.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/caching/client.lua b/samples/caching/client.lua index 32a7cc8..bd86a7a 100644 --- a/samples/caching/client.lua +++ b/samples/caching/client.lua @@ -24,7 +24,7 @@ while true do -- [[ SSL wrapper peer = assert( ssl.wrap(peer, params) ) if session then - session = peer:setsession(session) + peer:setsession(session) end assert( peer:dohandshake() ) --]] From 340993d9a5a9a6815b5607b971277bea6db46279 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:05:37 -0400 Subject: [PATCH 14/18] context: Add set session cache timeout --- src/context.c | 12 ++++++++++++ src/ssl.lua | 3 +++ 2 files changed, 15 insertions(+) diff --git a/src/context.c b/src/context.c index 1595100..a97e068 100644 --- a/src/context.c +++ b/src/context.c @@ -295,6 +295,17 @@ static int set_mode(lua_State *L) return 1; } +/** + * Set context's session cache timeout + */ +static int set_timeout(lua_State *L) +{ + SSL_CTX *ctx = ctx_getcontext(L, 1); + long t = luaL_checklong(L, 2); + lua_pushinteger(L,SSL_CTX_set_timeout(ctx, t)); + return 1; +} + /** * Set context's session id context, see SSL_CTX_set_session_id_context(3) */ @@ -456,6 +467,7 @@ static luaL_Reg methods[] = { {"setverify", set_verify}, {"setoptions", set_options}, {"setmode", set_mode}, + {"settimeout", set_timeout}, {"setsessionidcontext", set_session_id_context}, {"setsessioncachemode", set_session_cache_mode}, {"setcachesize", set_cache_size}, diff --git a/src/ssl.lua b/src/ssl.lua index 388dcf6..2644121 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -76,6 +76,9 @@ function newcontext(cfg) if cfg.cache then context.setsessioncachemode(ctx, cfg.cache) end + if cfg.cachetimeout then + context.settimeout(ctx, cfg.timeout) + end if cfg.cachesize then context.setcachesize(ctx, cfg.cachesize) end From 6a314f93f8b4c65123da084821c4084f75dcbb5d Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:07:10 -0400 Subject: [PATCH 15/18] session: Add `id` method --- src/session.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/session.c b/src/session.c index d31187e..a9f1138 100644 --- a/src/session.c +++ b/src/session.c @@ -40,6 +40,18 @@ static int session_free(lua_State *L) return 0; } +/** + * Get a session's (binary) id + */ +static int session_get_id (lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + unsigned int len; + const unsigned char *str = SSL_SESSION_get_id(sess, &len); + lua_pushlstring(L, (const char*)str, len); + return 1; +} + /** * Returns ASN1 representation of session */ @@ -70,6 +82,7 @@ static luaL_Reg meta[] = { {"__gc", session_free}, {"__tostring", session_tostring}, {"asn1", session_asn1}, + {"id", session_get_id}, {NULL, NULL} }; From 962dbcd4d8652004bd37e869d83158adae588dab Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:09:24 -0400 Subject: [PATCH 16/18] session: Per-session timeout manipulation --- src/session.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/session.c b/src/session.c index a9f1138..b7cf1d8 100644 --- a/src/session.c +++ b/src/session.c @@ -40,6 +40,23 @@ static int session_free(lua_State *L) return 0; } +/** + * Maniplate a session's timeout value, this can be used to extend or shorten the lifetime of the session. + */ +static int session_get_timeout (lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + lua_pushinteger(L, SSL_SESSION_get_timeout(sess)); + return 1; +} +static int session_set_timeout (lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + long t = luaL_checklong(L, 2); + lua_pushinteger(L, SSL_SESSION_set_timeout(sess, t)); + return 1; +} + /** * Get a session's (binary) id */ @@ -82,6 +99,8 @@ static luaL_Reg meta[] = { {"__gc", session_free}, {"__tostring", session_tostring}, {"asn1", session_asn1}, + {"get_timeout", session_get_timeout}, + {"set_timeout", session_set_timeout}, {"id", session_get_id}, {NULL, NULL} }; From fc4bf422baa746bd60a1574b15d1fe20fe8b50da Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:09:56 -0400 Subject: [PATCH 17/18] session: Manipulate a session's establishment time --- src/session.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/session.c b/src/session.c index b7cf1d8..00dacc3 100644 --- a/src/session.c +++ b/src/session.c @@ -40,6 +40,23 @@ static int session_free(lua_State *L) return 0; } +/** + * Maniplate the time a session was established + */ +static int session_get_time (lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + lua_pushinteger(L,SSL_SESSION_get_time(sess)); + return 1; +} +static int session_set_time (lua_State *L) +{ + SSL_SESSION *sess = checkSSL_SESSION(L, 1); + long t = luaL_checklong(L, 2); + lua_pushinteger(L, SSL_SESSION_set_time(sess, t)); + return 1; +} + /** * Maniplate a session's timeout value, this can be used to extend or shorten the lifetime of the session. */ @@ -99,6 +116,8 @@ static luaL_Reg meta[] = { {"__gc", session_free}, {"__tostring", session_tostring}, {"asn1", session_asn1}, + {"get_time", session_get_time}, + {"set_time", session_set_time}, {"get_timeout", session_get_timeout}, {"set_timeout", session_set_timeout}, {"id", session_get_id}, From 8f695ee2502b5860f62454b5c00bf8ff5c8d6606 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Thu, 30 May 2013 17:33:00 -0400 Subject: [PATCH 18/18] session: Fix session free checks --- src/session.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/session.c b/src/session.c index 00dacc3..0dba52f 100644 --- a/src/session.c +++ b/src/session.c @@ -19,12 +19,12 @@ void pushSSL_SESSION (lua_State *L, SSL_SESSION *p) { } SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg) { - SSL_SESSION **psess = (SSL_SESSION **)luaL_checkudata(L, narg, "SSL:Session"); - if(psess == NULL) { + SSL_SESSION *sess = *(SSL_SESSION **)luaL_checkudata(L, narg, "SSL:Session"); + if(sess == NULL) { /* Doesn't return */ luaL_argerror(L, narg, "freed session"); } - return *psess; + return sess; } /** @@ -33,9 +33,9 @@ SSL_SESSION * checkSSL_SESSION (lua_State *L, int narg) { static int session_free(lua_State *L) { SSL_SESSION **psess = luaL_checkudata(L, 1, "SSL:Session"); - if (psess != NULL) { + if (*psess != NULL) { SSL_SESSION_free(*psess); - psess = NULL; + *psess = NULL; } return 0; }