Browse Source

luasec: update to 0.8

Signed-off-by: W. Michael Petullo <mike@flyn.org>
lilik-openwrt-22.03
W. Michael Petullo 6 years ago
parent
commit
d9c2669fc0
4 changed files with 3 additions and 193 deletions
  1. +3
    -3
      lang/luasec/Makefile
  2. +0
    -49
      lang/luasec/patches/010-Using-const-SSL_METHOD.patch
  3. +0
    -43
      lang/luasec/patches/020-Removing-SSLv3-support.patch
  4. +0
    -98
      lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch

+ 3
- 3
lang/luasec/Makefile View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luasec
PKG_VERSION:=0.7
PKG_RELEASE:=3
PKG_VERSION:=0.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/brunoos/luasec/tar.gz/luasec-$(PKG_VERSION)?
PKG_HASH:=2176e95b1d2a72a3235ede5d2aa9838050feee55dade8fdbde4be7fdc66f3a31
PKG_HASH:=80ef0f41e146c4c4914c910c992043e46f284b134574061556f040ac738f7d27
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
MAINTAINER:=W. Michael Petullo <mike@flyn.org>


+ 0
- 49
lang/luasec/patches/010-Using-const-SSL_METHOD.patch View File

@ -1,49 +0,0 @@
From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Fri, 29 Jun 2018 14:02:39 -0300
Subject: [PATCH 1/3] Using 'const SSL_METHOD*'
This change was introduced in OpenSSL 1.0.0.
Start droping 0.9.8 code.
---
src/context.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/context.c b/src/context.c
index a2b5ae5..b9e8cda 100644
--- a/src/context.c
+++ b/src/context.c
@@ -29,12 +29,6 @@
#include "ec.h"
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
-typedef const SSL_METHOD LSEC_SSL_METHOD;
-#else
-typedef SSL_METHOD LSEC_SSL_METHOD;
-#endif
-
/*--------------------------- Auxiliary Functions ----------------------------*/
/**
@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
/**
* Find the protocol.
*/
-static LSEC_SSL_METHOD* str2method(const char *method)
+static const SSL_METHOD* str2method(const char *method)
{
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
@@ -287,7 +281,7 @@ static int create(lua_State *L)
{
p_context ctx;
const char *str_method;
- LSEC_SSL_METHOD *method;
+ const SSL_METHOD *method;
str_method = luaL_checkstring(L, 1);
method = str2method(str_method);
--
2.19.1

+ 0
- 43
lang/luasec/patches/020-Removing-SSLv3-support.patch View File

@ -1,43 +0,0 @@
From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Fri, 29 Jun 2018 14:06:51 -0300
Subject: [PATCH 2/3] Removing SSLv3 support
---
src/config.c | 5 -----
src/context.c | 3 ---
2 files changed, 8 deletions(-)
diff --git a/src/config.c b/src/config.c
index ce74997..6939fca 100644
--- a/src/config.c
+++ b/src/config.c
@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "protocols");
lua_newtable(L);
-#ifndef OPENSSL_NO_SSL3
- lua_pushstring(L, "sslv3");
- lua_pushboolean(L, 1);
- lua_rawset(L, -3);
-#endif
lua_pushstring(L, "tlsv1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
diff --git a/src/context.c b/src/context.c
index b9e8cda..d8fc8b6 100644
--- a/src/context.c
+++ b/src/context.c
@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method)
{
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
-#ifndef OPENSSL_NO_SSL3
- if (!strcmp(method, "sslv3")) return SSLv3_method();
-#endif
if (!strcmp(method, "tlsv1")) return TLSv1_method();
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
--
2.19.1

+ 0
- 98
lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch View File

@ -1,98 +0,0 @@
From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Mon, 2 Jul 2018 10:31:45 -0300
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
---
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/context.c b/src/context.c
index d8fc8b6..d1377f1 100644
--- a/src/context.c
+++ b/src/context.c
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+
/**
* Find the protocol.
*/
-static const SSL_METHOD* str2method(const char *method)
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_1")) {
+ *vmin = TLS1_1_VERSION;
+ *vmax = TLS1_1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_2")) {
+ *vmin = TLS1_2_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+
+ return NULL;
+}
+
+#else
+
+/**
+ * Find the protocol.
+ */
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+{
+ (void)vmin;
+ (void)vmax;
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
if (!strcmp(method, "tlsv1")) return TLSv1_method();
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
return NULL;
}
+#endif
+
/**
* Prepare the SSL handshake verify flag.
*/
@@ -279,9 +316,10 @@ static int create(lua_State *L)
p_context ctx;
const char *str_method;
const SSL_METHOD *method;
+ int vmin, vmax;
str_method = luaL_checkstring(L, 1);
- method = str2method(str_method);
+ method = str2method(str_method, &vmin, &vmax);
if (!method) {
lua_pushnil(L);
lua_pushfstring(L, "invalid protocol (%s)", str_method);
@@ -301,6 +339,10 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ SSL_CTX_set_min_proto_version(ctx->context, vmin);
+ SSL_CTX_set_max_proto_version(ctx->context, vmax);
+#endif
ctx->mode = LSEC_MODE_INVALID;
ctx->L = L;
luaL_getmetatable(L, "SSL:Context");
--
2.19.1

Loading…
Cancel
Save