mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-08-09 19:30:29 +00:00
Update redbean to add GetSslIdentity
This returns cert->subject or psk identity from the current SSL session.
This commit is contained in:
parent
52b7a66bb0
commit
0fb21243fe
2 changed files with 26 additions and 0 deletions
|
@ -672,6 +672,10 @@ FUNCTIONS
|
||||||
GetScheme() → str
|
GetScheme() → str
|
||||||
Returns scheme from Request-URL, if any.
|
Returns scheme from Request-URL, if any.
|
||||||
|
|
||||||
|
GetSslIdentity() → str
|
||||||
|
Returns certificate subject or PSK identity from the current SSL
|
||||||
|
session. `nil` is returned for regular (non-SSL) connections.
|
||||||
|
|
||||||
GetStatus() → int
|
GetStatus() → int
|
||||||
Returns current status (as set by an earlier SetStatus call) or
|
Returns current status (as set by an earlier SetStatus call) or
|
||||||
`nil` if the status hasn't been set yet.
|
`nil` if the status hasn't been set yet.
|
||||||
|
|
|
@ -372,6 +372,7 @@ static int client;
|
||||||
static int changeuid;
|
static int changeuid;
|
||||||
static int changegid;
|
static int changegid;
|
||||||
static int statuscode;
|
static int statuscode;
|
||||||
|
static int sslpskindex;
|
||||||
static int oldloglevel;
|
static int oldloglevel;
|
||||||
static int maxpayloadsize;
|
static int maxpayloadsize;
|
||||||
static int messageshandled;
|
static int messageshandled;
|
||||||
|
@ -1473,6 +1474,8 @@ static int TlsRoutePsk(void *ctx, mbedtls_ssl_context *ssl,
|
||||||
psks.p[i].identity_len)) {
|
psks.p[i].identity_len)) {
|
||||||
DEBUGF("(ssl) TlsRoutePsk(%`'.*s)", identity_len, identity);
|
DEBUGF("(ssl) TlsRoutePsk(%`'.*s)", identity_len, identity);
|
||||||
mbedtls_ssl_set_hs_psk(ssl, psks.p[i].key, psks.p[i].key_len);
|
mbedtls_ssl_set_hs_psk(ssl, psks.p[i].key, psks.p[i].key_len);
|
||||||
|
// keep track of selected psk to report its identity
|
||||||
|
sslpskindex = i+1; // use index+1 to check against 0 (when not set)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1492,6 +1495,7 @@ static bool TlsSetup(void) {
|
||||||
g_bio.a = 0;
|
g_bio.a = 0;
|
||||||
g_bio.b = 0;
|
g_bio.b = 0;
|
||||||
g_bio.c = 0;
|
g_bio.c = 0;
|
||||||
|
sslpskindex = 0;
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (!(r = mbedtls_ssl_handshake(&ssl)) && TlsFlush(&g_bio, 0, 0) != -1) {
|
if (!(r = mbedtls_ssl_handshake(&ssl)) && TlsFlush(&g_bio, 0, 0) != -1) {
|
||||||
LockInc(&shared->c.sslhandshakes);
|
LockInc(&shared->c.sslhandshakes);
|
||||||
|
@ -3194,6 +3198,23 @@ static int LuaGetStatus(lua_State *L) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int LuaGetSslIdentity(lua_State *L) {
|
||||||
|
const mbedtls_x509_crt *cert;
|
||||||
|
OnlyCallDuringRequest(L, "GetSslIdentity");
|
||||||
|
if (!usessl)
|
||||||
|
lua_pushnil(L);
|
||||||
|
else
|
||||||
|
if (sslpskindex) {
|
||||||
|
lua_pushlstring(L, psks.p[sslpskindex-1].identity,
|
||||||
|
psks.p[sslpskindex-1].identity_len);
|
||||||
|
} else {
|
||||||
|
cert = mbedtls_ssl_get_peer_cert(&ssl);
|
||||||
|
lua_pushstring(L, cert ? gc(FormatX509Name(&cert->subject)) : "");
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int LuaServeError(lua_State *L) {
|
static int LuaServeError(lua_State *L) {
|
||||||
return LuaRespond(L, ServeError);
|
return LuaRespond(L, ServeError);
|
||||||
}
|
}
|
||||||
|
@ -5601,6 +5622,7 @@ static const luaL_Reg kLuaFuncs[] = {
|
||||||
{"GetRemoteAddr", LuaGetRemoteAddr}, //
|
{"GetRemoteAddr", LuaGetRemoteAddr}, //
|
||||||
{"GetScheme", LuaGetScheme}, //
|
{"GetScheme", LuaGetScheme}, //
|
||||||
{"GetServerAddr", LuaGetServerAddr}, //
|
{"GetServerAddr", LuaGetServerAddr}, //
|
||||||
|
{"GetSslIdentity", LuaGetSslIdentity}, //
|
||||||
{"GetStatus", LuaGetStatus}, //
|
{"GetStatus", LuaGetStatus}, //
|
||||||
{"GetTime", LuaGetTime}, //
|
{"GetTime", LuaGetTime}, //
|
||||||
{"GetUrl", LuaGetUrl}, //
|
{"GetUrl", LuaGetUrl}, //
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue