search

wahern / luaossl

Most comprehensive OpenSSL module in the Lua universe.
http://25thandclement.com/~william/projects/luaossl.html
Other
144 stars 50 forks source link

Added support for verify callback #207

Open bigben93 opened 1 year ago

bigben93 commented 1 year ago

I need some additional certificate checking during verification. Vanilla OpenSSL library provides support for custom verify callback as described here https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_verify.html

Unfortunately luaossl doesn't support this feature at the moment. This pull request contains my proposal of this feature. I extended the openssl.context:setVerify. Now you can pass an optional third argument with a custom verify callback written in LUA. I also added X509_STCTX_CLASS with methods getCurrentCert (X509_STORE_CTX_get_current_cert) and getCert (X509_STORE_CTX_get0_cert). Both methods return openssl.x509 object.

Example:

...
local function verifyCallback(preverify, x509Ctx)
    local cert = x509Ctx:getCert()
    print(cert:getSubject())
    return preverify
end
...
ctx:setVerify(yourFlags, nil, verifyCallback)
...
bigben93 commented 1 year ago

I've fixed typos and added wrapper for X509_STORE_CTX_get_error_depth