Notable changes between 0.5 and 0.6:
Options from OpenSSL 1.0.2f
Use "any" protocol, but SSL.
Merge pull request #20 from Zash/zash/checkissued
Method for checking if one certificate issued another
Merge pull request #68 from ignacio/master
Enables building with LuaRocks and MS compilers
Enables building with LuaRocks and MS compilers
Merge pull request #56 from gleydsonsoares/Makefile-tweaks
Makefile tweaks
Keep 'sslv23' for compability, but deprected. (it will be removed in the next version)
Merge pull request #62 from gleydsonsoares/update_protocol_samples
add TLS_method / rename "sslv23" to "any" / update protocol samples.
update protocol samples(bring "tlsv1_2" to clients and "any" to servers)
for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols.
add TLS_method(). for now, keep SSLv23_method() for compatibility.
Update samples (using 'tlsv1').
Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
Add lsec_testcontext().
bump MACOSX_VERSION
fix typo; s,intall,install,
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
Set flags to compile with internal inet_ntop() by default.
Tag "alpha" explicit.
MinGW progress.
Merge pull request #53 from hishamhm/master
Reuse tag in the LuaSec upstream repository.
Merge pull request #26 from Tieske/master
Update rockspec to fix Windows build
Alternative implementation to inet_ntop() for old versions of Windows.
Do not hardcode ar
added batch files to generate sample certs on Windows
Perform all validation before allocating structures
Validate signatures too.
API changes to root:issued([intermediate]*, cert)
Fix inet_ntop() on Windows.
Merge branch 'master' of https://github.com/brunoos/luasec
Merge branch 'moteus_rock'
added bindir to lib section, as mingw links against dll's to be found in bindir
updated defines in rockspec
Merge branch 'master' of github.com:Tieske/luasec into moteus_rock
use winsock 2
Don't set globals from C.
Fix unpack().
Stop using module().
Change to luaL_newlib().
Remove luaL_optint() and luaL_checkint().
BSD headers.
Merge pull request #21 from Zash/zash/iPAddress-fix
iPAddress encoding
Stop if we don't have a string.
Changed for strict compiles.
Fix for LibreSSL/OPENSSL_NO_COMP
Problem on Win64, since double does not represent SOCKET_INVALID exactly.
- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
- Add the method :getsniname() to retrieve the SNI hostname used.
Updated (and renamed) rockspec Windows
Encode iPAddress fields in human readable form
Don't try to encode IP addresses as UTF-8
Return early if ASN1 string is invalid
Push nil if unable to encode ASN1 string as UTF-8
Return human readable error message from cert:issued()
SNI support.
SNI support.
Merge pull request #17 from Zash/zash/checkkey
Verify that certificate and key belong together
Merge pull request #19 from Zash/zash/pubkey
Zash/pubkey
Add cert:pubkey() to methods registry
Add cert:issued(leafcert) for checking chains
Check if private key matches cert only if both key and cert are set
Check that certificate matches private key
Add method for extracting public key, type and size from x509 objects
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* A new certificate (X509) API, which supports:
- Reading the subject (identity) and issuer of the certificate.
- Reading various X509 extensions, including email and dnsName.
- Converting certificates to and from the standard ASCII PEM
format.
- Generating the fingerprint/digest of a certificate (using SHA1,
SHA256 or SHA512).
- Reading the certificate's expiration, serial number, and other
info.
* The ability to get more detailed information from OpenSSL about
why a certificate failed verification, for each certificate in the
chain.
* Flags to force acceptance of invalid certificates, e.g. to allow
the use of self-signed certificates in a Trust On First Use model.
* Flags to control checking CRLs for certificate revocation status.
* Support for ECDH cipher suites.
* An API to get the TLS 'finished' messages used for SASL channel
binding (e.g. the SCRAM PLUS mechanisms).
Changes since 0.4:
- SSL options updated --- based on OpenSSL 1.0.0d.
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
(thanks Prosody project)
LuaSec is a binding for OpenSSL library to provide TLS/SSL communication.
This version delegates to LuaSocket the TCP connection establishment
between the client and server. Then LuaSec uses this connection to start
a secure TLS/SSL session.
(Based on wip/luasec.)
