LuaSec 1.0.2
---------------
This version includes:
* Fix handle SSL_send SYSCALL error without errno
* Fix off by one in cert:validat(notafter)
* Fix meth_get_{sinagure => signature}_name function name
* Fix update the Lua state reference on the selected SSL context after SNI
* Fix ignore SSL_OP_BIT(n) macro and update option.c
--------------------------------------------------------------------------------
LuaSec 1.0
---------------
This version includes:
* Add cert:getsignaturename()
--------------------------------------------------------------------------
LuaSec 0.9
---------------
This version includes:
* Add DNS-based Authentication of Named Entities (DANE) support
* Add __close() metamethod
* Fix deprecation warnings with OpenSSL 1.1
* Fix special case listing of TLS 1.3 EC curves
* Fix general_name leak in cert:extensions()
* Fix unexported 'ssl.config' table
* Replace $(LD) with $(CCLD) variable
* Remove multiple definitions of 'ssl_options' variable
* Use tag in git format: v0.9
--------------------------------------------------------------------------
LuaSec 0.8.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------
LuaSec 0.8.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
--------------------------------------------------------------------------
LuaSec 0.8
---------------
This version includes:
* Add support to ALPN
* Add support to TLS 1.3
* Add support to multiple certificates
* Add timeout to https module (https.TIMEOUT)
* Drop support to SSL 3.0
* Drop support to TLS 1.0 from https module
* Fix invalid reference to Lua state
* Fix memory leak when get certficate extensions
--------------------------------------------------------------------------
LuaSec 0.7.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------
LuaSec 0.7.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
--------------------------------------------------------------------------
LuaSec 0.7
---------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki
This version includes:
* Add support to OpenSSL 1.1.0
* Add support to elliptic curves list
* Add ssl.config that exports some OpenSSL information
* Add integration with luaossl
Notable changes between 0.5 and 0.6:
Options from OpenSSL 1.0.2f
Use "any" protocol, but SSL.
Merge pull request #20 from Zash/zash/checkissued
Method for checking if one certificate issued another
Merge pull request #68 from ignacio/master
Enables building with LuaRocks and MS compilers
Enables building with LuaRocks and MS compilers
Merge pull request #56 from gleydsonsoares/Makefile-tweaks
Makefile tweaks
Keep 'sslv23' for compability, but deprected. (it will be removed in the next version)
Merge pull request #62 from gleydsonsoares/update_protocol_samples
add TLS_method / rename "sslv23" to "any" / update protocol samples.
update protocol samples(bring "tlsv1_2" to clients and "any" to servers)
for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols.
add TLS_method(). for now, keep SSLv23_method() for compatibility.
Update samples (using 'tlsv1').
Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
Add lsec_testcontext().
bump MACOSX_VERSION
fix typo; s,intall,install,
guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3
Set flags to compile with internal inet_ntop() by default.
Tag "alpha" explicit.
MinGW progress.
Merge pull request #53 from hishamhm/master
Reuse tag in the LuaSec upstream repository.
Merge pull request #26 from Tieske/master
Update rockspec to fix Windows build
Alternative implementation to inet_ntop() for old versions of Windows.
Do not hardcode ar
added batch files to generate sample certs on Windows
Perform all validation before allocating structures
Validate signatures too.
API changes to root:issued([intermediate]*, cert)
Fix inet_ntop() on Windows.
Merge branch 'master' of https://github.com/brunoos/luasec
Merge branch 'moteus_rock'
added bindir to lib section, as mingw links against dll's to be found in bindir
updated defines in rockspec
Merge branch 'master' of github.com:Tieske/luasec into moteus_rock
use winsock 2
Don't set globals from C.
Fix unpack().
Stop using module().
Change to luaL_newlib().
Remove luaL_optint() and luaL_checkint().
BSD headers.
Merge pull request #21 from Zash/zash/iPAddress-fix
iPAddress encoding
Stop if we don't have a string.
Changed for strict compiles.
Fix for LibreSSL/OPENSSL_NO_COMP
Problem on Win64, since double does not represent SOCKET_INVALID exactly.
- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context.
- Add the method :getsniname() to retrieve the SNI hostname used.
Updated (and renamed) rockspec Windows
Encode iPAddress fields in human readable form
Don't try to encode IP addresses as UTF-8
Return early if ASN1 string is invalid
Push nil if unable to encode ASN1 string as UTF-8
Return human readable error message from cert:issued()
SNI support.
SNI support.
Merge pull request #17 from Zash/zash/checkkey
Verify that certificate and key belong together
Merge pull request #19 from Zash/zash/pubkey
Zash/pubkey
Add cert:pubkey() to methods registry
Add cert:issued(leafcert) for checking chains
Check if private key matches cert only if both key and cert are set
Check that certificate matches private key
Add method for extracting public key, type and size from x509 objects
* A new certificate (X509) API, which supports:
- Reading the subject (identity) and issuer of the certificate.
- Reading various X509 extensions, including email and dnsName.
- Converting certificates to and from the standard ASCII PEM
format.
- Generating the fingerprint/digest of a certificate (using SHA1,
SHA256 or SHA512).
- Reading the certificate's expiration, serial number, and other
info.
* The ability to get more detailed information from OpenSSL about
why a certificate failed verification, for each certificate in the
chain.
* Flags to force acceptance of invalid certificates, e.g. to allow
the use of self-signed certificates in a Trust On First Use model.
* Flags to control checking CRLs for certificate revocation status.
* Support for ECDH cipher suites.
* An API to get the TLS 'finished' messages used for SASL channel
binding (e.g. the SCRAM PLUS mechanisms).
Changes since 0.4:
- SSL options updated --- based on OpenSSL 1.0.0d.
- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
(thanks Prosody project)
LuaSec is a binding for OpenSSL library to provide TLS/SSL communication.
This version delegates to LuaSocket the TCP connection establishment
between the client and server. Then LuaSec uses this connection to start
a secure TLS/SSL session.
(Based on wip/luasec.)
