1 -- util to easily merge multiple sets of LuaSec context options
6 local t_concat = table.concat;
7 local t_insert = table.insert;
8 local setmetatable = setmetatable;
13 local finalisers = { };
14 local id = function (v) return v end
16 -- All "handlers" behave like extended rawset(table, key, value) with extra
17 -- processing usually merging the new value with the old in some reasonable
19 -- If a field does not have a defined handler then a new value simply
23 -- Convert either a list or a set into a special type of set where each
24 -- item is either positive or negative in order for a later set of options
25 -- to be able to remove options from this set by filtering out the negative ones
26 function handlers.options(config, field, new)
27 local options = config[field] or { };
28 if type(new) ~= "table" then new = { new } end
29 for key, value in pairs(new) do
30 if value == true or value == false then
33 options[value] = true;
36 config[field] = options;
39 handlers.verify = handlers.options;
40 handlers.verifyext = handlers.options;
42 -- finalisers take something produced by handlers and return what luasec
45 -- Produce a list of "positive" options from the set
46 function finalisers.options(options)
48 for opt, enable in pairs(options) do
50 output[#output+1] = opt;
56 finalisers.verify = finalisers.options;
57 finalisers.verifyext = finalisers.options;
59 -- We allow ciphers to be a list
61 function finalisers.ciphers(cipherlist)
62 if type(cipherlist) == "table" then
63 return t_concat(cipherlist, ":");
68 -- protocol = "x" should enable only that protocol
69 -- protocol = "x+" should enable x and later versions
71 local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" };
72 for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end
74 -- this interacts with ssl.options as well to add no_x
75 local function protocol(config)
76 local min_protocol = protocols[config.protocol];
78 config.protocol = "sslv23";
79 for i = 1, min_protocol do
80 t_insert(config.options, "no_"..protocols[i]);
85 -- Merge options from 'new' config into 'config'
86 local function apply(config, new)
87 if type(new) == "table" then
88 for field, value in pairs(new) do
89 (handlers[field] or rawset)(config, field, value);
94 -- Finalize the config into the form LuaSec expects
95 local function final(config)
97 for field, value in pairs(config) do
98 output[field] = (finalisers[field] or id)(value);
100 -- Need to handle protocols last because it adds to the options list
113 return setmetatable({options={}}, sslopts_mt);