1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
local ffi = require "ffi"
local C = ffi.C
require "resty.openssl.include.ossl_typ"
require "resty.openssl.include.stack"
local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110
ffi.cdef [[
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
/* int X509_STORE_lock(X509_STORE *ctx);
int X509_STORE_unlock(X509_STORE *ctx);
int X509_STORE_up_ref(X509_STORE *v);
// STACK_OF(X509_OBJECT)
OPENSSL_STACK *X509_STORE_get0_objects(X509_STORE *v);*/
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx);
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
int X509_STORE_set_depth(X509_STORE *store, int depth);
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
X509_STORE_CTX *X509_STORE_CTX_new(void);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
// STACK_OF(X509)
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, OPENSSL_STACK *chain);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
int X509_PURPOSE_get_by_sname(char *sname);
X509_PURPOSE *X509_PURPOSE_get0(int idx);
int X509_PURPOSE_get_id(const X509_PURPOSE *xp);
]]
local _M = {
verify_flags = {
X509_V_FLAG_CB_ISSUER_CHECK = 0x0, -- Deprecated
X509_V_FLAG_USE_CHECK_TIME = 0x2,
X509_V_FLAG_CRL_CHECK = 0x4,
X509_V_FLAG_CRL_CHECK_ALL = 0x8,
X509_V_FLAG_IGNORE_CRITICAL = 0x10,
X509_V_FLAG_X509_STRICT = 0x20,
X509_V_FLAG_ALLOW_PROXY_CERTS = 0x40,
X509_V_FLAG_POLICY_CHECK = 0x80,
X509_V_FLAG_EXPLICIT_POLICY = 0x100,
X509_V_FLAG_INHIBIT_ANY = 0x200,
X509_V_FLAG_INHIBIT_MAP = 0x400,
X509_V_FLAG_NOTIFY_POLICY = 0x800,
X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0x1000,
X509_V_FLAG_USE_DELTAS = 0x2000,
X509_V_FLAG_CHECK_SS_SIGNATURE = 0x4000,
X509_V_FLAG_TRUSTED_FIRST = 0x8000,
X509_V_FLAG_SUITEB_128_LOS_ONLY = 0x10000,
X509_V_FLAG_SUITEB_192_LOS = 0x20000,
X509_V_FLAG_SUITEB_128_LOS = 0x30000,
X509_V_FLAG_PARTIAL_CHAIN = 0x80000,
X509_V_FLAG_NO_ALT_CHAINS = 0x100000,
X509_V_FLAG_NO_CHECK_TIME = 0x200000,
},
}
if OPENSSL_10 or BORINGSSL_110 then
ffi.cdef [[
// STACK_OF(X509)
OPENSSL_STACK *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
]];
_M.X509_STORE_CTX_get0_chain = C.X509_STORE_CTX_get_chain
elseif OPENSSL_11_OR_LATER then
ffi.cdef [[
// STACK_OF(X509)
OPENSSL_STACK *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
]];
_M.X509_STORE_CTX_get0_chain = C.X509_STORE_CTX_get0_chain
end
if OPENSSL_3X then
ffi.cdef [[
X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
const char *propq);
/* int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
OSSL_LIB_CTX *libctx, const char *propq);
int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri,
OSSL_LIB_CTX *libctx, const char *propq); */
int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
const char *dir, OSSL_LIB_CTX *libctx,
const char *propq);
]]
_M.X509_STORE_set_default_paths = function(...) return C.X509_STORE_set_default_paths_ex(...) end
_M.X509_STORE_load_locations = function(...) return C.X509_STORE_load_locations_ex(...) end
else
_M.X509_STORE_set_default_paths = function(s) return C.X509_STORE_set_default_paths(s) end
_M.X509_STORE_load_locations = function(s, file, dir) return C.X509_STORE_load_locations(s, file, dir) end
end
return _M
|
