mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

net: isolate LuaSec-specifics

Browse source 
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.

While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.

The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
This commit is contained in:
Jonas Schäfer 2022-04-27 17:44:14 +02:00
parent 07ee0f4470
commit 38346dd6f1
12 changed files with 237 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

11
plugins/mod_saslauth.lua
View file

@ -242,7 +242,7 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event)
end);
local function tls_unique(self)
return self.userdata["tls-unique"]:getpeerfinished();
return self.userdata["tls-unique"]:ssl_peerfinished();
end
local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
@ -262,18 +262,17 @@ module:hook("stream-features", function(event)
-- check whether LuaSec has the nifty binding to the function needed for tls-unique
-- FIXME: would be nice to have this check only once and not for every socket
if sasl_handler.add_cb_handler then
local socket = origin.conn:socket();
local info = socket.info and socket:info();
if info.protocol == "TLSv1.3" then
local info = origin.conn:ssl_info();
if info and info.protocol == "TLSv1.3" then
log("debug", "Channel binding 'tls-unique' undefined in context of TLS 1.3");
elseif socket.getpeerfinished and socket:getpeerfinished() then
elseif origin.conn.ssl_peerfinished and origin.conn:ssl_peerfinished() then
log("debug", "Channel binding 'tls-unique' supported");
sasl_handler:add_cb_handler("tls-unique", tls_unique);
else
log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)");
end
sasl_handler["userdata"] = {
["tls-unique"] = socket;
["tls-unique"] = origin.conn;
};
else
log("debug", "Channel binding not supported by SASL handler");