mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)

Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187
2025-04-03 21:27:38 +03:00 · 2022-06-01 15:06:59 +02:00 · 2022-06-01 15:06:59 +02:00 · 8db7cdc713
commit 8db7cdc713
parent dabdfc91be
4 changed files with 25 additions and 0 deletions
--- a/net/server_epoll.lua
+++ b/net/server_epoll.lua
@ -649,6 +649,14 @@ function interface:ssl_peerfinished()
 	return sock:getpeerfinished();
 end

+function interface:ssl_exportkeyingmaterial(label, len, context)
+	local sock = self.conn;
+	if sock.exportkeyingmaterial then
+		return sock:exportkeyingmaterial(label, len, context);
+	end
+end
+
+
 function interface:starttls(tls_ctx)
 	if tls_ctx then self.tls_ctx = tls_ctx; end
 	self.starttls = false;