nixio: Finetuning of TLS-support

httpclient: HTTPS support
axTLS: enable diagnostic mode

libs/httpclient/luasrc/httpclient.lua

@@ -110,11 +110,11 @@ function request_raw(uri, options)
 		return nil, -1, "unable to parse URI"
 	end
 	
-	if pr ~= "http" then
+	if pr ~= "http" and pr ~= "https" then
 		return nil, -2, "protocol not supported"
 	end
 	
-	port = #port > 0 and port or "80"
+	port = #port > 0 and port or (pr == "https" and "443" or "80")
 	path = #path > 0 and path or "/"
 	
 	options.depth = options.depth or 10
@@ -135,6 +135,15 @@ function request_raw(uri, options)
 	sock:setsockopt("socket", "sndtimeo", options.sndtimeo or 15)
 	sock:setsockopt("socket", "rcvtimeo", options.rcvtimeo or 15)
 	
+	if pr == "https" then
+		local tls = options.tls_context or nixio.tls()
+		sock = tls:create(sock)
+		local stat, code, error = sock:connect()
+		if not stat then
+			return stat, code, error
+		end
+	end
+
 	-- Pre assemble fixes	
 	if protocol == "HTTP/1.1" then
 		headers.Host = headers.Host or host

libs/nixio/.gitignore

@@ -1 +1,4 @@
 src/libaxtls.a
+.depend
+.config.*
+_stage

libs/nixio/axTLS/config/.config

@@ -24,8 +24,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS=""
 #
 # CONFIG_SSL_SERVER_ONLY is not set
 # CONFIG_SSL_CERT_VERIFICATION is not set
-CONFIG_SSL_ENABLE_CLIENT=y
-# CONFIG_SSL_FULL_MODE is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
 # CONFIG_SSL_SKELETON_MODE is not set
 # CONFIG_SSL_PROT_LOW is not set
 CONFIG_SSL_PROT_MEDIUM=y

libs/nixio/axTLS/config/config.h

@@ -25,8 +25,8 @@
  */
 #undef CONFIG_SSL_SERVER_ONLY
 #undef CONFIG_SSL_CERT_VERIFICATION
-#define CONFIG_SSL_ENABLE_CLIENT 1
-#undef CONFIG_SSL_FULL_MODE
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
 #undef CONFIG_SSL_SKELETON_MODE
 #undef CONFIG_SSL_PROT_LOW
 #define CONFIG_SSL_PROT_MEDIUM 1

libs/nixio/axtls-config/.config

@@ -24,8 +24,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS=""
 #
 # CONFIG_SSL_SERVER_ONLY is not set
 # CONFIG_SSL_CERT_VERIFICATION is not set
-CONFIG_SSL_ENABLE_CLIENT=y
-# CONFIG_SSL_FULL_MODE is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
 # CONFIG_SSL_SKELETON_MODE is not set
 # CONFIG_SSL_PROT_LOW is not set
 CONFIG_SSL_PROT_MEDIUM=y

libs/nixio/axtls-config/config.h

@@ -25,8 +25,8 @@
  */
 #undef CONFIG_SSL_SERVER_ONLY
 #undef CONFIG_SSL_CERT_VERIFICATION
-#define CONFIG_SSL_ENABLE_CLIENT 1
-#undef CONFIG_SSL_FULL_MODE
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
 #undef CONFIG_SSL_SKELETON_MODE
 #undef CONFIG_SSL_PROT_LOW
 #define CONFIG_SSL_PROT_MEDIUM 1

libs/nixio/lua/nixio/util.lua

@@ -14,7 +14,7 @@ $Id$
 
 local table = require "table"
 local nixio = require "nixio"
-local setmetatable, assert = setmetatable, assert
+local getmetatable, assert = getmetatable, assert
 
 module "nixio.util"
 
@@ -22,6 +22,16 @@ local BUFFERSIZE = 8096
 local socket = nixio.socket_meta
 local tls_socket = nixio.tls_socket_meta
 
+function socket.is_socket(self)
+	return (getmetatable(self) == socket)
+end
+tls_socket.is_socket = socket.is_socket
+
+function socket.is_tls_socket(self)
+	return (getmetatable(self) == tls_socket)
+end
+tls_socket.is_tls_socket = socket.is_tls_socket
+
 function socket.recvall(self, len)
 	local block, code, msg = self:recv(len)
 
@@ -133,4 +143,9 @@ function socket.blocksource(self, bs, limit)
 		end
 	end
 end
-tls_socket.blocksource = socket.blocksource
+tls_socket.blocksource = socket.blocksource
+
+function tls_socket.close(self)
+	self:shutdown()
+	return self.socket:close()
+end

libs/nixio/src/openssl-compat.c

@@ -264,7 +264,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *s, const char *str)
 int SSL_get_error(const SSL *ssl, int ret)
 {
     ssl_display_error(ret);
-    return 0;   /* TODO: return proper return code */
+    return ret;   /* TODO: return proper return code */
 }
 
 void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}

libs/nixio/src/tls-context.c

@@ -74,6 +74,7 @@ static int nixio_tls_ctx_create(lua_State *L) {
 	SSL_CTX *ctx = nixio__checktlsctx(L);
 	int fd = nixio__checkfd(L, 2);
 
+	lua_createtable(L, 0, 3);
 	nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock));
 	if (!sock) {
 		return luaL_error(L, "out of memory");
@@ -82,7 +83,8 @@ static int nixio_tls_ctx_create(lua_State *L) {
 
 	/* create userdata */
 	luaL_getmetatable(L, NIXIO_TLS_SOCK_META);
-	lua_setmetatable(L, -2);
+	lua_pushvalue(L, -1);
+	lua_setmetatable(L, -3);
 
 	sock->socket = SSL_new(ctx);
 	if (!sock->socket) {
@@ -93,6 +95,16 @@ static int nixio_tls_ctx_create(lua_State *L) {
 		return nixio__tls_perror(L, 0);
 	}
 
+	/* save context and socket to prevent GC from collecting them */
+	lua_setmetatable(L, -3);
+	lua_setfield(L, -2, "connection");
+
+	lua_pushvalue(L, 1);
+	lua_setfield(L, -2, "context");
+
+	lua_pushvalue(L, 2);
+	lua_setfield(L, -2, "socket");
+
 	return 1;
 }
 

libs/nixio/src/tls-socket.c

@@ -22,9 +22,8 @@
 
 static int nixio__tls_sock_perror(lua_State *L, SSL *sock, int code) {
 	lua_pushnil(L);
-	lua_pushinteger(L, code);
 	lua_pushinteger(L, SSL_get_error(sock, code));
-	return 3;
+	return 2;
 }
 
 static int nixio__tls_sock_pstatus(lua_State *L, SSL *sock, int code) {
@@ -37,6 +36,10 @@ static int nixio__tls_sock_pstatus(lua_State *L, SSL *sock, int code) {
 }
 
 static SSL* nixio__checktlssock(lua_State *L) {
+	if (lua_istable(L, 1)) {
+		lua_getfield(L, 1, "connection");
+		lua_replace(L, 1);
+	}
 	nixio_tls_sock *sock = luaL_checkudata(L, 1, NIXIO_TLS_SOCK_META);
 	luaL_argcheck(L, sock->socket, 1, "invalid context");
 	return sock->socket;
@@ -186,7 +189,7 @@ static int nixio_tls_sock__gc(lua_State *L) {
 
 static int nixio_tls_sock__tostring(lua_State *L) {
 	SSL *sock = nixio__checktlssock(L);
-	lua_pushfstring(L, "nixio TLS socket: %p", sock);
+	lua_pushfstring(L, "nixio TLS connection: %p", sock);
 	return 1;
 }