Adding SSL support to LuaSocket

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Adding SSL support to LuaSocket

Zachary P. Landau-4
Hello,

I'm trying to figure out the best way to add MatrixSSL[1] support to
LuaSocket.  Generally, regular socket commands are wrapped in ssl
versions.  For example, sslRead will call recv and then decode the
stream.  In some cases, they are called in sequence.  For example,
accept will be called, and then the received file descriptor will be
send to sslAccept.

What would be the best way to add this to LuaSocket?  At first I
thought copying over tcp.c and changing it to use ssl would be a good
approach.  That seems to repeat a lot of code though.  The ssl
functions use regular tcp sockets, so it would be nice to add an ssl
layer on TOP of 'tcp' rather than replacing it.  I saw no easy means
to do this, however.

[1] http://www.matrixssl.org

-- 
Zachary P. Landau <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: Adding SSL support to LuaSocket

D Burgess-4
I believe Diego has plans for SSL support in LuaSocket.

Have you looked at usocket.c and wsocket.c ?

I would have thought that these were the only modules requiring
modification.

DB

On Tue, 12 Oct 2004 16:12:19 -0400, Zachary Landau <[hidden email]> wrote:
> Hello,
> 
> I'm trying to figure out the best way to add MatrixSSL[1] support to
> LuaSocket.  Generally, regular socket commands are wrapped in ssl
> versions.  For example, sslRead will call recv and then decode the
> stream.  In some cases, they are called in sequence.  For example,
> accept will be called, and then the received file descriptor will be
> send to sslAccept.
> 
> What would be the best way to add this to LuaSocket?  At first I
> thought copying over tcp.c and changing it to use ssl would be a good
> approach.  That seems to repeat a lot of code though.  The ssl
> functions use regular tcp sockets, so it would be nice to add an ssl
> layer on TOP of 'tcp' rather than replacing it.  I saw no easy means
> to do this, however.
> 
> [1] http://www.matrixssl.org
> 
> --
> Zachary P. Landau <[hidden email]>
> 


-- 
DB

Reply | Threaded
Open this post in threaded view
|

Re: Adding SSL support to LuaSocket

Adam D. Moss
David Burgess wrote:
I believe Diego has plans for SSL support in LuaSocket.

Ooh, that would be excellent.

n.b. MatrixSSL's size is very attractive, but the
license isn't.

--Adam


Reply | Threaded
Open this post in threaded view
|

Re: Adding SSL support to LuaSocket

Zachary P. Landau-4
In reply to this post by D Burgess-4
> Have you looked at usocket.c and wsocket.c ?
> 
> I would have thought that these were the only modules requiring
> modification.

A lot of the functionality can be put in usocket, but not all of it. 
The layer above it (tcp.c, in this case) needs to read in keys and
certifications specified by the user, and pass that information (and a
few other things) to the socket.

I was hoping to be able to build upon tcp.c, so that these extra parts
could be added without having to create a special version of tcp.c for
ssl.

-- 
Zachary P. Landau <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: Adding SSL support to LuaSocket

Diego Nehab-3
In reply to this post by Zachary P. Landau-4
Hi,

There is a buffer.c module on top of which the tcp.c module is built.
This buffer.c module should be pretty generic in the sense it doesn't
call IO functions directly but rather uses an IO driver. I would create
a new IO driver that calls SSL IO functions. Then  create an ssl.c
module that exports a function to replace the IO driver used by a TCP
object with the SSL version.

I haven't actually tried doing this yet, but I had it in mind when I
designed the thing. If this isn't possible, let me know and I will make
sure it becomes possible.

It doesn't seem like a lot of code. I just didn't take the time to study
OpenSSL and see where this could possibly break down. My major concern
is timeout management and non-blocking IO.

Regards,
Diego.

Reply | Threaded
Open this post in threaded view
|

Re: Adding SSL support to LuaSocket

Danilo Tuler-2
Hi,

Is everybody aware of this?
http://sars.procc.fiocruz.br/~carneiro/apps/luassl/ Danilo